5e01060bd60c83bf2fa00c2f25e86fda090da20bde322a25620a47ad3e4d0328

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2023, 19:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Game Booster.ByINFORMACIONLIBRE.exe
Size

4.2MB
MD5

ab1d5473e2be34629aed5f33969cdcf6
SHA1

b39d2a3aa0ffcd4ea8b8b15d4cb790133e71f48e
SHA256

5e01060bd60c83bf2fa00c2f25e86fda090da20bde322a25620a47ad3e4d0328
SHA512

66cfb2923146e66deef6bf6ff8121cd2522ec9c56fffa59f942fcf81c2ffc9c61581caa92b409680a733767540a7d926f4f6b8ec67805a77a13ca737f44393e3
SSDEEP

98304:qh4QVVE8rR5Z+kL5n6XmiH4dfcdDh6DClPyB/cLOH/fDbB0:qmQ7EUZ+R4df9ClOc6HDbB0

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	smgb521_20220303.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	_iu14D2N.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	Game Booster.ByINFORMACIONLIBRE.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	GameBooster.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	AutoUpdate.exe

Executes dropped EXE 16 IoCs

pid	Process
3976	Game Booster.ByINFORMACIONLIBRE.tmp
2104	SvcHelper.exe
928	gbinit.exe
60	GameBooster.exe
552	gbtray.exe
3736	gbtray.exe
1780	gbtray.exe
2884	AutoUpdate.exe
1764	smgb521_20220303.exe
4428	smgb521_20220303.tmp
4148	unins000.exe
1516	_iu14D2N.tmp
4732	SgbInit.exe
2808	SgbInit.exe
3344	ICONPIN64.exe
340	UninstallPromote.exe

Loads dropped DLL 26 IoCs

pid	Process
1844	regsvr32.exe
3352	regsvr32.exe
60	GameBooster.exe
60	GameBooster.exe
60	GameBooster.exe
60	GameBooster.exe
60	GameBooster.exe
60	GameBooster.exe
60	GameBooster.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
3736	gbtray.exe
3736	gbtray.exe
3736	gbtray.exe
1780	gbtray.exe
1780	gbtray.exe
1780	gbtray.exe
2884	AutoUpdate.exe
2884	AutoUpdate.exe
4920	regsvr32.exe
4320	regsvr32.exe
2808	SgbInit.exe
2808	SgbInit.exe
2584	regsvr32.exe
2532	regsvr32.exe

Modifies system executable filetype association 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe

Registers COM server for autorun 1 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\Game Booster 3\\GBV3ContextMenu.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32\ = "C:\\Program Files (x86)\\PCGameBoost\\Smart Game Booster\\5.2.1\\MenuExt64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\InprocServer32	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	GameBooster.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\is-E4QMA.tmp	smgb521_20220303.tmp
File created	C:\Windows\SysWOW64\is-TEF4B.tmp	smgb521_20220303.tmp
File created	C:\Windows\SysWOW64\is-K00DT.tmp	smgb521_20220303.tmp
File created	C:\Windows\SysWOW64\is-T1I6A.tmp	smgb521_20220303.tmp
File created	C:\Windows\SysWOW64\is-R4MLS.tmp	smgb521_20220303.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\Language\is-GIP7V.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-D6RNJ.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-D1P38.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-36K02.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\Tweak\is-VHDMD.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\Database\InBoxDriverFeature\is-ND6IC.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\PinTools\is-NNKUG.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Language\is-TA1PF.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\News\is-8DVL5.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-THNTK.tmp	smgb521_20220303.tmp
File opened for modification	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\unins000.dat	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-RKU36.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-NO7JK.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\Database\is-TSPP4.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\Language\is-02P0N.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-FO7T9.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\Defrag\is-J1457.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-3PHR3.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-QS5IQ.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-FQ92Q.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\Boost\is-O08C3.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File opened for modification	C:\Program Files (x86)\IObit\Game Booster 3\unins000.dat	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\Language\is-BDMPR.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\is-0K8KT.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-7ONJB.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\Language\is-3MB84.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-KV04F.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-LNC6O.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\Language\is-GOQAS.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\unins000.msg	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-VTO7S.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\Border\is-KI93T.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\is-QQJJC.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\Boost\is-7VFDU.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\Boost\is-EJCIT.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\Border\is-I8QIK.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\Scroll\is-ONOAA.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\unins000.dat	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-5S200.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-E4OA6.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-L4MET.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-TQDAR.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-LGP1L.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-949LD.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\HUD64\is-I22SL.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\LibAV\is-42C4D.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\Language\is-5D3JH.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-H2S4S.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\Scroll\is-CGJKN.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\Tweak\is-4TDM1.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-OARB8.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\Language\is-HMH5T.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-FBQ0A.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-F8UF3.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-JCRQ7.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\LibAV\is-117TT.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\Language\is-GRF67.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\PinTools\is-8BH9A.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-PUD35.tmp	Game Booster.ByINFORMACIONLIBRE.tmp
File opened for modification	C:\Program Files (x86)\IObit\Game Booster 3\Update\Update.Ini	AutoUpdate.exe
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\HUD64\is-041LT.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-QR3JH.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-NH0DD.tmp	smgb521_20220303.tmp
File created	C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\is-M984K.tmp	Game Booster.ByINFORMACIONLIBRE.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GBv3ComputerMenu.DLL\AppID = "{49D756D0-FACE-47A5-8D11-BB050A0FA6FD}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GBv3ComputerMenu.GBContextMenu.1\CLSID\ = "{3A488FE8-9916-4F36-BDFF-3DED559142E5}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\TypeLib\ = "{316C9EA4-6140-4BC8-8537-B08D0D115D9E}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GBv3ComputerMenu.GBContextMenu\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\ = "SmartGameBoosterMenu Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GBv3ComputerMenu.GBContextMenu\CurVer\ = "GBv3ComputerMenu.GBContextMenu.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\ = "GBContextMenu Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{49D756D0-FACE-47A5-8D11-BB050A0FA6FD}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\VersionIndependentProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\InprocServer32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GBv3ComputerMenu.DLL	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{49D756D0-FACE-47A5-8D11-BB050A0FA6FD}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\GBv3ComputerMenu.GBContextMenu.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}\TypeLib\ = "{316C9EA4-6140-4BC8-8537-B08D0D115D9E}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\ProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\VersionIndependentProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{49D756D0-FACE-47A5-8D11-BB050A0FA6FD}\ = "GBv3ComputerMenu"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F6605BA7-71E8-4C6D-AD31-F05E3F568602}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F6605BA7-71E8-4C6D-AD31-F05E3F568602}\ = "PfShellExtension"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\GBv3ComputerMenu.GBContextMenu\ = "GBContextMenu Class"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\GBv3ComputerMenu.GBContextMenu	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E}\1.0\0\win64	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}\ = "IGBContextMenu"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\GB3ContextMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E}\1.0\ = "GBv3ComputerMenu 1.0 Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}\TypeLib\ = "{316C9EA4-6140-4BC8-8537-B08D0D115D9E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GBv3ComputerMenu.GBContextMenu.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\GBv3ComputerMenu.GBContextMenu.1\CLSID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{43004568-151F-41AF-8262-92DCA51E4D12}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E}\1.0\HELPDIR	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E}\1.0\FLAGS	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{316C9EA4-6140-4BC8-8537-B08D0D115D9E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{3A488FE8-9916-4F36-BDFF-3DED559142E5}\ProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\GBv3ComputerMenu.GBContextMenu\CLSID	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3976	Game Booster.ByINFORMACIONLIBRE.tmp
3976	Game Booster.ByINFORMACIONLIBRE.tmp
3976	Game Booster.ByINFORMACIONLIBRE.tmp
3976	Game Booster.ByINFORMACIONLIBRE.tmp
3976	Game Booster.ByINFORMACIONLIBRE.tmp
3976	Game Booster.ByINFORMACIONLIBRE.tmp
3976	Game Booster.ByINFORMACIONLIBRE.tmp
3976	Game Booster.ByINFORMACIONLIBRE.tmp
3976	Game Booster.ByINFORMACIONLIBRE.tmp
3976	Game Booster.ByINFORMACIONLIBRE.tmp
60	GameBooster.exe
60	GameBooster.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
60	GameBooster.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
672	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	60	GameBooster.exe
Token: SeDebugPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe
Token: 33	552	gbtray.exe
Token: SeIncBasePriorityPrivilege	552	gbtray.exe

Suspicious use of FindShellTrayWindow 18 IoCs

pid	Process
3976	Game Booster.ByINFORMACIONLIBRE.tmp
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
3736	gbtray.exe
3736	gbtray.exe
1780	gbtray.exe
1780	gbtray.exe
1780	gbtray.exe
552	gbtray.exe
3736	gbtray.exe
552	gbtray.exe
552	gbtray.exe
1516	_iu14D2N.tmp
4428	smgb521_20220303.tmp

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
552	gbtray.exe
3736	gbtray.exe
3736	gbtray.exe
1780	gbtray.exe
1780	gbtray.exe
1780	gbtray.exe
552	gbtray.exe
3736	gbtray.exe
552	gbtray.exe
552	gbtray.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
928	gbinit.exe
928	gbinit.exe
60	GameBooster.exe
60	GameBooster.exe

Suspicious use of WriteProcessMemory 62 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 3976	3912	Game Booster.ByINFORMACIONLIBRE.exe	87
PID 3912 wrote to memory of 3976	3912	Game Booster.ByINFORMACIONLIBRE.exe	87
PID 3912 wrote to memory of 3976	3912	Game Booster.ByINFORMACIONLIBRE.exe	87
PID 3976 wrote to memory of 2104	3976	Game Booster.ByINFORMACIONLIBRE.tmp	92
PID 3976 wrote to memory of 2104	3976	Game Booster.ByINFORMACIONLIBRE.tmp	92
PID 3976 wrote to memory of 2104	3976	Game Booster.ByINFORMACIONLIBRE.tmp	92
PID 3976 wrote to memory of 1844	3976	Game Booster.ByINFORMACIONLIBRE.tmp	94
PID 3976 wrote to memory of 1844	3976	Game Booster.ByINFORMACIONLIBRE.tmp	94
PID 3976 wrote to memory of 1844	3976	Game Booster.ByINFORMACIONLIBRE.tmp	94
PID 1844 wrote to memory of 3352	1844	regsvr32.exe	97
PID 1844 wrote to memory of 3352	1844	regsvr32.exe	97
PID 3976 wrote to memory of 928	3976	Game Booster.ByINFORMACIONLIBRE.tmp	99
PID 3976 wrote to memory of 928	3976	Game Booster.ByINFORMACIONLIBRE.tmp	99
PID 3976 wrote to memory of 928	3976	Game Booster.ByINFORMACIONLIBRE.tmp	99
PID 3976 wrote to memory of 60	3976	Game Booster.ByINFORMACIONLIBRE.tmp	100
PID 3976 wrote to memory of 60	3976	Game Booster.ByINFORMACIONLIBRE.tmp	100
PID 3976 wrote to memory of 60	3976	Game Booster.ByINFORMACIONLIBRE.tmp	100
PID 60 wrote to memory of 552	60	GameBooster.exe	101
PID 60 wrote to memory of 552	60	GameBooster.exe	101
PID 60 wrote to memory of 552	60	GameBooster.exe	101
PID 60 wrote to memory of 3736	60	GameBooster.exe	102
PID 60 wrote to memory of 3736	60	GameBooster.exe	102
PID 60 wrote to memory of 3736	60	GameBooster.exe	102
PID 60 wrote to memory of 1780	60	GameBooster.exe	103
PID 60 wrote to memory of 1780	60	GameBooster.exe	103
PID 60 wrote to memory of 1780	60	GameBooster.exe	103
PID 60 wrote to memory of 2884	60	GameBooster.exe	104
PID 60 wrote to memory of 2884	60	GameBooster.exe	104
PID 60 wrote to memory of 2884	60	GameBooster.exe	104
PID 2884 wrote to memory of 1764	2884	AutoUpdate.exe	109
PID 2884 wrote to memory of 1764	2884	AutoUpdate.exe	109
PID 2884 wrote to memory of 1764	2884	AutoUpdate.exe	109
PID 1764 wrote to memory of 4428	1764	smgb521_20220303.exe	111
PID 1764 wrote to memory of 4428	1764	smgb521_20220303.exe	111
PID 1764 wrote to memory of 4428	1764	smgb521_20220303.exe	111
PID 4428 wrote to memory of 4148	4428	smgb521_20220303.tmp	119
PID 4428 wrote to memory of 4148	4428	smgb521_20220303.tmp	119
PID 4428 wrote to memory of 4148	4428	smgb521_20220303.tmp	119
PID 4148 wrote to memory of 1516	4148	unins000.exe	120
PID 4148 wrote to memory of 1516	4148	unins000.exe	120
PID 4148 wrote to memory of 1516	4148	unins000.exe	120
PID 1516 wrote to memory of 4920	1516	_iu14D2N.tmp	121
PID 1516 wrote to memory of 4920	1516	_iu14D2N.tmp	121
PID 1516 wrote to memory of 4920	1516	_iu14D2N.tmp	121
PID 4920 wrote to memory of 4320	4920	regsvr32.exe	122
PID 4920 wrote to memory of 4320	4920	regsvr32.exe	122
PID 4428 wrote to memory of 4732	4428	smgb521_20220303.tmp	125
PID 4428 wrote to memory of 4732	4428	smgb521_20220303.tmp	125
PID 4428 wrote to memory of 4732	4428	smgb521_20220303.tmp	125
PID 4428 wrote to memory of 2808	4428	smgb521_20220303.tmp	126
PID 4428 wrote to memory of 2808	4428	smgb521_20220303.tmp	126
PID 4428 wrote to memory of 2808	4428	smgb521_20220303.tmp	126
PID 4428 wrote to memory of 3344	4428	smgb521_20220303.tmp	127
PID 4428 wrote to memory of 3344	4428	smgb521_20220303.tmp	127
PID 4428 wrote to memory of 340	4428	smgb521_20220303.tmp	128
PID 4428 wrote to memory of 340	4428	smgb521_20220303.tmp	128
PID 4428 wrote to memory of 340	4428	smgb521_20220303.tmp	128
PID 4428 wrote to memory of 2584	4428	smgb521_20220303.tmp	129
PID 4428 wrote to memory of 2584	4428	smgb521_20220303.tmp	129
PID 4428 wrote to memory of 2584	4428	smgb521_20220303.tmp	129
PID 2584 wrote to memory of 2532	2584	regsvr32.exe	130
PID 2584 wrote to memory of 2532	2584	regsvr32.exe	130

C:\Users\Admin\AppData\Local\Temp\Game Booster.ByINFORMACIONLIBRE.exe
"C:\Users\Admin\AppData\Local\Temp\Game Booster.ByINFORMACIONLIBRE.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Users\Admin\AppData\Local\Temp\is-2M1PP.tmp\Game Booster.ByINFORMACIONLIBRE.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2M1PP.tmp\Game Booster.ByINFORMACIONLIBRE.tmp" /SL5="$A007C,3815455,158720,C:\Users\Admin\AppData\Local\Temp\Game Booster.ByINFORMACIONLIBRE.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3976
- - C:\Users\Admin\AppData\Local\Temp\is-QIT38.tmp\SvcHelper.exe
    "C:\Users\Admin\AppData\Local\Temp\is-QIT38.tmp\SvcHelper.exe"
    3⤵
    - Executes dropped EXE
    PID:2104
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1844
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll"
      4⤵
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:3352
- - C:\Users\Admin\AppData\Local\Temp\is-QIT38.tmp\gbinit.exe
    "C:\Users\Admin\AppData\Local\Temp\is-QIT38.tmp\gbinit.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:928
- - C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe
    "C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Writes to the Master Boot Record (MBR)
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:60
  - - C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
      "C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe" -enablemenu
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:552
  - - C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
      "C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe" -enablemenu
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:3736
  - - C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
      "C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe" -enablemenu
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:1780
  - - C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
      "C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe" /CHECK
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      Suspicious use of WriteProcessMemory
      PID:2884
    - - C:\Program Files (x86)\IObit\Game Booster 3\smgb521_20220303.exe
        
        "C:\Program Files (x86)\IObit\Game Booster 3\smgb521_20220303.exe" /sp- /verysilent /suppressmsgboxes /NoAutoRun /fromGB3
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\is-MACVB.tmp\smgb521_20220303.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-MACVB.tmp\smgb521_20220303.tmp" /SL5="$302CA,60279056,229888,C:\Program Files (x86)\IObit\Game Booster 3\smgb521_20220303.exe" /sp- /verysilent /suppressmsgboxes /NoAutoRun /fromGB3
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Program Files directory
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:4428
        
        C:\Program Files (x86)\IObit\Game Booster 3\unins000.exe
        
        "C:\Program Files (x86)\IObit\Game Booster 3\unins000.exe" /VerySilent /SuppressMsgBoxes /NoRestart /Uninstall
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Program Files (x86)\IObit\Game Booster 3\unins000.exe" /FIRSTPHASEWND=$20204 /VerySilent /SuppressMsgBoxes /NoRestart /Uninstall
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:1516
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /u /s "C:\Program Files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll"
        9⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:4920
        
        C:\Windows\system32\regsvr32.exe
        
        /u /s "C:\Program Files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll"
        10⤵
        Loads dropped DLL
        Registers COM server for autorun
        Modifies registry class
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\is-4NOTA.tmp\SgbInit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-4NOTA.tmp\SgbInit.exe" /DelCrackDLL
        7⤵
        Executes dropped EXE
        
        PID:4732
        
        C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\SgbInit.exe
        
        "C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\SgbInit.exe" /install
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2808
        
        C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\PinTools\ICONPIN64.exe
        
        "C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\PinTools\ICONPIN64.exe" pin "C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\SgbMain.exe"
        7⤵
        Executes dropped EXE
        
        PID:3344
        
        C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\UninstallPromote.exe
        
        "C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\UninstallPromote.exe" /install smgb5
        7⤵
        Executes dropped EXE
        
        PID:340
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\MenuExt64.dll"
        7⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2584
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\MenuExt64.dll"
        8⤵
        Loads dropped DLL
        Modifies system executable filetype association
        Registers COM server for autorun
        Modifies registry class
        
        PID:2532

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\IObit\Game Booster 3\Cus.dbd

Filesize
523B

MD5
13363667263649409d41082d7d992740

SHA1
fb43b35290906c3454bec173e380a42bfcfe09cd

SHA256
f7cf2cc0da0eb7d44a65e940d0cad6c6cd902e696fba60caea231182206e064f

SHA512
f0a5f816dd9b3672953bdf03d421fe5ee90eb90dd8a644838a5ad353ddb9598aa4139d7325e0ee2b171a28cbe522832247693cf769d5d46b628ec14554c9c9ae

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll

Filesize
134KB

MD5
28f23af5d04c5b6e50c8951437ed851c

SHA1
51762c2e212da192bb860ffdcf92a05bb40c5d03

SHA256
24ddabdee7102acb84ec5bf2c1953c1ffc440d9c5eaca858c6c21895b7b56364

SHA512
21d53fcadbfc840966e6bddf22a27a7f61e4df3186df007636fa3550385ff317f09ac66b723b84e2fc71712f37866c5902e402286a65ac017258aadc07b3e282

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll

Filesize
134KB

MD5
28f23af5d04c5b6e50c8951437ed851c

SHA1
51762c2e212da192bb860ffdcf92a05bb40c5d03

SHA256
24ddabdee7102acb84ec5bf2c1953c1ffc440d9c5eaca858c6c21895b7b56364

SHA512
21d53fcadbfc840966e6bddf22a27a7f61e4df3186df007636fa3550385ff317f09ac66b723b84e2fc71712f37866c5902e402286a65ac017258aadc07b3e282

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\GBV3ContextMenu.dll

Filesize
134KB

MD5
28f23af5d04c5b6e50c8951437ed851c

SHA1
51762c2e212da192bb860ffdcf92a05bb40c5d03

SHA256
24ddabdee7102acb84ec5bf2c1953c1ffc440d9c5eaca858c6c21895b7b56364

SHA512
21d53fcadbfc840966e6bddf22a27a7f61e4df3186df007636fa3550385ff317f09ac66b723b84e2fc71712f37866c5902e402286a65ac017258aadc07b3e282

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe

Filesize
2.4MB

MD5
eed44409f5c42cab3c3313fd8dd9d3ac

SHA1
04e18f2d0d1ef89d7b4c315923dca8fa7260894d

SHA256
f7033036856d48792d0e006db5fd6b1346ea0a8e7feb64f07b6827ee5bc0b112

SHA512
98cc7596f973970ff50aa0fb3f5fc1fc0066c7b179076fe45cd2a4c991964ce07718530c4118795e5b7ef28b80df8bbd580ea7334a2af4647d6c1b039b3df302

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe

Filesize
2.4MB

MD5
eed44409f5c42cab3c3313fd8dd9d3ac

SHA1
04e18f2d0d1ef89d7b4c315923dca8fa7260894d

SHA256
f7033036856d48792d0e006db5fd6b1346ea0a8e7feb64f07b6827ee5bc0b112

SHA512
98cc7596f973970ff50aa0fb3f5fc1fc0066c7b179076fe45cd2a4c991964ce07718530c4118795e5b7ef28b80df8bbd580ea7334a2af4647d6c1b039b3df302

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe

Filesize
2.4MB

MD5
eed44409f5c42cab3c3313fd8dd9d3ac

SHA1
04e18f2d0d1ef89d7b4c315923dca8fa7260894d

SHA256
f7033036856d48792d0e006db5fd6b1346ea0a8e7feb64f07b6827ee5bc0b112

SHA512
98cc7596f973970ff50aa0fb3f5fc1fc0066c7b179076fe45cd2a4c991964ce07718530c4118795e5b7ef28b80df8bbd580ea7334a2af4647d6c1b039b3df302

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.log

Filesize
208B

MD5
d9573cac571602cbb7155d4c6ac49e4c

SHA1
e7b2a9d96f637b2e51f347c0d3bef9ee8e26749f

SHA256
468c620fe089238c0e8fd15c0569d4f392e045990bb9711c0e24b48d1955863a

SHA512
189b9c8ce5a560142eaf787db527da863f6a10968c284153b8c0bc05b8d2e659f559c6f759eb5fce43aa2596a22b0be839a2217458b1642d4737c67823f80afe

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.log

Filesize
899B

MD5
33903e298e7917e986a7fefecc6880f0

SHA1
cb178f26ae82a8d392cac3e0885c2a098ab646c5

SHA256
9086a004de818c73d3f815758c6aeb377cc67fc78bd700a63b8c83100a2555c6

SHA512
d0ab708aa80545e0fe5a5df59084f9b62e1d852481c9be22b6ab845f0ebcd5a2160df59b424775ae391942727dfe5b3a480693dc4fe7e37c23fbc6ead654b77d

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.log

Filesize
1KB

MD5
67679c8e753762ea657dce5a8018573c

SHA1
10fdb0522ff7be41399bf4725f22ad8820bcf4fd

SHA256
73e6d0f23af5a7f514c78d943f18006a32f6eb4c3fc51b7f658ed3cecd8922be

SHA512
80f21a0ae35570efeaccce206c53fbff6d0339c40ac51828c00d060276748f277111e83b0745dbc0ae35557bdfc9202354953e34a9c9c0e5f8af9f31c7c29500

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.log

Filesize
1KB

MD5
a351f1afca508536cf8a2cb6ad0b8e9f

SHA1
1bd29653588917d646076542d9881a05ec41acd5

SHA256
e7201436f9cbbedda83819c146ccec2c07e8c085c0877a078b6016227ac24617

SHA512
06499fd26898140944df48ef808e070fd094407ae76a0226a947dad9a16aa84f9f5fc7121a05e6a834c0f94c72e962322bbb62ad1f0f736b331b71dc0c540a2e

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Arabic.lng

Filesize
34KB

MD5
9b05895fdcda6f5afea21d800814a8a8

SHA1
8ce5ad00ba83436735d2ede05edbcfc41fe1a52a

SHA256
b16214a1a570777f79eb334512f9936456da19a7f871e63e14e11ba9be18f4d2

SHA512
6d9633d25fcf70d1a67ac4a94e3758b724b9051d65a8c1e689a36787eb49ba9afb828542be1fe39c94e6ae5a98c7ead28b16ac01847c14ff6966f6877f0ebdbb

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Azerbaijani.lng

Filesize
43KB

MD5
ffd8396832d376bc139057ccb7bdaa36

SHA1
0f6fa5f28cf55ebc26cafdf412e394ecd0646419

SHA256
da12374913fa00e3ed9c29a0fc40f64c3f9fd53676bda19e8280e23294bab140

SHA512
51e0426afddd69b738f56bf73a90ac5011cc3f2c66d76c1c0a28dc99d38017aa6579be997df27b1c29e9d401e7f784003e1a65ee4f9018aac764f86241e70a47

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\BrazilianPortuguese.lng

Filesize
42KB

MD5
e6884afd08f4d5aacfd9d2aa8ff7ba05

SHA1
8565ba1877c96714fa65f36e72200363e0471b62

SHA256
84d2125eb3b51494725f678ddb26f4bb5dd5927fc1391bc1d4c4ef465e17ca3d

SHA512
a1f4bcbbc10fb2886a910aa11c94752a8a330d9f191d210a6a1ea74da930980af42d8b1c2f7559ea2f298a5b9e4a0b6f05247f4ae46a0905a8a8a264c248fd64

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\ChineseSimp.lng

Filesize
27KB

MD5
28262e5b828167ae9d464d05fcd8f730

SHA1
458a2e39d0cf953d8d2c9f2ab02cc50404697dd6

SHA256
cbe7a690fa5a6abca1905505bc186209f1bb72b315a8b41d97fe2f7837664333

SHA512
0b896372d94ccee71533dd8747658a05a8eb389b204fec38b07bb5aad0df9e8342deca457011ac4d250daef8f7a72d760567f2ef29ff2d1756426788bc8b3721

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\ChineseTrad.lng

Filesize
26KB

MD5
d9d9b9f7e3dac4617bfd72f76e91cf95

SHA1
dd009cbf2e31efcbba74d9762e93aab9a4380433

SHA256
066cdcd681e269553fb46879deb47df04a2c82270d48aa6ce4af5fc2f4158e86

SHA512
5969cf8981b24bc0275d1a18f9932315414ba116dd17e4d3114c2a4ce77ee281e5aa452ee99bafb2e0b6a84e3f5c991125a8c4a7eda739a1e27fad303df103fc

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Czech.lng

Filesize
41KB

MD5
b8678a70d43da0e53c3cf134f2de36dd

SHA1
a4ebd843c105d6d16392842de3e68db332b9a4d3

SHA256
5f591c884f0e3ee826fb45a238780e4a25348c41dcc4df03076c29a3eff8c909

SHA512
6e74d15bf44aec9ac5f952bb841624fe09e144b863ba8c3f3e90ad474238412810e5413e7f45a1191c08058c63635c8211312e221d3cd14522667158845b4259

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Danish.lng

Filesize
36KB

MD5
cf1b70420a32ff1683118fc8b6b06aee

SHA1
762d6385e4bac91dc3cdd2a53a81e1e404df5dfc

SHA256
7bff34f248ac7e923f4fad6ecb2ee2b0f5f616d8ba46136fc573a6fd97b77b24

SHA512
67eceab883a54621591ccc9e38e21d5086ca664b3048e4321b94d7040d037a6291dd77900f16b638190745c20ebf42d31c2ec57664e911135a49b28b35ce5370

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Dutch.lng

Filesize
37KB

MD5
74387de0217279f08b97b86ab7d01c61

SHA1
b8da22f0762139bcd8a0f9d09fed13b9da964afa

SHA256
d2395fe325df175eb7f659e6a98cfca35c3c7c32cce4891cb3a060694ca2bf3f

SHA512
c99892d08c45d4c52d97cecc9392f71b8d9374f2c71d74b02c61a458e931a9769ae5bd5f8419c99b6c17c545ec94f22a52bdf70e7a9abdf2215d92fd7280cc8b

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\English.lng

Filesize
40KB

MD5
5d8fd5c00ae67232b5fae2e6b8e4b582

SHA1
0f9613fdae34abe4ac75b54e68e93613356ddf87

SHA256
19707e73811ef5af4a5a81ca221d04bcab26480d6beb7697b66696a4e21112a3

SHA512
c6963c0a23b6396f4e9b64e9271eae978e61d1ab221be89202a72e0784228af8eacf923525abfe7164f34dc21dcfed4bcb6cdae3ba0c8538568535fcc3ae6ec1

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Finnish.lng

Filesize
40KB

MD5
4d6e0367fe18842d30b4cf44e93c1ba4

SHA1
490dbd18cd06d959749a61ab64084549f2609ddc

SHA256
a70ea917c8a8fa845e7cdece889bc44f6d5e340cf1c12a7cc0edc3b91ea5b7ce

SHA512
6f4a9cc9d3913f563bca10e3b8ea97b446c432ecf7fc1581507b5f117a6bcfe8bb3d2b42be215d1970bd30c2587090309efb2d85d593d0b316a6cf14d58a408a

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\French.lng

Filesize
40KB

MD5
018a85a69f345306e990c945f81066f8

SHA1
c600768296183ed31b3b7d6659880ccef59b74e5

SHA256
c4bae02edb5368bd3cc85cf21e14ec0b67ee9cf10018f527f77f7b9dac38579e

SHA512
2dfb16136377980a4ccebdb6d2a847c5cfb1db8e94d71e9e9edf9e5f1e281fdc5d2652863f40868162f49a4452a1875b51bf493a0aaabf9ceb0667ae84fc22cf

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\German.lng

Filesize
41KB

MD5
82b21f408340c7e5b542297e8a8f50d5

SHA1
2381c879b7795446dc9963bc9130aee2e31d960a

SHA256
e767b6753ea6e517a39cc5ad2066ba6476c76ceee97455e3a13adb6720d333cd

SHA512
7ad3a32600852942a395e9a73f53661d46deee5cc41961a42bc325002ead84b8ba0c5e83c8ccf791a5f5ba3e41c96de9b700a781c415643b8839c816bd4a5147

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Greek.lng

Filesize
45KB

MD5
a1e3e17f90a1baec05b364fa4fb2437a

SHA1
0a4d98853ec1f8c8c40bec901d2d3e8e3aa7c715

SHA256
fbd81b52fca0da5c2409b05d75a5a8ae5b0a2ddaad681d78f7745bb8dbb5f5a0

SHA512
f99fd15196e990cfff27b7c9acf3a65e4ab92d1916e1bf2a9dc53dc9fdc8f68144384d7bf4994ee65d7e4b46e0885b24bab43e5fe8bd0443a4983d86695cfd52

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Hungarian.lng

Filesize
42KB

MD5
5e5e5cad485e5e97d9eaed098c877962

SHA1
585d4c13ebd66372552a5f4284fa3bfe5dba82a3

SHA256
1519747e93b0641faf57b31f912ab129a383c6d36d00ec32fc97035d40d6a6c6

SHA512
3a5d8e47f6ff549dc4b8f0e208a1268197ea34783bdd0dcdcf897d5257dd318beeb91acb5a3136410ce1e3b0a49d58d830a3aa94718a5224de29f4c228375e7b

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Italian.lng

Filesize
43KB

MD5
697e9e1b9f48eb04e442e15a12a4ca60

SHA1
03f3aa489ff830d62dfbd6f904b3ce98b5d7f437

SHA256
bdc0b13c0dc1078f18248f06e09d29037481884a981a9d49977cd5fbc470c1e4

SHA512
980c355c9d5ed2973f7ea0ff9dfc1a80b9c7e8ecf8ad6e00b5c56eb3b9357964d6c9ba191dfefb84bf0d8b09758b9055d3f8ae4281a42b9fff522325ffa7639c

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Japanese.lng

Filesize
28KB

MD5
ba4d260789675b29c56e095043e06ea4

SHA1
b396656e4a64207c6c0179daf1327d7d51bd472f

SHA256
edda2c06f1fc3f8ae5909a75311c438729f3b9a3945fa1b525f220e63ab03031

SHA512
c39ab9a63ea840fbaecb324dc495a6a85eb14df0c64fe3c69fc19611a1b3b2e80ef461d046ab2b0a8a202fdf03ecc87678e70f344fe71e7af7b951e6556f53fc

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Korean.lng

Filesize
31KB

MD5
5b6b3d098b009e1b296ddc463ccc1b6c

SHA1
2dac059a4b481daae100209120103f7c37ddf0cd

SHA256
db21925f27ce5adc2b519d648f31bfc2005015fd69d10a0d82384550e8e58ab2

SHA512
a72001538361218f67e0ff7ce170d9a948b197fdeeba48b4bccede7b429b82f212bb656400d7e6d6f25d2702f0d828957b72aa13f3622ad6edee7a1623621a6b

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Macedonian.lng

Filesize
42KB

MD5
ad1e8bdbbe10606fc2ad9ed1c94eea9a

SHA1
c2d01482e273b8edc4cbf60d290a9f19df39f788

SHA256
fdc5f43189542d52122fb394763431951e5a85766ef27f33033d03e605fdcf3d

SHA512
71317542d042050a2b989b06b76376d8740d5c773e95f018fe3430915fcbdd6b1f60d2e82cd7bd45a408c388bef987ae6133c955fe081e24e71ae9f0e5556562

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Mongolian.lng

Filesize
42KB

MD5
4d3dea9680cdf4e8917d6b936e4f8984

SHA1
34a9cf377c178b3ff0cb16593e766631a1454e84

SHA256
3a53ab11f2854ed67620a5e4809db4f0045f0e10e3fac632d9943ad8b91bf43d

SHA512
318c9830fe3541c07cb6b412d94879f3db523ef576cd3e35bc0b4937ffc6447e2046e3231b9cf57cc95aad1467049e308141f0c3dfd3fb02318fe9f366e5a90c

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Norwegian.lng

Filesize
38KB

MD5
a765dffd2b0b36c8130fbf884f43f04d

SHA1
74b813021c1098b7aeed9bb20ded7e5ff292dff1

SHA256
7fdcf53f1569a43a2ce4bf6118bde85f0273379052cb16c1a3c900ac83aec929

SHA512
c8d4fd7cb6822856a1040a194c6dad15487ce20a557ed196fcc703662415bc7a8efcf68d44da168e9cd30ae5d3070b08e5c6a8a5383617c2322464c18b7126ed

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Persian.lng

Filesize
35KB

MD5
fc697ecdfc0cdb4ace67a09d5b16f5a1

SHA1
567cab814996ce8d3259af68ef9b1da35d6bc5fa

SHA256
8bf12037fa62e72e818eecb2898ed605e194bc977cecc747015cd9f0c1194d6a

SHA512
0c38d519a8da288ec31d9556c9f77c9c6c388a6e1b9d17f76025996100606ce130284e16a6cf9b077f12236be4c74412c32e78daca8b02240c719d5fb0502899

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Polish.lng

Filesize
41KB

MD5
e3885c75b330dd92e8d26b964e163e45

SHA1
3bcdd6e1e0318cfa1b605eb0bb029682a0bd1d21

SHA256
e322b5ad24d1f7a6d11431cdc893c8ff8be8e7100a7679c0ee66838f255a7363

SHA512
8c177efb16cc6631876893643dafd4a27b9ecefd632ada735c5606cc742ebc51aab7e898001c2573a5bd5a42de9684975c3cd4ecb535b81d161853042026b9fb

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Portuguese(Portugal).lng

Filesize
43KB

MD5
be9a923c665c5ed77a47cb8e27ca8321

SHA1
c7375340547aa65c5ca80300cbad837f0e85b9ee

SHA256
097d4f1e70ef6a4efdfa70c63d1faefdcd3fc7f823f583c4bf318032e60df240

SHA512
740a5b5e57784f101d0484cebe5b3bf154e98a29fb306ff9764b3a37947eff8a3627da4cb112061c8b6cdd23f0ccb0ef440e87969a54c6cd8bc94383855a83ad

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Russian.lng

Filesize
43KB

MD5
b4430c48cee060fe40977e4e75d3fa6f

SHA1
f316ceded92841c15f2dd0af5c7a1737cf5d707f

SHA256
997f3e683668170f57aa0da58b129b4c1c0701d382e66117731c6a46610af728

SHA512
d069fa3368ed49fba0f7759473ccaf987574d9efc4990f4cdc0ac7f39d0fc3fe80b9e974b52d237cb7f1c4239549899b159c0ed5b635bda215ea42a098c044d2

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Serbian (cyrillic).lng

Filesize
41KB

MD5
7f5a7dcd2a3d00b92d7dd4e9616c66b4

SHA1
6769c9569679eeb7f640bdb1efd23209a6c6fa06

SHA256
d80c4abd23df6799aff88cdaab00289259ee8b4a449dc4ad57fc5d7debb20a4b

SHA512
d68796cb5dd1ff7ec883d71930c6b8b4b63569be585ad1635882272eef0362f13949615daa0aec98ff9694172c38a04bfd9caf29dcb15bc2334f9bb475c3d8c8

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Serbian (latin).lng

Filesize
42KB

MD5
f44be5c1b36f04701258104d3e2f012a

SHA1
56b87a27d33c6738e5ee548d822520c17f1d1f86

SHA256
b3e2b137c03e01321a11ba48cf1f28c80a04d6bd2c717bf25fcbe7bd03ff6684

SHA512
b850b2912c36a750a395d9f052cfef59f1890038b89439dc0514ee9d3c8e418484c496c46dae353cf44cf521c1a1313b0e2fb8db4520c3f6a11ddf727dde4c75

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Slovenian.lng

Filesize
41KB

MD5
19701ad42d8b00459ccc3155b300fc64

SHA1
353261b75b82670b84664bd68d25c8579c506fce

SHA256
ce988245f47cfe60f97ba0a5b08ca088a275ab904c2665b1dbe93fe069ca737c

SHA512
4cf588054fc2a45741853430f5d2c408d6a9707b13616ddae06e947ca91f47bdb8b3b17f7ddcbe50a06a8a139a3cfe405a281e929b6128993faad282aebec14a

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Spanish.lng

Filesize
40KB

MD5
dff7c104ec3f35614d4c4256710fa315

SHA1
d68fcf3259329250bac2a0fc5b9507ca33297b1b

SHA256
b37723294f85947b8a13de600e2432d642c72d2e8c6500e155a8ebf6ecca9d7d

SHA512
34e218b598e9e35dbfa26921e400e50796d3cdf3778569210cbc2d337e4104ca14fd65972ae1c3d7d526f4b793f3615c6342fa066b9a78ea71fe6db1d6ae2b1b

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Swedish.lng

Filesize
37KB

MD5
c2d8e5e427207900c92bb347fb2ff2b2

SHA1
7298d9ff0c007de511d652796e6d95f60f6a1476

SHA256
5075fb33f2733ac850a03944d1a2f423909592938210d580e2c7ee17dfd97f18

SHA512
6c3763d6f4c3ef1d2c65d054c96cc959c1eb9b8f4288ad15e7f6c583f22372227d7a3bd4a8f9928f8438a5f346f3b84af8d6fcaac6bddee7850c8023efb216fc

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Turkish.lng

Filesize
42KB

MD5
49cedf5fc566fafea582b45004cb22e0

SHA1
7eb9830848f70d292fcb961c3b11b6271957b9d4

SHA256
f97113c889a96fd369fadf49fd04c0b4898504303e38eb970341cd5e6b9a70ee

SHA512
5b2407dfd0c722ae2179d3f73f3628d41adbd7144cc2dc2ca8b4fd54c6d420f75c4a10c4102d11256e7fccbf11fe4add74f0c7f3084229b402d79abf78a6662c

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Language\Vietnamese.lng

Filesize
43KB

MD5
c1f6187426e45dd877c222b7966ce002

SHA1
da4ef53f513d322fff37eb362c413cabbe81e69e

SHA256
7954a5d0e4cdadc997a0bd51ee5e551e8dabbffa437dacdd59181a6801a19687

SHA512
7e42d00b36c3b06fbcbdc2c9ea5d7aa1e1e4d57489ddc321b65a956e9ba13ec6a17c7f68dd60028299003ee151dab90d3fb41f5f5fdf89f17295352da091d5b4

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\LatestGames\LatestGames.ini

Filesize
284B

MD5
6c6546eb5ae6a6c06fa1d2b739dc44dc

SHA1
75688889a14089f0f8450da818a964226b497bef

SHA256
bdaa340565e7d4219403a47cae554ba4618d7059f10cee06397bb87f3e0ba4bd

SHA512
fcfc3103074dd4ac5bd721bea63845a21d279f39f6457dc44e434674536bd32a45be6ed75e8e6f33c9e107f068d5d36814e1baa5fd2bcf7696e3076d749f6f17

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\LatestNews\LatestNews.ini

Filesize
220B

MD5
700ad666a809b7eb534e42811c00e911

SHA1
0c27dcaff20333649bc727a10b87eab8172c5f68

SHA256
f06ef89d09d88cac6b1ce63c70f74f9f22fc543dfe04b4e6f9ecc8fbbf9c7e8f

SHA512
fce103045f401dc074a344343f56d886ab5423878714c01a1c6de1767b93a30ee5df6aef89b3c6e2d389c2a76e5d379ee225f25b0aea432f1b9cdc84e61cf202

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\PowerConfig.dll

Filesize
60KB

MD5
07de550e2c672bca2b2fa3d082094cb7

SHA1
832b3b2900f5a2611015dacfb2092c140020ad11

SHA256
2b0d49b58b1e103dac8dd449a0ce4d9488e6aad083700287296f9465e8e207f8

SHA512
e4f50002996decb0acbb073051760fc0eeb960836b5f52360a1649d4ea60defeaaf311763d330a78118b1aee35f70ffee037b6c38d9c7a9e7e31177f29a7bc34

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\PowerConfig.dll

Filesize
60KB

MD5
07de550e2c672bca2b2fa3d082094cb7

SHA1
832b3b2900f5a2611015dacfb2092c140020ad11

SHA256
2b0d49b58b1e103dac8dd449a0ce4d9488e6aad083700287296f9465e8e207f8

SHA512
e4f50002996decb0acbb073051760fc0eeb960836b5f52360a1649d4ea60defeaaf311763d330a78118b1aee35f70ffee037b6c38d9c7a9e7e31177f29a7bc34

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\Config.ini

Filesize
6KB

MD5
c6952115ddced485836edf1d5400180f

SHA1
9df0956769f171560c49cdf36a5a6087bd9a2e37

SHA256
f82d9cef7629f6e6fe1758ecf764a404ed6927f21d63db2fc8b43dda945f9825

SHA512
44bf24d82d26127c46a46ab589f4d7f895a24494ceb576bbb52343ecf343759701f9082bc64ae364264dda132b7cb36bc2b25199e74deda29723a67cf3c17a17

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\button\max_normal.png

Filesize
1KB

MD5
6cc8ce52b6b8febd7587d8b6f438315c

SHA1
9b26fa4fa8d78b801348857c4e73e4d246d790f5

SHA256
e57735a407f24b987a45b168d310fd7c623afa187f9311464543b0da1b7b6f2d

SHA512
b9f1aba3b9fed3b4c23918c39197ae6f0b510cf4bb0d03932bc681ffba988039d9153da80bcb261817776d0688fdebad7dd3c992ec6a7a620fb048b9e823e681

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\button\restore_click.png

Filesize
1KB

MD5
26f8eb6bfd7c7bd1884f678f57dbe552

SHA1
d0e54748b99ea9b2985851113f82fbed950f6cb2

SHA256
e3bd4c747eee94cefa042dbb84240b2408a3c6b21f14ed966e23a326e0acc311

SHA512
c08b02b483f50fe4b755b404be377951f8b6224d001ff95bba7a22ffa7408f167a580b9b2e08fd8af33b4ab307ef5d4ffcc20ccdca0192344905e9159c4bcd86

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\button\restore_hover.png

Filesize
1KB

MD5
42ce250c65128c6d69d04ca6be8b4346

SHA1
13577a0224f76c347efcbba99fc130c54e707b42

SHA256
86afe906428f2341acdc763438d1e3420c8cff2aa39e93f138270b911f346d48

SHA512
4ba303aff94fe8304d0c1e4b9cac11fa0da79b82fe49afb9082675005bd3b330eb141403f5087d0d78bc028c3230736aa608d90c8599ea9edba2806d4fe4d74e

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Skin\Default\button\restore_normal.png

Filesize
1KB

MD5
8ddb18365df949bb0de4101f9c613543

SHA1
4116a29ac9690a1b6bf1f7df24059d9581749d48

SHA256
0c6670285002c7e74f7ca3a0c00979a4809a5f78a83a9f14106caaf0c84e658e

SHA512
85c350ce072c448c79fba09685378a707542dc1224588072aeea0acdb7e6b9804511520179416f47cacdd97bec2a037beb045ab1b720bc0f736a199eb4424599

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Update\Update.Ini

Filesize
754B

MD5
19aaf402e853a518e9c0b293e6eb3acf

SHA1
4f47a291b7eee0cfeca3b53681c4687808d32be9

SHA256
e0f8ea1f967f41d1361e2e3e5d82b1031c4f37d0d438cb1b0cea45815e34c0b0

SHA512
8f4af8355357322c25182f9b96023a3912b85bdabc22776c083a6dcd3692cadf4ce372e07b812903102097d47a71d6a9372a8408cdc04e37b2cf0b4c54447d78

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\Update\Update.Ini

Filesize
798B

MD5
a2801ce7181201b02aab99e195f696fc

SHA1
dc2c5e68e533c96e81f6058faba49e6435160b95

SHA256
b7fa3643641f0beff1682e25a0193785335037f2521cae8559f802a97da17c8f

SHA512
59f6cc77ef9cdfcf07e677401c243c5a3c1897a4d0685590f2cf78a040b646809cfbbbb6f301ff11bbd7f34178f4e8381ce59ee9bc0487d7a6f5dc170a86282a

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\dxhelper.dll

Filesize
81KB

MD5
55bd2e5fa1a20d5f4357a22707eb9c80

SHA1
be16b69b1d55dc3ae9f3fcf12463cde688916118

SHA256
b145a4743439d1924be3b59c045d4755720e3c6df0e75626ff7665c77c2cfb73

SHA512
fd7d3b69dafdc1c8e4fe2327f10c1513ac14c065c526026977273aa365e335fd935351f890afe7ff14df11dfb28bcfea030e301780ae7912bc68f47e0111a5b0

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\dxhelper.dll

Filesize
81KB

MD5
55bd2e5fa1a20d5f4357a22707eb9c80

SHA1
be16b69b1d55dc3ae9f3fcf12463cde688916118

SHA256
b145a4743439d1924be3b59c045d4755720e3c6df0e75626ff7665c77c2cfb73

SHA512
fd7d3b69dafdc1c8e4fe2327f10c1513ac14c065c526026977273aa365e335fd935351f890afe7ff14df11dfb28bcfea030e301780ae7912bc68f47e0111a5b0

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\rtl120.bpl

Filesize
1.0MB

MD5
dd82eb68d97944b192c7803eb585b03c

SHA1
b3ca5f5bf172dbb5e83ff9d9113e0f897152e642

SHA256
e39263e6305bd0eaead7ce9838be6d8510b66776880331f4c0f570370ccb7e01

SHA512
a070bc970a5c03ad191405a6ab9e119fde7fc0966c93bea36dfa15a8300882b662f0b342a2bbc327b57e7e570e001f0a8d661de5858784ca376ff36a99131faf

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\rtl120.bpl

Filesize
1.0MB

MD5
dd82eb68d97944b192c7803eb585b03c

SHA1
b3ca5f5bf172dbb5e83ff9d9113e0f897152e642

SHA256
e39263e6305bd0eaead7ce9838be6d8510b66776880331f4c0f570370ccb7e01

SHA512
a070bc970a5c03ad191405a6ab9e119fde7fc0966c93bea36dfa15a8300882b662f0b342a2bbc327b57e7e570e001f0a8d661de5858784ca376ff36a99131faf

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\smgb521_20220303.exe

Filesize
58.2MB

MD5
00a7cea7bff01266e54e478cd6f48eb7

SHA1
d25562f2cc56d84bdc40e6a6e38f29dd7319f1f5

SHA256
6da13382e448cfb9e83ad91894f6489f41d74a150836415d2b6746f0621004ce

SHA512
84b0aeb815f983ea9704a966d6d0b2c337c512d37ffce4c02b2daa21f2704063f3c35fa94ead3fa081e58c6577c44605a4f4ea2410f73605e25e7c06dc365102

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\sqlite3.dll

Filesize
504KB

MD5
dc75cad4f45af46b7a98f0b9f89ee5de

SHA1
42266455e4a5b72f7805d63062c6c966eaa88ffc

SHA256
bc7ca2c14170641c470f004860c034be33f11c5bedbcb76f84585009a6da952d

SHA512
8346c19936e7923623595a3c740d9100a0dded3df3c44e2d719c6cd9110c77f7556c22d3b77bfe5bb374123483bc61ae3139d4673048fc3712e8faaa6e1875e6

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\sqlite3.dll

Filesize
504KB

MD5
dc75cad4f45af46b7a98f0b9f89ee5de

SHA1
42266455e4a5b72f7805d63062c6c966eaa88ffc

SHA256
bc7ca2c14170641c470f004860c034be33f11c5bedbcb76f84585009a6da952d

SHA512
8346c19936e7923623595a3c740d9100a0dded3df3c44e2d719c6cd9110c77f7556c22d3b77bfe5bb374123483bc61ae3139d4673048fc3712e8faaa6e1875e6

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\taskMgr.dll

Filesize
319KB

MD5
4235a1996760156ac8bc88cd47942a56

SHA1
36739c4b7739473a1f46b7a2f7f273f968a0fb99

SHA256
fc00ebba7d93b0256f2dc983bd7df23e7cfa0edd22a8578bf6be5aa6a48558e2

SHA512
ebe0619b0f70ca073ff3eb495fe32305d3fe5f98f1dc996611e3a7917c84a41a9acae1aaa8c3d9d82586eec9aea72233d19c5210b8529f56adfac650665599b0

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\taskMgr.dll

Filesize
319KB

MD5
4235a1996760156ac8bc88cd47942a56

SHA1
36739c4b7739473a1f46b7a2f7f273f968a0fb99

SHA256
fc00ebba7d93b0256f2dc983bd7df23e7cfa0edd22a8578bf6be5aa6a48558e2

SHA512
ebe0619b0f70ca073ff3eb495fe32305d3fe5f98f1dc996611e3a7917c84a41a9acae1aaa8c3d9d82586eec9aea72233d19c5210b8529f56adfac650665599b0

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\unins000.exe

Filesize
1.1MB

MD5
30f2396ad4a22e87f99f5c3c30eb1490

SHA1
b7b7880b3891ff30434b057b3bbd41100863f0bf

SHA256
09e16e8133b6fbc7a7ae2a24b66b29aba71fa0ed710b377d5a2f484168492f6b

SHA512
bcbbb6fb5be6eb8029526617fcaa6713ff3c1865161b052e50ebcc253083b05c2e659981872c1ef04f013ce054fbeae6be657ff847709669f1672d047ab7a7d0

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\vcl120.bpl

Filesize
1.9MB

MD5
773ebd87010a6f644869a59d98792c9c

SHA1
7d5befef572dd95776af9c2f9999124b98f1965b

SHA256
c9581c6a50061ed588678f29591b2515fea81a70a7e523751106bbadbfe11842

SHA512
e111505b06b8215ad7584f0b5d36a0a62660a2da5f74ec67848dc37dd209564e3261ae371648175a1184882b06b3e395a36fa5859c031ca3818fb745121fa80a

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\vcl120.bpl

Filesize
1.9MB

MD5
773ebd87010a6f644869a59d98792c9c

SHA1
7d5befef572dd95776af9c2f9999124b98f1965b

SHA256
c9581c6a50061ed588678f29591b2515fea81a70a7e523751106bbadbfe11842

SHA512
e111505b06b8215ad7584f0b5d36a0a62660a2da5f74ec67848dc37dd209564e3261ae371648175a1184882b06b3e395a36fa5859c031ca3818fb745121fa80a

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\vclx120.bpl

Filesize
204KB

MD5
264bfcc11a0da6f0b449a40a14d15772

SHA1
c3c4557eae6e5337dd261a92f254043bfa1da82c

SHA256
7744ee00d954d60e04b05765405ae128e566c1cf0b2717401dd87499e4b8acb2

SHA512
63ec6652e2794f9d2fec09c0179cb6aa32f6097c14830edb33932a12061b50d1a21fe8c10d81aa30754d6f1352f2807bea4004ecc5a5c9b0c1ba69db6da30718

Download Submit
C:\Program Files (x86)\IObit\Game Booster 3\vclx120.bpl

Filesize
204KB

MD5
264bfcc11a0da6f0b449a40a14d15772

SHA1
c3c4557eae6e5337dd261a92f254043bfa1da82c

SHA256
7744ee00d954d60e04b05765405ae128e566c1cf0b2717401dd87499e4b8acb2

SHA512
63ec6652e2794f9d2fec09c0179cb6aa32f6097c14830edb33932a12061b50d1a21fe8c10d81aa30754d6f1352f2807bea4004ecc5a5c9b0c1ba69db6da30718

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\D3DX8Wrapper.dll

Filesize
274KB

MD5
30b7b3efa18afd66f7f8e05795ebe6f4

SHA1
97f24fe40c7fe41c91c654d35ceaa424b981e2e5

SHA256
7ef6cc7f30a77520eec220553800daf873f2a0bc51a8b743012117e86e69a945

SHA512
e07b15f6f9acb89d10f7e5346246e1e4a256d28b242b29b77cfacad16983349f118c54870d6d6e0529d530a6056f7ae277484caa583003ebe2a46188aa244d52

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\D3DX9_43.dll

Filesize
1.9MB

MD5
4446004e43275432ed2ae0cb373c2f50

SHA1
1593fefe08723e1600f81239869b23860d2005ce

SHA256
014252c69f35d59c94ed9f2ce969abb840b26c9a9bdc8ed35825c68e235790a7

SHA512
25b9301dcc61e81f2dea50a990d0b2ae802033bb81606ce0e82cfc83900644dd58bc7c8feeef5631d8cd718a269fe34e1e13001c7c34f342280bcd0620d14c8c

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\PinTools\ICONPIN64.exe

Filesize
575KB

MD5
514cbd49324f8f45cd00fe6fd69a245c

SHA1
8e26c0c14be87ed8e221da1713ec6580b6a1ac5f

SHA256
ca8771322b4a6b3a48fcecb9c61a33abaf0e83d437889581297a186ad62d653d

SHA512
66d4f07e222508027526801c8e40e1fc8928c03b7d6d323b8d43ac9880392c3238673e8e413c90e4460e777d9fc4814b46ffc466948d43cafb70326016d769c4

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\SgbMain.exe

Filesize
5.5MB

MD5
9c3ac22b61552129fa2af73785397388

SHA1
e18d2bd8441b9b18e6e2c94b31acae7cd1ece6ea

SHA256
84e6451a85a213cbe714e2a0035b0acac8ca8cd9ca5550e9f060adb2bcaba4ae

SHA512
334d7631dbf71f70da01519a374e06a0bc49be8561d182e9e50ef8f29c7471c48d733efa9164e1da4bcb286e55faf3b590c2cdd27c0d1863d28fe4b01e9d5b2e

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\UninstallPromote.exe

Filesize
2.6MB

MD5
9458e22b1845e174e327b773616f90ee

SHA1
cf300b54f9b99970c0849868eddbfcea2be061c1

SHA256
f717b0cabd0eb4019b6f7f4c9603f5f25ed1c6e79ddffc6bd9d2c6a5c10f58e7

SHA512
459e14205e4f013c9a7b747552d40a7da6c2c960012066ae613dbf256541665998734f51f0d7961c3dfc79df837ddc4147bec2c8a2869559094af4fb27161978

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\d3dx10_43.dll

Filesize
470KB

MD5
9f2344af5ef96ef7ae59268824f3151c

SHA1
b3da439d056bb3ae7f00ecda4aaae73ef79e22b4

SHA256
c69799ea10f65780dade40fec14610295bd1fea15c6e165452c89ff83ab093a6

SHA512
9bb2d42c86ebf0ea220b9455eab1b794ff3ef5721e23cfcf141d0fa5b1951343c75382bd35836a596f3666bf31b507d107f71591f1b3d663ddf4a3675881662f

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\d3dx11_43.dll

Filesize
253KB

MD5
f3447226656778933c98be43f7a748a3

SHA1
13c042b8c6034aae8f114df2110e740b374a40c6

SHA256
16f1ad014f30e5afb51c34b68b48ba553ec4622bd3439a3584e72e548fd8556f

SHA512
8735d37f4afa2f34a3f6a90bf9eb8a4640b60df6a24129fc879c190f6fda2cff4cba7616923b62d857bb489bd34cef447f4c190c46462696c7c42d0207a04649

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\is-R8RAM.tmp

Filesize
2.0MB

MD5
ebe7550ac6c538d6a592cad8995bbc3e

SHA1
515bd8e9462b275d5bea0bcd581bbd9ec1ea90d4

SHA256
0ed86e36a070c142c5a9d677c4562e51a6279e0bad51cec9054a4cecc5a6732f

SHA512
5d704f5b89bbb13d428d1d707268aba1a857925200de165067a50003d4dd83ee0dc5f5be92cc9fe182d60d2df51c83ec5e3ce965395b352860540c4055d45d7b

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.1\unins000.exe

Filesize
1.2MB

MD5
b9fb2e0d8378b15d091d677ff96fee70

SHA1
7bad6ac39763cccf8f4b3789d1acdb9a85057d6c

SHA256
b1f7352390ac91b9a71ac4497cb16575892c644157f4f9aaa8639518ff4d9b17

SHA512
dc019ab7e8884e69205396b966cbfab5f614f5435cbd6ac623115d0cde7609c7ea79d5a6862b5c651869c8ebdabbc06f4dba98ac507ad50c3eb93b7580bba7de

Download Submit
C:\ProgramData\IObit\Game Booster 3\GameBooster.ini

Filesize
159B

MD5
bc9d89fda4a33543e09d62a9e52b2b74

SHA1
f3cad9efc43525074731f8885b0b77d561169557

SHA256
a09061be77678b7d0a639c6dced900fcafbdc62b8914066ac82f539c71b9bd1a

SHA512
1278f491346c7df92f12ad9c9a4f6ad4b5cbd523438345c7312da5103800e5afb5128cccc0aa60949404c91103bc69b132dfcdacedcae6716326c46b9f82141f

Download Submit
C:\ProgramData\IObit\Game Booster 3\GameBooster.ini

Filesize
159B

MD5
2631b2ec03e3cde7352ffdfdd511d4ad

SHA1
7beaf4a1db93abf3c4c3d98fffd1068fffdd1923

SHA256
7b57fbb387a0682751b43e1412093d9559d09abe7f01200b9cdb85d39f006756

SHA512
6f7c253c62c8fa321fcd8f17dfbd493239efed023ee8bde9262c1c4297eec268e7dbe3d9e3e701b20b10e6e01137467cbb6e4867369f49fb4f7be6d174832d3d

Download Submit
C:\ProgramData\IObit\Game Booster 3\Service.ini

Filesize
3KB

MD5
80e82a17d805e1332601bf590b3851e6

SHA1
746505ec797128fd2f05367edbc0bde834bd5bb5

SHA256
0e1140e4406cf1d919893cc0f80fc65a3a0fda61140431564c6f59457d55a8ee

SHA512
145256711efe949ae252e39a4b451a7315c29208240ad384aecfd85a66a7b96c51e1b60fb091ef65cac487415d5b8a08b1a5b10941b2ca34689d9af83b618abc

Download Submit
C:\ProgramData\PCGameBoost\Smart Game Booster\Install.ini

Filesize
100B

MD5
d5ec81c7f6d0fa9dab8086dfe78dce14

SHA1
bb636d9d1c94b07729a162e02c73a54bcb559753

SHA256
b26b4893a98e94b9322bcb456372fc03e15b85bf8c624bbda11aab77d5b9ba1b

SHA512
5012d34c8629e3d66f2aa04e98a812f672206e3a68f7784374f74457fc15f39678c76f3edac37f8c3ad78a735bbe455bb729700203b51965f5724a185b013710

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2M1PP.tmp\Game Booster.ByINFORMACIONLIBRE.tmp

Filesize
1.1MB

MD5
30f2396ad4a22e87f99f5c3c30eb1490

SHA1
b7b7880b3891ff30434b057b3bbd41100863f0bf

SHA256
09e16e8133b6fbc7a7ae2a24b66b29aba71fa0ed710b377d5a2f484168492f6b

SHA512
bcbbb6fb5be6eb8029526617fcaa6713ff3c1865161b052e50ebcc253083b05c2e659981872c1ef04f013ce054fbeae6be657ff847709669f1672d047ab7a7d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2M1PP.tmp\Game Booster.ByINFORMACIONLIBRE.tmp

Filesize
1.1MB

MD5
30f2396ad4a22e87f99f5c3c30eb1490

SHA1
b7b7880b3891ff30434b057b3bbd41100863f0bf

SHA256
09e16e8133b6fbc7a7ae2a24b66b29aba71fa0ed710b377d5a2f484168492f6b

SHA512
bcbbb6fb5be6eb8029526617fcaa6713ff3c1865161b052e50ebcc253083b05c2e659981872c1ef04f013ce054fbeae6be657ff847709669f1672d047ab7a7d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4NOTA.tmp\Inno_English.lng

Filesize
8KB

MD5
2d90e66759874d4be1ce548cb349ff88

SHA1
b2bb654ebe1ec2a0bde1f0377a4fb3dbfbbacc32

SHA256
aec63b417b37a083a18bb9fe2779fe79986c8fdce276c9cd0b7624fc2f02a447

SHA512
66b8889b3eda29300f551ce06160ab2ed3c26e0f7b5019b375e13f529c031daf7a4d6cc6d12147122541b560a18fe0112c3bcb98e56228171b45f74780e40748

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4NOTA.tmp\SgbInit.exe

Filesize
1.7MB

MD5
0b64d38ede12f9dbbcf35c89beed1022

SHA1
911e4c68456dd6e97e7200d14c091548e0c81b43

SHA256
c3b44f65deef769992e75899c740d876101962d89d09169c2419ec5adbc7995b

SHA512
2315124542d3c62c1b61c1f26ccd92f7575e3d7d872f9e7ab92f666584b3c9d1e035f7162d76a060c14e6368891d3d39c2ac46b4b285532e237641626640032f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4NOTA.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QIT38.tmp\SvcHelper.exe

Filesize
134KB

MD5
d23dc90ab2e073524365d6f88d732c1b

SHA1
f07ff93e1bf1648a40467d7c38ded0342a42148f

SHA256
6fa1b4f54b9ee66072fe89b0fe0c3c5851c92b6a458d9a57bd4c684930591bbc

SHA512
6dd0ae6d681665ba8ae6d15adc5912b6860ad6959bedec30372a0120e41d6f14a433d5c4ce8b440195ff3197390c7e1cddc6106de0160e7217f30b3a0aeef067

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QIT38.tmp\SvcHelper.exe

Filesize
134KB

MD5
d23dc90ab2e073524365d6f88d732c1b

SHA1
f07ff93e1bf1648a40467d7c38ded0342a42148f

SHA256
6fa1b4f54b9ee66072fe89b0fe0c3c5851c92b6a458d9a57bd4c684930591bbc

SHA512
6dd0ae6d681665ba8ae6d15adc5912b6860ad6959bedec30372a0120e41d6f14a433d5c4ce8b440195ff3197390c7e1cddc6106de0160e7217f30b3a0aeef067

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QIT38.tmp\SvcHelper.exe

Filesize
134KB

MD5
d23dc90ab2e073524365d6f88d732c1b

SHA1
f07ff93e1bf1648a40467d7c38ded0342a42148f

SHA256
6fa1b4f54b9ee66072fe89b0fe0c3c5851c92b6a458d9a57bd4c684930591bbc

SHA512
6dd0ae6d681665ba8ae6d15adc5912b6860ad6959bedec30372a0120e41d6f14a433d5c4ce8b440195ff3197390c7e1cddc6106de0160e7217f30b3a0aeef067

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QIT38.tmp\gbinit.exe

Filesize
581KB

MD5
5a7fba53746852b3543839e77b913893

SHA1
5e8621808251e7dfa5b9899d490d9aa5a20d2b06

SHA256
7829d11c205f0b8d22d942b66364cdf2e6a1763a8f78adffb45cf660f0f26cbb

SHA512
b124c395ce06caf2edb8780613ed27516b89bb1abd5dae7917c11d4eb12abccfa353d005225b0d3360b14c71f8b7da808b6b515b108012139b52879f5dd59473

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QIT38.tmp\gbinit.exe

Filesize
581KB

MD5
5a7fba53746852b3543839e77b913893

SHA1
5e8621808251e7dfa5b9899d490d9aa5a20d2b06

SHA256
7829d11c205f0b8d22d942b66364cdf2e6a1763a8f78adffb45cf660f0f26cbb

SHA512
b124c395ce06caf2edb8780613ed27516b89bb1abd5dae7917c11d4eb12abccfa353d005225b0d3360b14c71f8b7da808b6b515b108012139b52879f5dd59473

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QIT38.tmp\gbinit.exe

Filesize
581KB

MD5
5a7fba53746852b3543839e77b913893

SHA1
5e8621808251e7dfa5b9899d490d9aa5a20d2b06

SHA256
7829d11c205f0b8d22d942b66364cdf2e6a1763a8f78adffb45cf660f0f26cbb

SHA512
b124c395ce06caf2edb8780613ed27516b89bb1abd5dae7917c11d4eb12abccfa353d005225b0d3360b14c71f8b7da808b6b515b108012139b52879f5dd59473

Download Submit
memory/60-856-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/60-677-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/60-883-0x0000000000400000-0x000000000066A000-memory.dmp

Filesize
2.4MB

Download
memory/60-872-0x0000000000400000-0x000000000066A000-memory.dmp

Filesize
2.4MB

Download
memory/60-849-0x0000000000400000-0x000000000066A000-memory.dmp

Filesize
2.4MB

Download
memory/60-850-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/60-851-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/60-852-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/60-861-0x0000000000400000-0x000000000066A000-memory.dmp

Filesize
2.4MB

Download
memory/340-1435-0x0000000003D40000-0x0000000003D41000-memory.dmp

Filesize
4KB

Download
memory/552-708-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/552-854-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/552-855-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/552-853-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/928-848-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/928-676-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/928-879-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/1516-1002-0x0000000002190000-0x0000000002191000-memory.dmp

Filesize
4KB

Download
memory/1780-697-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/1780-692-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/1780-691-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/2104-155-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2808-1433-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2884-869-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/2884-881-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/2884-891-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/2884-857-0x0000000000400000-0x0000000000502000-memory.dmp

Filesize
1.0MB

Download
memory/2884-769-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/2884-858-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/2884-859-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/3736-699-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/3736-690-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/3736-693-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/3912-768-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3912-587-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3912-133-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/3976-767-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/3976-143-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/3976-599-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/3976-600-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/4148-999-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/4428-977-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/4428-959-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download