1b181aef9fb2527c1770b6fc96f02e27e04fb8e1e0fb0c71683fc5604b45cb2d

Analysis

max time kernel
83s
max time network
82s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23-03-2023 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

smart_game_booster_setup.exe
Size

58.9MB
MD5

152339e2785855ff10dea85a68a182e8
SHA1

c184dba4294d2968a2ea32ecd9156c39c90416bf
SHA256

1b181aef9fb2527c1770b6fc96f02e27e04fb8e1e0fb0c71683fc5604b45cb2d
SHA512

daeb6deabe883a2fa7ef8510ac05ae326f84ab6ad557b61e4e81f6b7eb3e998db29ac84b13e504a40b5e783c4abdf176b950ddbc9e24975c1652dc521fb41fc9
SSDEEP

1572864:kKDNhJYwzPUG2GiiomWSaFd8Lvj0/SzCYlvZgG4JpyYBp3+V7:9NhCwQG5HpqFWLoajgGYp/Bp3+N

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SgbInit.exeSgbMain.exeSgbTray.exesmart_game_booster_setup.tmp

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	SgbInit.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	SgbMain.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	SgbTray.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	smart_game_booster_setup.tmp

Executes dropped EXE 17 IoCs

Processes:

smart_game_booster_setup.tmpSgbInit.exeSgbInit.exeSgbInit.exeSgbMain.exeSgbMain.exeICONPIN64.exeUninstallPromote.exeSgbTray.exeSgbInit.exeSgbTemperature.exeSgbUpdater.exeSgbInit.exeSgbHUD32.exeSgbHUD64.exeAUpdate.exeSgbInit.exe

pid	process
4244	smart_game_booster_setup.tmp
5076	SgbInit.exe
5052	SgbInit.exe
2184	SgbInit.exe
4620	SgbMain.exe
2712	SgbMain.exe
4492	ICONPIN64.exe
5064	UninstallPromote.exe
1124	SgbTray.exe
4936	SgbInit.exe
4220	SgbTemperature.exe
4504	SgbUpdater.exe
4620	SgbInit.exe
1984	SgbHUD32.exe
3456	SgbHUD64.exe
764	AUpdate.exe
5056	SgbInit.exe

Loads dropped DLL 64 IoCs

Processes:

SgbInit.exeSgbMain.exeSgbMain.exeSgbHUD64.exeregsvr32.exeSgbTray.exe

pid	process
2184	SgbInit.exe
2184	SgbInit.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
4620	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
3456	SgbHUD64.exe
4004	regsvr32.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
2712	SgbMain.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe

Modifies system executable filetype association 2 TTPs 5 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

Processes:

regsvr32.exeregsvr32.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe

Registers COM server for autorun 1 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32\ = "C:\\Program Files (x86)\\PCGameBoost\\Smart Game Booster\\5.2.3\\MenuExt64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32\ = "C:\\Program Files (x86)\\PCGameBoost\\Smart Game Booster\\5.2.3\\MenuExt64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

SgbMain.exeSgbTemperature.exe

description ioc process

File opened for modification \??\PhysicalDrive0 SgbMain.exe
File opened for modification \??\PhysicalDrive0 SgbTemperature.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	SgbMain.exe
File opened for modification	\??\PhysicalDrive0	SgbTemperature.exe

Drops file in System32 directory 9 IoCs

Processes:

smart_game_booster_setup.tmpSgbMain.exe

description	ioc	process
File created	C:\Windows\SysWOW64\is-2L8SN.tmp	smart_game_booster_setup.tmp
File created	C:\Windows\SysWOW64\is-0GI2V.tmp	smart_game_booster_setup.tmp
File created	C:\Windows\SysWOW64\is-8K95O.tmp	smart_game_booster_setup.tmp
File created	C:\Windows\SysWOW64\is-ELOQN.tmp	smart_game_booster_setup.tmp
File created	C:\Windows\SysWOW64\is-J09TM.tmp	smart_game_booster_setup.tmp
File created	C:\Windows\system32\d3dx10_43.dll	SgbMain.exe
File created	C:\Windows\system32\D3DCompiler_43.dll	SgbMain.exe
File created	C:\Windows\system32\D3DX9_43.dll	SgbMain.exe
File created	C:\Windows\system32\d3dx11_43.dll	SgbMain.exe

Drops file in Program Files directory 64 IoCs

Processes:

smart_game_booster_setup.tmpSgbMain.exeSgbUpdater.exeSgbTemperature.exe

description	ioc	process
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Database\is-PBPGF.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-PAMVS.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-OAQ0K.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-LCJ9H.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\HUD64\is-PI8FG.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-5ER3E.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\ScanData\cache-pro.dat	SgbMain.exe
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-4RADL.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\LibAV\is-MFTRB.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-CGQ7J.tmp	smart_game_booster_setup.tmp
File opened for modification	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\OverDrive.ini	SgbMain.exe
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-C2BEG.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Database\InBoxDriverFeature\is-DRI5V.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\PinTools\is-AVD8F.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\skin\is-JDU6V.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\LibAV\is-R42U8.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\LibAV\is-LKJB0.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-EO1AT.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-PTUMP.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-SRIC6.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-9RRJS.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-EKNP3.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-O4F2C.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Database\is-KF289.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Database\InBoxDriverFeature\is-INP3J.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\HUD64\is-AS5P4.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-9ILBE.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-3SH07.tmp	smart_game_booster_setup.tmp
File opened for modification	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Update\	SgbUpdater.exe
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Database\is-08AEB.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-DQQGR.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Update\is-A2BI3.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\unins000.dat	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-AOIPQ.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-J1TLQ.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Database\is-CEVCO.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-9H4K0.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-FSQVK.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-3CSE0.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\ScanData\dev-pro.dat	SgbMain.exe
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-B5H6Q.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-AOMLU.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-S22C3.tmp	smart_game_booster_setup.tmp
File opened for modification	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Update\Update.ini	SgbTemperature.exe
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-2AQ3A.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-35FDT.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-0725F.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-38TSB.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-SCFNI.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Update\Update.ini.tmp	SgbUpdater.exe
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-TK7KP.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\HUD64\is-8KS04.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-P6NSA.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-N9SJ5.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-FG9QF.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-77K5C.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\PinTools\is-UTQN5.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-HAAGV.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\DrvInstall\is-4RLVG.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-5HNG8.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Database\is-J94BB.tmp	smart_game_booster_setup.tmp
File opened for modification	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\unins000.dat	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\is-LKC4M.tmp	smart_game_booster_setup.tmp
File created	C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Language\is-ESOKN.tmp	smart_game_booster_setup.tmp

Drops file in Windows directory 6 IoCs

Processes:

SgbMain.exe

description	ioc	process
File created	C:\Windows\INF\c_processor.PNF	SgbMain.exe
File created	C:\Windows\INF\c_monitor.PNF	SgbMain.exe
File created	C:\Windows\INF\c_diskdrive.PNF	SgbMain.exe
File created	C:\Windows\INF\c_media.PNF	SgbMain.exe
File created	C:\Windows\INF\c_volume.PNF	SgbMain.exe
File created	C:\Windows\INF\c_display.PNF	SgbMain.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

SgbMain.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceType	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceCharacteristics	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceType	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Driver	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Address	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Address	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceCharacteristics	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Address	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	SgbMain.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceCharacteristics	SgbMain.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SgbMain.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	SgbMain.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	SgbMain.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 54 IoCs

Processes:

regsvr32.exeregsvr32.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}\1.0\0\win64\ = "C:\\Program Files (x86)\\PCGameBoost\\Smart Game Booster\\5.2.3\\MenuExt64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F6605BA7-71E8-4C6D-AD31-F05E3F568602}\ = "PfShellExtension"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F6605BA7-71E8-4C6D-AD31-F05E3F568602}\ = "PfShellExtension"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PfShellExtension.DLL	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\PCGameBoost\\Smart Game Booster\\5.2.3"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\ = "SmartGameBoosterMenu Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\ = "SmartGameBoosterMenu Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}\1.0\ = "PfShellExtension 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32\ = "C:\\Program Files (x86)\\PCGameBoost\\Smart Game Booster\\5.2.3\\MenuExt64.dll"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32\ = "C:\\Program Files (x86)\\PCGameBoost\\Smart Game Booster\\5.2.3\\MenuExt64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F6605BA7-71E8-4C6D-AD31-F05E3F568602}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}\1.0\0	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PfShellExtension.DLL\AppID = "{F6605BA7-71E8-4C6D-AD31-F05E3F568602}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SmartGameBoosterMenu\ = "{96C86AD1-055D-457D-9C00-0D4A91ECF1B4}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\SmartGameBoosterMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PfShellExtension.DLL\AppID = "{F6605BA7-71E8-4C6D-AD31-F05E3F568602}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A6EFD2D6-0DCC-4E57-AB47-A90DAAB3E592}\1.0\0\win64	regsvr32.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

SgbMain.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 5c0000000100000004000000000800001900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d98040000000100000010000000ebf59d290d61f9421f7cc2ba6de3150920000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442	SgbMain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8	SgbMain.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 0f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442	SgbMain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	SgbMain.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	SgbMain.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	SgbMain.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 1900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d9820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442	SgbMain.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 040000000100000010000000ebf59d290d61f9421f7cc2ba6de315090f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e81900000001000000100000004fca18b530ab2d3765b8830436884be620000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442	SgbMain.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

smart_game_booster_setup.tmpSgbMain.exeSgbMain.exeSgbTray.exeSgbTemperature.exeSgbUpdater.exeAUpdate.exemsedge.exe

pid	process
4244	smart_game_booster_setup.tmp
4244	smart_game_booster_setup.tmp
4620	SgbMain.exe
4620	SgbMain.exe
2712	SgbMain.exe
2712	SgbMain.exe
4244	smart_game_booster_setup.tmp
4244	smart_game_booster_setup.tmp
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
4220	SgbTemperature.exe
4220	SgbTemperature.exe
1124	SgbTray.exe
1124	SgbTray.exe
4504	SgbUpdater.exe
4504	SgbUpdater.exe
1124	SgbTray.exe
1124	SgbTray.exe
4504	SgbUpdater.exe
4504	SgbUpdater.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
4220	SgbTemperature.exe
4220	SgbTemperature.exe
1124	SgbTray.exe
1124	SgbTray.exe
764	AUpdate.exe
764	AUpdate.exe
2712	SgbMain.exe
2712	SgbMain.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
3564	msedge.exe
3564	msedge.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

656
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

60 msedge.exe
60 msedge.exe
60 msedge.exe

pid	process
656

pid	process
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

smart_game_booster_setup.tmpSgbMain.exeSgbTray.exeSgbTemperature.exe

description	pid	process
Token: SeDebugPrivilege	4244	smart_game_booster_setup.tmp
Token: SeDebugPrivilege	2712	SgbMain.exe
Token: SeDebugPrivilege	2712	SgbMain.exe
Token: SeDebugPrivilege	1124	SgbTray.exe
Token: SeDebugPrivilege	1124	SgbTray.exe
Token: 33	1124	SgbTray.exe
Token: SeIncBasePriorityPrivilege	1124	SgbTray.exe
Token: SeLoadDriverPrivilege	4220	SgbTemperature.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe
Token: 33	2712	SgbMain.exe
Token: SeIncBasePriorityPrivilege	2712	SgbMain.exe

Suspicious use of FindShellTrayWindow 13 IoCs

Processes:

smart_game_booster_setup.tmpSgbTray.exemsedge.exe

pid	process
4244	smart_game_booster_setup.tmp
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
1124	SgbTray.exe

Suspicious use of SendNotifyMessage 8 IoCs

Processes:

SgbTray.exe

pid process

1124 SgbTray.exe
1124 SgbTray.exe
1124 SgbTray.exe
1124 SgbTray.exe
1124 SgbTray.exe
1124 SgbTray.exe
1124 SgbTray.exe
1124 SgbTray.exe
Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

AUpdate.exeSgbHUD32.exeSgbHUD64.exe

pid process

764 AUpdate.exe
1984 SgbHUD32.exe
1984 SgbHUD32.exe
3456 SgbHUD64.exe
3456 SgbHUD64.exe

pid	process
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe
1124	SgbTray.exe

pid	process
764	AUpdate.exe
1984	SgbHUD32.exe
1984	SgbHUD32.exe
3456	SgbHUD64.exe
3456	SgbHUD64.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

smart_game_booster_setup.exesmart_game_booster_setup.tmpSgbInit.exemsedge.exeSgbHUD64.exeSgbMain.exeSgbTray.exeSgbInit.exemsedge.exe

description	pid	process	target process
PID 4476 wrote to memory of 4244	4476	smart_game_booster_setup.exe	smart_game_booster_setup.tmp
PID 4476 wrote to memory of 4244	4476	smart_game_booster_setup.exe	smart_game_booster_setup.tmp
PID 4476 wrote to memory of 4244	4476	smart_game_booster_setup.exe	smart_game_booster_setup.tmp
PID 4244 wrote to memory of 5076	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 4244 wrote to memory of 5076	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 4244 wrote to memory of 5076	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 4244 wrote to memory of 5052	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 4244 wrote to memory of 5052	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 4244 wrote to memory of 5052	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 4244 wrote to memory of 2184	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 4244 wrote to memory of 2184	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 4244 wrote to memory of 2184	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 4244 wrote to memory of 4620	4244	smart_game_booster_setup.tmp	SgbMain.exe
PID 4244 wrote to memory of 4620	4244	smart_game_booster_setup.tmp	SgbMain.exe
PID 4244 wrote to memory of 4620	4244	smart_game_booster_setup.tmp	SgbMain.exe
PID 4620 wrote to memory of 3564	4620	SgbInit.exe	cmd.exe
PID 4620 wrote to memory of 3564	4620	SgbInit.exe	cmd.exe
PID 4620 wrote to memory of 3564	4620	SgbInit.exe	cmd.exe
PID 3564 wrote to memory of 2116	3564	msedge.exe	schtasks.exe
PID 3564 wrote to memory of 2116	3564	msedge.exe	schtasks.exe
PID 3564 wrote to memory of 2116	3564	msedge.exe	schtasks.exe
PID 4244 wrote to memory of 4492	4244	smart_game_booster_setup.tmp	ICONPIN64.exe
PID 4244 wrote to memory of 4492	4244	smart_game_booster_setup.tmp	ICONPIN64.exe
PID 4244 wrote to memory of 5064	4244	smart_game_booster_setup.tmp	UninstallPromote.exe
PID 4244 wrote to memory of 5064	4244	smart_game_booster_setup.tmp	UninstallPromote.exe
PID 4244 wrote to memory of 5064	4244	smart_game_booster_setup.tmp	UninstallPromote.exe
PID 4244 wrote to memory of 3456	4244	smart_game_booster_setup.tmp	SgbHUD64.exe
PID 4244 wrote to memory of 3456	4244	smart_game_booster_setup.tmp	SgbHUD64.exe
PID 4244 wrote to memory of 3456	4244	smart_game_booster_setup.tmp	SgbHUD64.exe
PID 3456 wrote to memory of 4004	3456	SgbHUD64.exe	regsvr32.exe
PID 3456 wrote to memory of 4004	3456	SgbHUD64.exe	regsvr32.exe
PID 2712 wrote to memory of 1124	2712	SgbMain.exe	SgbTray.exe
PID 2712 wrote to memory of 1124	2712	SgbMain.exe	SgbTray.exe
PID 2712 wrote to memory of 1124	2712	SgbMain.exe	SgbTray.exe
PID 4244 wrote to memory of 4936	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 4244 wrote to memory of 4936	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 4244 wrote to memory of 4936	4244	smart_game_booster_setup.tmp	SgbInit.exe
PID 1124 wrote to memory of 4220	1124	SgbTray.exe	SgbTemperature.exe
PID 1124 wrote to memory of 4220	1124	SgbTray.exe	SgbTemperature.exe
PID 1124 wrote to memory of 4220	1124	SgbTray.exe	SgbTemperature.exe
PID 2712 wrote to memory of 4504	2712	SgbMain.exe	SgbUpdater.exe
PID 2712 wrote to memory of 4504	2712	SgbMain.exe	SgbUpdater.exe
PID 2712 wrote to memory of 4504	2712	SgbMain.exe	SgbUpdater.exe
PID 2712 wrote to memory of 2100	2712	SgbMain.exe	regsvr32.exe
PID 2712 wrote to memory of 2100	2712	SgbMain.exe	regsvr32.exe
PID 2712 wrote to memory of 4620	2712	SgbMain.exe	SgbInit.exe
PID 2712 wrote to memory of 4620	2712	SgbMain.exe	SgbInit.exe
PID 2712 wrote to memory of 4620	2712	SgbMain.exe	SgbInit.exe
PID 2712 wrote to memory of 1984	2712	SgbMain.exe	SgbHUD32.exe
PID 2712 wrote to memory of 1984	2712	SgbMain.exe	SgbHUD32.exe
PID 2712 wrote to memory of 1984	2712	SgbMain.exe	SgbHUD32.exe
PID 2712 wrote to memory of 3456	2712	SgbMain.exe	SgbHUD64.exe
PID 2712 wrote to memory of 3456	2712	SgbMain.exe	SgbHUD64.exe
PID 2712 wrote to memory of 764	2712	SgbMain.exe	AUpdate.exe
PID 2712 wrote to memory of 764	2712	SgbMain.exe	AUpdate.exe
PID 2712 wrote to memory of 764	2712	SgbMain.exe	AUpdate.exe
PID 4936 wrote to memory of 60	4936	SgbInit.exe	msedge.exe
PID 4936 wrote to memory of 60	4936	SgbInit.exe	msedge.exe
PID 60 wrote to memory of 1876	60	msedge.exe	msedge.exe
PID 60 wrote to memory of 1876	60	msedge.exe	msedge.exe
PID 2712 wrote to memory of 5056	2712	SgbMain.exe	SgbInit.exe
PID 2712 wrote to memory of 5056	2712	SgbMain.exe	SgbInit.exe
PID 2712 wrote to memory of 5056	2712	SgbMain.exe	SgbInit.exe
PID 60 wrote to memory of 1316	60	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\smart_game_booster_setup.exe
"C:\Users\Admin\AppData\Local\Temp\smart_game_booster_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4476

C:\Users\Admin\AppData\Local\Temp\is-AFBK4.tmp\smart_game_booster_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-AFBK4.tmp\smart_game_booster_setup.tmp" /SL5="$D002E,61064954,229888,C:\Users\Admin\AppData\Local\Temp\smart_game_booster_setup.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4244

C:\Users\Admin\AppData\Local\Temp\is-167HG.tmp\SgbInit.exe
"C:\Users\Admin\AppData\Local\Temp\is-167HG.tmp\SgbInit.exe" /DoAboutInsur 0 ""
3⤵
- Executes dropped EXE
PID:5076

C:\Users\Admin\AppData\Local\Temp\is-167HG.tmp\SgbInit.exe
"C:\Users\Admin\AppData\Local\Temp\is-167HG.tmp\SgbInit.exe" /DelCrackDLL
3⤵
- Executes dropped EXE
PID:5052

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbInit.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbInit.exe" /install
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2184

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbMain.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbMain.exe" /needskipuac
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4620

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c Schtasks /run /tn "SmartGameBooster SkipUAC (Admin)"
4⤵
PID:3564

C:\Windows\SysWOW64\schtasks.exe
Schtasks /run /tn "SmartGameBooster SkipUAC (Admin)"
5⤵
PID:2116

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\PinTools\ICONPIN64.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\PinTools\ICONPIN64.exe" pin "C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbMain.exe"
3⤵
- Executes dropped EXE
PID:4492

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\MenuExt64.dll"
3⤵
PID:3456

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\MenuExt64.dll"
4⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies registry class
PID:4004

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\UninstallPromote.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\UninstallPromote.exe" /install smgb5
3⤵
- Executes dropped EXE
PID:5064

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbInit.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbInit.exe" /CheckOpenURL
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pcgameboost.com/blog/?st=install
4⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7ffcae0546f8,0x7ffcae054708,0x7ffcae054718
5⤵
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9385697842651056059,15860486318384556206,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
5⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9385697842651056059,15860486318384556206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9385697842651056059,15860486318384556206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
5⤵
PID:2468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9385697842651056059,15860486318384556206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
5⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9385697842651056059,15860486318384556206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
5⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9385697842651056059,15860486318384556206,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
5⤵
PID:5724

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbMain.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbMain.exe" /skipuac
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2712

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbTray.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbTray.exe" -Main
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbTemperature.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbTemperature.exe" /show
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4220

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbUpdater.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbUpdater.exe" /auto
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:4504

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32 /s "C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\MenuExt64.dll"
2⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies registry class
PID:2100

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbInit.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbInit.exe" /InstallDelFile
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4620

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbHUD32.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbHUD32.exe" /FromMain
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\HUD64\SgbHUD64.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\HUD64\SgbHUD64.exe" /FromMain
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3456

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\AUpdate.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\AUpdate.exe" /smgb /dayactive
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:764

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbInit.exe
"C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbInit.exe" /CheckFileInfo
2⤵
- Executes dropped EXE
PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\D3DCompiler_43.dll
Filesize
2.0MB

MD5
ebe7550ac6c538d6a592cad8995bbc3e

SHA1
515bd8e9462b275d5bea0bcd581bbd9ec1ea90d4

SHA256
0ed86e36a070c142c5a9d677c4562e51a6279e0bad51cec9054a4cecc5a6732f

SHA512
5d704f5b89bbb13d428d1d707268aba1a857925200de165067a50003d4dd83ee0dc5f5be92cc9fe182d60d2df51c83ec5e3ce965395b352860540c4055d45d7b

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\D3DX8Wrapper.dll
Filesize
274KB

MD5
30b7b3efa18afd66f7f8e05795ebe6f4

SHA1
97f24fe40c7fe41c91c654d35ceaa424b981e2e5

SHA256
7ef6cc7f30a77520eec220553800daf873f2a0bc51a8b743012117e86e69a945

SHA512
e07b15f6f9acb89d10f7e5346246e1e4a256d28b242b29b77cfacad16983349f118c54870d6d6e0529d530a6056f7ae277484caa583003ebe2a46188aa244d52

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\D3DX9_43.dll
Filesize
1.9MB

MD5
4446004e43275432ed2ae0cb373c2f50

SHA1
1593fefe08723e1600f81239869b23860d2005ce

SHA256
014252c69f35d59c94ed9f2ce969abb840b26c9a9bdc8ed35825c68e235790a7

SHA512
25b9301dcc61e81f2dea50a990d0b2ae802033bb81606ce0e82cfc83900644dd58bc7c8feeef5631d8cd718a269fe34e1e13001c7c34f342280bcd0620d14c8c

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\DataState.dll
Filesize
74KB

MD5
a1b5a4d4d8e027c056b6b6a2a5a22080

SHA1
3154c363ca49519c0be4aee493e02f02110da47f

SHA256
6d33107ce562e7fa41a2cd7a48b4c8ab49cc5ee16af9fadcb65277cdca27c4e3

SHA512
a98da1505a1c0745a1ae1982e6c4d190dc52421d6b2466e352c049ed35ee8cf6e9f42245e7fe47f1f3ac5db361d5c9580e97bb2c2d24bb120460094826578c3c

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\DataState.dll
Filesize
74KB

MD5
a1b5a4d4d8e027c056b6b6a2a5a22080

SHA1
3154c363ca49519c0be4aee493e02f02110da47f

SHA256
6d33107ce562e7fa41a2cd7a48b4c8ab49cc5ee16af9fadcb65277cdca27c4e3

SHA512
a98da1505a1c0745a1ae1982e6c4d190dc52421d6b2466e352c049ed35ee8cf6e9f42245e7fe47f1f3ac5db361d5c9580e97bb2c2d24bb120460094826578c3c

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\DataState.dll
Filesize
74KB

MD5
a1b5a4d4d8e027c056b6b6a2a5a22080

SHA1
3154c363ca49519c0be4aee493e02f02110da47f

SHA256
6d33107ce562e7fa41a2cd7a48b4c8ab49cc5ee16af9fadcb65277cdca27c4e3

SHA512
a98da1505a1c0745a1ae1982e6c4d190dc52421d6b2466e352c049ed35ee8cf6e9f42245e7fe47f1f3ac5db361d5c9580e97bb2c2d24bb120460094826578c3c

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\HardwareLib.dll
Filesize
185KB

MD5
022568111d51b5dbb92c0ab0872b380c

SHA1
37962202c8f5b74532829796821d5989e0f2d673

SHA256
4e5f1f42f90316819b9fe431722c5cc8c0a91d90e0fea87e580f17629e088a9a

SHA512
d5e8ede38e4a81d63737e17688581d434ad27aa2508cc1f7614b6aa9892a6e62956503f495b816005517df4815381d3b14d5deadc4164c8ee08ca3018e108dc7

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\HardwareLib.dll
Filesize
185KB

MD5
022568111d51b5dbb92c0ab0872b380c

SHA1
37962202c8f5b74532829796821d5989e0f2d673

SHA256
4e5f1f42f90316819b9fe431722c5cc8c0a91d90e0fea87e580f17629e088a9a

SHA512
d5e8ede38e4a81d63737e17688581d434ad27aa2508cc1f7614b6aa9892a6e62956503f495b816005517df4815381d3b14d5deadc4164c8ee08ca3018e108dc7

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\PinTools\ICONPIN64.exe
Filesize
575KB

MD5
514cbd49324f8f45cd00fe6fd69a245c

SHA1
8e26c0c14be87ed8e221da1713ec6580b6a1ac5f

SHA256
ca8771322b4a6b3a48fcecb9c61a33abaf0e83d437889581297a186ad62d653d

SHA512
66d4f07e222508027526801c8e40e1fc8928c03b7d6d323b8d43ac9880392c3238673e8e413c90e4460e777d9fc4814b46ffc466948d43cafb70326016d769c4

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\PluginHelper.dll
Filesize
134KB

MD5
ddc1cc25830c2afaaa64d6bd784fb26d

SHA1
8866309780e0f88051775bf399a424de38bbaf8d

SHA256
3b123f1fea7f38de527bca6dc51b9a922a7189a72441b48a39743063fb131148

SHA512
2b96d682b8fc0e93f4cdda84dda82c24fd9703112f655d3b1436e9aec1b6ad2321eb0d3a84e10c774c3c4b9bb9ad1f4c035a715e4735850fbac651f0023c4544

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\PluginHelper.dll
Filesize
134KB

MD5
ddc1cc25830c2afaaa64d6bd784fb26d

SHA1
8866309780e0f88051775bf399a424de38bbaf8d

SHA256
3b123f1fea7f38de527bca6dc51b9a922a7189a72441b48a39743063fb131148

SHA512
2b96d682b8fc0e93f4cdda84dda82c24fd9703112f655d3b1436e9aec1b6ad2321eb0d3a84e10c774c3c4b9bb9ad1f4c035a715e4735850fbac651f0023c4544

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\PluginHelper.dll
Filesize
134KB

MD5
ddc1cc25830c2afaaa64d6bd784fb26d

SHA1
8866309780e0f88051775bf399a424de38bbaf8d

SHA256
3b123f1fea7f38de527bca6dc51b9a922a7189a72441b48a39743063fb131148

SHA512
2b96d682b8fc0e93f4cdda84dda82c24fd9703112f655d3b1436e9aec1b6ad2321eb0d3a84e10c774c3c4b9bb9ad1f4c035a715e4735850fbac651f0023c4544

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\PowerMgr.dll
Filesize
72KB

MD5
d0d3e744178eea35ddb3e55568eeedca

SHA1
60a26b2777f80c17b9dbc1f5898eba7eebec11a0

SHA256
461a9122a5c3a63644d005caa601cf9e4b7e5ef6f852e8767e398f39486e4e34

SHA512
0d54fb3409138bf089f77b17529887930d4731c85893877fc56fa7b3b83f9e7f07441b9c1d9b51daf7afa1053fbc49e678c0f92f6184343383fb6e587915e285

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\PowerMgr.dll
Filesize
72KB

MD5
d0d3e744178eea35ddb3e55568eeedca

SHA1
60a26b2777f80c17b9dbc1f5898eba7eebec11a0

SHA256
461a9122a5c3a63644d005caa601cf9e4b7e5ef6f852e8767e398f39486e4e34

SHA512
0d54fb3409138bf089f77b17529887930d4731c85893877fc56fa7b3b83f9e7f07441b9c1d9b51daf7afa1053fbc49e678c0f92f6184343383fb6e587915e285

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Register.dll
Filesize
1008KB

MD5
4786d4fb6ba586b02c3b0b8fbb555e6b

SHA1
d7a588fde4a8c549c74ab2a442d11c6847db431e

SHA256
aa18c23a3f74e38ad7c15197a1e21179fbb0220f7c429a2149b1185d41ccea72

SHA512
2186c81b9cdcdc517c47655ccaa9c9a176d71d87b339a2b60a0c099841ca1cca1b8092598e310b15bada6059f3bd4d91143b9ad57117a74aab0c12e7bf59c6ac

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Register.dll
Filesize
1008KB

MD5
4786d4fb6ba586b02c3b0b8fbb555e6b

SHA1
d7a588fde4a8c549c74ab2a442d11c6847db431e

SHA256
aa18c23a3f74e38ad7c15197a1e21179fbb0220f7c429a2149b1185d41ccea72

SHA512
2186c81b9cdcdc517c47655ccaa9c9a176d71d87b339a2b60a0c099841ca1cca1b8092598e310b15bada6059f3bd4d91143b9ad57117a74aab0c12e7bf59c6ac

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Register.dll
Filesize
1008KB

MD5
4786d4fb6ba586b02c3b0b8fbb555e6b

SHA1
d7a588fde4a8c549c74ab2a442d11c6847db431e

SHA256
aa18c23a3f74e38ad7c15197a1e21179fbb0220f7c429a2149b1185d41ccea72

SHA512
2186c81b9cdcdc517c47655ccaa9c9a176d71d87b339a2b60a0c099841ca1cca1b8092598e310b15bada6059f3bd4d91143b9ad57117a74aab0c12e7bf59c6ac

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Register.dll
Filesize
1008KB

MD5
4786d4fb6ba586b02c3b0b8fbb555e6b

SHA1
d7a588fde4a8c549c74ab2a442d11c6847db431e

SHA256
aa18c23a3f74e38ad7c15197a1e21179fbb0220f7c429a2149b1185d41ccea72

SHA512
2186c81b9cdcdc517c47655ccaa9c9a176d71d87b339a2b60a0c099841ca1cca1b8092598e310b15bada6059f3bd4d91143b9ad57117a74aab0c12e7bf59c6ac

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Register.dll
Filesize
1008KB

MD5
4786d4fb6ba586b02c3b0b8fbb555e6b

SHA1
d7a588fde4a8c549c74ab2a442d11c6847db431e

SHA256
aa18c23a3f74e38ad7c15197a1e21179fbb0220f7c429a2149b1185d41ccea72

SHA512
2186c81b9cdcdc517c47655ccaa9c9a176d71d87b339a2b60a0c099841ca1cca1b8092598e310b15bada6059f3bd4d91143b9ad57117a74aab0c12e7bf59c6ac

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SQLite3.dll
Filesize
905KB

MD5
3fcc5348556331c365025ac57dfbcb1a

SHA1
f357091018f9d68e34017908a07c2255a3ec5e93

SHA256
622243b663cb4beef8ac22184e72a15e4593b3591804188114385b00950a7eb7

SHA512
7963490e41ed0192dbfb0d67e1c6fd55810fd89fa71b032ee45516fba01db6eb0a2b7194ef185786ac4eca0d8a1e4e475bf9dacc7ca0959d7b70209a9d571881

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SQLite3.dll
Filesize
905KB

MD5
3fcc5348556331c365025ac57dfbcb1a

SHA1
f357091018f9d68e34017908a07c2255a3ec5e93

SHA256
622243b663cb4beef8ac22184e72a15e4593b3591804188114385b00950a7eb7

SHA512
7963490e41ed0192dbfb0d67e1c6fd55810fd89fa71b032ee45516fba01db6eb0a2b7194ef185786ac4eca0d8a1e4e475bf9dacc7ca0959d7b70209a9d571881

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Scan.dll
Filesize
1002KB

MD5
1fbb754a64f4c48984f47fc0532799d4

SHA1
73543dbe71e39f7dc4f63699a722e22f232b096f

SHA256
313778d51081f38feb3b9ea5279f941b4793291a1842306022d329242a57e0d7

SHA512
9bdcaac1b96de9a3e74aa05e39feb460f557f4000f9a3c8aa1a38d0c63e68a83dffd85b7a4f1933ca1ae30c96d9ef0909f03e6f909afb41375091348573f4d0a

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Scan.dll
Filesize
1002KB

MD5
1fbb754a64f4c48984f47fc0532799d4

SHA1
73543dbe71e39f7dc4f63699a722e22f232b096f

SHA256
313778d51081f38feb3b9ea5279f941b4793291a1842306022d329242a57e0d7

SHA512
9bdcaac1b96de9a3e74aa05e39feb460f557f4000f9a3c8aa1a38d0c63e68a83dffd85b7a4f1933ca1ae30c96d9ef0909f03e6f909afb41375091348573f4d0a

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Scan.dll
Filesize
1002KB

MD5
1fbb754a64f4c48984f47fc0532799d4

SHA1
73543dbe71e39f7dc4f63699a722e22f232b096f

SHA256
313778d51081f38feb3b9ea5279f941b4793291a1842306022d329242a57e0d7

SHA512
9bdcaac1b96de9a3e74aa05e39feb460f557f4000f9a3c8aa1a38d0c63e68a83dffd85b7a4f1933ca1ae30c96d9ef0909f03e6f909afb41375091348573f4d0a

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\ScanData\cache-pro.dat
Filesize
112B

MD5
d73afa527ef9509c1ca76a01326a1a22

SHA1
6c8b8c252653e89d627420461ec0386e6a195ac6

SHA256
ca1309869265893d47207b0b65adaf3d33b48e11d79b7a13fc398c8dbbdcfa19

SHA512
b96703a55e53a922bb38645b68e3a5ea9818df3ccd979db3057684930b50b9ad07611b96ff2c0202bde65616522b0c0b0d5f4c89832dc0cbe2ba7da47f30b00c

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbInit.exe
Filesize
1.7MB

MD5
41ebdc9b7f056adb0fefd33f7f105b7b

SHA1
10531c75e1e25d65a5de279b052749438cc913a7

SHA256
055f5ca0b10829b77cbeb8f5c967a2a8d874ef65356a2f1a1b56041e39157cbd

SHA512
269efbd2fffea7992a7a765bd34834df61255337a7cde3ba5de8f23752686fc2a0cc777c754fd691fc88b614a1430fc4e6d5b9eb8cc0e920f6f5aaa72157dd88

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbInit.exe
Filesize
1.7MB

MD5
41ebdc9b7f056adb0fefd33f7f105b7b

SHA1
10531c75e1e25d65a5de279b052749438cc913a7

SHA256
055f5ca0b10829b77cbeb8f5c967a2a8d874ef65356a2f1a1b56041e39157cbd

SHA512
269efbd2fffea7992a7a765bd34834df61255337a7cde3ba5de8f23752686fc2a0cc777c754fd691fc88b614a1430fc4e6d5b9eb8cc0e920f6f5aaa72157dd88

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbMain.exe
Filesize
5.6MB

MD5
093c492875dacea6b7de11ccae6ceb9c

SHA1
2575c3b5ad5907f0e609a03c84bfcd6362136322

SHA256
50de2a03cf3497ee2a6158e779bb63ffb760687c4a93160410efb0b975d7fa3e

SHA512
368ebedd38482f32d0960a5a458e3804b0f5dfdadb3b8bde6b1ca5671af72b3c673a951a5069a80eaeb022a655779358d89461f03ad223ef4db86a43fa4e3f90

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbMain.exe
Filesize
5.6MB

MD5
093c492875dacea6b7de11ccae6ceb9c

SHA1
2575c3b5ad5907f0e609a03c84bfcd6362136322

SHA256
50de2a03cf3497ee2a6158e779bb63ffb760687c4a93160410efb0b975d7fa3e

SHA512
368ebedd38482f32d0960a5a458e3804b0f5dfdadb3b8bde6b1ca5671af72b3c673a951a5069a80eaeb022a655779358d89461f03ad223ef4db86a43fa4e3f90

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbMain.exe
Filesize
5.6MB

MD5
093c492875dacea6b7de11ccae6ceb9c

SHA1
2575c3b5ad5907f0e609a03c84bfcd6362136322

SHA256
50de2a03cf3497ee2a6158e779bb63ffb760687c4a93160410efb0b975d7fa3e

SHA512
368ebedd38482f32d0960a5a458e3804b0f5dfdadb3b8bde6b1ca5671af72b3c673a951a5069a80eaeb022a655779358d89461f03ad223ef4db86a43fa4e3f90

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\SgbMain.exe
Filesize
5.6MB

MD5
093c492875dacea6b7de11ccae6ceb9c

SHA1
2575c3b5ad5907f0e609a03c84bfcd6362136322

SHA256
50de2a03cf3497ee2a6158e779bb63ffb760687c4a93160410efb0b975d7fa3e

SHA512
368ebedd38482f32d0960a5a458e3804b0f5dfdadb3b8bde6b1ca5671af72b3c673a951a5069a80eaeb022a655779358d89461f03ad223ef4db86a43fa4e3f90

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Temperature.dll
Filesize
173KB

MD5
3747108570b8433d047a7e1208fda541

SHA1
787518792f39a7e2365a424711dbfc3abcd60dc0

SHA256
d987a17b4566602232353909027fa07ac5bf2c38f0613b24873e84fcc5e1d336

SHA512
4768bdadce5ec8d0eaac4fd08a92f7d9e937304ab60bbf92bca44ffc5c095056faf2dca3c96347648443ddfc09f9aed421e2506e4a6ff6780f0aadabcfab774c

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Temperature.dll
Filesize
173KB

MD5
3747108570b8433d047a7e1208fda541

SHA1
787518792f39a7e2365a424711dbfc3abcd60dc0

SHA256
d987a17b4566602232353909027fa07ac5bf2c38f0613b24873e84fcc5e1d336

SHA512
4768bdadce5ec8d0eaac4fd08a92f7d9e937304ab60bbf92bca44ffc5c095056faf2dca3c96347648443ddfc09f9aed421e2506e4a6ff6780f0aadabcfab774c

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\UninstallPromote.exe
Filesize
2.1MB

MD5
533cc13b44114fdfc0465e706747ac82

SHA1
67ab09e50c18f3dfff97cb33c848fbfb72861738

SHA256
f9c38f5eb759d5b09e23c9142b768257b97a9d7e8bf626798f5daccba13e23e8

SHA512
ac6d93951444a8d2fe86d017e12fe9ce0bc9e3f5d5730a57dc29737bd76e28fbe33a8e10ef965462ab2bad52c258b116d421a4d190c018b4ba563297eda98948

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\Update\Update.ini
Filesize
1KB

MD5
eee90559556154ea0d2f25232c8de153

SHA1
dd61bb18dbd85ff28758fb62ead97a4f69716cd9

SHA256
790de8a3706d0dbba83b95454f6572de0ae7ba1485546de098ed56a3db921365

SHA512
1ff7e14ce29e1a969c7908dc7eb8e2836fcfba1181ae78566790f6f81e101b005f6c787556b21b386b4ecf839102a21d26d9d8b60c517bdc95daa23ee74a81b0

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\d3dx10_43.dll
Filesize
470KB

MD5
9f2344af5ef96ef7ae59268824f3151c

SHA1
b3da439d056bb3ae7f00ecda4aaae73ef79e22b4

SHA256
c69799ea10f65780dade40fec14610295bd1fea15c6e165452c89ff83ab093a6

SHA512
9bb2d42c86ebf0ea220b9455eab1b794ff3ef5721e23cfcf141d0fa5b1951343c75382bd35836a596f3666bf31b507d107f71591f1b3d663ddf4a3675881662f

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\d3dx11_43.dll
Filesize
253KB

MD5
f3447226656778933c98be43f7a748a3

SHA1
13c042b8c6034aae8f114df2110e740b374a40c6

SHA256
16f1ad014f30e5afb51c34b68b48ba553ec4622bd3439a3584e72e548fd8556f

SHA512
8735d37f4afa2f34a3f6a90bf9eb8a4640b60df6a24129fc879c190f6fda2cff4cba7616923b62d857bb489bd34cef447f4c190c46462696c7c42d0207a04649

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\dataexchange.dll
Filesize
76KB

MD5
1299a7fd5e65e32a7dde8af89e4db61d

SHA1
036dbd7df035892da84ab7d0dc1b9225e54e065a

SHA256
13dd748913c226f4929af229f755230724adbba5ced7c11b83bc918f8294b5da

SHA512
d9cf8d9496d6495ce1054a7cc00b6c08748cc7df9431881eb137f0d5d8a387eda500be214f06232fa1c8a481d05537c75fed2a4367eece848a15ffc39374df14

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\dataexchange.dll
Filesize
76KB

MD5
1299a7fd5e65e32a7dde8af89e4db61d

SHA1
036dbd7df035892da84ab7d0dc1b9225e54e065a

SHA256
13dd748913c226f4929af229f755230724adbba5ced7c11b83bc918f8294b5da

SHA512
d9cf8d9496d6495ce1054a7cc00b6c08748cc7df9431881eb137f0d5d8a387eda500be214f06232fa1c8a481d05537c75fed2a4367eece848a15ffc39374df14

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\datastate.dll
Filesize
74KB

MD5
a1b5a4d4d8e027c056b6b6a2a5a22080

SHA1
3154c363ca49519c0be4aee493e02f02110da47f

SHA256
6d33107ce562e7fa41a2cd7a48b4c8ab49cc5ee16af9fadcb65277cdca27c4e3

SHA512
a98da1505a1c0745a1ae1982e6c4d190dc52421d6b2466e352c049ed35ee8cf6e9f42245e7fe47f1f3ac5db361d5c9580e97bb2c2d24bb120460094826578c3c

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\madBasic_.bpl
Filesize
209KB

MD5
c4bb0a8bfbd4a632180b7a2c62e82b10

SHA1
d5126cff50ab25313f746104faafdc70e1d9fbd7

SHA256
4b2e1c988a09e5b318c4dcdd51a25887d02bf48cbdef239b9cc86742459a50e6

SHA512
504fc157591f4282528b8bda1d4dae14362b8f30b9a9e1921579a510cc1725390216274c5d925dccf9a3daf411b29a9ff027e77ada50fc581c7451de5c75af0f

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\madBasic_.bpl
Filesize
209KB

MD5
c4bb0a8bfbd4a632180b7a2c62e82b10

SHA1
d5126cff50ab25313f746104faafdc70e1d9fbd7

SHA256
4b2e1c988a09e5b318c4dcdd51a25887d02bf48cbdef239b9cc86742459a50e6

SHA512
504fc157591f4282528b8bda1d4dae14362b8f30b9a9e1921579a510cc1725390216274c5d925dccf9a3daf411b29a9ff027e77ada50fc581c7451de5c75af0f

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\madBasic_.bpl
Filesize
209KB

MD5
c4bb0a8bfbd4a632180b7a2c62e82b10

SHA1
d5126cff50ab25313f746104faafdc70e1d9fbd7

SHA256
4b2e1c988a09e5b318c4dcdd51a25887d02bf48cbdef239b9cc86742459a50e6

SHA512
504fc157591f4282528b8bda1d4dae14362b8f30b9a9e1921579a510cc1725390216274c5d925dccf9a3daf411b29a9ff027e77ada50fc581c7451de5c75af0f

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\madBasic_.bpl
Filesize
209KB

MD5
c4bb0a8bfbd4a632180b7a2c62e82b10

SHA1
d5126cff50ab25313f746104faafdc70e1d9fbd7

SHA256
4b2e1c988a09e5b318c4dcdd51a25887d02bf48cbdef239b9cc86742459a50e6

SHA512
504fc157591f4282528b8bda1d4dae14362b8f30b9a9e1921579a510cc1725390216274c5d925dccf9a3daf411b29a9ff027e77ada50fc581c7451de5c75af0f

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\madDisAsm_.bpl
Filesize
61KB

MD5
3f02eac260ab175a46849c2b70caf483

SHA1
cb5774f3f429f86ad3043950b57917b2f191612a

SHA256
3c930bbc232dc6e3c06b77a372431197ad31f4e75f2f68b9547fc29b015d9e49

SHA512
f02d459e8886861d6f3f7f2d28dc0935244e00d247e3155ae5cc95b96ba41beea9ce83bc3920eb2471bd4bf76048e5a777e2fe28d43c481dcfeb7bdf25e1d40d

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\madDisAsm_.bpl
Filesize
61KB

MD5
3f02eac260ab175a46849c2b70caf483

SHA1
cb5774f3f429f86ad3043950b57917b2f191612a

SHA256
3c930bbc232dc6e3c06b77a372431197ad31f4e75f2f68b9547fc29b015d9e49

SHA512
f02d459e8886861d6f3f7f2d28dc0935244e00d247e3155ae5cc95b96ba41beea9ce83bc3920eb2471bd4bf76048e5a777e2fe28d43c481dcfeb7bdf25e1d40d

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\madDisAsm_.bpl
Filesize
61KB

MD5
3f02eac260ab175a46849c2b70caf483

SHA1
cb5774f3f429f86ad3043950b57917b2f191612a

SHA256
3c930bbc232dc6e3c06b77a372431197ad31f4e75f2f68b9547fc29b015d9e49

SHA512
f02d459e8886861d6f3f7f2d28dc0935244e00d247e3155ae5cc95b96ba41beea9ce83bc3920eb2471bd4bf76048e5a777e2fe28d43c481dcfeb7bdf25e1d40d

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\madExcept_.bpl
Filesize
435KB

MD5
9e5f266f5b7c8771a2a25dcf5fc23873

SHA1
933acf655b97aaf1966158fa18ce5f67ab070d25

SHA256
f700ab8251ee590cb5a22e242bde3d8b7c62288278c0c051352ccc99b56ace4e

SHA512
a1e1ac6be2074ac5ac55ce493b73d7591ce476a19906cdfef1c065154eb96d4e360ad6c1b42d7a00ec09b6a877aa4f8f0cea71496f12a19ce5e92543d5ae4186

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\madExcept_.bpl
Filesize
435KB

MD5
9e5f266f5b7c8771a2a25dcf5fc23873

SHA1
933acf655b97aaf1966158fa18ce5f67ab070d25

SHA256
f700ab8251ee590cb5a22e242bde3d8b7c62288278c0c051352ccc99b56ace4e

SHA512
a1e1ac6be2074ac5ac55ce493b73d7591ce476a19906cdfef1c065154eb96d4e360ad6c1b42d7a00ec09b6a877aa4f8f0cea71496f12a19ce5e92543d5ae4186

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\madExcept_.bpl
Filesize
435KB

MD5
9e5f266f5b7c8771a2a25dcf5fc23873

SHA1
933acf655b97aaf1966158fa18ce5f67ab070d25

SHA256
f700ab8251ee590cb5a22e242bde3d8b7c62288278c0c051352ccc99b56ace4e

SHA512
a1e1ac6be2074ac5ac55ce493b73d7591ce476a19906cdfef1c065154eb96d4e360ad6c1b42d7a00ec09b6a877aa4f8f0cea71496f12a19ce5e92543d5ae4186

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\madExcept_.bpl
Filesize
435KB

MD5
9e5f266f5b7c8771a2a25dcf5fc23873

SHA1
933acf655b97aaf1966158fa18ce5f67ab070d25

SHA256
f700ab8251ee590cb5a22e242bde3d8b7c62288278c0c051352ccc99b56ace4e

SHA512
a1e1ac6be2074ac5ac55ce493b73d7591ce476a19906cdfef1c065154eb96d4e360ad6c1b42d7a00ec09b6a877aa4f8f0cea71496f12a19ce5e92543d5ae4186

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\rtl120.bpl
Filesize
1.1MB

MD5
886bcdd81bbce31fa03c23e78f11158c

SHA1
8c01b607c8b80871d2ae6bf63b4870c40aebcb42

SHA256
9d299887fb4a886be03f11a86af0d1021a2331ab0283c90ba6d790fa366d3767

SHA512
0c00229307950f55bec9d3026ab7120c7f0487eb3fb24aadd8808d2f2c801731e2eca458a58273992a519fa55cf49603089c4aca4600f4a8279beb933d4b076b

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\rtl120.bpl
Filesize
1.1MB

MD5
886bcdd81bbce31fa03c23e78f11158c

SHA1
8c01b607c8b80871d2ae6bf63b4870c40aebcb42

SHA256
9d299887fb4a886be03f11a86af0d1021a2331ab0283c90ba6d790fa366d3767

SHA512
0c00229307950f55bec9d3026ab7120c7f0487eb3fb24aadd8808d2f2c801731e2eca458a58273992a519fa55cf49603089c4aca4600f4a8279beb933d4b076b

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\rtl120.bpl
Filesize
1.1MB

MD5
886bcdd81bbce31fa03c23e78f11158c

SHA1
8c01b607c8b80871d2ae6bf63b4870c40aebcb42

SHA256
9d299887fb4a886be03f11a86af0d1021a2331ab0283c90ba6d790fa366d3767

SHA512
0c00229307950f55bec9d3026ab7120c7f0487eb3fb24aadd8808d2f2c801731e2eca458a58273992a519fa55cf49603089c4aca4600f4a8279beb933d4b076b

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\rtl120.bpl
Filesize
1.1MB

MD5
886bcdd81bbce31fa03c23e78f11158c

SHA1
8c01b607c8b80871d2ae6bf63b4870c40aebcb42

SHA256
9d299887fb4a886be03f11a86af0d1021a2331ab0283c90ba6d790fa366d3767

SHA512
0c00229307950f55bec9d3026ab7120c7f0487eb3fb24aadd8808d2f2c801731e2eca458a58273992a519fa55cf49603089c4aca4600f4a8279beb933d4b076b

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\rtl120.bpl
Filesize
1.1MB

MD5
886bcdd81bbce31fa03c23e78f11158c

SHA1
8c01b607c8b80871d2ae6bf63b4870c40aebcb42

SHA256
9d299887fb4a886be03f11a86af0d1021a2331ab0283c90ba6d790fa366d3767

SHA512
0c00229307950f55bec9d3026ab7120c7f0487eb3fb24aadd8808d2f2c801731e2eca458a58273992a519fa55cf49603089c4aca4600f4a8279beb933d4b076b

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\sdassist.dll
Filesize
201KB

MD5
d76d18c5d897b043827ff03739b8298c

SHA1
77a4274d4c6524c0d4b6b355d302235187254f90

SHA256
4a79ad74e70700b8db6bf101023d70fcd5b1b28f0e28584ee93610a873263995

SHA512
16c351c21edcb9bf308c68c18bb128291145820c72e7dbaf2202ef85b7e9c31fc1943702f12a3f41afa0f21f5794cca043b0f37bbbe5141b90ce6f264a862535

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\sdassist.dll
Filesize
201KB

MD5
d76d18c5d897b043827ff03739b8298c

SHA1
77a4274d4c6524c0d4b6b355d302235187254f90

SHA256
4a79ad74e70700b8db6bf101023d70fcd5b1b28f0e28584ee93610a873263995

SHA512
16c351c21edcb9bf308c68c18bb128291145820c72e7dbaf2202ef85b7e9c31fc1943702f12a3f41afa0f21f5794cca043b0f37bbbe5141b90ce6f264a862535

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\sdassist.dll
Filesize
201KB

MD5
d76d18c5d897b043827ff03739b8298c

SHA1
77a4274d4c6524c0d4b6b355d302235187254f90

SHA256
4a79ad74e70700b8db6bf101023d70fcd5b1b28f0e28584ee93610a873263995

SHA512
16c351c21edcb9bf308c68c18bb128291145820c72e7dbaf2202ef85b7e9c31fc1943702f12a3f41afa0f21f5794cca043b0f37bbbe5141b90ce6f264a862535

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\sqlite3.dll
Filesize
905KB

MD5
3fcc5348556331c365025ac57dfbcb1a

SHA1
f357091018f9d68e34017908a07c2255a3ec5e93

SHA256
622243b663cb4beef8ac22184e72a15e4593b3591804188114385b00950a7eb7

SHA512
7963490e41ed0192dbfb0d67e1c6fd55810fd89fa71b032ee45516fba01db6eb0a2b7194ef185786ac4eca0d8a1e4e475bf9dacc7ca0959d7b70209a9d571881

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\unins000.exe
Filesize
1.2MB

MD5
b9fb2e0d8378b15d091d677ff96fee70

SHA1
7bad6ac39763cccf8f4b3789d1acdb9a85057d6c

SHA256
b1f7352390ac91b9a71ac4497cb16575892c644157f4f9aaa8639518ff4d9b17

SHA512
dc019ab7e8884e69205396b966cbfab5f614f5435cbd6ac623115d0cde7609c7ea79d5a6862b5c651869c8ebdabbc06f4dba98ac507ad50c3eb93b7580bba7de

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\vcl120.bpl
Filesize
1.9MB

MD5
d5145c203ad9d94a13416b1e5400ab2d

SHA1
ebcbb8948b16760854dd87742d88ac9bf0cb3c78

SHA256
859d84044efc9b130c639db1c9e65250546606ffd7e3f27f491099e56fbca97c

SHA512
0da26730b85be0be07934516d3292c46256fd54a6188f32f6ebd70cf5859c1ae94852a20239bc391f792e2c0f8768e1465dba2744499145b665622f214ae3310

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\vcl120.bpl
Filesize
1.9MB

MD5
d5145c203ad9d94a13416b1e5400ab2d

SHA1
ebcbb8948b16760854dd87742d88ac9bf0cb3c78

SHA256
859d84044efc9b130c639db1c9e65250546606ffd7e3f27f491099e56fbca97c

SHA512
0da26730b85be0be07934516d3292c46256fd54a6188f32f6ebd70cf5859c1ae94852a20239bc391f792e2c0f8768e1465dba2744499145b665622f214ae3310

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\vcl120.bpl
Filesize
1.9MB

MD5
d5145c203ad9d94a13416b1e5400ab2d

SHA1
ebcbb8948b16760854dd87742d88ac9bf0cb3c78

SHA256
859d84044efc9b130c639db1c9e65250546606ffd7e3f27f491099e56fbca97c

SHA512
0da26730b85be0be07934516d3292c46256fd54a6188f32f6ebd70cf5859c1ae94852a20239bc391f792e2c0f8768e1465dba2744499145b665622f214ae3310

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\vcl120.bpl
Filesize
1.9MB

MD5
d5145c203ad9d94a13416b1e5400ab2d

SHA1
ebcbb8948b16760854dd87742d88ac9bf0cb3c78

SHA256
859d84044efc9b130c639db1c9e65250546606ffd7e3f27f491099e56fbca97c

SHA512
0da26730b85be0be07934516d3292c46256fd54a6188f32f6ebd70cf5859c1ae94852a20239bc391f792e2c0f8768e1465dba2744499145b665622f214ae3310

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\vclx120.bpl
Filesize
220KB

MD5
79c930429a1b86933c1ca4346ab74d34

SHA1
5d2aaf228686b2e8dbe5306ff339398c78c75a49

SHA256
36f599a8ff2bb6246f895f92a3bf2611a69c2590d5ac28d1160f7a34fe33a3fd

SHA512
064485680b43858a16eaca53e83f4dd2dcac55828e53bf8384b5d6d30d9a7858552978f75b15be3689fd3db70820a43d53454beedeead3efa3a9dd51640fdf9f

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\vclx120.bpl
Filesize
220KB

MD5
79c930429a1b86933c1ca4346ab74d34

SHA1
5d2aaf228686b2e8dbe5306ff339398c78c75a49

SHA256
36f599a8ff2bb6246f895f92a3bf2611a69c2590d5ac28d1160f7a34fe33a3fd

SHA512
064485680b43858a16eaca53e83f4dd2dcac55828e53bf8384b5d6d30d9a7858552978f75b15be3689fd3db70820a43d53454beedeead3efa3a9dd51640fdf9f

Download Submit
C:\Program Files (x86)\PCGameBoost\Smart Game Booster\5.2.3\vclx120.bpl
Filesize
220KB

MD5
79c930429a1b86933c1ca4346ab74d34

SHA1
5d2aaf228686b2e8dbe5306ff339398c78c75a49

SHA256
36f599a8ff2bb6246f895f92a3bf2611a69c2590d5ac28d1160f7a34fe33a3fd

SHA512
064485680b43858a16eaca53e83f4dd2dcac55828e53bf8384b5d6d30d9a7858552978f75b15be3689fd3db70820a43d53454beedeead3efa3a9dd51640fdf9f

Download Submit
C:\ProgramData\PCGameBoost\ProductData\StatCache.db
Filesize
331B

MD5
f5f4f2809debb8d8d45c3ae2e15318bf

SHA1
c943495f6fb40b39dc2170adf1e4775330d75848

SHA256
e71f1809779bdd1048c4a1463e2dc10e0e8c5ba691577eb732b6e0637e8482fe

SHA512
83b1a341b10ca69c6e7b61185f828ffd96c7f6cb817e94149e92c1c3312feadc1fc9aeb8ef421f42c7f2412384ed83b89af7dca9e3fefc4f67525c3302516bea

Download Submit
C:\ProgramData\PCGameBoost\ProductData\StatCache.db
Filesize
347B

MD5
143a8a1f1873df4df2aa620914c3e8b1

SHA1
3ac632d4a3e28d86ecfe65d03cefa5d8f02cea30

SHA256
f46c88755bd6f0128d969144d36c929e291551d173905eceb4cdc3ae3ce3dfa5

SHA512
75ac2d63e90dd644bb92b85b57875fd9f79f1cfcc3a327dad42d6fe0f263063d0657be74baef6ee2a2ae5eb3120bd10e790df7ef59861f77ad11b397845b8b3e

Download Submit
C:\ProgramData\PCGameBoost\ProductData\StatCache.db
Filesize
283B

MD5
9402c1f6c9d50330b844ea8bb092c4cb

SHA1
c2e503baff3a31a2020f850e667a6fc4d41256eb

SHA256
f947d89d6a9cea9d6fde471b543794b50dcb90d8af74a2715256c1e76e2b7c46

SHA512
c39114d212c9f7fad0bd9caa7a838845248b634e64944101c813690122ca74c2ae1dddbc2b9ba4ec29e37f088d170fe52f101c19b3a06eaae72e636e8d23a163

Download Submit
C:\ProgramData\PCGameBoost\ProductData\StatCache.db
Filesize
299B

MD5
2d25d488b87c780eaef7378c6da12187

SHA1
0e6cd740f8684c607090bd24f8e092924d5570ac

SHA256
2ea52dd4c01c3e80d5abeb98ef3a29e97f0065192ea0e167de5d6d6d36c9c835

SHA512
4d560751480f7e32952fbb8c9b8d7d1b9bafaa88cea002ca044df93d9a2614c91e5f0c140fb068423ade7dc9a346bb2fadfe7cd3af46d2858c2b30ded7cc450b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
e3d86ef31f8d54bd52c7a07cade2970d

SHA1
4e49f2032ba58bc65b89925433600ded7a84a841

SHA256
775c43aee792ce9ccf46d44074eefa25c6e9db8b4a0c7bd69f291e0657387417

SHA512
1b7ffd71567f12e3abac7a5c0c0b916f9fd6a1d6d5c216d4b8e8e837e69d0fe6799bfa6f5dca03af57c8f8928d2c35a29b6c672273e09186ee22878965856c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
f01a7dbddb6df7008477343788025d3d

SHA1
f8e977d39e906474c3f5fce844dbc9eeccde5bce

SHA256
7f8e48b9797a9a81d359edb3491a756e99caa3b0af9323d4182c019eab243ba9

SHA512
c417bf94828f18a4529fe4edf2948b960c9ebeb2d1568397cb8dc187fe4463a2f37e6b71c84a2a9e2f87b62dc0d491a8a06ec0b396e48afab63dac736098fe64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
cdb7cca587f5e5f4402eb0edb1b4c3c0

SHA1
c18f0cc6ad5e87b075e25c56a42038b9fbadca28

SHA256
e982dacf6303ce2dd43f7ec9ec37fd7e3435d09250d3d6d18d65aaa3fe27b5a6

SHA512
02e59c658027164dff179b93cbee1ba93cb5641ca9db0bbb257f4d54e31ebe64c194310c796fc15a70f1d532e722da392ddaccabbd713bb4533239dcb8104f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
661B

MD5
229febbaa36c2a83ac555b872c0022de

SHA1
fc418c413e23c4cb21dae7541a3b0048a89abef3

SHA256
23353f0c255688779a0f053d4ad448bb308b92617dd546c57fc398825a84c92a

SHA512
76ca4570ea12de54f0474bc23256ddb37fb3fbbf63911bdb4fef9a9769668e1fd15c2dfc0f89e925f349e473f46d7b903b6fe67e301a02ff3993b0cf625c0335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
cf13e8d2fcb35aef6209a738aaa2690a

SHA1
5befc7a6ab3cdd93e11bfe39937f643d9d70b49d

SHA256
9e5b8c2a793fb851f7665cf75232b7b799befbe9828aa053b2b43a2d3a47fade

SHA512
39111236b2422b12d975a6bae964e8c6dc0c1affb855bf5f0eb907c3ab47cdc80c6b04e80c2b134344786049fbad23c458d24af8bf812f5e2b7a3e1ac6506b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
e3a09ec10fcc13d60fa0e4286688de81

SHA1
8ff019ac25461baf5702591ca52cb1b0233650af

SHA256
7b9b20fc8fbdde8c1a82d5faab98299b10d23d5d1291c8ef6c64d36526c0727e

SHA512
dcc4406676d3c047eab5813d06dbd3ec258581722ab392d852bec0a274299ce3d8c631d7878bba46694424615049b6939ab530bd2aa71f573790eaf19db53a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
5d1a0b51346ca0b97e315ea14cb58000

SHA1
0d888ab5cfaa7bc7b35db330f0fcd57bef28ecdd

SHA256
626d067c2dc54f96f25cb6e3f5bfe374df0b7f796e049ba0b5e87e8b96c672a1

SHA512
ce5c321c26508b9cebe1f4f0f40562e23e52575b5fd9efd96b94cc7cd637b6d6ec5a9eedfe83b8984106ac3daea8984058bd2db38405c36d23293502c656f051

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-167HG.tmp\Inno_English.lng
Filesize
8KB

MD5
2d90e66759874d4be1ce548cb349ff88

SHA1
b2bb654ebe1ec2a0bde1f0377a4fb3dbfbbacc32

SHA256
aec63b417b37a083a18bb9fe2779fe79986c8fdce276c9cd0b7624fc2f02a447

SHA512
66b8889b3eda29300f551ce06160ab2ed3c26e0f7b5019b375e13f529c031daf7a4d6cc6d12147122541b560a18fe0112c3bcb98e56228171b45f74780e40748

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-167HG.tmp\SgbInit.exe
Filesize
1.7MB

MD5
41ebdc9b7f056adb0fefd33f7f105b7b

SHA1
10531c75e1e25d65a5de279b052749438cc913a7

SHA256
055f5ca0b10829b77cbeb8f5c967a2a8d874ef65356a2f1a1b56041e39157cbd

SHA512
269efbd2fffea7992a7a765bd34834df61255337a7cde3ba5de8f23752686fc2a0cc777c754fd691fc88b614a1430fc4e6d5b9eb8cc0e920f6f5aaa72157dd88

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-167HG.tmp\SgbInit.exe
Filesize
1.7MB

MD5
41ebdc9b7f056adb0fefd33f7f105b7b

SHA1
10531c75e1e25d65a5de279b052749438cc913a7

SHA256
055f5ca0b10829b77cbeb8f5c967a2a8d874ef65356a2f1a1b56041e39157cbd

SHA512
269efbd2fffea7992a7a765bd34834df61255337a7cde3ba5de8f23752686fc2a0cc777c754fd691fc88b614a1430fc4e6d5b9eb8cc0e920f6f5aaa72157dd88

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-167HG.tmp\SgbInit.exe
Filesize
1.7MB

MD5
41ebdc9b7f056adb0fefd33f7f105b7b

SHA1
10531c75e1e25d65a5de279b052749438cc913a7

SHA256
055f5ca0b10829b77cbeb8f5c967a2a8d874ef65356a2f1a1b56041e39157cbd

SHA512
269efbd2fffea7992a7a765bd34834df61255337a7cde3ba5de8f23752686fc2a0cc777c754fd691fc88b614a1430fc4e6d5b9eb8cc0e920f6f5aaa72157dd88

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-167HG.tmp\SgbInit.exe
Filesize
1.7MB

MD5
41ebdc9b7f056adb0fefd33f7f105b7b

SHA1
10531c75e1e25d65a5de279b052749438cc913a7

SHA256
055f5ca0b10829b77cbeb8f5c967a2a8d874ef65356a2f1a1b56041e39157cbd

SHA512
269efbd2fffea7992a7a765bd34834df61255337a7cde3ba5de8f23752686fc2a0cc777c754fd691fc88b614a1430fc4e6d5b9eb8cc0e920f6f5aaa72157dd88

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AFBK4.tmp\smart_game_booster_setup.tmp
Filesize
1.2MB

MD5
b9fb2e0d8378b15d091d677ff96fee70

SHA1
7bad6ac39763cccf8f4b3789d1acdb9a85057d6c

SHA256
b1f7352390ac91b9a71ac4497cb16575892c644157f4f9aaa8639518ff4d9b17

SHA512
dc019ab7e8884e69205396b966cbfab5f614f5435cbd6ac623115d0cde7609c7ea79d5a6862b5c651869c8ebdabbc06f4dba98ac507ad50c3eb93b7580bba7de

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-AFBK4.tmp\smart_game_booster_setup.tmp
Filesize
1.2MB

MD5
b9fb2e0d8378b15d091d677ff96fee70

SHA1
7bad6ac39763cccf8f4b3789d1acdb9a85057d6c

SHA256
b1f7352390ac91b9a71ac4497cb16575892c644157f4f9aaa8639518ff4d9b17

SHA512
dc019ab7e8884e69205396b966cbfab5f614f5435cbd6ac623115d0cde7609c7ea79d5a6862b5c651869c8ebdabbc06f4dba98ac507ad50c3eb93b7580bba7de

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\AUpdate.ini
Filesize
65B

MD5
bb24145c434f2143a4eaf53943a254f9

SHA1
7ae08a32f5dfc9590190a870cf3c8a2a2f70e040

SHA256
88948238b4102b58f6b6d886990983c0165c919e23bc74af1329c375d775651d

SHA512
80bf9a39b3aad5eaea101770650e1ae2a2acf2389211b508f6abf12155a93cc7e212246177298e2773fb9d95b2f88ddec7a2d83388d61fe693a40d76b7dc94e7

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\AppRun.log
Filesize
1KB

MD5
2b01dbb0dcc153ff51069917624808aa

SHA1
9b903ede6faf09360c65ede6cbc4e21f0149dadc

SHA256
2c68e53aa15ffde93ddcf104677f4b336215dcaf9c28c7145e0ad171833e4e8d

SHA512
5f74540dbcd74f2cced37f56e66d19b6a6cad46022b0234956a8b0a72d08e1d09333e1beb9a39813b34756a162510a480d671e91477e45033f9cbd7d9586edeb

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\AppRun.log
Filesize
1KB

MD5
2b01dbb0dcc153ff51069917624808aa

SHA1
9b903ede6faf09360c65ede6cbc4e21f0149dadc

SHA256
2c68e53aa15ffde93ddcf104677f4b336215dcaf9c28c7145e0ad171833e4e8d

SHA512
5f74540dbcd74f2cced37f56e66d19b6a6cad46022b0234956a8b0a72d08e1d09333e1beb9a39813b34756a162510a480d671e91477e45033f9cbd7d9586edeb

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\AppRun.log
Filesize
2KB

MD5
364d680c433840cf1f74a225ff4be83e

SHA1
becc64d7b715b237f6d785206a0d00b2b524a76d

SHA256
d846579326f08f5d1ff0f065aa7b3e87db7a326f9b697f7a07d75e0d180605ca

SHA512
e7b4d6aab7e621ef9a57269cc424b2fb85c955a6b69ff482bbe2fb0f96da6f773b0b20460c27b528fe9e54bc715aedcf0f7e9eb06f4707c1a1f85c5fff9ecfd4

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\AppRun.log
Filesize
4KB

MD5
0944f8682cc3e4e6b770545ee9f92545

SHA1
334b97d4dad34f02407853f5489dcf22c7b7fb9f

SHA256
c095af49936abac3b49435023682d09c71939bcc002695d1d00faa112112e1d1

SHA512
1da335d30e63823d1b0fba2ce0cf97e6c1cb91c0a2e72ed9a2f6a2da1a0daf24e375332bc8d4f2af303f0a2a7624bd296a51353152849d188f781fa0a3605e48

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\MonitorAppRun.log
Filesize
1KB

MD5
21c28d77ebf9a4a6dbfbc009bc2d8723

SHA1
fd319706ecc3a90d5aac6f2dfe3322d89fd94646

SHA256
b6c4eef0fa6860c90a0ad477d2ddd4d55c3f578d9605a258374ab0f82708da06

SHA512
601552d84bbc7f1bc4e1f86f4a4d1adb5cfecba7561aa50219dc0208d66da942d066b55ee90c1ccbe59152185accee0aae0af4837558e3f8ca87cca52edca115

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\MonitorAppRun.log
Filesize
3KB

MD5
93fcffc39a8d56e29e0e4ae387a90f80

SHA1
24527a6111354ae4a86540053b069542c0c54569

SHA256
cff8104085012a61452f3c66cb36350e1eac418c21a8928af21c497d750ff93c

SHA512
62f8079306867de9445ebe5c050dde18b2ec6dc1f7054f7d5707afac6737a648bc9e84a327fd83fd0e534fe19fff145ffe26496d9c41be23be495a779eaf7b33

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\Registry.log
Filesize
2KB

MD5
1d1a1c898db6e42b000a9a1caeec00e2

SHA1
b44e4985eb72e09f36159b9aa9999aa7ea0ff0af

SHA256
0ac8057ff353fbb18854caf7e4231609b038dda743a3c75035fe387b9944b42a

SHA512
2b318db8222484d54fe98366712eb1009dece5569070bfb4bc3b92208dd59e9184e2d4b5e301f59da0a57bbab8de41f3f8062a12d784983de7ee387710c5c8c6

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\SgbHUD32AppRun.log
Filesize
3KB

MD5
7f52c829d835a9428df8075605619a2a

SHA1
83a5977525b8b95d7aa6edde6811f6906aef5a40

SHA256
c375d7b93ca065c14fce9fa3c5f310c35effef8a319dbeaa8f1fb6f090eba059

SHA512
b8dc3989ecb38fe4bc460dae96dd88595f6b1c37fb41b2e45e12f6a013248b098dabd97bffeb00a7e9e949524a1751bd2dbaee87719dd56460a113d5b68801bd

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\SgbHUD64AppRun.log
Filesize
3KB

MD5
cdc7e297f2465fbe1a8462b6276b22d2

SHA1
389607ddb7c1801c5f8adb2f62eb494e24a64e56

SHA256
25a70131a72271e3f6a4b8ec16fb0a1b2685ec365bd5eb369f7358efb21344cb

SHA512
3dfade6d0432f704f7ee82d73b5774969bf8b1192bc2a94affb950ac026f9ff56fa329eecfa1f2365f66a8bc14f502fbb957b25729b4e89340e6fdb21069bbab

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\SgbInitAppRun.log
Filesize
1KB

MD5
b4793d111f30db7f7c59350f00d43999

SHA1
ac5087dcdd6aa86d110dc2d097f5329e5ec3e957

SHA256
23966d4ac22143b08f775f8956643a2fa4cef654c8a1df8f4e5787e31f44115d

SHA512
ad59cb00ac0be36c66635ee2b847fb2d0b836cbc334866985021a486bbaf734d0daeb60ed186defff672dcf6887937c0507e7019150b6b213595c5eb79de7bcc

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\SgbTrayAppRun.log
Filesize
15KB

MD5
9b90e24c14826690865c102ce81d3ae7

SHA1
1dd5b75531598139806fa80e9d08cc91c6d3e24e

SHA256
5097c76266b4ca99f40de4eab701a4c6278903277c1946233b23fae6c951de86

SHA512
6be10ed9dc62a33f54d85b571229dc5ca6047d07465dd0132faec3c7df80e345d34799a255b0cd3d8c1e8034b068ff8905ebf0df0c6646dc492ac4a871a43d28

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\SgbTrayAppRun.log
Filesize
1KB

MD5
9fb21fcdfc5f85ecce1d8df5f548704a

SHA1
41981340211ae74a7e734429babe00a1de65d28c

SHA256
bc3e14aa3e3799049e70481859eacdc99e6052a404fcb1a0496c4b980d8abb2e

SHA512
bf90ce8f3e4fb56599fa274462dc5bb830653d77ca1467b6acad2bf9e076c8d127ac93daec8486d7a29506ca01e71fbe2e1523271422d794572548025b96ac68

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\SgbTrayAppRun.log
Filesize
1KB

MD5
9fb21fcdfc5f85ecce1d8df5f548704a

SHA1
41981340211ae74a7e734429babe00a1de65d28c

SHA256
bc3e14aa3e3799049e70481859eacdc99e6052a404fcb1a0496c4b980d8abb2e

SHA512
bf90ce8f3e4fb56599fa274462dc5bb830653d77ca1467b6acad2bf9e076c8d127ac93daec8486d7a29506ca01e71fbe2e1523271422d794572548025b96ac68

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Logs\SgbUpdaterAppRun.log
Filesize
1KB

MD5
9ded1c7066fd62d753c936f5384af52b

SHA1
2502c1c05cbe003870b652d7ecb4b464d2c26f2b

SHA256
df0806a911abc59546d08f6d02197d3c81ac276952a5cbc4085b3e3bcac7c09a

SHA512
1eb004b13a7ae831d0dffc8e482255b17bde4080ac9610b4ced83d83a2c6c5083745a6283691a69560046c64fa1d4fb4703f264e95c6799e9c5d65fff1b72891

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\SmartGameBooster.ini
Filesize
3KB

MD5
742daa3aa63a7eca4f253cf6d8f870af

SHA1
071c8e2ce2e66664fde928e293e40337192d66da

SHA256
eb9b427a4c66077096fd4fbc9fec1cfcec3812e1a50e6e516c1dbb3afdcabcd5

SHA512
21d6b7ad7b6446a62d26a9cb7f4a3172e13a42bdca1d4ef4855c034af3602b3e23d71a10f236ef8c262b75686fb7ede40fc7e4aae8cec8aba59b3bc4d3098c91

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\SmartGameBooster.ini
Filesize
3KB

MD5
cb964f066e457aa93ddc539f28694aae

SHA1
8f4b83effbac868537922f63c68f584a6c66f13d

SHA256
b60ef91a573fdac35f361645e8db0601c33bc71bbca754e7254f1e2ff6e2e384

SHA512
95529f83a1685f952fa3d8b69de079618938e2fea33a8ead3c1fdbab61abc2f18fd14279d3b0e678e8e8cd18cc996262e7f3e7e0b27cfb54d8baeb940ee22cb4

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\SmartGameBooster.ini
Filesize
3KB

MD5
bc78f2342ec5ab6e112161ee0b7f960e

SHA1
8d04d5f96ee8f48258a919501d50d1d78b816d55

SHA256
556757753fd254400df185bae693f4c4534f1a09af0e43b5b19e5eaea58abdce

SHA512
9aea944ca3fe3ae146eae0ed492e84af18e021ff8e87e50b782f8c34057c49850d7093985e93a6875b578087c7204e55f473cf77bf3439419bf7112662db1ff9

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\SmartGameBooster.ini
Filesize
114B

MD5
8f27a8b267245e1ae08ea54b773d995a

SHA1
b060f3ae20d77dd5112ff3c3df6e808450ef3be9

SHA256
f9102e2effa9db69f82802471f6d9a42bee28c7171f4043a6327bdf7889f6f7a

SHA512
9b35bcd45646334fa6f8ef94e2a78b34fce9859948c58ec7e57d7ef2928201723adfcd0de83f16b8f5b11212e25241d8009a390759ef1f861bd7cf9f00a80e11

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\SmartGameBooster.ini
Filesize
330B

MD5
62a7133bcbc0d06b103023bcb3ffde73

SHA1
068af62ccc6a4e1986b2de2612eb28fc9ffd9966

SHA256
05f5c907c306a8d4158ad85aa5d5324ee5eca7cc6b3aee06ad6dc1e0a9d7dc3f

SHA512
03b8a844bce4b630daef5382842b33468b8da444682e2a6ab34d08cc9a0c4e3c015e9f63952d6d89c6c76f4fdec71ad56f260a1fee6c2e091135638c2653b250

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\SmartGameBooster.ini
Filesize
330B

MD5
caa38ecc41f965980924ae989420ceb2

SHA1
e815e331dcb8b4e9eebd6cde4df929c73d781972

SHA256
728d24cc11273f54bf179b3c46474bd5ff643d7e553c675d39c9a1e5fda013b7

SHA512
e6b59f75599e0d539c8569d5c1c252b0385ff86e4af89d3287149ca12c405b9128d6f778e738029b49e8576a9bfe21c95bceef99677060083d0fd1cca10347a8

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\SmartGameBooster.ini
Filesize
3KB

MD5
d9d796c633f149031b54b8497523ee87

SHA1
6878145a7c971454f36eb5d2fb5b3a07e2b99e1b

SHA256
a17184420d09ca85ee88b9f1f4edfc718769f0268308b906233cde556720cce0

SHA512
92c4f06f609512bf0e3f9d379a1c09249f6180300e89232aea69b558bb7157ff7f20855d04095d9464f169817a9ac2686a7c9c7a8b7bb2b417df1eeb3d6aa4f4

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\SmartGameBooster.ini
Filesize
3KB

MD5
635abe6d32efe44b4b9bf0bd94d7f96e

SHA1
4a47ad321039f9746e494330dcf2a2d1a80513be

SHA256
d978afa1c23271b7150c117f8a3a10daa74249f577ec426e6a6aca7fa8facf80

SHA512
8b3bcda34856e8b4b2c839e6de72585c9dcb7127a639632c065fc9990777b3b86bfb6d412594fd9229f918d148decae14da4682acfda1b6a99524f6ad19780f2

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\Temp.ini
Filesize
564B

MD5
40e6f747a9574425c1ddcf40fa8b4ce3

SHA1
ae5644daed55fa2a5a9ad25ece8cad1598f65078

SHA256
664faed26d51ab4f84c5cc5554405ff24ec9e5852c2430f9f0327e6882f3c4c6

SHA512
cec0de740ee8968294916a804449702c96c76d56b97dc0c3336fa8ec722ca0f198bda5d9a39cb4eaa42dc1c002b44b5004438b58cf1a6e01968a8e27406777ed

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\User3rdSvcWL.txt
Filesize
1KB

MD5
69c6361f93cadd8c7568d5cc6af20dc5

SHA1
971d7867f9dca6f16e9fc9efd8f36be4fba3bdda

SHA256
0b1ae4fa681d8f63d1ee23ac37e2d46ac0aee1aa0db7671ae51cfe9379850167

SHA512
f23e8b807fba91b297666db636d761b0e34c121036900b837d677d5daf3f82d98e8389b8d412d5b68e9fe5b0fa70c2d67fbab5bbd33510d076e3f4d52b8f6b3d

Download Submit
C:\Users\Admin\AppData\Roaming\PCGameBoost\Smart Game Booster\UserWinSvc.ini
Filesize
4KB

MD5
c7ecaa4b1cc065eba2a6b07d23074df5

SHA1
79bcfe0c95352dd2f880f1b3f5dd3152f35d35c8

SHA256
56abd3007e7a5a226a58cd4b02379f3b3386b1e5573777e9b8809066a06eb72f

SHA512
cf87684c0b1f11fb88869893d164eee55c90269d1858c9e2e9fab932daaed1c5b8c09125a43897000e9f96d6d2767e7c0a530cea0002ff967eab9b1608bbe5a7

Download Submit
C:\Windows\INF\c_processor.PNF
Filesize
5KB

MD5
ce1158199d9afc7e197dc02f2b96abcb

SHA1
6e16415c0e1c8b7cb95e88776008eddb28b43e6c

SHA256
06aac2d163ca0d20cae3921de631949853d3f8e738584a9192a2dd4bbe95051b

SHA512
513ef724ce5d9c571235b626091a86ff1501372d13e6bca84e28cf156965335b5ce92c4e89ab6b853a857525dba17a7fab1a148e59cd745aaea829b7ef74c7b4

Download Submit
C:\Windows\INF\c_volume.PNF
Filesize
4KB

MD5
8b0c8f54383cef8ac91d3c21663b21fc

SHA1
0bc698df786a3396c58ecca34207a4c81985af10

SHA256
41cef722ddac2159237cc6c4adc318e75d5b1159373d616e9bdd35f807d2280e

SHA512
80a87ef617b5fb2e8ff1cc63b45d2f7f8a368da382bb9bf6d5863f83748f3ea1ade79c6ac7a0de8203d1d43eef01a603bfbc9d47a0d3b9fa56bd71b235c6c8b0

Download Submit
memory/764-1200-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/764-1044-0x0000000003AF0000-0x0000000003BF3000-memory.dmp

Filesize
1.0MB

Download
memory/764-1163-0x0000000003AD0000-0x0000000003AD1000-memory.dmp

Filesize
4KB

Download
memory/764-1173-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/764-1180-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/764-977-0x0000000000680000-0x00000000006BF000-memory.dmp

Filesize
252KB

Download
memory/764-1201-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/764-1178-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/1124-770-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/1124-818-0x0000000007330000-0x0000000007331000-memory.dmp

Filesize
4KB

Download
memory/1124-838-0x00000000090E0000-0x00000000090E1000-memory.dmp

Filesize
4KB

Download
memory/1124-844-0x0000000009230000-0x0000000009231000-memory.dmp

Filesize
4KB

Download
memory/1124-837-0x0000000008F90000-0x0000000008F91000-memory.dmp

Filesize
4KB

Download
memory/1124-847-0x0000000009380000-0x0000000009381000-memory.dmp

Filesize
4KB

Download
memory/1124-766-0x0000000005C10000-0x0000000005DE7000-memory.dmp

Filesize
1.8MB

Download
memory/1124-1713-0x0000000007710000-0x0000000007711000-memory.dmp

Filesize
4KB

Download
memory/1124-759-0x0000000003FF0000-0x0000000004079000-memory.dmp

Filesize
548KB

Download
memory/1124-1483-0x0000000003EA0000-0x0000000003EB0000-memory.dmp

Filesize
64KB

Download
memory/1124-1344-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/1124-893-0x0000000003EA0000-0x0000000003EB0000-memory.dmp

Filesize
64KB

Download
memory/1124-758-0x0000000003D30000-0x0000000003E33000-memory.dmp

Filesize
1.0MB

Download
memory/1124-812-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/1124-735-0x0000000000750000-0x000000000078F000-memory.dmp

Filesize
252KB

Download
memory/1984-1606-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download
memory/1984-961-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download
memory/2184-576-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/2184-578-0x0000000002850000-0x0000000002953000-memory.dmp

Filesize
1.0MB

Download
memory/2184-567-0x0000000002850000-0x0000000002953000-memory.dmp

Filesize
1.0MB

Download
memory/2184-575-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/2184-577-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/2712-1343-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/2712-1104-0x0000000005730000-0x0000000005731000-memory.dmp

Filesize
4KB

Download
memory/2712-955-0x0000000005750000-0x0000000005760000-memory.dmp

Filesize
64KB

Download
memory/2712-1820-0x0000000006B00000-0x0000000006B01000-memory.dmp

Filesize
4KB

Download
memory/2712-1347-0x0000000010020000-0x0000000010021000-memory.dmp

Filesize
4KB

Download
memory/2712-874-0x0000000010D30000-0x0000000010F07000-memory.dmp

Filesize
1.8MB

Download
memory/2712-661-0x0000000000D40000-0x0000000000D7F000-memory.dmp

Filesize
252KB

Download
memory/2712-863-0x0000000010350000-0x000000001041B000-memory.dmp

Filesize
812KB

Download
memory/2712-1112-0x0000000009040000-0x0000000009041000-memory.dmp

Filesize
4KB

Download
memory/2712-861-0x00000000067A0000-0x0000000006837000-memory.dmp

Filesize
604KB

Download
memory/2712-860-0x0000000006780000-0x0000000006798000-memory.dmp

Filesize
96KB

Download
memory/2712-845-0x0000000010020000-0x0000000010021000-memory.dmp

Filesize
4KB

Download
memory/2712-769-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/2712-1251-0x0000000008F90000-0x0000000008F91000-memory.dmp

Filesize
4KB

Download
memory/2712-1070-0x0000000008FD0000-0x0000000008FD1000-memory.dmp

Filesize
4KB

Download
memory/2712-1099-0x00000000123C0000-0x00000000123C1000-memory.dmp

Filesize
4KB

Download
memory/2712-1604-0x0000000005750000-0x0000000005760000-memory.dmp

Filesize
64KB

Download
memory/2712-690-0x0000000005760000-0x0000000005863000-memory.dmp

Filesize
1.0MB

Download
memory/2712-1164-0x0000000012A10000-0x0000000012A11000-memory.dmp

Filesize
4KB

Download
memory/2712-662-0x0000000000EC0000-0x0000000000FC2000-memory.dmp

Filesize
1.0MB

Download
memory/3456-962-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/3456-1607-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/4220-1165-0x0000000000400000-0x0000000000617000-memory.dmp

Filesize
2.1MB

Download
memory/4220-848-0x0000000003DE0000-0x0000000003EE3000-memory.dmp

Filesize
1.0MB

Download
memory/4220-1166-0x0000000003DE0000-0x0000000003EE3000-memory.dmp

Filesize
1.0MB

Download
memory/4220-894-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/4244-384-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/4244-806-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/4244-149-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/4244-150-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/4244-158-0x0000000000400000-0x0000000000547000-memory.dmp

Filesize
1.3MB

Download
memory/4244-138-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/4476-814-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4476-148-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4476-133-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4492-691-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/4504-892-0x0000000003D80000-0x0000000003E83000-memory.dmp

Filesize
1.0MB

Download
memory/4504-895-0x0000000003D60000-0x0000000003D61000-memory.dmp

Filesize
4KB

Download
memory/4504-908-0x0000000004040000-0x00000000040C9000-memory.dmp

Filesize
548KB

Download
memory/4504-957-0x0000000006B80000-0x0000000006B81000-memory.dmp

Filesize
4KB

Download
memory/4504-958-0x0000000006BD0000-0x0000000006BD1000-memory.dmp

Filesize
4KB

Download
memory/4620-614-0x0000000001000000-0x0000000001102000-memory.dmp

Filesize
1.0MB

Download
memory/4620-789-0x0000000000400000-0x00000000009D4000-memory.dmp

Filesize
5.8MB

Download
memory/4620-817-0x0000000061E00000-0x0000000061ECA000-memory.dmp

Filesize
808KB

Download
memory/4620-811-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/4620-768-0x0000000005CC0000-0x0000000005CC1000-memory.dmp

Filesize
4KB

Download
memory/4620-822-0x0000000000FC0000-0x0000000000FFF000-memory.dmp

Filesize
252KB

Download
memory/4620-952-0x0000000002950000-0x0000000002A53000-memory.dmp

Filesize
1.0MB

Download
memory/4620-629-0x00000000058C0000-0x00000000059C3000-memory.dmp

Filesize
1.0MB

Download
memory/4620-813-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/4620-810-0x0000000005870000-0x0000000005871000-memory.dmp

Filesize
4KB

Download
memory/4620-948-0x0000000002950000-0x0000000002A53000-memory.dmp

Filesize
1.0MB

Download
memory/4620-950-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/4620-767-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/4620-829-0x0000000001000000-0x0000000001102000-memory.dmp

Filesize
1.0MB

Download
memory/4620-819-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/4620-800-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/4620-807-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/4620-832-0x00000000058C0000-0x00000000059C3000-memory.dmp

Filesize
1.0MB

Download
memory/4620-612-0x0000000000FC0000-0x0000000000FFF000-memory.dmp

Filesize
252KB

Download
memory/4936-1043-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/4936-809-0x0000000002860000-0x0000000002963000-memory.dmp

Filesize
1.0MB

Download
memory/4936-820-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/4936-1047-0x0000000002860000-0x0000000002963000-memory.dmp

Filesize
1.0MB

Download
memory/5052-550-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/5056-1199-0x0000000002900000-0x0000000002A03000-memory.dmp

Filesize
1.0MB

Download
memory/5056-1179-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/5056-1167-0x0000000002900000-0x0000000002A03000-memory.dmp

Filesize
1.0MB

Download
memory/5064-815-0x0000000000400000-0x000000000065B000-memory.dmp

Filesize
2.4MB

Download
memory/5076-172-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download