Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

GearUP-1.3...l7.exe

windows7-x64

8

GearUP-1.3...l7.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/04/2024, 03:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GearUP-1.35.1-mxkol7.exe

  • Size

    57.6MB

  • MD5

    1fa4463b2231096ed95da441fdaf1fd4

  • SHA1

    51f6c18279dd1648fbf6b01449a11703c52e50a0

  • SHA256

    4af6a9000d3b5139d519a1a09dcd082a2cc67a45132557823b1e3af53c160b2e

  • SHA512

    e53139616ad44b37f376774055506b1bf7a4e696395cd409abf0b4c40b6dcd58961a103ee528dc1c66d6d31405850172a1b5accbe274709aeb1c958065d77624

  • SSDEEP

    786432:1FBEIlTgyM2h80VEF3wXucr6PXTFRDIqnkkSHcR49/uAHE1U6H0OD+1IhL7oST5a:RE2Naa6T/k/Zu1U6H0JuvAdr

Score
8/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 12 IoCs
  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GearUP-1.35.1-mxkol7.exe
    "C:\Users\Admin\AppData\Local\Temp\GearUP-1.35.1-mxkol7.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe
      "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe" x "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\gearup_booster.zip" -o"C:\Program Files (x86)\GearUPBooster\" -aoa
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2180
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c rd /s /q "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\"
      2⤵
        PID:1296
      • C:\Program Files (x86)\GearUPBooster\launcher.exe
        "C:\Program Files (x86)\GearUPBooster\launcher.exe" /install_shortcut 1 /install_autorun 0
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2608
        • C:\Program Files (x86)\GearUPBooster\9147\gearup_booster.exe
          "C:\Program Files (x86)\GearUPBooster\9147\gearup_booster.exe" /install_shortcut 1 /install_autorun 0
          3⤵
          • Writes to the Master Boot Record (MBR)
          • Drops file in Program Files directory
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2696
          • C:\Program Files (x86)\GearUPBooster\9147\crashpad_handler.exe
            "C:\Program Files (x86)\GearUPBooster\9147\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --metrics-dir=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --url=https://sentry.guinfra.com:443/api/30/minidump/?sentry_client=sentry.native/0.5.3&sentry_key=e59bef2d0cf245eaa0d97f08c5eab5fe --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_proxy.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_tun.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_lsp.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\8356c9b1-c3d2-4bba-b2ff-c390095730a4.run\__sentry-event --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\8356c9b1-c3d2-4bba-b2ff-c390095730a4.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\8356c9b1-c3d2-4bba-b2ff-c390095730a4.run\__sentry-breadcrumb2 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x74825160,0x74825174,0x74825184
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2624
          • C:\Program Files (x86)\GearUPBooster\9147\gearup_booster_ball.exe
            C:\Program Files (x86)\GearUPBooster\9147\gearup_booster_ball.exe /main_form_wnd 197102 /show_flag 0 /pos_x -1 /pos_y -1 /version 9147 /client_id 661605ec771e940aacd43551 /gray 0
            4⤵
            • Executes dropped EXE
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:1544
          • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
            "C:\Program Files (x86)\GearUPBooster\9147\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --disable-databases --primordial-pipe-token=A9EE2D69938AC1F76E796DCB41FE1B4A --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9147\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=A9EE2D69938AC1F76E796DCB41FE1B4A --channel="2696.0.1944313926\1741871173" --mojo-platform-channel-handle=2780 /prefetch:1
            4⤵
            • Executes dropped EXE
            PID:2952
          • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
            "C:\Program Files (x86)\GearUPBooster\9147\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --disable-databases --primordial-pipe-token=A8D38E799F7FA6D6E89854C34DB0EB18 --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9147\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=A8D38E799F7FA6D6E89854C34DB0EB18 --channel="2696.1.1410613119\1869789847" --mojo-platform-channel-handle=3484 /prefetch:1
            4⤵
            • Executes dropped EXE
            PID:2592
          • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
            "C:\Program Files (x86)\GearUPBooster\9147\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --disable-databases --primordial-pipe-token=31C0B9BBFA8A9D2F6AEA38CB36997CBE --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9147\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=31C0B9BBFA8A9D2F6AEA38CB36997CBE --channel="2696.2.1350330875\451940713" --mojo-platform-channel-handle=3488 /prefetch:1
            4⤵
            • Executes dropped EXE
            PID:2472
          • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
            "C:\Program Files (x86)\GearUPBooster\9147\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --disable-databases --primordial-pipe-token=8756146FCA76D15C088144D9C88759D3 --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9147\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=8756146FCA76D15C088144D9C88759D3 --channel="2696.3.1811748045\1383651532" --mojo-platform-channel-handle=3500 /prefetch:1
            4⤵
            • Drops file in Program Files directory
            • Executes dropped EXE
            PID:2468
    • C:\Program Files (x86)\GearUPBooster\launcher.exe
      "C:\Program Files (x86)\GearUPBooster\launcher.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1816
      • C:\Program Files (x86)\GearUPBooster\9147\gearup_booster.exe
        "C:\Program Files (x86)\GearUPBooster\9147\gearup_booster.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:628
        • C:\Program Files (x86)\GearUPBooster\9147\crashpad_handler.exe
          "C:\Program Files (x86)\GearUPBooster\9147\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --metrics-dir=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --url=https://sentry.guinfra.com:443/api/30/minidump/?sentry_client=sentry.native/0.5.3&sentry_key=e59bef2d0cf245eaa0d97f08c5eab5fe --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_proxy.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_tun.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_lsp.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\b0ff9a9a-38f6-4292-3c6e-a82646a2908e.run\__sentry-event --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\b0ff9a9a-38f6-4292-3c6e-a82646a2908e.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\b0ff9a9a-38f6-4292-3c6e-a82646a2908e.run\__sentry-breadcrumb2 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x74825160,0x74825174,0x74825184
          3⤵
          • Executes dropped EXE
          PID:1880

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\GearUPBooster\9147\api-ms-win-crt-stdio-l1-1-0.dll
      Filesize

      24KB

      MD5

      32d7b95b1bce23db9fbd0578053ba87f

      SHA1

      7e14a34ac667a087f66d576c65cd6fe6c1dfdd34

      SHA256

      104a76b41cbd9a945dba43a6ffa8c6de99db2105d4ce93a717729a9bd020f728

      SHA512

      7dad74a0e3820a8237bab48f4962fe43e5b60b00f003a5de563b4cf61ee206353c9689a639566dc009f41585b54b915ff04f014230f0f38416020e08c8a44cb4

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9147\gearup_booster.exe
      Filesize

      7.5MB

      MD5

      8cb3c2372abd34b8db76c175a6023513

      SHA1

      2f6323930cb53a7478687b76f307c2488f179407

      SHA256

      dd59d29107c60762f82a349b3bba064085998810c4a59fc15dfd9bb54f933c9c

      SHA512

      ca08df984351f00c87edb659e3bb23d457549c3e52a348fe2a69930fa43550634f9c9951134ffb356d6f2a150d858664f9afccfe9f4bf241104d6f71f57bd767

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9147\gearup_booster_ball.exe
      Filesize

      1.4MB

      MD5

      6df4cdfe92a854826b56806b23b118cc

      SHA1

      bb12a1e57a7e86a4cc06a642539362c00ffd5e2f

      SHA256

      2f290749a6086e0f0909f021dcaa6a475e9bddafdaf3dd3c81464322b61a0e49

      SHA512

      d8d6881b22d585f258ee55ede1e4bf7315058d50886545e3ddeeb71470b7210fceae9fc821c6250d8e1ae29543c8a2f4b6f30694585efa8a41cfe12ddbf03282

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9147\gearup_booster_vpn.dll
      Filesize

      33KB

      MD5

      11cae61e95d27b0aa2c62f02db0ede8e

      SHA1

      e4b38aff2ba2d0f20002b92fd97b0ebd9da2f35f

      SHA256

      36f5e6bbb7a816a9abb54746daead745ab8209c97761a48dd0693de44af7c8ff

      SHA512

      ccee558bb5a4de3bfa71c8eea3235d199bbfe7836fc93029d80d7b87ccf2237b7f2a103fb85ff941f9b89026b8974e934fd76910738511f597def4230077c4ae

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9147\hostfp\64\hostpacket.sys
      Filesize

      37KB

      MD5

      5ac815ad2f4386140fe4c7eef3b06233

      SHA1

      6dd0e26f3c447602109253a7eaad59064c4162ca

      SHA256

      08d86eae497df069ef9e6525e9513a019ff7a9971780c1987fde858d51f4ed66

      SHA512

      98cf60aceabadc078e00ad1e274028714f7bbf3c86f0522ab423d50231156a2513e8cc1946b242c64af7287648e6d4ba5e630824b4d83134c471689db42fbbf5

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9147\ping.dll
      Filesize

      685KB

      MD5

      8baeb6f7001e51e0afa0a5c3372988ec

      SHA1

      ab7f69c2a735866d63263d58a68e56333b646eda

      SHA256

      8e79b457430369d77fa278101c5375c0584e3b7e5e7bfb5263d0350809466c48

      SHA512

      df733f7b50513c845d0384becea18dd553a1d47991d3bc28a68fcd26ff1491c23a467ab9ce733787d3921cd81f0290dea9b4256ee0c0b6b9c8a994cfa2dc90e7

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9147\skin.dll
      Filesize

      11.8MB

      MD5

      5305e1ea0154a93e57d8b7daf2c13ad5

      SHA1

      4f09fe97b5ee9e27ae7aabb7bc0ec475848c0ced

      SHA256

      c34d9b3dc18ca64c77a4abfe57bb995cdb5534c5d38331bf1f2af4de4194c8a2

      SHA512

      03af21e94dfa002a292bcf881472609a6f49efe09707f2071644f4f720a02020ca00148a24c645d2a00a5d85402d4c131444d6ea2c1be699ce30166e46e00b79

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9147\ucrtbase.DLL
      Filesize

      879KB

      MD5

      3e0303f978818e5c944f5485792696fd

      SHA1

      3b6e3ea9f5a6bbdeda20d68b84e4b51dc48deb1d

      SHA256

      7041885b2a8300bf12a46510228ce8d103d74e83b1baf696b84ff3e5ab785dd1

      SHA512

      c2874029bd269e6b9f7000c48d0710c52664c44e91c3086df366c3456b8bce0ed4d7e5bcfe4bdd3d03b11b8245c65f4b848b6dc58e6ea7b1de9b3ca2fb3348bc

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9147\ui.dll
      Filesize

      1.1MB

      MD5

      befc1e4a7b303280ea5c7b0d4f22dc15

      SHA1

      2e53761eb66854939222da5b58a0fb8e785c7a32

      SHA256

      afa860487e38f075b6da02c5e13024cbf32ca9f96e2c2e2515c2a6c2aa38d373

      SHA512

      f64fcc8941276a5ae9086c3b77c00e243c1e2eb771efed794eadab63f5e98303c761e48ed5f9a13580928aefe7f839ccc147c37119e4e8bfbce04b172daa42d0

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9147\uninstall.exe
      Filesize

      2.1MB

      MD5

      87ed4003c0827bcbd185c87893da20f8

      SHA1

      8dfa3182090f47c9a243ea737c3521c14533558b

      SHA256

      c337e7c29e81cbf514de91a38de02f2c3f89c4bbfd95f090b21211693b5aa6af

      SHA512

      3e4bec6bf22254e44bfb3f12b2b72b4e2d168e22bee9ce729c660e17209cb219a6f0259a386921a05abfd6bcbd450db9aba98f900bace034c8a920405c514fa9

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9147\update.exe
      Filesize

      2.2MB

      MD5

      1cb98dc9e7c21d50c5ca26e7a4eecb28

      SHA1

      2a76dc28425fd8c5c160a97e672dcec3c67839cd

      SHA256

      4a1397cef58bbdd814f4311d0221a141e511f70588f1ee0dc2d84bf0472d4883

      SHA512

      d330dfbf66a9b40e642df0397b28e2b0c918c8f4dc84cb16d89b0c8a5ce6e2133af5aecb673c600b35e0a9d1de5196321937ffc0551d0118d1a3fd63be87d29c

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
      Filesize

      1009KB

      MD5

      561e2e81dc8a2abc5c648cdf5b407099

      SHA1

      1ac32fc3858032aa6d3c37b4ef8f2b92fe585e2d

      SHA256

      271dae8bcb2d3f40ab65c3feeed49b9ae2cdd91bfe16230971289e28570c9a7f

      SHA512

      2601e48ad443b98f8b207265eb8e46e6889c4d656e0f677b4f4d7cbc4fc1b1b031189e382f4d118eef6f4b54cb2d16a8179d2184cd8580d8b928b847a46315a8

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\gearup_booster.zip
      Filesize

      53.3MB

      MD5

      1e36dc529012018253198c50a3197ac9

      SHA1

      881defff77c40a04796cc027db9ddebaf8a8a38d

      SHA256

      93fa3bbbda4acfb6ac8db05362d1747b56be4c3f961e1b60abade15d827d89d9

      SHA512

      8600ddce0c65ec6d4f842562627a43f367f3f2fe457f2d8e7a4506e5625d2db48768d3b016875de90c5fed65b24095560630c44278ddafa2dbe6e58fac88a56a

      Download Submit

    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GearUP Booster.lnk
      Filesize

      1KB

      MD5

      070b8cd5bbfa7c9299a6f8e79d92b6dd

      SHA1

      7658dc3cbe01705bc2f82fbd9bde079e6b52402c

      SHA256

      3a3d197584a1cf0f9345985042df5dd0748006612ffd270e856f1fb06fdbde8f

      SHA512

      f74bb7d0009d37f6d220a823a579f8839a0f5bc74192d4e1e63eb786a0c78103c52b4933417dc8e4b3511676825d08ec34935d8fb6df7299d0e0d63b10827773

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab8A19.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8A2B.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\api-ms-win-core-file-l1-2-0.dll
      Filesize

      18KB

      MD5

      f6d1216e974fb76585fd350ebdc30648

      SHA1

      f8f73aa038e49d9fcf3bd05a30dc2e8cbbe54a7c

      SHA256

      348b70e57ae0329ac40ac3d866b8e896b0b8fef7e8809a09566f33af55d33271

      SHA512

      756ee21ba895179a5b6836b75aeefb75389b0fe4ae2aaff9ed84f33075094663117133c810ab2e697ec04eaffd54ff03efa3b9344e467a847acea9f732935843

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\api-ms-win-core-file-l2-1-0.dll
      Filesize

      18KB

      MD5

      bfb08fb09e8d68673f2f0213c59e2b97

      SHA1

      e1e5ff4e7dd1c902afbe195d3e9fd2a7d4a539f2

      SHA256

      6d5881719e9599bf10a4193c8e2ded2a38c10de0ba8904f48c67f2da6e84ed3e

      SHA512

      e4f33306f3d06ea5c8e539ebdb6926d5f818234f481ff4605a9d5698ae8f2afdf79f194acd0e55ac963383b78bb4c9311ee97f3a188e12fbf2ee13b35d409900

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\api-ms-win-core-localization-l1-2-0.dll
      Filesize

      20KB

      MD5

      3b9d034ca8a0345bc8f248927a86bf22

      SHA1

      95faf5007daf8ba712a5d17f865f0e7938da662b

      SHA256

      a7ac7ece5e626c0b4e32c13299e9a44c8c380c8981ce4965cbe4c83759d2f52d

      SHA512

      04f0830878e0166ffd1220536592d0d7ec8aacd3f04340a8d91df24d728f34fbbd559432e5c35f256d231afe0ae926139d7503107cea09bfd720ad65e19d1cdc

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\api-ms-win-core-processthreads-l1-1-1.dll
      Filesize

      18KB

      MD5

      c2ead5fcce95a04d31810768a3d44d57

      SHA1

      96e791b4d217b3612b0263e8df2f00009d5af8d8

      SHA256

      42a9a3d8a4a7c82cb6ec42c62d3a522daa95beb01ecb776aac2bfd4aa1e58d62

      SHA512

      c90048481d8f0a5eda2eb6e7703b5a064f481bb7d8c78970408b374cb82e89febc2e36633f1f3e28323fb633d6a95aa1050a626cb0cb5ec62e9010491aae91f4

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\api-ms-win-core-synch-l1-2-0.dll
      Filesize

      18KB

      MD5

      f6b4d8d403d22eb87a60bf6e4a3e7041

      SHA1

      b51a63f258b57527549d5331c405eacc77969433

      SHA256

      25687e95b65d0521f8c737df301bf90db8940e1c0758bb6ea5c217cf7d2f2270

      SHA512

      1acd8f7bc5d3ae1db46824b3a5548b33e56c9bac81dcd2e7d90fdbd1d3dd76f93cdf4d52a5f316728f92e623f73bc2ccd0bc505a259dff20c1a5a2eb2f12e41b

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\api-ms-win-core-timezone-l1-1-0.dll
      Filesize

      18KB

      MD5

      a20084f41b3f1c549d6625c790b72268

      SHA1

      e3669b8d89402a047bfbf9775d18438b0d95437e

      SHA256

      0fa42237fd1140fd125c6edb728d4c70ad0276c72fa96c2faabf7f429fa7e8f1

      SHA512

      ddf294a47dd80b3abfb3a0d82bc5f2b510d3734439f5a25da609edbbd9241ed78045114d011925d61c3d80b1ccd0283471b1dad4cf16e2194e9bc22e8abf278f

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\api-ms-win-crt-heap-l1-1-0.dll
      Filesize

      19KB

      MD5

      39d81596a7308e978d67ad6fdccdd331

      SHA1

      a0b2d43dd1c27d8244d11495e16d9f4f889e34c4

      SHA256

      3d109fd01f6684414d8a1d0d2f5e6c5b4e24de952a0695884744a6cbd44a8ec7

      SHA512

      0ef6578de4e6ba55eda64691892d114e154d288c419d05d6cff0ef4240118c20a4ce7f4174eec1a33397c6cd0135d13798dc91cc97416351775f9abf60fcae76

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\api-ms-win-crt-runtime-l1-1-0.dll
      Filesize

      22KB

      MD5

      ae3fa6bf777b0429b825fb6b028f8a48

      SHA1

      b53dbfdb7c8deaa9a05381f5ac2e596830039838

      SHA256

      66b86ed0867fe22e80b9b737f3ee428be71f5e98d36f774abbf92e3aaca71bfb

      SHA512

      1339e7ce01916573e7fdd71e331eeee5e27b1ddd968cadfa6cbc73d58070b9c9f8d9515384af004e5e015bd743c7a629eb0c62a6c0fa420d75b069096c5d1ece

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\api-ms-win-crt-string-l1-1-0.dll
      Filesize

      24KB

      MD5

      5e72659b38a2977984bbc23ed274f007

      SHA1

      ea622d608cc942bdb0fad118c8060b60b2e985c9

      SHA256

      44a4db6080f6bdae6151f60ae5dc420faa3be50902e88f8f14ad457dec3fe4ea

      SHA512

      ed3cb656a5f5aee2cc04dd1f25b1390d52f3e85f0c7742ed0d473a117d2ac49e225a0cb324c31747d221617abcd6a9200c16dd840284bb29155726a3aa749bb1

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\msvcp140.dll
      Filesize

      432KB

      MD5

      a6b18a2772631cdd06f95b19d66d2d4f

      SHA1

      c342250efab725f643e598f49d1710c74f78d022

      SHA256

      76cc277b564e69e35a0d9c440f013a52b5d25f43ba42fd0099d6fc1f05a6ce16

      SHA512

      f98e07c1b92ecfc662021e33486b660942de390b8e947126f304adee911da0574d6cac416748f6f03e6cce981737eb694fb3d2bcd80e1e207eba91a44b5f23e5

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\sentry.dll
      Filesize

      426KB

      MD5

      bf9002bf5c878cdca749025a5f875d6b

      SHA1

      e916d3121706dbd1ada335b414e4601373b86ef8

      SHA256

      4d9af7c5442387ed91671d2f0360eb6cba3baa3c706b8f6b898d3018b8c7fb05

      SHA512

      34873e1bd9c077046469db3a2176581aea162933c39c51f1ded462030fb2238a93b3d7e20ff14a497be42e019f2f23add141d98b662b395618bf69ed74a90a20

      Download Submit

    • \Program Files (x86)\GearUPBooster\9147\vcruntime140.dll
      Filesize

      88KB

      MD5

      81b11024a8ed0c9adfd5fbf6916b133c

      SHA1

      c87f446d9655ba2f6fddd33014c75dc783941c33

      SHA256

      eb6a3a491efcc911f9dff457d42fed85c4c170139414470ea951b0dafe352829

      SHA512

      e4b1c694cb028fa960d750fa6a202bc3a477673b097b2a9e0991219b9891b5f879aa13aa741f73acd41eb23feee58e3dd6032821a23e9090ecd9cc2c3ec826a1

      Download Submit

    • \Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe
      Filesize

      589KB

      MD5

      c6d72642721e84d227defc3ec4ab12e6

      SHA1

      3709a7c3cc795a0012adc6ccaf82a93628703518

      SHA256

      0cc0de83b51dae55a4fcae559defc87bea8448010d064c316abcfe9459ece035

      SHA512

      fa2c8b9fa34b190be45fc363f4760603cb6a389bc01fd617a1861ac709eef5e5dd42ea3d5524a1660ea8202dc17687265cd9bb87f5b4c9a9cf714744a8489389

      Download Submit

    • \Program Files (x86)\GearUPBooster\launcher.exe
      Filesize

      921KB

      MD5

      fe5e05051e5d1caea9e552a431768a16

      SHA1

      f45876c18188bb4e7c45be1da7b045faef38e243

      SHA256

      0b896cacc741f0db80e75e5ee5abe47a547503cd9d368ecd19b029430f1ef24f

      SHA512

      b9d55bffbc929a1bd2ab69906215022c5cb20d9b19f90f04874fc656abf29a4297d4b01b68f6180d71ecf85965c6f256cbf6aaa9b3db9ef33f0931dfbaecc00d

      Download Submit

    • memory/2468-499-0x0000000013500000-0x0000000013501000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2472-498-0x0000000026400000-0x0000000026401000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2592-497-0x000000003FB00000-0x000000003FB01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2952-446-0x0000000039E00000-0x0000000039E01000-memory.dmp

      Filesize

      4KB

      Download