12145b7903a191092e108eef8dd5fade5b097ba6f5621d71b381c79a02e62793

Analysis

max time kernel
113s
max time network
100s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19-04-2024 17:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GearUP-2.0.0-win.exe
Size

57.7MB
MD5

3369c204ad7f2731a18fd4ba4e08474e
SHA1

2de36dd0654e5adb188db2ad84004d5ba07776bc
SHA256

12145b7903a191092e108eef8dd5fade5b097ba6f5621d71b381c79a02e62793
SHA512

2ec3736a39022bdf9dd3ec3c62d40d6681d1658121b78cd53a30c99ed9921a5ba3756aeb3882a76e3ecc83d4af5d088de73b162f7dd74139aa13d7366118af6f
SSDEEP

1572864:rEDNDYXhxRp2FyFFNPQohTkpEp6cpOlzSrFsoWFv:CCRpzNPtqohLWFv

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

Processes:

GearUP-2.0.0-win.exe

description	ioc	process
File opened for modification	C:\Windows\System32\drivers\hostpacket.sys	GearUP-2.0.0-win.exe
File created	C:\Windows\System32\drivers\hostpacket.sys	GearUP-2.0.0-win.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

gearup_booster.exe

description ioc process

File opened for modification \??\PhysicalDrive0 gearup_booster.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

description	ioc	process
File opened for modification	\??\PhysicalDrive0	gearup_booster.exe

Drops file in Program Files directory 64 IoCs

Processes:

7za.exegearup_booster_render.exegearup_booster.exe

description	ioc	process
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\bg.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\fil.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\gu.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\lspinst_x64.exe	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\tap_driver\i386\NW_TAP_0921.sys	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\host_dp.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\libcef.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\wfp\arm64	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\bn.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\en-US.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\lv.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ml.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\tap_driver\arm64\OemVista.inf	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\debug.log	gearup_booster_render.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\hr.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ru.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\sw.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\launcher.exe	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\ws2detour.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\wfp\win\x32\gunfwfp.sys	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\fi.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\VisualElements\SmallLogo.png	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\tap_driver\x64\OemVista.inf	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\7za.exe	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\crashpad_handler.exe	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\wfp	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\th.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\lsp64.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\wfp\win\x64\nwwfp.sys	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe	gearup_booster.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\api-ms-win-crt-math-l1-1-0.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\d3dcompiler_43.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\kn.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\te.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\tap_driver\x64\nw_tap_0921.cat	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\icudtl.dat	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\api-ms-win-core-localization-l1-2-0.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\api-ms-win-crt-filesystem-l1-1-0.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\wfp\win7\x64	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\tap_driver\x64\tap0901.cat	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\cache.data	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\grp.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\sentry.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\ping.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\tap_driver\arm64	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\wfp\win\x64	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\mr.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ru.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\tr.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\api-ms-win-crt-convert-l1-1-0.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\ngpush.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\sentry.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\am.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\bg.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ja.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\kn.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\natives_blob.bin	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9148\msvcp100.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\fr.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\api-ms-win-crt-utility-l1-1-0.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\msvcp100.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9148\ngpush.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\cs.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\hu.pak	7za.exe

Executes dropped EXE 6 IoCs

Processes:

7za.exelauncher.exegearup_booster.execrashpad_handler.exegearup_booster_ball.exegearup_booster_render.exe

pid process

1892 7za.exe
2516 launcher.exe
1460 gearup_booster.exe
1600 crashpad_handler.exe
3460 gearup_booster_ball.exe
1544 gearup_booster_render.exe

pid	process
1892	7za.exe
2516	launcher.exe
1460	gearup_booster.exe
1600	crashpad_handler.exe
3460	gearup_booster_ball.exe
1544	gearup_booster_render.exe

Loads dropped DLL 24 IoCs

Processes:

gearup_booster.execrashpad_handler.exegearup_booster_ball.exegearup_booster_render.exe

pid	process
1460	gearup_booster.exe
1460	gearup_booster.exe
1460	gearup_booster.exe
1460	gearup_booster.exe
1460	gearup_booster.exe
1460	gearup_booster.exe
1460	gearup_booster.exe
1460	gearup_booster.exe
1460	gearup_booster.exe
1460	gearup_booster.exe
1600	crashpad_handler.exe
1600	crashpad_handler.exe
1460	gearup_booster.exe
1460	gearup_booster.exe
1460	gearup_booster.exe
3460	gearup_booster_ball.exe
3460	gearup_booster_ball.exe
3460	gearup_booster_ball.exe
3460	gearup_booster_ball.exe
3460	gearup_booster_ball.exe
3460	gearup_booster_ball.exe
3460	gearup_booster_ball.exe
3460	gearup_booster_ball.exe
1544	gearup_booster_render.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

GearUP-2.0.0-win.exegearup_booster.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\gearup_booster.exe = "11000"	GearUP-2.0.0-win.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\gearup_booster.exe = "11000"	gearup_booster.exe

Modifies registry class 6 IoCs

Processes:

gearup_booster.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gu	gearup_booster.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gu\URL Protocol	gearup_booster.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open\command	gearup_booster.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell	gearup_booster.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open	gearup_booster.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open\command\ = "C:\\Program Files (x86)\\GearUPBooster\\9148\\gearup_booster.exe \"%1\""	gearup_booster.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

gearup_booster.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	gearup_booster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	gearup_booster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	gearup_booster.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	gearup_booster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	gearup_booster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	gearup_booster.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

gearup_booster.exe

pid process

1460 gearup_booster.exe
1460 gearup_booster.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7za.exe

description	pid	process
Token: SeRestorePrivilege	1892	7za.exe
Token: 35	1892	7za.exe
Token: SeSecurityPrivilege	1892	7za.exe
Token: SeSecurityPrivilege	1892	7za.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

gearup_booster_ball.exegearup_booster.exe

pid process

3460 gearup_booster_ball.exe
1460 gearup_booster.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

gearup_booster_ball.exegearup_booster.exe

pid process

3460 gearup_booster_ball.exe
1460 gearup_booster.exe

pid	process
3460	gearup_booster_ball.exe
1460	gearup_booster.exe

pid	process
3460	gearup_booster_ball.exe
1460	gearup_booster.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

GearUP-2.0.0-win.exelauncher.exegearup_booster.exe

description	pid	process	target process
PID 4492 wrote to memory of 1892	4492	GearUP-2.0.0-win.exe	7za.exe
PID 4492 wrote to memory of 1892	4492	GearUP-2.0.0-win.exe	7za.exe
PID 4492 wrote to memory of 1892	4492	GearUP-2.0.0-win.exe	7za.exe
PID 4492 wrote to memory of 1820	4492	GearUP-2.0.0-win.exe	cmd.exe
PID 4492 wrote to memory of 1820	4492	GearUP-2.0.0-win.exe	cmd.exe
PID 4492 wrote to memory of 1820	4492	GearUP-2.0.0-win.exe	cmd.exe
PID 4492 wrote to memory of 2516	4492	GearUP-2.0.0-win.exe	launcher.exe
PID 4492 wrote to memory of 2516	4492	GearUP-2.0.0-win.exe	launcher.exe
PID 4492 wrote to memory of 2516	4492	GearUP-2.0.0-win.exe	launcher.exe
PID 2516 wrote to memory of 1460	2516	launcher.exe	gearup_booster.exe
PID 2516 wrote to memory of 1460	2516	launcher.exe	gearup_booster.exe
PID 2516 wrote to memory of 1460	2516	launcher.exe	gearup_booster.exe
PID 1460 wrote to memory of 1600	1460	gearup_booster.exe	crashpad_handler.exe
PID 1460 wrote to memory of 1600	1460	gearup_booster.exe	crashpad_handler.exe
PID 1460 wrote to memory of 1600	1460	gearup_booster.exe	crashpad_handler.exe
PID 1460 wrote to memory of 3460	1460	gearup_booster.exe	gearup_booster_ball.exe
PID 1460 wrote to memory of 3460	1460	gearup_booster.exe	gearup_booster_ball.exe
PID 1460 wrote to memory of 3460	1460	gearup_booster.exe	gearup_booster_ball.exe
PID 1460 wrote to memory of 1544	1460	gearup_booster.exe	gearup_booster_render.exe
PID 1460 wrote to memory of 1544	1460	gearup_booster.exe	gearup_booster_render.exe
PID 1460 wrote to memory of 1544	1460	gearup_booster.exe	gearup_booster_render.exe

C:\Users\Admin\AppData\Local\Temp\GearUP-2.0.0-win.exe
"C:\Users\Admin\AppData\Local\Temp\GearUP-2.0.0-win.exe"
1⤵
- Drops file in Drivers directory
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:4492

C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe
"C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe" x "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\gearup_booster.zip" -o"C:\Program Files (x86)\GearUPBooster\" -aoa
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1892

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c rd /s /q "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\"
2⤵
PID:1820

C:\Program Files (x86)\GearUPBooster\launcher.exe
"C:\Program Files (x86)\GearUPBooster\launcher.exe" /install_shortcut 1 /install_autorun 0
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2516

C:\Program Files (x86)\GearUPBooster\9148\gearup_booster.exe
"C:\Program Files (x86)\GearUPBooster\9148\gearup_booster.exe" /install_shortcut 1 /install_autorun 0
3⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1460

C:\Program Files (x86)\GearUPBooster\9148\crashpad_handler.exe
"C:\Program Files (x86)\GearUPBooster\9148\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --metrics-dir=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --url=https://sentry.guinfra.com:443/api/30/minidump/?sentry_client=sentry.native/0.5.3&sentry_key=e59bef2d0cf245eaa0d97f08c5eab5fe --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_proxy.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_tun.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_lsp.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\251aa65d-c0b8-45c2-7668-e77b02e90725.run\__sentry-event --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\251aa65d-c0b8-45c2-7668-e77b02e90725.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\251aa65d-c0b8-45c2-7668-e77b02e90725.run\__sentry-breadcrumb2 --initial-client-data=0x488,0x48c,0x490,0x464,0x494,0x73b25160,0x73b25174,0x73b25184
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1600

C:\Program Files (x86)\GearUPBooster\9148\gearup_booster_ball.exe
C:\Program Files (x86)\GearUPBooster\9148\gearup_booster_ball.exe /main_form_wnd 459296 /show_flag 0 /pos_x -1 /pos_y -1 /version 9148 /client_id 6622ae72d519d913081fe5e6 /gray 0
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3460

C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
"C:\Program Files (x86)\GearUPBooster\9148\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --disable-databases --primordial-pipe-token=87515E7CD4EAEB103321F218B2C9C75B --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9148\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=87515E7CD4EAEB103321F218B2C9C75B --channel="1460.0.1706894099\1772029538" --mojo-platform-channel-handle=3760 /prefetch:1
4⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\GearUPBooster\9148\MSVCP100.dll
Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\MSVCR100.dll
Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\browser.dll
Filesize
38KB

MD5
1360c1d67a865ba1f6085e2246f42677

SHA1
ea3eca123552859a8ef4bd0c2db133acda97c300

SHA256
9c25f4fa25116542a9c16d94ababec450c6184c6e8bc3cd90f3d9dc4ed5bcc39

SHA512
64c290db722c28cd613cf0674d0fccbc54b1b9c5338b59cecaa2cea1d78ec061793b12eb2289d9b901f84b91fac85b9a6f974e3ca751ac31f788d859a7bdae07

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\cache.data
Filesize
557KB

MD5
39069e645462b827800606b4fe3c4b69

SHA1
de8de1ce1ed8c21b0dd0a29be197eef8ea9168fd

SHA256
381fc16cb21829c31bfdd2129cd1b64b04685524e78d3fc9ccff12e53ca17323

SHA512
b3ac148c9f5c900bd13d6379fc9e9982233f8eb77335cb433ec3df3cfa2824a9f733faa2ac0c7bc81ec7d14802d639f1a90b5967094c3289f660d97c3aa3b0b9

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\crashpad_handler.exe
Filesize
853KB

MD5
5a243339440082631749f4bdff283bf5

SHA1
4c3512320b1b3c05ce265037a37aa3f16d3cc57c

SHA256
80d4effa417d43821a0a0ee967a290836501edd4b6057f033c7ebc449badd150

SHA512
c0b889a819ac5cc6904caeb37e504e6a50d33e49a0e6fb6bdaf8e372190c9bca021017103a7dfcedf7e2c8d9c6a1f3eef103cdf389a5f6bb9ff71f03783ebe24

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\crashpad_wer.dll
Filesize
36KB

MD5
e161e5dd4c57dbb72ef46cd60ac7c8b3

SHA1
7889c0cd22720bb76195bb8de0b77ebcc8068d57

SHA256
e4a2295cff0949d9f0a646f36d7fbaa40fefdbf5958d21b091f95d9c96c345d5

SHA512
d08200a5535cfafac52a0fc16b5512863d6d8d70514bd8cd3324451c47cb5cd5d5592c3ac1440308f52d4142c1551a891a1d4ea7332159b2f4c5bd249b6fd100

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\gearup_booster.exe
Filesize
7.6MB

MD5
4e17c60d1bc6b2422479409a0ce8caf8

SHA1
788857a2134b42e0ffa8b04cffe22d75e99ffc3f

SHA256
65d7bb54a43995b83cb25693cea9b9211a6ece82d675277fff160111c4661de6

SHA512
607f44050e6be86900888646c1de47bd28eb774e93f0f7c82c301142db743eee634bada9e276744ecf68d1edf01467ccda458829faab4a5a4b466b83599c2773

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\gearup_booster_ball.exe
Filesize
1.4MB

MD5
b28a57edb01794c2eb35fa5033fbaa72

SHA1
7ed4b0c98679787d1e432ef29e07439c52e8c6da

SHA256
fa0a319285964939529c95171b563b48b4ec860f2989f4850ddedb9719c5530a

SHA512
50701e405ec59b05931b3a2a2413ea97eacda374d6a859130938e03acb0fee1d7b9760257fa1d2efdb20d57e5f50ba2ad84540507b20db4a4aa0c4d43f1af79f

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\gearup_booster_render.exe
Filesize
1009KB

MD5
561e2e81dc8a2abc5c648cdf5b407099

SHA1
1ac32fc3858032aa6d3c37b4ef8f2b92fe585e2d

SHA256
271dae8bcb2d3f40ab65c3feeed49b9ae2cdd91bfe16230971289e28570c9a7f

SHA512
2601e48ad443b98f8b207265eb8e46e6889c4d656e0f677b4f4d7cbc4fc1b1b031189e382f4d118eef6f4b54cb2d16a8179d2184cd8580d8b928b847a46315a8

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\gearup_booster_vpn.dll
Filesize
33KB

MD5
5dbdf7ca94d63c4357869d0c4e0a0528

SHA1
f9916ccbe5ecb5b9c019d5d935fe2133526c8048

SHA256
4aaa26e29932fe51e1951eb9d61c9d010fcbe2b41aa244b539bd02ab3466b8cc

SHA512
52fb0a1c2a80a5ea78afc5356935fc840af4b5e9e062d43d95c7c40db368ff1000b78c07ce46e7d34103fc17e3168160da0fedb3222cce3ffddeff03706d2dff

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\hostfp\64\hostpacket.sys
Filesize
37KB

MD5
5ac815ad2f4386140fe4c7eef3b06233

SHA1
6dd0e26f3c447602109253a7eaad59064c4162ca

SHA256
08d86eae497df069ef9e6525e9513a019ff7a9971780c1987fde858d51f4ed66

SHA512
98cf60aceabadc078e00ad1e274028714f7bbf3c86f0522ab423d50231156a2513e8cc1946b242c64af7287648e6d4ba5e630824b4d83134c471689db42fbbf5

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\lunasvg.dll
Filesize
344KB

MD5
45edee8d5b3f30f280450edfd2a0d7e3

SHA1
426cd368ffde347d5160bbd8de7ce492f441590b

SHA256
99410178464567de43b0a77cace66b8a4c1531618008604dc6b04741fff5fbd0

SHA512
40d95f257b28de69956a1d3c00cd10aab9e5d01484cb30e4a6c010001ac3cdc2264128829e9a91f2218a92b3dd86f31f94d0cd2eeb86acd1fa9c17f09c77b71d

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\msvcp140.dll
Filesize
432KB

MD5
a6b18a2772631cdd06f95b19d66d2d4f

SHA1
c342250efab725f643e598f49d1710c74f78d022

SHA256
76cc277b564e69e35a0d9c440f013a52b5d25f43ba42fd0099d6fc1f05a6ce16

SHA512
f98e07c1b92ecfc662021e33486b660942de390b8e947126f304adee911da0574d6cac416748f6f03e6cce981737eb694fb3d2bcd80e1e207eba91a44b5f23e5

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\ping.dll
Filesize
685KB

MD5
fc35b0ebcb0befc0b425160b976d5bf1

SHA1
b75485cd364185da97659fda9352494e58280261

SHA256
9d59dfcafe74f1470d6d33b170a1a2a4b7218813d0ff94ea539572cebaf0c408

SHA512
b825a0e58970c71229707f72f8b96e9d7b035827ed706d3355f5f11b7b15da46884a254909f39b922988250da6dae081b42bc69c055581c68ad8730efbbf9b02

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\sentry.dll
Filesize
426KB

MD5
bf9002bf5c878cdca749025a5f875d6b

SHA1
e916d3121706dbd1ada335b414e4601373b86ef8

SHA256
4d9af7c5442387ed91671d2f0360eb6cba3baa3c706b8f6b898d3018b8c7fb05

SHA512
34873e1bd9c077046469db3a2176581aea162933c39c51f1ded462030fb2238a93b3d7e20ff14a497be42e019f2f23add141d98b662b395618bf69ed74a90a20

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\skin.dll
Filesize
11.8MB

MD5
fb076455e9cffcb38f7504c1e5e81139

SHA1
22ae926e9b4f77821b169d74322f11027e937120

SHA256
f320baa293a35f28b2ed0114fce852d68ff15f7c0bfe2d81b4e9a3be2929bf10

SHA512
0ab94a954b9ef97f3f9ce565f217059780f2e9b5ad6d739a5f416b03c5a618aece27dcf7952d20e0674b55f32536248663202aff0a71007de46a430f71de1a02

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\ui.dll
Filesize
1.1MB

MD5
5904d67cdd42e77ab3429ba8ddade85b

SHA1
e35a3597a3966d4f94a780df4ef2c19c6a912aa9

SHA256
0bc44a3028584f615936e6ee2d5954375505ba6545d77afc0c3b5c6da91339d2

SHA512
1596ce5afb9a6d9ea3598e294bdcfe3923cf21831c8e5fde18811a2b7e9428a3eecbde94491cc795f82307460899895f473153b17b2a77039b69195f8f7e4ba4

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\uninstall.exe
Filesize
2.1MB

MD5
ba16f53cd1f50b3b50e5bf903f75edd2

SHA1
f717d0baf9e5145d31a1e0bc9bfa5aaf5e1f99f2

SHA256
98ee9b9470c1a810714c79ee0ffe0d0a74fca75862976d61777c6ef1adf766af

SHA512
60d57aab1c4e8c22fb13141b6e29766c4121fd6df467a24754b35c6832cdbf7baf2f716fa9ba02182da0a9a5d82302c799fd7fff4c8f7df8a5b997830e2dbb69

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\update.exe
Filesize
2.2MB

MD5
b9b56a7d2ca35c359b9f553e7b7d13ce

SHA1
d187198bcb17286e1f0bfab7810089654720b9d3

SHA256
b37a10f3da7d24567cb79816758f7427bfeb1c1b7a3dcd6857f65f05bc6db8ae

SHA512
c4b00e99561894e2793ae4dc2a377c89e2f6388a1a37291be13d260496c0f5c96ec6ecf1adfff77421bb02cd7d09c0c61ebc039bc9789e5e150003cb48f763ae

Download Submit
C:\Program Files (x86)\GearUPBooster\9148\vcruntime140.dll
Filesize
88KB

MD5
81b11024a8ed0c9adfd5fbf6916b133c

SHA1
c87f446d9655ba2f6fddd33014c75dc783941c33

SHA256
eb6a3a491efcc911f9dff457d42fed85c4c170139414470ea951b0dafe352829

SHA512
e4b1c694cb028fa960d750fa6a202bc3a477673b097b2a9e0991219b9891b5f879aa13aa741f73acd41eb23feee58e3dd6032821a23e9090ecd9cc2c3ec826a1

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef.pak
Filesize
4.7MB

MD5
825bf8177072c1199b210cc3ebd3bef6

SHA1
aade0547cd841e905c95a1ee0e4d117cfcb8e05b

SHA256
e8a2afcb045f9c46097d9bd9d30bf5d42cd43c83ef7f02f39ebffe41d7b945d4

SHA512
203915a412ed8d78edcc7619954b117f7b9783439b3af091f7a08d483ec92ff1242709156a6628b354c3402cf4239741dd4d292f33be8f52710764712aa3f68a

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef_100_percent.pak
Filesize
337KB

MD5
d4b5474d852d853227c23e2680505c15

SHA1
55b8bd1a1ac03693938969a89acd30a011e24905

SHA256
308d2733dc85f84a8559a710ae61de4cf3604ba13aa19bbc5658d56787511a5a

SHA512
2f2c6eba0fb3791528c212f6b50e8cbfae63da445cdc885f46ef7670a62acdb06dd447494d2263f58e0ca3ba9d06fb22e80228ec1751923345b47a415bef5406

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef_200_percent.pak
Filesize
427KB

MD5
65aaa3a2e927d1ed763d1ed008620c1e

SHA1
30472fa29c68314c782d6161fdf3b6c2dadcd8d2

SHA256
757b3bd4d843d0b834e03b5ad52cc7396551f0f01f859b6fd17db3107f80dd49

SHA512
21a4fbc96a3562d8388da9226ddb056f06b7286ed057df4d7a35da492848013cdc025c18a826c14f726566f0c44ca150aeed2dba986f168bc9b9b00ef834db62

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\icudtl.dat
Filesize
9.7MB

MD5
3ed56e55ff45ab973ffc483e5d483a5a

SHA1
5d9d39c80054ed315fa4cac23cd956e3121ce5d0

SHA256
22b4b162fa9c1a35d086df4b2532485c0ddfee4649de8519cfc52a09f749b8ea

SHA512
b8998b76b2691941ea724f404c9b95bfb1593e6fb17d0d7fd57d04069b180a01eec82934357c2dfd48958b6d3d4e3489b111f7c0078134d300710d76f9ee3daf

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\libcef.dll
Filesize
61.9MB

MD5
05de87ccbb8f4ae5206f9c5fa95ebc7c

SHA1
65a24325ae64c4c5e96fa4eba9dfa71a6104bb59

SHA256
69f7b60dc43b5f87975eb6dff0ccad59a60a6cb0d56cdbeaf86c958f4f400d92

SHA512
60516129a97164c9a6c2160c2a8f390a3aa8a7b8c945c3af99460cb4af23c9e315f8df15494c0fc26d8d73a67eb87fff1d0b656285f2f8b61e16540233faf6ec

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\en-US.pak
Filesize
197KB

MD5
f7696f13a51166fd3efdb3f918c4ce3b

SHA1
2a5fb539b40af62ac6140477bff456211ddc6d28

SHA256
e572a8d7c366b462f1f2d0dc8577ab73824b8f8b39698e104ca4538d1be908dc

SHA512
4a005470cdc0bd84d1fc002a35825ce9bb2648dc0784665a31219a1f2b1e9c246002d051d50f6dfbeed69c1bd4f7f0f70589cfd6dfe65a0365783c1099ef367f

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\natives_blob.bin
Filesize
342KB

MD5
ddb16ce3c579ab3900139b68dff4d307

SHA1
cc274783f8f44576ea17e7077d943aed4f94def6

SHA256
3bf49b753358169ed23a41f1a84d16831f16dd389b2b59c62e1ba2ec76d7b9cc

SHA512
2fb862f1d9f7a84da850c28ce7546335ec9978e6b43dd94e1adaae7be5a864f4b11c56175e0e170d6ab616a50bf6883d9e695f896f57a95a0ea35eecc8f6536f

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\snapshot_blob.bin
Filesize
671KB

MD5
39a5320c010b68b0e0cc085b1640cdb4

SHA1
9111cdadbc3a4609d150c36624e109db5460c87e

SHA256
d8ee479ab35e34810f4b18305e89e96f5fb0032df66305eba9ec7ffeee51f576

SHA512
2e0f29afbebb91e178446d155784d58ff6d152e1f411a654e11a7ef99ce58e22c9cb9e3e7061ea45b9bdb4130f16a47c8c31a1ed11f97b33a437a8deef49267a

Download Submit
C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe
Filesize
589KB

MD5
c6d72642721e84d227defc3ec4ab12e6

SHA1
3709a7c3cc795a0012adc6ccaf82a93628703518

SHA256
0cc0de83b51dae55a4fcae559defc87bea8448010d064c316abcfe9459ece035

SHA512
fa2c8b9fa34b190be45fc363f4760603cb6a389bc01fd617a1861ac709eef5e5dd42ea3d5524a1660ea8202dc17687265cd9bb87f5b4c9a9cf714744a8489389

Download Submit
C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\gearup_booster.zip
Filesize
53.4MB

MD5
5a05b0da0b1fdcf3f32a1b25cbe53f64

SHA1
f0f3caf75116597c7249c9a4d8e75e76131d09bf

SHA256
d4c132da5d8c15555489d23c08684ba17c2dc278cb95e1b7e430cec0b4b0e486

SHA512
2235e83f0d89b6086e243865725304f2fdf64852c14135e16cc1609a7a2186f2eaad52389b79238ebee412cb1d3466f4b06eec8162c90d2a369ed3304b6ad2f5

Download Submit
C:\Program Files (x86)\GearUPBooster\launcher.exe
Filesize
921KB

MD5
bc9d69e0b0f43da2693050e03e97d165

SHA1
46a6950c2f9d88fe44ec19223bd6884168e2ed50

SHA256
0fe1276af5c27e578305252b08760e0093914aced666daf13eb2cf874104f6ff

SHA512
3d99d58bd96773839d056c8bd7b0f4ee7a015a1278355242362a0fd93032075884c90f1221d319f3037a2e85c265334672aad37348a7c6e8ccf19f1dd9c66e2b

Download Submit
C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.log
Filesize
103B

MD5
09da487bef94c8bfb969b9533d3649ac

SHA1
7ddd6efb3fed4735b3c1916e2cc940a04470c5f8

SHA256
4a2aabf4445e572eab877d7fe45ed3780335a727a68f82f2d6ad4de6da7aac82

SHA512
e84bf34f0cd5025c12a61fd77b52227345cd5e2164fc47f30abd4532022a9356a0b3842116c128b81a62c16e8d92be8d4b3cf7dc5db699acea564cfe0ad29f35

Download Submit
C:\Users\Public\Desktop\GearUP Booster.lnk
Filesize
1KB

MD5
3d9126f164256b0907457af98c79f666

SHA1
e3bcadad430775c73ccaf350da0bd26c6e8e6bb9

SHA256
fbb966ff054d697102b34f25bb9b984cf0359bdb1946d878e7d0a0e6cf9e1a1d

SHA512
ab8cbda5a94dff6c9eb84eeaa31a56111dddd335697f32c3a2bcca7deff23e6b62d763c4d95295e5c40ddd6f23fcbd28296b02d3a90abf3e30f4f9189101cb75

Download Submit
memory/1544-417-0x0000000011900000-0x0000000011901000-memory.dmp

Filesize
4KB

Download