Overview

overview

8

Static

static

1

GearUP-2.3.0-win.exe

windows10-1703-x64

8

GearUP-2.3.0-win.exe

windows7-x64

8

GearUP-2.3.0-win.exe

windows10-2004-x64

8

GearUP-2.3.0-win.exe

windows11-21h2-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 16:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GearUP-2.3.0-win.exe

  • Size

    58.1MB

  • MD5

    6087e8a5f12e1a6ab612a9f07565ffaf

  • SHA1

    e8cea6b3efa2713d0b3c04d1b9c00d5e43b6db89

  • SHA256

    5ec01eb4511185582f3d34af1edd093a86d3f920602df198127dc826745bb4ec

  • SHA512

    8624d17a90d9e0a0ec29e54a8cd9bcc3f874704b888a55bf25b7167a9b30d6dfe2ebbabcd4551eb0b9ae78de78358082e79bb39a4c2a49d2dc76df3f59585b45

  • SSDEEP

    1572864:eEKNLIzoQe7J5zmeCungo+kfhURMcklGtSoC:SK0QgGTF9SF

Score
8/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 25 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 6 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GearUP-2.3.0-win.exe
    "C:\Users\Admin\AppData\Local\Temp\GearUP-2.3.0-win.exe"
    1⤵
    • Drops file in Drivers directory
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:2572
    • C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe
      "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe" x "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\gearup_booster.zip" -o"C:\Program Files (x86)\GearUPBooster\" -aoa
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:540
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c rd /s /q "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\"
      2⤵
        PID:4316
      • C:\Program Files (x86)\GearUPBooster\launcher.exe
        "C:\Program Files (x86)\GearUPBooster\launcher.exe" /install_shortcut 1 /install_autorun 0
        2⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:904
        • C:\Program Files (x86)\GearUPBooster\9151\gearup_booster.exe
          "C:\Program Files (x86)\GearUPBooster\9151\gearup_booster.exe" /install_shortcut 1 /install_autorun 0
          3⤵
          • Adds Run key to start application
          • Writes to the Master Boot Record (MBR)
          • Drops file in Program Files directory
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies Internet Explorer settings
          • Modifies registry class
          • Modifies system certificate store
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:3968
          • C:\Program Files (x86)\GearUPBooster\9151\crashpad_handler.exe
            "C:\Program Files (x86)\GearUPBooster\9151\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --metrics-dir=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --url=https://sentry.guinfra.com:443/api/30/minidump/?sentry_client=sentry.native/0.5.3&sentry_key=e59bef2d0cf245eaa0d97f08c5eab5fe --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_proxy.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_tun.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_lsp.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\8a7e926a-744e-4a7d-192f-a9e4e9270160.run\__sentry-event --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\8a7e926a-744e-4a7d-192f-a9e4e9270160.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\8a7e926a-744e-4a7d-192f-a9e4e9270160.run\__sentry-breadcrumb2 --initial-client-data=0x490,0x494,0x498,0x46c,0x49c,0x73b75160,0x73b75174,0x73b75184
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3840
          • C:\Program Files (x86)\GearUPBooster\9151\gearup_booster_ball.exe
            C:\Program Files (x86)\GearUPBooster\9151\gearup_booster_ball.exe /main_form_wnd 393696 /show_flag 0 /pos_x -1 /pos_y -1 /version 9151 /client_id 664ccd7c923195110018d14f /gray 0
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            PID:1868
          • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
            "C:\Program Files (x86)\GearUPBooster\9151\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=63E82ECD2DF2F9EDE61B12950DE0FAFC --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9151\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=63E82ECD2DF2F9EDE61B12950DE0FAFC --channel="3968.0.1519488121\454001650" --mojo-platform-channel-handle=3868 /prefetch:1
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4792

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\GearUPBooster\9151\MSVCP100.dll
      Filesize

      411KB

      MD5

      bc83108b18756547013ed443b8cdb31b

      SHA1

      79bcaad3714433e01c7f153b05b781f8d7cb318d

      SHA256

      b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

      SHA512

      6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\browser.dll
      Filesize

      38KB

      MD5

      1360c1d67a865ba1f6085e2246f42677

      SHA1

      ea3eca123552859a8ef4bd0c2db133acda97c300

      SHA256

      9c25f4fa25116542a9c16d94ababec450c6184c6e8bc3cd90f3d9dc4ed5bcc39

      SHA512

      64c290db722c28cd613cf0674d0fccbc54b1b9c5338b59cecaa2cea1d78ec061793b12eb2289d9b901f84b91fac85b9a6f974e3ca751ac31f788d859a7bdae07

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\cache.data
      Filesize

      575KB

      MD5

      28dcd87b05f098ed271dd8c96f0dec38

      SHA1

      5ac5e665e844a1eaa4fa6210c52cb8c72a17c97a

      SHA256

      d87829bf35f403065785062a7c857a368c183bb7e55b47b9b241604a59d838f9

      SHA512

      3363958f6d499c7fbfa063ad8de14ab2fc13a44cfffc652d025202116355f189990e42e7ad9f01815cad6743b4767af78146bdd41bc9d7740cfb96fad62554fc

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\crashpad_handler.exe
      Filesize

      853KB

      MD5

      5a243339440082631749f4bdff283bf5

      SHA1

      4c3512320b1b3c05ce265037a37aa3f16d3cc57c

      SHA256

      80d4effa417d43821a0a0ee967a290836501edd4b6057f033c7ebc449badd150

      SHA512

      c0b889a819ac5cc6904caeb37e504e6a50d33e49a0e6fb6bdaf8e372190c9bca021017103a7dfcedf7e2c8d9c6a1f3eef103cdf389a5f6bb9ff71f03783ebe24

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\crashpad_wer.dll
      Filesize

      36KB

      MD5

      e161e5dd4c57dbb72ef46cd60ac7c8b3

      SHA1

      7889c0cd22720bb76195bb8de0b77ebcc8068d57

      SHA256

      e4a2295cff0949d9f0a646f36d7fbaa40fefdbf5958d21b091f95d9c96c345d5

      SHA512

      d08200a5535cfafac52a0fc16b5512863d6d8d70514bd8cd3324451c47cb5cd5d5592c3ac1440308f52d4142c1551a891a1d4ea7332159b2f4c5bd249b6fd100

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\gearup_booster.exe
      Filesize

      7.6MB

      MD5

      8d7f18343f185b4146af6396e424a249

      SHA1

      9e3c963d321cff2f65d3ffcacdce36d7c5ebcfb4

      SHA256

      32fb170dd4d1683b30ca2f1cd5c35be3cd576542cc29c1b989c8d886e9b831e4

      SHA512

      b257b21e0cc584aebff3bb327e0d8a6ad36865e7ff883b2cb893f5504c3fb1f1c59aa81d0496748a7dc5fe14c2c8f37cc794cb6b737ee61ba8e98f9f1d612f58

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\gearup_booster_ball.exe
      Filesize

      1.4MB

      MD5

      8dd4e1a559bad1de26925f39cd7e8e67

      SHA1

      d4746f499c69cd91200bbbd0c8d5bbf9b782259a

      SHA256

      b53b2b921e900e5ac5f3c9a6f58dbef252f2fafc0b7ecf56f3d859fdb2f26483

      SHA512

      5c66489587de433f8217b8ed58a5dca8907cac31d3cb58f527e69a1c9797cef8712269639231b56c6ecf963c18514901bdd3fa45e0a94e53076f83ddb424ccaa

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\gearup_booster_render.exe
      Filesize

      1009KB

      MD5

      561e2e81dc8a2abc5c648cdf5b407099

      SHA1

      1ac32fc3858032aa6d3c37b4ef8f2b92fe585e2d

      SHA256

      271dae8bcb2d3f40ab65c3feeed49b9ae2cdd91bfe16230971289e28570c9a7f

      SHA512

      2601e48ad443b98f8b207265eb8e46e6889c4d656e0f677b4f4d7cbc4fc1b1b031189e382f4d118eef6f4b54cb2d16a8179d2184cd8580d8b928b847a46315a8

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\gearup_booster_vpn.dll
      Filesize

      33KB

      MD5

      a4055204b9211f1dad069c24982eb457

      SHA1

      4a84d314b44fe696ccb61c07eb610d4dba7e3c6b

      SHA256

      6bc2331433f7102c5df5fb62080f8b245a96792d4c0bd201740a6cd25fb17145

      SHA512

      35fac723830e3102aabe995fbb9503b5c3670d3c1aa84d8ed3c4739b3c4f482acb142a97ab07aef97216756f2dbfaa31381ad675a41777c248a4b2ffdb08eaa0

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\hostfp\64\hostpacket.sys
      Filesize

      37KB

      MD5

      5ac815ad2f4386140fe4c7eef3b06233

      SHA1

      6dd0e26f3c447602109253a7eaad59064c4162ca

      SHA256

      08d86eae497df069ef9e6525e9513a019ff7a9971780c1987fde858d51f4ed66

      SHA512

      98cf60aceabadc078e00ad1e274028714f7bbf3c86f0522ab423d50231156a2513e8cc1946b242c64af7287648e6d4ba5e630824b4d83134c471689db42fbbf5

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\lunasvg.dll
      Filesize

      344KB

      MD5

      45edee8d5b3f30f280450edfd2a0d7e3

      SHA1

      426cd368ffde347d5160bbd8de7ce492f441590b

      SHA256

      99410178464567de43b0a77cace66b8a4c1531618008604dc6b04741fff5fbd0

      SHA512

      40d95f257b28de69956a1d3c00cd10aab9e5d01484cb30e4a6c010001ac3cdc2264128829e9a91f2218a92b3dd86f31f94d0cd2eeb86acd1fa9c17f09c77b71d

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\msvcp140.dll
      Filesize

      432KB

      MD5

      a6b18a2772631cdd06f95b19d66d2d4f

      SHA1

      c342250efab725f643e598f49d1710c74f78d022

      SHA256

      76cc277b564e69e35a0d9c440f013a52b5d25f43ba42fd0099d6fc1f05a6ce16

      SHA512

      f98e07c1b92ecfc662021e33486b660942de390b8e947126f304adee911da0574d6cac416748f6f03e6cce981737eb694fb3d2bcd80e1e207eba91a44b5f23e5

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\msvcr100.dll
      Filesize

      755KB

      MD5

      0e37fbfa79d349d672456923ec5fbbe3

      SHA1

      4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

      SHA256

      8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

      SHA512

      2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\ping.dll
      Filesize

      710KB

      MD5

      a7082e2b178cabfc67ae3a0d4bb0186c

      SHA1

      f92bad91cf85aa48a6d19c3f340533b8346ff841

      SHA256

      253a4199122a49a25b6bd297cfb6f61c81502403b530a5486aab162a47571be3

      SHA512

      f8eb758927217fc5ea30b7a22f1ab26b72337445c53d4c116fa7915fe22c65acd680bf9719158c412eadfd009973844b01c0d2f6f1bcdb6bcd52dfbc0cbecb41

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\sentry.dll
      Filesize

      426KB

      MD5

      bf9002bf5c878cdca749025a5f875d6b

      SHA1

      e916d3121706dbd1ada335b414e4601373b86ef8

      SHA256

      4d9af7c5442387ed91671d2f0360eb6cba3baa3c706b8f6b898d3018b8c7fb05

      SHA512

      34873e1bd9c077046469db3a2176581aea162933c39c51f1ded462030fb2238a93b3d7e20ff14a497be42e019f2f23add141d98b662b395618bf69ed74a90a20

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\skin.dll
      Filesize

      12.1MB

      MD5

      b1d67fe7075fb592cd0ffcf8236727a5

      SHA1

      3d28fb794e5b3bf1c94685fd5c885b5744d46787

      SHA256

      9ab05713a376b6697e497731d342a72a4255a70b311af983f6f8c2abff9aa10d

      SHA512

      eeccd87be46f6f4e70951182496409d1e2fc2a67d6244b505b9aaf5c8fdbf42ae8fbe757d2d23a9231b22e33e9e1600d16657de9a5198c27554e54eea83324f5

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\ui.dll
      Filesize

      1.1MB

      MD5

      1b9328e4d104c83c29d3c8431f78e82e

      SHA1

      dbe2c770566fff51a818a4344d382c1fbbf0b7fe

      SHA256

      fe12fb6810a55a782907d1210adfb616de86b901f2a6e55d2a5ee0c001a16a60

      SHA512

      188bab4fdad861ce0d470ae1ac9bfa4f60a856981372196d084cd858c857afce6b48240d26f384a01f3f6f63300a8f786052b3f39a2705e475b1dff9ea0ada0c

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\uninstall.exe
      Filesize

      2.1MB

      MD5

      14946a604db272db7834997c83ea1cef

      SHA1

      fe468e14e2a6ecac13f87818899642d03b8f9bb9

      SHA256

      965799236864dd98c6f33e9b7b9eac5178c5ada62b2f59d6497197c059010326

      SHA512

      5d4c39d48190a7a3cb558e60fe1202740869817f6a4e2585e8c2554a187d2e77fd049ef2e26089ecdb45f6f91df514acc0b42deb9073f7bc60daf06bdc81867d

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\update.exe
      Filesize

      2.2MB

      MD5

      773dfc8417e8739748f9128d8c0dbaa6

      SHA1

      b6b488b3c352cac9f37988c1045d019716837b7d

      SHA256

      95c1763f76cd02e37dc8c41ce663728c651eee7e250df8234077b596ac481ea9

      SHA512

      b21f796cd4f01e64c626172e1e5b5813cf83662846db25eec290abf30246edb5a33532d9daf635d56fe95ccb96653f52b6749e93c8bf55b4511d1221b2b346de

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\9151\vcruntime140.dll
      Filesize

      88KB

      MD5

      81b11024a8ed0c9adfd5fbf6916b133c

      SHA1

      c87f446d9655ba2f6fddd33014c75dc783941c33

      SHA256

      eb6a3a491efcc911f9dff457d42fed85c4c170139414470ea951b0dafe352829

      SHA512

      e4b1c694cb028fa960d750fa6a202bc3a477673b097b2a9e0991219b9891b5f879aa13aa741f73acd41eb23feee58e3dd6032821a23e9090ecd9cc2c3ec826a1

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef.pak
      Filesize

      4.7MB

      MD5

      825bf8177072c1199b210cc3ebd3bef6

      SHA1

      aade0547cd841e905c95a1ee0e4d117cfcb8e05b

      SHA256

      e8a2afcb045f9c46097d9bd9d30bf5d42cd43c83ef7f02f39ebffe41d7b945d4

      SHA512

      203915a412ed8d78edcc7619954b117f7b9783439b3af091f7a08d483ec92ff1242709156a6628b354c3402cf4239741dd4d292f33be8f52710764712aa3f68a

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef_100_percent.pak
      Filesize

      337KB

      MD5

      d4b5474d852d853227c23e2680505c15

      SHA1

      55b8bd1a1ac03693938969a89acd30a011e24905

      SHA256

      308d2733dc85f84a8559a710ae61de4cf3604ba13aa19bbc5658d56787511a5a

      SHA512

      2f2c6eba0fb3791528c212f6b50e8cbfae63da445cdc885f46ef7670a62acdb06dd447494d2263f58e0ca3ba9d06fb22e80228ec1751923345b47a415bef5406

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef_200_percent.pak
      Filesize

      427KB

      MD5

      65aaa3a2e927d1ed763d1ed008620c1e

      SHA1

      30472fa29c68314c782d6161fdf3b6c2dadcd8d2

      SHA256

      757b3bd4d843d0b834e03b5ad52cc7396551f0f01f859b6fd17db3107f80dd49

      SHA512

      21a4fbc96a3562d8388da9226ddb056f06b7286ed057df4d7a35da492848013cdc025c18a826c14f726566f0c44ca150aeed2dba986f168bc9b9b00ef834db62

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\icudtl.dat
      Filesize

      9.7MB

      MD5

      3ed56e55ff45ab973ffc483e5d483a5a

      SHA1

      5d9d39c80054ed315fa4cac23cd956e3121ce5d0

      SHA256

      22b4b162fa9c1a35d086df4b2532485c0ddfee4649de8519cfc52a09f749b8ea

      SHA512

      b8998b76b2691941ea724f404c9b95bfb1593e6fb17d0d7fd57d04069b180a01eec82934357c2dfd48958b6d3d4e3489b111f7c0078134d300710d76f9ee3daf

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\en-US.pak
      Filesize

      197KB

      MD5

      f7696f13a51166fd3efdb3f918c4ce3b

      SHA1

      2a5fb539b40af62ac6140477bff456211ddc6d28

      SHA256

      e572a8d7c366b462f1f2d0dc8577ab73824b8f8b39698e104ca4538d1be908dc

      SHA512

      4a005470cdc0bd84d1fc002a35825ce9bb2648dc0784665a31219a1f2b1e9c246002d051d50f6dfbeed69c1bd4f7f0f70589cfd6dfe65a0365783c1099ef367f

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\natives_blob.bin
      Filesize

      342KB

      MD5

      ddb16ce3c579ab3900139b68dff4d307

      SHA1

      cc274783f8f44576ea17e7077d943aed4f94def6

      SHA256

      3bf49b753358169ed23a41f1a84d16831f16dd389b2b59c62e1ba2ec76d7b9cc

      SHA512

      2fb862f1d9f7a84da850c28ce7546335ec9978e6b43dd94e1adaae7be5a864f4b11c56175e0e170d6ab616a50bf6883d9e695f896f57a95a0ea35eecc8f6536f

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\cef\3.0.0\snapshot_blob.bin
      Filesize

      671KB

      MD5

      39a5320c010b68b0e0cc085b1640cdb4

      SHA1

      9111cdadbc3a4609d150c36624e109db5460c87e

      SHA256

      d8ee479ab35e34810f4b18305e89e96f5fb0032df66305eba9ec7ffeee51f576

      SHA512

      2e0f29afbebb91e178446d155784d58ff6d152e1f411a654e11a7ef99ce58e22c9cb9e3e7061ea45b9bdb4130f16a47c8c31a1ed11f97b33a437a8deef49267a

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe
      Filesize

      589KB

      MD5

      c6d72642721e84d227defc3ec4ab12e6

      SHA1

      3709a7c3cc795a0012adc6ccaf82a93628703518

      SHA256

      0cc0de83b51dae55a4fcae559defc87bea8448010d064c316abcfe9459ece035

      SHA512

      fa2c8b9fa34b190be45fc363f4760603cb6a389bc01fd617a1861ac709eef5e5dd42ea3d5524a1660ea8202dc17687265cd9bb87f5b4c9a9cf714744a8489389

      Download Submit

    • C:\Program Files (x86)\GearUPBooster\launcher.exe
      Filesize

      921KB

      MD5

      d51e6dc64aef429325232e11ef69561d

      SHA1

      b3670e5cd5a13662dc91b912d1122c9095a7e468

      SHA256

      e50a1a27b2afa39049062a5f509c57617f03cf40ec07e31916b903806e3fd1a1

      SHA512

      89e03048248403073b4e31f79127903160ad3171828445d996e87de584d94081dac2ead90e39feaf3c75b6ed1e4ab0ddfc6d535aef9fdc5677cc7a1ea7de6344

      Download Submit

    • C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.log
      Filesize

      103B

      MD5

      8f9a9a0ecc5e25ff14289ce955ed90c7

      SHA1

      3d0dd133c6cededd83a0dbcfd345d9959667145d

      SHA256

      97585e292a09485b796dcbb4a346f741a59fd7d29898bac9386a153b449b9ed3

      SHA512

      295baa46b22feafbb57040d1574d83d253e0cebd533f341d994807234e0b7420e0f29d6bf048f99558c472ea5faf08b039f663ffdf6c53be66202c280ad469a4

      Download Submit

    • C:\Users\Public\Desktop\GearUP Booster.lnk
      Filesize

      1KB

      MD5

      f0fbe1501cab274264de34d2db8f685c

      SHA1

      5994a1da773a7eb91740033b4861ae4e18f8b641

      SHA256

      7612e4ec0782f7fd4f976cf9f9b7fbda605120b7183b955f78dff395bc28a836

      SHA512

      3e1a538f5ea10d715464f9d9207698df1df25e91266e8ed9cb77a1ae88a06fc626c6708c07af09a823d9e7c7ece83ba9f3786d28b63c99d97dfd831020dcc7db

      Download Submit

    • memory/4792-417-0x000000001E500000-0x000000001E501000-memory.dmp

      Filesize

      4KB

      Download