Analysis Overview
Threat Level: Likely malicious
The file https://www.gearupbooster.com/ru/ was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks installed software on the system
Writes to the Master Boot Record (MBR)
Adds Run key to start application
Drops file in Program Files directory
Enumerates physical storage devices
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Checks SCSI registry key(s)
Enumerates system info in registry
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 10:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 10:04
Reported
2024-06-03 10:06
Platform
win10v2004-20240426-en
Max time kernel
70s
Max time network
69s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\drivers\hostpacket.sys | C:\Users\Admin\Downloads\GearUP-2.4.2-win.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\hostpacket.sys | C:\Users\Admin\Downloads\GearUP-2.4.2-win.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\GearUP-2.4.2-win.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\launcher.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\9154\crashpad_handler.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster_ball.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AF_uuid_gearupboosterpc = "2402c487-cbd9-4f51-831d-ad9b30256370" | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AF_counter_gearupboosterpc = "0" | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AF_counter_gearupboosterpc = "1" | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
Checks installed software on the system
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\i386\tap0901.cat | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\x64\tap0901.cat | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\api-ms-win-core-file-l2-1-0.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\d3dcompiler_47.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\fa.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ms.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\th.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\tr.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\local_proxy.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\wfp\win7\x64\nwwfp.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\wfp\win7\x64\nwwfp.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\x64\NW_TAP_0921.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\msvcp140.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\vcruntime140.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\wfp\win\x32\nwwfp.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\arm64\tap0901.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\gearup_booster.zip | C:\Users\Admin\Downloads\GearUP-2.4.2-win.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\wfp\win | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\lspinst_x64.exe | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\7za.exe | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\api-ms-win-crt-filesystem-l1-1-0.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\debug.log | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\am.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\sw.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\VisualElements\Logo.png | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster_render.exe | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\udp_connect_lsp.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\i386\NW_TAP_0921.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\hostfp | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\i386\OemVista.inf | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\update.exe | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\tun2proxy.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\wfp\win7\x32\gunfwfp.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\i386\NW_TAP_0921.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\hr.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\natives_blob.bin | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\lsp.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\local_proxy.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\i386 | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\de.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\sk.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\grp.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\drvinst_x64.exe | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\api-ms-win-crt-stdio-l1-1-0.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\arm64\tap0901.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ca.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\fr.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\nb.pak | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\launcher.VisualElementsManifest.xml | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\x64\OemVista.inf | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\udp_connect_lsp.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\UETSdk.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\ui.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\VisualElements | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\x64\NW_TAP_0921.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\tap_driver\x64 | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\snapshot_blob.bin | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\api-ms-win-core-synch-l1-2-0.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\browser.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\ws2detour_x64.dll | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File opened for modification | C:\Program Files (x86)\GearUPBooster\9154\wfp\win\x32\gunfwfp.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| File created | C:\Program Files (x86)\GearUPBooster\9154\wfp\win7\x32\nwwfp.sys | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\gearup_booster.exe = "11000" | C:\Users\Admin\Downloads\GearUP-2.4.2-win.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\gearup_booster.exe = "11000" | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618827104851846" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gu\URL Protocol | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open\command | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open\command\ = "C:\\Program Files (x86)\\GearUPBooster\\9154\\gearup_booster.exe \"%1\"" | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\gu | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\GearUP-2.4.2-win.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\launcher.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\9154\crashpad_handler.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\9154\gearup_booster_ball.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.gearupbooster.com/ru/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae238ab58,0x7ffae238ab68,0x7ffae238ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4588 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4376 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4496 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5236 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5240 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5316 --field-trial-handle=1908,i,132139520314011506,9923080627370825895,131072 /prefetch:8
C:\Users\Admin\Downloads\GearUP-2.4.2-win.exe
"C:\Users\Admin\Downloads\GearUP-2.4.2-win.exe"
C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe
"C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe" x "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\gearup_booster.zip" -o"C:\Program Files (x86)\GearUPBooster\" -aoa
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c rd /s /q "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\"
C:\Program Files (x86)\GearUPBooster\launcher.exe
"C:\Program Files (x86)\GearUPBooster\launcher.exe" /install_shortcut 1 /install_autorun 0
C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe
"C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe" /install_shortcut 1 /install_autorun 0
C:\Program Files (x86)\GearUPBooster\9154\crashpad_handler.exe
"C:\Program Files (x86)\GearUPBooster\9154\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --metrics-dir=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --url=https://sentry.guinfra.com:443/api/30/minidump/?sentry_client=sentry.native/0.5.3&sentry_key=e59bef2d0cf245eaa0d97f08c5eab5fe --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_proxy.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_tun.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_lsp.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\8fe7d785-87a8-4137-153b-ef97a042d172.run\__sentry-event --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\8fe7d785-87a8-4137-153b-ef97a042d172.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\8fe7d785-87a8-4137-153b-ef97a042d172.run\__sentry-breadcrumb2 --initial-client-data=0x468,0x48c,0x490,0x460,0x494,0x73c95160,0x73c95174,0x73c95184
C:\Program Files (x86)\GearUPBooster\9154\gearup_booster_ball.exe
C:\Program Files (x86)\GearUPBooster\9154\gearup_booster_ball.exe /main_form_wnd 983412 /show_flag 0 /pos_x -1 /pos_y -1 /version 9154 /client_id 665d95701f199e11f8c9121c /gray 0
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
"C:\Program Files (x86)\GearUPBooster\9154\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=28A93A56E9FF2FB43BED6211856DD9FD --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9154\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=28A93A56E9FF2FB43BED6211856DD9FD --channel="4912.0.1873060389\720814792" --mojo-platform-channel-handle=3896 /prefetch:1
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
"C:\Program Files (x86)\GearUPBooster\9154\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=BE1D70E99EFDFBAC72504CB5E3F0F1BE --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9154\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=BE1D70E99EFDFBAC72504CB5E3F0F1BE --channel="4912.1.2039632325\1148200370" --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
"C:\Program Files (x86)\GearUPBooster\9154\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=C0EF77ED6665CA71D1145CCB88953931 --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9154\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=C0EF77ED6665CA71D1145CCB88953931 --channel="4912.2.405077495\503180721" --mojo-platform-channel-handle=4884 /prefetch:1
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
"C:\Program Files (x86)\GearUPBooster\9154\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=8CA3F21F3BDC2B560BF67F19DC2799CA --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9154\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=8CA3F21F3BDC2B560BF67F19DC2799CA --channel="4912.3.1187557248\205392366" --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://win.booster.gearupportal.com/login/facebook/6PrwYiPDN7OEzPxRCNJV9gJ0oTcsn5baXIrvqFV2yABFm4sLj3jwRxrbTgm1Hugm/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffad16a46f8,0x7ffad16a4708,0x7ffad16a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,15781087529756604171,948209501821653465,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,15781087529756604171,948209501821653465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,15781087529756604171,948209501821653465,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15781087529756604171,948209501821653465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15781087529756604171,948209501821653465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15781087529756604171,948209501821653465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,15781087529756604171,948209501821653465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,15781087529756604171,948209501821653465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.gearupbooster.com | udp |
| GB | 104.91.71.134:443 | www.gearupbooster.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | res.booster.gearupportal.com | udp |
| BE | 2.17.107.203:443 | res.booster.gearupportal.com | tcp |
| BE | 2.17.107.203:443 | res.booster.gearupportal.com | tcp |
| BE | 2.17.107.203:443 | res.booster.gearupportal.com | tcp |
| BE | 2.17.107.203:443 | res.booster.gearupportal.com | tcp |
| BE | 2.17.107.203:443 | res.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | win.booster.gearupportal.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 104.17.32.114:443 | win.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.32.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| GB | 195.181.164.14:443 | cdn.consentmanager.net | tcp |
| US | 8.8.8.8:53 | delivery.consentmanager.net | udp |
| DE | 87.230.98.78:443 | delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | log.booster.gearupportal.com | udp |
| US | 8.8.8.8:53 | c.delivery.consentmanager.net | udp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| DE | 87.230.98.76:443 | c.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | 14.164.181.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.98.230.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.98.230.87.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.187.206:443 | analytics.google.com | tcp |
| BE | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | h.clarity.ms | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 104.17.31.114:443 | log.booster.gearupportal.com | udp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | download.booster.gearupportal.com | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.31.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.31.224.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 104.17.31.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 104.17.31.114:443 | log.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | win.booster.gearupportal.com | udp |
| US | 8.8.8.8:53 | update.booster.gearupportal.com | udp |
| BE | 2.17.107.162:443 | update.booster.gearupportal.com | tcp |
| US | 104.17.32.114:443 | win.booster.gearupportal.com | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | 162.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | log.booster.gearupportal.com | udp |
| US | 8.8.8.8:53 | glg.booster.gearupportal.com | udp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | tglg.booster.gearupportal.com | udp |
| US | 15.197.191.206:8764 | tcp | |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | 206.191.197.15.in-addr.arpa | udp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | events.appsflyer.com | udp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | event.sc.gearupportal.com | udp |
| GB | 18.165.160.22:443 | events.appsflyer.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.18.12.136:443 | event.sc.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.18.12.136:443 | event.sc.gearupportal.com | tcp |
| US | 8.8.8.8:53 | 22.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.12.18.104.in-addr.arpa | udp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | res.booster.gearupportal.com | udp |
| BE | 2.17.107.216:443 | res.booster.gearupportal.com | tcp |
| BE | 2.17.107.216:443 | res.booster.gearupportal.com | tcp |
| BE | 2.17.107.216:443 | res.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.18.12.136:443 | event.sc.gearupportal.com | tcp |
| US | 8.8.8.8:53 | file.booster.gearupportal.com | udp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| BE | 2.17.107.187:443 | file.booster.gearupportal.com | tcp |
| BE | 2.17.107.187:443 | file.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.107.17.2.in-addr.arpa | udp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 8.8.8.8:53 | file.booster.gearupportal.com | udp |
| BE | 2.17.107.152:443 | file.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 104.18.12.136:443 | event.sc.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.18.12.136:443 | event.sc.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.18.12.136:443 | event.sc.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.18.12.136:443 | event.sc.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.18.12.136:443 | event.sc.gearupportal.com | tcp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.18.12.136:443 | event.sc.gearupportal.com | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 104.18.12.136:443 | event.sc.gearupportal.com | tcp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| US | 52.224.31.34:443 | h.clarity.ms | tcp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 104.17.32.114:443 | log.booster.gearupportal.com | tcp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2808_UVKJJDZANJIIOSLS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5b3ba321c064e047f9b6b5fbe4992930 |
| SHA1 | 31de385e6d31c60b9061391ad944c65d695b75aa |
| SHA256 | f06844a0c5929c031febb80155f048dde57df6280e4f255d21738bcb98d1aaa2 |
| SHA512 | 7efddd30e067cfdfcbf12693b069cfd280575dbff4890e00d547b9b1ff7faa9d9ecd8b25dc0798da11c0342494a9eee88976ad1c5f7d4ff5295309cd16189fa1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b5f230f63018a9f284d7f80ee550052a |
| SHA1 | 26357d2d4f4bed590df5cae4506a97971b47b57f |
| SHA256 | 91b7b3089684d43efd1f8b77a812e787d93ab6a549cf56f7a3ecd08d51f0ba41 |
| SHA512 | 4087dbae498aa3bdb10cf873051941e86289c89e54eadd7c92355331a1238b7811cd98ba5ea707fd82033113c1abd03c25b77b525075931fef944c566a4a5f84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2a2a382be11b41c22693562164a99220 |
| SHA1 | bc509d7281c5dc9cd4af1ddbcd89f87e71154e16 |
| SHA256 | 762fede8e10fca315e2fed9b04239db8e06c2689c74be2e834ccff3ce774bacc |
| SHA512 | 82407afea7958901f3fddc0888f452305d2f2042074c536391df6acd20a956de83253b0a550074504dd8a0cadc6bbd337b1a58bf78782325035c56ba4de24aa2 |
C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe
| MD5 | c6d72642721e84d227defc3ec4ab12e6 |
| SHA1 | 3709a7c3cc795a0012adc6ccaf82a93628703518 |
| SHA256 | 0cc0de83b51dae55a4fcae559defc87bea8448010d064c316abcfe9459ece035 |
| SHA512 | fa2c8b9fa34b190be45fc363f4760603cb6a389bc01fd617a1861ac709eef5e5dd42ea3d5524a1660ea8202dc17687265cd9bb87f5b4c9a9cf714744a8489389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 551ba1e6761ce8f79c7442f6f6497491 |
| SHA1 | dcc4dce4afda4be8123ec8d6f659d466a18cedc2 |
| SHA256 | 477532fb3f458d5cf0de21a8352f0687e6baffcbb63d8587d7c43ce0637815d4 |
| SHA512 | c8cc9b4741830e8ccdff929c33698db25a6fb5550ac1627e1951a0bf3b6c0bd269291c9e62d5b3d26ee05076a3116f3359d18ac3874f34095e25f75f142c30ba |
C:\Program Files (x86)\GearUPBooster\9154\ping.dll
| MD5 | bd27032cecbb82ceab44ace6198e52c7 |
| SHA1 | 0be5b4e90b494f671823ea01df4973d5e76e0de9 |
| SHA256 | ec205ded904646c9c7e0434782470af27100b79edcf86bb8a567c5da2ceda3b4 |
| SHA512 | d773176f17f59ac84e03bb535c5a6ca243e06a9ece14507fe2e27b376aefd1c15bb4765004cd219affb5df2df0a4aeb5992f4891d3485da0185215b594b47a38 |
C:\Program Files (x86)\GearUPBooster\9154\ui.dll
| MD5 | c4ad9215503e4d251dca502f1c371708 |
| SHA1 | 1c117b0f1c8ec69f46b3e8def957c8f456cb0620 |
| SHA256 | b30c838428ed6a9d248b1e661f8d98e25a1744db17d20c445a04d344a0f33393 |
| SHA512 | c44b8b09dcb8f74da2dc29bbeed23e27d74c621b1a452dd5dad5eacc2ddf9ac3c14d81fe2f439528ec31ff3664ed5ef7dfb943951e15002fcb6e74b153c6def4 |
C:\Program Files (x86)\GearUPBooster\9154\skin.dll
| MD5 | 256eeea994675897784496887ad13bd3 |
| SHA1 | cd3c7653a9664ba4b0ce154f4a870d31a8d18f23 |
| SHA256 | 0485d177ad7db6f8501bf887d0de84f45898cd9cef35c69d7234b5c02d570f51 |
| SHA512 | f48c3978b815a9e8bfaa1b4b4351cd596a09633d16eaa26204f4951e12c95b906ef50de2faaad2c3552c1ed68c024fb0eb726165907227cd0856ca9fd619dec8 |
C:\Program Files (x86)\GearUPBooster\9154\uninstall.exe
| MD5 | 5958880b37e8067e9643f1dacc9cf3bf |
| SHA1 | f00719bfdadc6ce330499580287c405134dcac07 |
| SHA256 | 6fc4080741b28eaf319ea716853fb15139be1b97dc61d422def8100da77ab1d2 |
| SHA512 | 2bce6bfa7bdd2d1c663a379ddde756b088d6a3a7fe53aabd990cf14c7ace36795cbb9fd94cbd19547e6e15f34819ab11760337b80ba18f9edda9f5473ba796dc |
C:\Program Files (x86)\GearUPBooster\9154\update.exe
| MD5 | e7a344ef1e4dd78d86288c8d473f3ddb |
| SHA1 | cc6b66fa98f50b944cfd479d803840a7e2a6b2b5 |
| SHA256 | 41e2d866af350580de3c9312d8005cf14d035f8c7bb966ba85520c1f4f3c2d7f |
| SHA512 | 3d74028d99b02a9b63bb51c06a128d01cdd1702fd522550196c1a8c371c323ab3d0833fc1c8d674cc247cef2c9b6937a1923444aeb19c07e57f470e704a73482 |
C:\Program Files (x86)\GearUPBooster\9154\gearup_booster.exe
| MD5 | 2cbb007f80a8a9e8a87fbc8bbd8b5326 |
| SHA1 | 9a33fd565d502ada0e1a07774ac227fe63cad887 |
| SHA256 | f52b045ba5d260b4d9fc63db74713c36dbda773c734def37e9162736621a4d6b |
| SHA512 | 367381f3d45d2da49b6655341fcdd676eae832c30eefda8493e7b4ecdafacf6c7c7810d41f6c074dbe1ed132d479a708fb8f49809e92e5fb1ff5508f8e6098df |
C:\Program Files (x86)\GearUPBooster\9154\gearup_booster_ball.exe
| MD5 | dfa66f06c81ed5319c8d78c8c9f5b8a5 |
| SHA1 | 16d6baf05bd12f5b9f79c133142a53d7c2517b8d |
| SHA256 | 5400b8b961441195e7f593cec25e169a5110bad5f00af5afa97704ec73266258 |
| SHA512 | e96f65148143ffaf232826e3bca82e38496a31393d49e29fa6aa765635508b00b78cb7fdb6d0ed53d2a636f05cc1c70900ecb85dee344470c4b6228171808d44 |
C:\Program Files (x86)\GearUPBooster\9154\gearup_booster_vpn.dll
| MD5 | 813867a4605e0f3d52d02fa0c6b60664 |
| SHA1 | c0f60dd7424f2cd47cb05e37021745949580203d |
| SHA256 | 1d32b06c29cd1d6243025fd0dc6a0a1b30849e2ac534b72c830891f9895d893d |
| SHA512 | 71c6b2cb616e23b3d7df70d78944dc526962edd490d0426fd3fc0e6d9ba397b0226bd4f780dc802b114b75f9d5b52013cab482060d0b36272dedc5450ce16928 |
C:\Program Files (x86)\GearUPBooster\9154\hostfp\64\hostpacket.sys
| MD5 | 5ac815ad2f4386140fe4c7eef3b06233 |
| SHA1 | 6dd0e26f3c447602109253a7eaad59064c4162ca |
| SHA256 | 08d86eae497df069ef9e6525e9513a019ff7a9971780c1987fde858d51f4ed66 |
| SHA512 | 98cf60aceabadc078e00ad1e274028714f7bbf3c86f0522ab423d50231156a2513e8cc1946b242c64af7287648e6d4ba5e630824b4d83134c471689db42fbbf5 |
C:\Program Files (x86)\GearUPBooster\launcher.exe
| MD5 | ff3fc2da7d48212eea03dc5e26b1a416 |
| SHA1 | 9b75bc9ca71fc927b4708cd5b54d344baf3484f9 |
| SHA256 | 8d73a4b409c972222daf3e9f6391b7ec5e2b9725c59675cd0fcdbae0dc47db1d |
| SHA512 | fc35d8f35047ce24709dffee9bb2177b604c9c33075b4af474ac822ac83b46f7758b93113ce882743bd6c6b422046755e0ef55432bc1d261f63634eb902c4125 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df7a805763bcf3d32f98c040575779a2 |
| SHA1 | 3c32e565f0f85ed3521642d1bbf206f50d9ae486 |
| SHA256 | 72e62569327d9eef99b3b25a211aa8ff4d8fd7359198a819ee4a04e972f00907 |
| SHA512 | 557f55b6faf7c74b096efbd0af429ca4a5123f7c78d186bbbc18b933c96c9c19cda9c92a29e6631775af8d5d09397d81853f76941d9417c5872eebb476d92e3c |
C:\Program Files (x86)\GearUPBooster\9154\browser.dll
| MD5 | 1360c1d67a865ba1f6085e2246f42677 |
| SHA1 | ea3eca123552859a8ef4bd0c2db133acda97c300 |
| SHA256 | 9c25f4fa25116542a9c16d94ababec450c6184c6e8bc3cd90f3d9dc4ed5bcc39 |
| SHA512 | 64c290db722c28cd613cf0674d0fccbc54b1b9c5338b59cecaa2cea1d78ec061793b12eb2289d9b901f84b91fac85b9a6f974e3ca751ac31f788d859a7bdae07 |
C:\Program Files (x86)\GearUPBooster\9154\lunasvg.dll
| MD5 | 45edee8d5b3f30f280450edfd2a0d7e3 |
| SHA1 | 426cd368ffde347d5160bbd8de7ce492f441590b |
| SHA256 | 99410178464567de43b0a77cace66b8a4c1531618008604dc6b04741fff5fbd0 |
| SHA512 | 40d95f257b28de69956a1d3c00cd10aab9e5d01484cb30e4a6c010001ac3cdc2264128829e9a91f2218a92b3dd86f31f94d0cd2eeb86acd1fa9c17f09c77b71d |
C:\Program Files (x86)\GearUPBooster\9154\MSVCP100.dll
| MD5 | bc83108b18756547013ed443b8cdb31b |
| SHA1 | 79bcaad3714433e01c7f153b05b781f8d7cb318d |
| SHA256 | b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671 |
| SHA512 | 6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011 |
C:\Program Files (x86)\GearUPBooster\9154\MSVCR100.dll
| MD5 | 0e37fbfa79d349d672456923ec5fbbe3 |
| SHA1 | 4e880fc7625ccf8d9ca799d5b94ce2b1e7597335 |
| SHA256 | 8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18 |
| SHA512 | 2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630 |
C:\Program Files (x86)\GearUPBooster\9154\VCRUNTIME140.dll
| MD5 | 81b11024a8ed0c9adfd5fbf6916b133c |
| SHA1 | c87f446d9655ba2f6fddd33014c75dc783941c33 |
| SHA256 | eb6a3a491efcc911f9dff457d42fed85c4c170139414470ea951b0dafe352829 |
| SHA512 | e4b1c694cb028fa960d750fa6a202bc3a477673b097b2a9e0991219b9891b5f879aa13aa741f73acd41eb23feee58e3dd6032821a23e9090ecd9cc2c3ec826a1 |
C:\Program Files (x86)\GearUPBooster\9154\msvcp140.dll
| MD5 | a6b18a2772631cdd06f95b19d66d2d4f |
| SHA1 | c342250efab725f643e598f49d1710c74f78d022 |
| SHA256 | 76cc277b564e69e35a0d9c440f013a52b5d25f43ba42fd0099d6fc1f05a6ce16 |
| SHA512 | f98e07c1b92ecfc662021e33486b660942de390b8e947126f304adee911da0574d6cac416748f6f03e6cce981737eb694fb3d2bcd80e1e207eba91a44b5f23e5 |
C:\Program Files (x86)\GearUPBooster\9154\sentry.dll
| MD5 | bf9002bf5c878cdca749025a5f875d6b |
| SHA1 | e916d3121706dbd1ada335b414e4601373b86ef8 |
| SHA256 | 4d9af7c5442387ed91671d2f0360eb6cba3baa3c706b8f6b898d3018b8c7fb05 |
| SHA512 | 34873e1bd9c077046469db3a2176581aea162933c39c51f1ded462030fb2238a93b3d7e20ff14a497be42e019f2f23add141d98b662b395618bf69ed74a90a20 |
C:\Program Files (x86)\GearUPBooster\9154\crashpad_handler.exe
| MD5 | 5a243339440082631749f4bdff283bf5 |
| SHA1 | 4c3512320b1b3c05ce265037a37aa3f16d3cc57c |
| SHA256 | 80d4effa417d43821a0a0ee967a290836501edd4b6057f033c7ebc449badd150 |
| SHA512 | c0b889a819ac5cc6904caeb37e504e6a50d33e49a0e6fb6bdaf8e372190c9bca021017103a7dfcedf7e2c8d9c6a1f3eef103cdf389a5f6bb9ff71f03783ebe24 |
C:\Program Files (x86)\GearUPBooster\9154\crashpad_wer.dll
| MD5 | e161e5dd4c57dbb72ef46cd60ac7c8b3 |
| SHA1 | 7889c0cd22720bb76195bb8de0b77ebcc8068d57 |
| SHA256 | e4a2295cff0949d9f0a646f36d7fbaa40fefdbf5958d21b091f95d9c96c345d5 |
| SHA512 | d08200a5535cfafac52a0fc16b5512863d6d8d70514bd8cd3324451c47cb5cd5d5592c3ac1440308f52d4142c1551a891a1d4ea7332159b2f4c5bd249b6fd100 |
C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.log
| MD5 | 46e9a6ec4408e1469d6c3ce4a25ccbd0 |
| SHA1 | 650e89f79cd566262d3f0ad8c8e44b69aadb88ba |
| SHA256 | f2e3915d15c3ba7551bd1889bd3760e2bc4a7c23c7835a95cf8a4c21e4380735 |
| SHA512 | 5ccaf4481b8e465074463fa7aa5015f43597005d9aba34a977bea25978726a9b4fd67796b43797361d56c9d77e95fd6fcf494297cca4201688113e1e090e87d6 |
C:\Program Files (x86)\GearUPBooster\9154\cache.data
| MD5 | 1dee371ce22f41e20fa15729952d1f10 |
| SHA1 | e78694d1546858cba83dceed2a077db3d6d126dc |
| SHA256 | 8eec42dc41b2799ed3a11f9cd00af274648d5e90de06432c9ad35abc95b2f33d |
| SHA512 | b21a92f0d6638ade58f4aafc628b559693930e6d438a7abfebb2b97b1a3f35655d6a9a5e038a5f57f264fd477db91313a2daeb6147de3984a2d8096d75b66839 |
C:\Users\Public\Desktop\GearUP Booster.lnk
| MD5 | f0fbe1501cab274264de34d2db8f685c |
| SHA1 | 5994a1da773a7eb91740033b4861ae4e18f8b641 |
| SHA256 | 7612e4ec0782f7fd4f976cf9f9b7fbda605120b7183b955f78dff395bc28a836 |
| SHA512 | 3e1a538f5ea10d715464f9d9207698df1df25e91266e8ed9cb77a1ae88a06fc626c6708c07af09a823d9e7c7ece83ba9f3786d28b63c99d97dfd831020dcc7db |
C:\Program Files (x86)\GearUPBooster\9154\gearup_booster_render.exe
| MD5 | 561e2e81dc8a2abc5c648cdf5b407099 |
| SHA1 | 1ac32fc3858032aa6d3c37b4ef8f2b92fe585e2d |
| SHA256 | 271dae8bcb2d3f40ab65c3feeed49b9ae2cdd91bfe16230971289e28570c9a7f |
| SHA512 | 2601e48ad443b98f8b207265eb8e46e6889c4d656e0f677b4f4d7cbc4fc1b1b031189e382f4d118eef6f4b54cb2d16a8179d2184cd8580d8b928b847a46315a8 |
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\natives_blob.bin
| MD5 | ddb16ce3c579ab3900139b68dff4d307 |
| SHA1 | cc274783f8f44576ea17e7077d943aed4f94def6 |
| SHA256 | 3bf49b753358169ed23a41f1a84d16831f16dd389b2b59c62e1ba2ec76d7b9cc |
| SHA512 | 2fb862f1d9f7a84da850c28ce7546335ec9978e6b43dd94e1adaae7be5a864f4b11c56175e0e170d6ab616a50bf6883d9e695f896f57a95a0ea35eecc8f6536f |
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\snapshot_blob.bin
| MD5 | 39a5320c010b68b0e0cc085b1640cdb4 |
| SHA1 | 9111cdadbc3a4609d150c36624e109db5460c87e |
| SHA256 | d8ee479ab35e34810f4b18305e89e96f5fb0032df66305eba9ec7ffeee51f576 |
| SHA512 | 2e0f29afbebb91e178446d155784d58ff6d152e1f411a654e11a7ef99ce58e22c9cb9e3e7061ea45b9bdb4130f16a47c8c31a1ed11f97b33a437a8deef49267a |
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\icudtl.dat
| MD5 | 3ed56e55ff45ab973ffc483e5d483a5a |
| SHA1 | 5d9d39c80054ed315fa4cac23cd956e3121ce5d0 |
| SHA256 | 22b4b162fa9c1a35d086df4b2532485c0ddfee4649de8519cfc52a09f749b8ea |
| SHA512 | b8998b76b2691941ea724f404c9b95bfb1593e6fb17d0d7fd57d04069b180a01eec82934357c2dfd48958b6d3d4e3489b111f7c0078134d300710d76f9ee3daf |
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\en-US.pak
| MD5 | f7696f13a51166fd3efdb3f918c4ce3b |
| SHA1 | 2a5fb539b40af62ac6140477bff456211ddc6d28 |
| SHA256 | e572a8d7c366b462f1f2d0dc8577ab73824b8f8b39698e104ca4538d1be908dc |
| SHA512 | 4a005470cdc0bd84d1fc002a35825ce9bb2648dc0784665a31219a1f2b1e9c246002d051d50f6dfbeed69c1bd4f7f0f70589cfd6dfe65a0365783c1099ef367f |
memory/4804-579-0x000000002F400000-0x000000002F401000-memory.dmp
memory/764-605-0x000000000CF00000-0x000000000CF01000-memory.dmp
memory/4964-606-0x0000000012D00000-0x0000000012D01000-memory.dmp
memory/3544-607-0x0000000004500000-0x0000000004501000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e8a3e419f00e2701857271d204b798bf |
| SHA1 | fbd05efd460d7cbec033771e5feef9bf8cac46cd |
| SHA256 | e8e7e71742e8c69b120efdd3950792358dc2173639d7b3c5d7bf173ac5b1afd6 |
| SHA512 | aae4904a33d4f48bcae71b2245b2f570d7493981144ee0aad4cad046373f130f0f763716d3b69618fa952f25784235ded7354029a9f60515996a33cfc7f9dd27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 584526cf8cac6fe86e8ce34c1f33d859 |
| SHA1 | 6fbd65109361d5377265f8a716934cbc2d1d1137 |
| SHA256 | 43e9696b74f00b4041411b4ab2df43a680fcf2a69ffd9b8b3a9598885bfc24ea |
| SHA512 | 66cee521a98ea89bf7280095246f7a58ba9526686120e8ac4f226629a2ce28ea9bf418a3a7a896921f025eebeb0a63c36bcbbc1b880745eefb88c2553b62315a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7fbbe785268da46b545bb42cf9376237 |
| SHA1 | 75c9c695899a9f654588dc91314423933dab13e4 |
| SHA256 | 5b1e0a4fd1f14c4d2a79aba3ade85d81d3c7e11ec99fddfa85eb4d9d459f6e7e |
| SHA512 | 82cc65307bc8ac1a9eb582ce60f084aeda22a650805a25260fccda377dc1df13939a7eb71adb22eb772dad9f0e191e4486c3a333e652f3efcb5013060d3aa7e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | cfb1143b0f3ec22b37f4884456a10c3a |
| SHA1 | cd4668fae471cbd323c923f5d017bb4baac2fa60 |
| SHA256 | e589321f46a430de0b16a1c18c8a5bd32b6f10953d44f2597518943d55d46e69 |
| SHA512 | 7600be4ffb3ebc7272c358099a788f6fd52d8a6039f976717bffdabc1a18779a6a4d9b9ddd85099933cbcc6af194ad4c9a2a4f8e1b081b2084fa3a5e592273e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | e6d51954c669cee18b9dab62b5a901d7 |
| SHA1 | 2dab17127cd5b0e839a079bb75864dcb22fd1183 |
| SHA256 | 6e887e4fbd83b4ef7347e9c392053134fe5e7a8759fcf45c5b65452d2e764738 |
| SHA512 | 020b33663faa882840abc0932d3ae829378ab26618e9fc2aacf0cadb4b2effa69327567f2e7519b786382dffba0fa158ba674c7bc2aed54fb8c8238131a85aa6 |
memory/5760-819-0x000001E0B2290000-0x000001E0B2291000-memory.dmp
memory/5760-820-0x000001E0B2290000-0x000001E0B2291000-memory.dmp
memory/5760-821-0x000001E0B2290000-0x000001E0B2291000-memory.dmp
memory/5760-826-0x000001E0B2290000-0x000001E0B2291000-memory.dmp
memory/5760-831-0x000001E0B2290000-0x000001E0B2291000-memory.dmp
memory/5760-830-0x000001E0B2290000-0x000001E0B2291000-memory.dmp
memory/5760-829-0x000001E0B2290000-0x000001E0B2291000-memory.dmp
memory/5760-828-0x000001E0B2290000-0x000001E0B2291000-memory.dmp
memory/5760-827-0x000001E0B2290000-0x000001E0B2291000-memory.dmp
memory/5760-825-0x000001E0B2290000-0x000001E0B2291000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 10a1f29dca10aaa28b0a3e05ec8c253d |
| SHA1 | 8515f549d51acdb955d315653f4231b0d27a0623 |
| SHA256 | f4d59c2e23c78f554f0fdefe36f8335cbe26d1468e49c1ba82e46c3b8afb2d0a |
| SHA512 | 180c83566b45004c735c5e4925555605b1bb34c41bdeb48c00f9846143db067cb9ce95ab99361d40355a66d9a2708370f3e72712b1ac2c4ddc4b715c202cdf46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 77cf8d34cf1b9ed7ce1b08111f7221d7 |
| SHA1 | d84242f83f5108a7f102fa49edd1fdbd981a9899 |
| SHA256 | 730800e27773d23eb4a3e71f854878f1dfcade5889344a8ec1f5c04bf8a41716 |
| SHA512 | 97e84a2411952b9f650a86401c51163f6f2e96b19aad0e8e94a3152eb71f700de3000c01177dcc301aea2f89ea0d563dcbb66c04705c7b22ba63ca3e8be5195b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 68b423b3e423429fb386a87477ca61f1 |
| SHA1 | 569530e24e2d175f261220d430dbc50103a5f97d |
| SHA256 | 3fc42fc05b351f98b3a03b0dcd2e528f86045ba489ac4db4160d72d9f0961f6f |
| SHA512 | 33ea63086b17a83a7f9c23f720333a271b96db2f688a6d669a3a0ee4e501d1e93d470510b9c51bb523ff53ac3ba1a3e87ddac255851f89128dc467a66b8a99d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2303ae5b79cfde6476a9b1eaf92336ab |
| SHA1 | 6aecacc4f626528e9abd431604a0868b7cc28880 |
| SHA256 | c357d72ed3f5f76655ced613d589aeebece00b8adc35eaa5f6c92bc01911aef6 |
| SHA512 | 4bf679e4339b9b3192add0a7027580c008ad107febc2edce20603220fe43fa4145e98893c337320199946eff7d5f7ebb82c3de72e2cbdbfb5650c07e68830c59 |