a904b59f6b25093132b1b38979ac696d5c488230da1ee7155fb763e592a06df7

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GearUP-2.4.3-win.exe
Size

57.3MB
MD5

2076c784654c2b22c3d9355fc3697811
SHA1

10924c99acb8f1e82836d1598ff93db9c8fe3925
SHA256

a904b59f6b25093132b1b38979ac696d5c488230da1ee7155fb763e592a06df7
SHA512

e6cc266c808f507f584fd8ca2ce0a9656611152e266456c6a3c93c74fd06d23070e6ab13587e0944353b40a85cf6d8e0f6810d647e19d4c3245a9b76be713cc0
SSDEEP

1572864:fEwNwV4ly4q9tYAUGvki1JrIiYgxVEGpQXK5kX8xpLIl:hCptYAGimgxGupA

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\hostpacket.sys	GearUP-2.4.3-win.exe
File opened for modification	C:\Windows\System32\drivers\hostpacket.sys	GearUP-2.4.3-win.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	gearup_booster.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\GearUPBooster\9155\browser.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\vcruntime140.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\debug.log	gearup_booster.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef_100_percent.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\fr.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\zh-TW.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\crashpad_wer.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\libcef.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\tap_driver\x64\NW_TAP_0921.sys	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\shence.log	gearup_booster.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ca.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef_200_percent.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\tap_driver\i386\NW_TAP_0921.inf	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\tap_driver\i386\tap0901.cat	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_ball.exe	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-crt-locale-l1-1-0.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-crt-multibyte-l1-1-0.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\udp_connect_lsp64.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\fa.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\id.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\sk.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\te.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\tap_driver\x64\NW_TAP_0921.inf	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-core-processthreads-l1-1-1.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\libGLESv2.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\ws2detour_x64.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ca.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\uk.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\tap_driver\i386\tap0901.cat	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\tap_driver\i386\NW_TAP_0909.inf	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_render.exe	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-core-file-l1-2-0.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\de.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\mr.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ms.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\lsp.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe	gearup_booster.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\vi.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\d3dcompiler_43.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\lsp.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\widevinecdmadapter.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\cache.data	gearup_booster.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\bg.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\pt-PT.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\sv.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\et.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\tap_driver\i386\nw_tap_0921.cat	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\apiinstall_x64.exe	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\wfp\win7\x32\gunfwfp.sys	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ml.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-crt-math-l1-1-0.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-crt-time-l1-1-0.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\msvcr100.dll	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ja.pak	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\9155\lspinst_x64.exe	7za.exe
File opened for modification	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\d3dcompiler_47.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\VisualElements\SmallLogo.png	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-core-processthreads-l1-1-1.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\msvcp140.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\9155\udp_connect_lsp64.dll	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ru.pak	7za.exe
File created	C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\tr.pak	7za.exe

Executes dropped EXE 6 IoCs

pid	Process
4740	7za.exe
232	launcher.exe
552	gearup_booster.exe
1952	crashpad_handler.exe
3140	gearup_booster_ball.exe
3428	gearup_booster_render.exe

Loads dropped DLL 25 IoCs

pid	Process
552	gearup_booster.exe
552	gearup_booster.exe
552	gearup_booster.exe
552	gearup_booster.exe
552	gearup_booster.exe
552	gearup_booster.exe
552	gearup_booster.exe
552	gearup_booster.exe
552	gearup_booster.exe
552	gearup_booster.exe
552	gearup_booster.exe
1952	crashpad_handler.exe
1952	crashpad_handler.exe
552	gearup_booster.exe
552	gearup_booster.exe
552	gearup_booster.exe
3140	gearup_booster_ball.exe
3140	gearup_booster_ball.exe
3140	gearup_booster_ball.exe
3140	gearup_booster_ball.exe
3140	gearup_booster_ball.exe
3140	gearup_booster_ball.exe
3140	gearup_booster_ball.exe
3140	gearup_booster_ball.exe
3428	gearup_booster_render.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\gearup_booster.exe = "11000"	GearUP-2.4.3-win.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\gearup_booster.exe = "11000"	gearup_booster.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open\command	gearup_booster.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell	gearup_booster.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open	gearup_booster.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open\command\ = "C:\\Program Files (x86)\\GearUPBooster\\9155\\gearup_booster.exe \"%1\""	gearup_booster.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\gu	gearup_booster.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\gu\URL Protocol	gearup_booster.exe

Modifies system certificate store 2 TTPs 9 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	gearup_booster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	gearup_booster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	gearup_booster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	gearup_booster.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	gearup_booster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	gearup_booster.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	gearup_booster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	gearup_booster.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	gearup_booster.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
552	gearup_booster.exe
552	gearup_booster.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4740	7za.exe
Token: 35	4740	7za.exe
Token: SeSecurityPrivilege	4740	7za.exe
Token: SeSecurityPrivilege	4740	7za.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
552	gearup_booster.exe
3140	gearup_booster_ball.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
552	gearup_booster.exe
3140	gearup_booster_ball.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 4740	1960	GearUP-2.4.3-win.exe	98
PID 1960 wrote to memory of 4740	1960	GearUP-2.4.3-win.exe	98
PID 1960 wrote to memory of 4740	1960	GearUP-2.4.3-win.exe	98
PID 1960 wrote to memory of 2100	1960	GearUP-2.4.3-win.exe	100
PID 1960 wrote to memory of 2100	1960	GearUP-2.4.3-win.exe	100
PID 1960 wrote to memory of 2100	1960	GearUP-2.4.3-win.exe	100
PID 1960 wrote to memory of 232	1960	GearUP-2.4.3-win.exe	103
PID 1960 wrote to memory of 232	1960	GearUP-2.4.3-win.exe	103
PID 1960 wrote to memory of 232	1960	GearUP-2.4.3-win.exe	103
PID 232 wrote to memory of 552	232	launcher.exe	104
PID 232 wrote to memory of 552	232	launcher.exe	104
PID 232 wrote to memory of 552	232	launcher.exe	104
PID 552 wrote to memory of 1952	552	gearup_booster.exe	105
PID 552 wrote to memory of 1952	552	gearup_booster.exe	105
PID 552 wrote to memory of 1952	552	gearup_booster.exe	105
PID 552 wrote to memory of 3140	552	gearup_booster.exe	106
PID 552 wrote to memory of 3140	552	gearup_booster.exe	106
PID 552 wrote to memory of 3140	552	gearup_booster.exe	106
PID 552 wrote to memory of 3428	552	gearup_booster.exe	107
PID 552 wrote to memory of 3428	552	gearup_booster.exe	107
PID 552 wrote to memory of 3428	552	gearup_booster.exe	107

C:\Users\Admin\AppData\Local\Temp\GearUP-2.4.3-win.exe
"C:\Users\Admin\AppData\Local\Temp\GearUP-2.4.3-win.exe"
1⤵
- Drops file in Drivers directory
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe
  "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe" x "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\gearup_booster.zip" -o"C:\Program Files (x86)\GearUPBooster\" -aoa
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4740
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c rd /s /q "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\"
  2⤵
  PID:2100
- C:\Program Files (x86)\GearUPBooster\launcher.exe
  "C:\Program Files (x86)\GearUPBooster\launcher.exe" /install_shortcut 1 /install_autorun 0
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:232
- - C:\Program Files (x86)\GearUPBooster\9155\gearup_booster.exe
    "C:\Program Files (x86)\GearUPBooster\9155\gearup_booster.exe" /install_shortcut 1 /install_autorun 0
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:552
  - - C:\Program Files (x86)\GearUPBooster\9155\crashpad_handler.exe
      "C:\Program Files (x86)\GearUPBooster\9155\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --metrics-dir=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --url=https://sentry.guinfra.com:443/api/30/minidump/?sentry_client=sentry.native/0.5.3&sentry_key=e59bef2d0cf245eaa0d97f08c5eab5fe --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_proxy.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_tun.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_lsp.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\9974e0dd-69ca-4231-5541-7439515c983d.run\__sentry-event --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\9974e0dd-69ca-4231-5541-7439515c983d.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\9974e0dd-69ca-4231-5541-7439515c983d.run\__sentry-breadcrumb2 --initial-client-data=0x498,0x49c,0x4a0,0x474,0x4a4,0x74085160,0x74085174,0x74085184
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1952
  - - C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_ball.exe
      C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_ball.exe /main_form_wnd 590310 /show_flag 0 /pos_x -1 /pos_y -1 /version 9155 /client_id 6684fea5555ecf088810650b /gray 0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:3140
  - - C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe
      "C:\Program Files (x86)\GearUPBooster\9155\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=1DDDF71941C445586E18E81E1E2A9806 --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9155\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=1DDDF71941C445586E18E81E1E2A9806 --channel="552.0.223819671\904213412" --mojo-platform-channel-handle=3892 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\GearUPBooster\9155\MSVCR100.dll

Filesize
755KB

MD5
0e37fbfa79d349d672456923ec5fbbe3

SHA1
4e880fc7625ccf8d9ca799d5b94ce2b1e7597335

SHA256
8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18

SHA512
2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\VCRUNTIME140.dll

Filesize
88KB

MD5
81b11024a8ed0c9adfd5fbf6916b133c

SHA1
c87f446d9655ba2f6fddd33014c75dc783941c33

SHA256
eb6a3a491efcc911f9dff457d42fed85c4c170139414470ea951b0dafe352829

SHA512
e4b1c694cb028fa960d750fa6a202bc3a477673b097b2a9e0991219b9891b5f879aa13aa741f73acd41eb23feee58e3dd6032821a23e9090ecd9cc2c3ec826a1

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\browser.dll

Filesize
38KB

MD5
1360c1d67a865ba1f6085e2246f42677

SHA1
ea3eca123552859a8ef4bd0c2db133acda97c300

SHA256
9c25f4fa25116542a9c16d94ababec450c6184c6e8bc3cd90f3d9dc4ed5bcc39

SHA512
64c290db722c28cd613cf0674d0fccbc54b1b9c5338b59cecaa2cea1d78ec061793b12eb2289d9b901f84b91fac85b9a6f974e3ca751ac31f788d859a7bdae07

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\cache.data

Filesize
582KB

MD5
6c0298e8499ad4cb63a492cef8c656f9

SHA1
d8c62c11ba824d1e39a0d39055c54d4aa9d80569

SHA256
da5bc5ee41be955da87448150bdfd6a95b27f6858bcc1ca9bc64a0d28820b3a8

SHA512
1e39f31c388be1bcc01274d3cad7421b2f061639ccd0138d41e75e949e6ec9cb13a1445f6e961f968023f949d49c976770481b3d29c2cf3721eeafe1e30310c3

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\crashpad_handler.exe

Filesize
853KB

MD5
5a243339440082631749f4bdff283bf5

SHA1
4c3512320b1b3c05ce265037a37aa3f16d3cc57c

SHA256
80d4effa417d43821a0a0ee967a290836501edd4b6057f033c7ebc449badd150

SHA512
c0b889a819ac5cc6904caeb37e504e6a50d33e49a0e6fb6bdaf8e372190c9bca021017103a7dfcedf7e2c8d9c6a1f3eef103cdf389a5f6bb9ff71f03783ebe24

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\crashpad_wer.dll

Filesize
36KB

MD5
e161e5dd4c57dbb72ef46cd60ac7c8b3

SHA1
7889c0cd22720bb76195bb8de0b77ebcc8068d57

SHA256
e4a2295cff0949d9f0a646f36d7fbaa40fefdbf5958d21b091f95d9c96c345d5

SHA512
d08200a5535cfafac52a0fc16b5512863d6d8d70514bd8cd3324451c47cb5cd5d5592c3ac1440308f52d4142c1551a891a1d4ea7332159b2f4c5bd249b6fd100

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\gearup_booster.exe

Filesize
7.7MB

MD5
65b9b5f31e8219bbd995417fe3c4b415

SHA1
9ea7a4babab60964aba8816afad647670389513f

SHA256
05a21a10bbb7b46ae2a3e296501de6347ddc9d204ea9afb2056ecd13ced002dc

SHA512
31d58e7de70e5df28a67a518d10995ad6590d91f57be6aee03f2c7a93bf71f4bb6d5822e1e7d43f8c860d71cfa5a8e237c8dda0fde8e6d20751e80365b66501a

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_ball.exe

Filesize
1.4MB

MD5
68d00dfd9a92e1031115d3132f529d71

SHA1
2b02cd13314f42b105d7fa1d2cf45ebbc1c6c756

SHA256
1a2bee6f9ff35f69a9c0c503c3449fc6beb258b0c7f69a3634419139ac876b79

SHA512
49676ddccdc364e752e7783d07ac70b262a45cfd2290876c26b2643efe05546bc6d9909bdeaa1c15353891f1a0a543bf1630b1990e02fcee8827842197dcc112

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_render.exe

Filesize
1009KB

MD5
561e2e81dc8a2abc5c648cdf5b407099

SHA1
1ac32fc3858032aa6d3c37b4ef8f2b92fe585e2d

SHA256
271dae8bcb2d3f40ab65c3feeed49b9ae2cdd91bfe16230971289e28570c9a7f

SHA512
2601e48ad443b98f8b207265eb8e46e6889c4d656e0f677b4f4d7cbc4fc1b1b031189e382f4d118eef6f4b54cb2d16a8179d2184cd8580d8b928b847a46315a8

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_vpn.dll

Filesize
33KB

MD5
9a4e4b68a7d9a48781996212828dbd5c

SHA1
cb64a4e2680226455caf50505b9db397df22f2e6

SHA256
435b04e9f1692558a52e906605c12d00fd65199b2ddc36e853645e61174e6c20

SHA512
b58a078f713c99b9f47d28e40cf051f85bf70f20348e8a6fdd4e330fa92a51fd3241807eab07ad5f74cfcd23276f531d6b15688b5bc463806a70f230fb47c67b

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\hostfp\64\hostpacket.sys

Filesize
37KB

MD5
5ac815ad2f4386140fe4c7eef3b06233

SHA1
6dd0e26f3c447602109253a7eaad59064c4162ca

SHA256
08d86eae497df069ef9e6525e9513a019ff7a9971780c1987fde858d51f4ed66

SHA512
98cf60aceabadc078e00ad1e274028714f7bbf3c86f0522ab423d50231156a2513e8cc1946b242c64af7287648e6d4ba5e630824b4d83134c471689db42fbbf5

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\lunasvg.dll

Filesize
344KB

MD5
45edee8d5b3f30f280450edfd2a0d7e3

SHA1
426cd368ffde347d5160bbd8de7ce492f441590b

SHA256
99410178464567de43b0a77cace66b8a4c1531618008604dc6b04741fff5fbd0

SHA512
40d95f257b28de69956a1d3c00cd10aab9e5d01484cb30e4a6c010001ac3cdc2264128829e9a91f2218a92b3dd86f31f94d0cd2eeb86acd1fa9c17f09c77b71d

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\msvcp100.dll

Filesize
411KB

MD5
bc83108b18756547013ed443b8cdb31b

SHA1
79bcaad3714433e01c7f153b05b781f8d7cb318d

SHA256
b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671

SHA512
6e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\msvcp140.dll

Filesize
432KB

MD5
a6b18a2772631cdd06f95b19d66d2d4f

SHA1
c342250efab725f643e598f49d1710c74f78d022

SHA256
76cc277b564e69e35a0d9c440f013a52b5d25f43ba42fd0099d6fc1f05a6ce16

SHA512
f98e07c1b92ecfc662021e33486b660942de390b8e947126f304adee911da0574d6cac416748f6f03e6cce981737eb694fb3d2bcd80e1e207eba91a44b5f23e5

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\ping.dll

Filesize
737KB

MD5
f6d2eb976262c38807a6360400cc7426

SHA1
c2c74cc82d3910942902d6a3c34b049ff1dac8f4

SHA256
64694d15976d2725fffe371f10c5c9203963da1d6784f7fc2873a89c4171e80d

SHA512
0a233d2f87507760d3a61f3b1acd626eff89a961a37802fcd1608e5079def33bcd47c61c6c2a6e58d8b17d98eee71263ff0076591c251d5b3374dd69383a17d2

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\sentry.dll

Filesize
426KB

MD5
bf9002bf5c878cdca749025a5f875d6b

SHA1
e916d3121706dbd1ada335b414e4601373b86ef8

SHA256
4d9af7c5442387ed91671d2f0360eb6cba3baa3c706b8f6b898d3018b8c7fb05

SHA512
34873e1bd9c077046469db3a2176581aea162933c39c51f1ded462030fb2238a93b3d7e20ff14a497be42e019f2f23add141d98b662b395618bf69ed74a90a20

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\skin.dll

Filesize
12.1MB

MD5
eeab6bf7b91f63905b4403415af6415b

SHA1
4c6fa62c41ef9441cae4d9aa37b9735474e7ba1b

SHA256
f8183accf12862f017180459a1a72cc3d530e7593c71f109cb814ace51462a75

SHA512
6236e0534ffc5004e4caf351db3242ebfa93d4ab46d583b893b75998f418b9ab7a75d049b6e037b9602ddcf791e432b107e64208443e7087eb83fce54b22d42d

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\ui.dll

Filesize
1.1MB

MD5
8256d3f4b3fd1eecac8ebd4966bc1d09

SHA1
846197d00035e873c5a10e52e8ce99bfb10a1eb8

SHA256
ff1cfc47aa9fd35610bde13e00cc71e5b16db15b5ba0e3428b19036020945e70

SHA512
f554b7003ba7f3c910e863df197dbbcca664a1946852e4f16571558866207b90989d24da1211428daf7407b4c129e579181106cdbc77d91af91f822b1f9249f1

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\uninstall.exe

Filesize
2.1MB

MD5
00135bef1ab04611975e87cf59c9b866

SHA1
4ced109784ac42df55452ebeb92dc377ed46239c

SHA256
9e7535baaa9e53830eac7eaa37e54ebd1511797978c5c6fca61d6fb805a4e761

SHA512
3d0d8d28eb0f574d6892a7b9b2b0e9a0e4ce1943ffefd1267cb471a17d9cc2e41f1e941bfee89be36b13f90c10fb2d2bc5a84b7ab6a3a5d5c2b6c2e14910c5e0

Download Submit
C:\Program Files (x86)\GearUPBooster\9155\update.exe

Filesize
2.2MB

MD5
d53a5d4026a225ef30fda64ab61da9d4

SHA1
37557cb623b046a36e20001048ac49e9b3ec3ac5

SHA256
eb51d2eee7bcc6839c52504205eeaeb9dab1eac318e725586ae824d14c899a5a

SHA512
ac37d3e80bc865cee829c6ad31bdc946ed6f000a08041a1bcf86a66fb3c83bf03696e68c511d1ea71d4f03a72554c992123feeb3682d7f9d5899f430431fb704

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef.pak

Filesize
4.7MB

MD5
825bf8177072c1199b210cc3ebd3bef6

SHA1
aade0547cd841e905c95a1ee0e4d117cfcb8e05b

SHA256
e8a2afcb045f9c46097d9bd9d30bf5d42cd43c83ef7f02f39ebffe41d7b945d4

SHA512
203915a412ed8d78edcc7619954b117f7b9783439b3af091f7a08d483ec92ff1242709156a6628b354c3402cf4239741dd4d292f33be8f52710764712aa3f68a

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef_100_percent.pak

Filesize
337KB

MD5
d4b5474d852d853227c23e2680505c15

SHA1
55b8bd1a1ac03693938969a89acd30a011e24905

SHA256
308d2733dc85f84a8559a710ae61de4cf3604ba13aa19bbc5658d56787511a5a

SHA512
2f2c6eba0fb3791528c212f6b50e8cbfae63da445cdc885f46ef7670a62acdb06dd447494d2263f58e0ca3ba9d06fb22e80228ec1751923345b47a415bef5406

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\cef_200_percent.pak

Filesize
427KB

MD5
65aaa3a2e927d1ed763d1ed008620c1e

SHA1
30472fa29c68314c782d6161fdf3b6c2dadcd8d2

SHA256
757b3bd4d843d0b834e03b5ad52cc7396551f0f01f859b6fd17db3107f80dd49

SHA512
21a4fbc96a3562d8388da9226ddb056f06b7286ed057df4d7a35da492848013cdc025c18a826c14f726566f0c44ca150aeed2dba986f168bc9b9b00ef834db62

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\icudtl.dat

Filesize
9.7MB

MD5
3ed56e55ff45ab973ffc483e5d483a5a

SHA1
5d9d39c80054ed315fa4cac23cd956e3121ce5d0

SHA256
22b4b162fa9c1a35d086df4b2532485c0ddfee4649de8519cfc52a09f749b8ea

SHA512
b8998b76b2691941ea724f404c9b95bfb1593e6fb17d0d7fd57d04069b180a01eec82934357c2dfd48958b6d3d4e3489b111f7c0078134d300710d76f9ee3daf

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\en-US.pak

Filesize
197KB

MD5
f7696f13a51166fd3efdb3f918c4ce3b

SHA1
2a5fb539b40af62ac6140477bff456211ddc6d28

SHA256
e572a8d7c366b462f1f2d0dc8577ab73824b8f8b39698e104ca4538d1be908dc

SHA512
4a005470cdc0bd84d1fc002a35825ce9bb2648dc0784665a31219a1f2b1e9c246002d051d50f6dfbeed69c1bd4f7f0f70589cfd6dfe65a0365783c1099ef367f

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\natives_blob.bin

Filesize
342KB

MD5
ddb16ce3c579ab3900139b68dff4d307

SHA1
cc274783f8f44576ea17e7077d943aed4f94def6

SHA256
3bf49b753358169ed23a41f1a84d16831f16dd389b2b59c62e1ba2ec76d7b9cc

SHA512
2fb862f1d9f7a84da850c28ce7546335ec9978e6b43dd94e1adaae7be5a864f4b11c56175e0e170d6ab616a50bf6883d9e695f896f57a95a0ea35eecc8f6536f

Download Submit
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\snapshot_blob.bin

Filesize
671KB

MD5
39a5320c010b68b0e0cc085b1640cdb4

SHA1
9111cdadbc3a4609d150c36624e109db5460c87e

SHA256
d8ee479ab35e34810f4b18305e89e96f5fb0032df66305eba9ec7ffeee51f576

SHA512
2e0f29afbebb91e178446d155784d58ff6d152e1f411a654e11a7ef99ce58e22c9cb9e3e7061ea45b9bdb4130f16a47c8c31a1ed11f97b33a437a8deef49267a

Download Submit
C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe

Filesize
589KB

MD5
c6d72642721e84d227defc3ec4ab12e6

SHA1
3709a7c3cc795a0012adc6ccaf82a93628703518

SHA256
0cc0de83b51dae55a4fcae559defc87bea8448010d064c316abcfe9459ece035

SHA512
fa2c8b9fa34b190be45fc363f4760603cb6a389bc01fd617a1861ac709eef5e5dd42ea3d5524a1660ea8202dc17687265cd9bb87f5b4c9a9cf714744a8489389

Download Submit
C:\Program Files (x86)\GearUPBooster\launcher.exe

Filesize
921KB

MD5
ffda1f7fbe1d583392297d76c5676b48

SHA1
e37229940a14f16c0d7988a01660b86d34ddd5bf

SHA256
77fadce88805497a5fb83fe29c9c4a46b5160acd2d09bc90133314529f365868

SHA512
4edcf775e4cc1e53fca84b0ad68e9e826b0b379f0675390671c87433d9db2ac1e5fc8a1a330bd2d4300c6cdff3990f051e586d32d155930deb2cb23292a345f9

Download Submit
C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.log

Filesize
103B

MD5
a7153a86a95509351d07fa688cc5d750

SHA1
e4968a1b9539300fe8714b6e066ab955a5377daa

SHA256
606c07a984894f8edb444cea2a95c1d6afb68207616bbfbf74a9704223441cfc

SHA512
e231faa2f2e655b9e4c597cb60d79dfbf379fc8d089146bd4e8eab76b14af876a9dbbbe3784133d4d853c7b72d404300bb59cb1288f1994e0bfc95ff0b51fa80

Download Submit
C:\Users\Public\Desktop\GearUP Booster.lnk

Filesize
1KB

MD5
7b4d60205eaf0c412f45d15c85f3da99

SHA1
94da6580ac077b2804c1a8a4533a43872efe916f

SHA256
0659b6fe75a35583d8e443a75a87840dc56524260153601245e0d231b3be24e0

SHA512
c46b39a2af3be5ff7cf41bef33ba8ab29771904cf3029b6c2fd90ce83dc57aa8bbcc4e8d0a83231cff4703ded958c2dfa061c7250d2d9f2facba8db90cb0f0a1

Download Submit
memory/3428-415-0x0000000033E00000-0x0000000033E01000-memory.dmp

Filesize
4KB

Download