Resubmissions
07-07-2024 10:00
240707-l1l8ba1gqb 1007-07-2024 09:59
240707-l1e41a1gpc 106-07-2024 07:41
240706-jjdhqstcpg 406-07-2024 06:14
240706-gzq3na1blh 106-07-2024 06:14
240706-gzmegaybjq 405-07-2024 10:41
240705-mrjlhawhpp 405-07-2024 10:30
240705-mj4lpsyhlc 405-07-2024 10:17
240705-mble6awfnq 102-07-2024 14:21
240702-rpd1fswfjg 1002-07-2024 14:17
240702-rly68awejc 1Analysis
-
max time kernel
159s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2024 10:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com
Resource
win10v2004-20240611-en
General
-
Target
https://github.com
Malware Config
Signatures
-
Downloads MZ/PE file
-
Drops file in Drivers directory 2 IoCs
Processes:
GearUP-2.4.3-win.exedescription ioc process File created C:\Windows\System32\drivers\hostpacket.sys GearUP-2.4.3-win.exe File opened for modification C:\Windows\System32\drivers\hostpacket.sys GearUP-2.4.3-win.exe -
Executes dropped EXE 13 IoCs
Processes:
GearUP-2.4.3-win.exe7za.exelauncher.exegearup_booster.execrashpad_handler.exegearup_booster_ball.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exepid process 5232 GearUP-2.4.3-win.exe 4124 7za.exe 4044 launcher.exe 6128 gearup_booster.exe 5928 crashpad_handler.exe 3328 gearup_booster_ball.exe 3460 gearup_booster_render.exe 5260 gearup_booster_render.exe 3804 gearup_booster_render.exe 5052 gearup_booster_render.exe 2140 gearup_booster_render.exe 5752 gearup_booster_render.exe 1620 gearup_booster_render.exe -
Loads dropped DLL 30 IoCs
Processes:
gearup_booster.execrashpad_handler.exegearup_booster_ball.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exepid process 6128 gearup_booster.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 5928 crashpad_handler.exe 5928 crashpad_handler.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 3328 gearup_booster_ball.exe 3328 gearup_booster_ball.exe 3328 gearup_booster_ball.exe 3328 gearup_booster_ball.exe 3328 gearup_booster_ball.exe 3328 gearup_booster_ball.exe 3328 gearup_booster_ball.exe 3328 gearup_booster_ball.exe 3460 gearup_booster_render.exe 5260 gearup_booster_render.exe 3804 gearup_booster_render.exe 5052 gearup_booster_render.exe 2140 gearup_booster_render.exe 5752 gearup_booster_render.exe 1620 gearup_booster_render.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
gearup_booster.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\GearUPBooster = "\"C:\\Program Files (x86)\\GearUPBooster\\launcher.exe\" /silent" gearup_booster.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
gearup_booster.exedescription ioc process File opened for modification \??\PhysicalDrive0 gearup_booster.exe -
Drops file in Program Files directory 64 IoCs
Processes:
7za.exegearup_booster.exegearup_booster_render.exeGearUP-2.4.3-win.exedescription ioc process File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\en-US.pak 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ja.pak 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\mr.pak 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ta.pak 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-core-processthreads-l1-1-1.dll 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\lsp.dll 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\wfp\win\x64\gunfwfp.sys 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\wfp\win7 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe gearup_booster.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\tap_driver\i386\nw_tap_0909.cat 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\tap_driver\arm64\OemVista.inf 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_render.exe 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-core-synch-l1-2-0.dll 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\widevinecdmadapter.dll 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\shence.log gearup_booster.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\lv.pak 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\d3dcompiler_47.dll 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0\libcef.dll 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\debug.log gearup_booster_render.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\th.pak 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_ball.exe 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe gearup_booster.exe File created C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe GearUP-2.4.3-win.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\fi.pak 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\tap_driver\i386\NW_TAP_0921.inf 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0\libEGL.dll 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\wfp 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\debug.log gearup_booster.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\ucrtbase.dll 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ml.pak 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ro.pak 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-crt-math-l1-1-0.dll 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-crt-utility-l1-1-0.dll 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\UETSdk.dll 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\wfp\win\x32\nwwfp.sys 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\bn.pak 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\sl.pak 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\crashpad_handler.exe 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\update.exe 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\browser_d.dll 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\openvpn.dll 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\ca.pak 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\he.pak 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\tap_driver\i386\NW_TAP_0921.inf 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-crt-filesystem-l1-1-0.dll 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\browser.dll 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\browser.dll 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\wfp\win7\x64\gunfwfp.sys 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\el.pak 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\de.pak 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\it.pak 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\lspinst_x64.exe 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\wfp\win7\x64\gunfwfp.sys 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\wfp\win 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\local_proxy.dll 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\hr.pak 7za.exe File created C:\Program Files (x86)\GearUPBooster\cef\3.0.0\locales\sk.pak 7za.exe File created C:\Program Files (x86)\GearUPBooster\launcher.VisualElementsManifest.xml 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\tap_driver\i386\OemVista.inf 7za.exe File created C:\Program Files (x86)\GearUPBooster\9155\api-ms-win-core-localization-l1-2-0.dll 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\host_dp.dll 7za.exe File opened for modification C:\Program Files (x86)\GearUPBooster\9155\udp_connect_lsp.dll 7za.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Processes:
GearUP-2.4.3-win.exegearup_booster.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\gearup_booster.exe = "11000" GearUP-2.4.3-win.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\gearup_booster.exe = "11000" gearup_booster.exe -
Modifies registry class 7 IoCs
Processes:
gearup_booster.exemsedge.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\gu\URL Protocol gearup_booster.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open\command gearup_booster.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell gearup_booster.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open gearup_booster.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\gu\shell\open\command\ = "C:\\Program Files (x86)\\GearUPBooster\\9155\\gearup_booster.exe \"%1\"" gearup_booster.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3169499791-3545231813-3156325206-1000\{2F803EAF-B5E8-4CCA-BA47-63522E5C6291} msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\gu gearup_booster.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 615592.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exegearup_booster.exemsedge.exepid process 988 msedge.exe 988 msedge.exe 540 msedge.exe 540 msedge.exe 4356 identity_helper.exe 4356 identity_helper.exe 6032 msedge.exe 6032 msedge.exe 8 msedge.exe 8 msedge.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe 2656 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exepid process 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
7za.exedescription pid process Token: SeRestorePrivilege 4124 7za.exe Token: 35 4124 7za.exe Token: SeSecurityPrivilege 4124 7za.exe Token: SeSecurityPrivilege 4124 7za.exe -
Suspicious use of FindShellTrayWindow 52 IoCs
Processes:
msedge.exegearup_booster_ball.exegearup_booster.exepid process 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 3328 gearup_booster_ball.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 6128 gearup_booster.exe -
Suspicious use of SendNotifyMessage 28 IoCs
Processes:
msedge.exegearup_booster_ball.exegearup_booster.exepid process 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 3328 gearup_booster_ball.exe 6128 gearup_booster.exe 6128 gearup_booster.exe 6128 gearup_booster.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
Processes:
GearUP-2.4.3-win.exe7za.exelauncher.exegearup_booster.execrashpad_handler.exegearup_booster_ball.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exegearup_booster_render.exepid process 5232 GearUP-2.4.3-win.exe 4124 7za.exe 4044 launcher.exe 6128 gearup_booster.exe 5928 crashpad_handler.exe 3328 gearup_booster_ball.exe 3460 gearup_booster_render.exe 5260 gearup_booster_render.exe 3804 gearup_booster_render.exe 5052 gearup_booster_render.exe 5752 gearup_booster_render.exe 2140 gearup_booster_render.exe 1620 gearup_booster_render.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 540 wrote to memory of 4880 540 msedge.exe msedge.exe PID 540 wrote to memory of 4880 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 2376 540 msedge.exe msedge.exe PID 540 wrote to memory of 988 540 msedge.exe msedge.exe PID 540 wrote to memory of 988 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe PID 540 wrote to memory of 1280 540 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa3f246f8,0x7ffaa3f24708,0x7ffaa3f247182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4016 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3596 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3432 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6168 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6440 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6944 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,13960206779511579627,4520996037533250858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\GearUP-2.4.3-win.exe"C:\Users\Admin\Desktop\GearUP-2.4.3-win.exe"1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe"C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exe" x "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\gearup_booster.zip" -o"C:\Program Files (x86)\GearUPBooster\" -aoa2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c rd /s /q "C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\"2⤵
-
C:\Program Files (x86)\GearUPBooster\launcher.exe"C:\Program Files (x86)\GearUPBooster\launcher.exe" /install_shortcut 1 /install_autorun 12⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GearUPBooster\9155\gearup_booster.exe"C:\Program Files (x86)\GearUPBooster\9155\gearup_booster.exe" /install_shortcut 1 /install_autorun 13⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GearUPBooster\9155\crashpad_handler.exe"C:\Program Files (x86)\GearUPBooster\9155\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --metrics-dir=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry --url=https://sentry.guinfra.com:443/api/30/minidump/?sentry_client=sentry.native/0.5.3&sentry_key=e59bef2d0cf245eaa0d97f08c5eab5fe --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_proxy.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_tun.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu_lsp.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.log --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\ccc56415-b255-47e0-07bc-c238fb205d68.run\__sentry-event --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\ccc56415-b255-47e0-07bc-c238fb205d68.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Roaming\GearUPBooster\sentry\ccc56415-b255-47e0-07bc-c238fb205d68.run\__sentry-breadcrumb2 --initial-client-data=0x460,0x464,0x49c,0x468,0x4a0,0x73c45160,0x73c45174,0x73c451844⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_ball.exeC:\Program Files (x86)\GearUPBooster\9155\gearup_booster_ball.exe /main_form_wnd 328440 /show_flag 0 /pos_x -1 /pos_y -1 /version 9155 /client_id 668133acc07c031778c15e29 /gray 04⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe"C:\Program Files (x86)\GearUPBooster\9155\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=AEDE5517E073697513C0720C9C62E65F --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9155\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=AEDE5517E073697513C0720C9C62E65F --channel="6128.0.1938701461\677606506" --mojo-platform-channel-handle=3984 /prefetch:14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe"C:\Program Files (x86)\GearUPBooster\9155\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=EA005075097EE091CAD8E28FE348FCCE --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9155\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=EA005075097EE091CAD8E28FE348FCCE --channel="6128.1.1877601195\1385330204" --mojo-platform-channel-handle=4892 /prefetch:14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe"C:\Program Files (x86)\GearUPBooster\9155\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=F3D9C2E1A305613D67D6F09DC15BA74A --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9155\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=F3D9C2E1A305613D67D6F09DC15BA74A --channel="6128.2.805882726\366490794" --mojo-platform-channel-handle=4896 /prefetch:14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe"C:\Program Files (x86)\GearUPBooster\9155\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=B81FFE2108648DED3B24730699D3A78C --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9155\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=B81FFE2108648DED3B24730699D3A78C --channel="6128.3.1043561616\544510924" --mojo-platform-channel-handle=5044 /prefetch:14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe"C:\Program Files (x86)\GearUPBooster\9155\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=799486D4BA6D3C616E8D8FDF4EDB627A --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9155\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=799486D4BA6D3C616E8D8FDF4EDB627A --channel="6128.4.1585889129\1256293316" --mojo-platform-channel-handle=5456 /prefetch:14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe"C:\Program Files (x86)\GearUPBooster\9155\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=2B88759CF091DDE0CDF7062C9F39558C --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9155\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=2B88759CF091DDE0CDF7062C9F39558C --channel="6128.5.1339048886\985299888" --mojo-platform-channel-handle=5452 /prefetch:14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\GearUPBooster\cef\3.0.0\gearup_booster_render.exe"C:\Program Files (x86)\GearUPBooster\9155\..\cef\3.0.0\gearup_booster_render.exe" --type=renderer --force-device-scale-factor=1 --no-sandbox --primordial-pipe-token=39A9182D0E74B8FC29EB6A9AEE4A3100 --lang=en-US --lang=en --log-file="C:\Program Files (x86)\GearUPBooster\9155\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-application-channel-token=39A9182D0E74B8FC29EB6A9AEE4A3100 --channel="6128.6.941354670\1802700885" --mojo-platform-channel-handle=5496 /prefetch:14⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://win.booster.gearupportal.com/login/facebook/RPGQuwIw90cjzULhCZbQ3E3M78Uyjjo8mWEQg7QXMkKj0WRP8sv3HDKBlijG4rGC/4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa3f246f8,0x7ffaa3f24708,0x7ffaa3f247185⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x320 0x4f41⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\GearUPBooster\9155\VCRUNTIME140.dllFilesize
88KB
MD581b11024a8ed0c9adfd5fbf6916b133c
SHA1c87f446d9655ba2f6fddd33014c75dc783941c33
SHA256eb6a3a491efcc911f9dff457d42fed85c4c170139414470ea951b0dafe352829
SHA512e4b1c694cb028fa960d750fa6a202bc3a477673b097b2a9e0991219b9891b5f879aa13aa741f73acd41eb23feee58e3dd6032821a23e9090ecd9cc2c3ec826a1
-
C:\Program Files (x86)\GearUPBooster\9155\browser.dllFilesize
38KB
MD51360c1d67a865ba1f6085e2246f42677
SHA1ea3eca123552859a8ef4bd0c2db133acda97c300
SHA2569c25f4fa25116542a9c16d94ababec450c6184c6e8bc3cd90f3d9dc4ed5bcc39
SHA51264c290db722c28cd613cf0674d0fccbc54b1b9c5338b59cecaa2cea1d78ec061793b12eb2289d9b901f84b91fac85b9a6f974e3ca751ac31f788d859a7bdae07
-
C:\Program Files (x86)\GearUPBooster\9155\crashpad_handler.exeFilesize
853KB
MD55a243339440082631749f4bdff283bf5
SHA14c3512320b1b3c05ce265037a37aa3f16d3cc57c
SHA25680d4effa417d43821a0a0ee967a290836501edd4b6057f033c7ebc449badd150
SHA512c0b889a819ac5cc6904caeb37e504e6a50d33e49a0e6fb6bdaf8e372190c9bca021017103a7dfcedf7e2c8d9c6a1f3eef103cdf389a5f6bb9ff71f03783ebe24
-
C:\Program Files (x86)\GearUPBooster\9155\crashpad_wer.dllFilesize
36KB
MD5e161e5dd4c57dbb72ef46cd60ac7c8b3
SHA17889c0cd22720bb76195bb8de0b77ebcc8068d57
SHA256e4a2295cff0949d9f0a646f36d7fbaa40fefdbf5958d21b091f95d9c96c345d5
SHA512d08200a5535cfafac52a0fc16b5512863d6d8d70514bd8cd3324451c47cb5cd5d5592c3ac1440308f52d4142c1551a891a1d4ea7332159b2f4c5bd249b6fd100
-
C:\Program Files (x86)\GearUPBooster\9155\gearup_booster.exeFilesize
7.7MB
MD565b9b5f31e8219bbd995417fe3c4b415
SHA19ea7a4babab60964aba8816afad647670389513f
SHA25605a21a10bbb7b46ae2a3e296501de6347ddc9d204ea9afb2056ecd13ced002dc
SHA51231d58e7de70e5df28a67a518d10995ad6590d91f57be6aee03f2c7a93bf71f4bb6d5822e1e7d43f8c860d71cfa5a8e237c8dda0fde8e6d20751e80365b66501a
-
C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_ball.exeFilesize
1.4MB
MD568d00dfd9a92e1031115d3132f529d71
SHA12b02cd13314f42b105d7fa1d2cf45ebbc1c6c756
SHA2561a2bee6f9ff35f69a9c0c503c3449fc6beb258b0c7f69a3634419139ac876b79
SHA51249676ddccdc364e752e7783d07ac70b262a45cfd2290876c26b2643efe05546bc6d9909bdeaa1c15353891f1a0a543bf1630b1990e02fcee8827842197dcc112
-
C:\Program Files (x86)\GearUPBooster\9155\gearup_booster_vpn.dllFilesize
33KB
MD59a4e4b68a7d9a48781996212828dbd5c
SHA1cb64a4e2680226455caf50505b9db397df22f2e6
SHA256435b04e9f1692558a52e906605c12d00fd65199b2ddc36e853645e61174e6c20
SHA512b58a078f713c99b9f47d28e40cf051f85bf70f20348e8a6fdd4e330fa92a51fd3241807eab07ad5f74cfcd23276f531d6b15688b5bc463806a70f230fb47c67b
-
C:\Program Files (x86)\GearUPBooster\9155\hostfp\64\hostpacket.sysFilesize
37KB
MD55ac815ad2f4386140fe4c7eef3b06233
SHA16dd0e26f3c447602109253a7eaad59064c4162ca
SHA25608d86eae497df069ef9e6525e9513a019ff7a9971780c1987fde858d51f4ed66
SHA51298cf60aceabadc078e00ad1e274028714f7bbf3c86f0522ab423d50231156a2513e8cc1946b242c64af7287648e6d4ba5e630824b4d83134c471689db42fbbf5
-
C:\Program Files (x86)\GearUPBooster\9155\lunasvg.dllFilesize
344KB
MD545edee8d5b3f30f280450edfd2a0d7e3
SHA1426cd368ffde347d5160bbd8de7ce492f441590b
SHA25699410178464567de43b0a77cace66b8a4c1531618008604dc6b04741fff5fbd0
SHA51240d95f257b28de69956a1d3c00cd10aab9e5d01484cb30e4a6c010001ac3cdc2264128829e9a91f2218a92b3dd86f31f94d0cd2eeb86acd1fa9c17f09c77b71d
-
C:\Program Files (x86)\GearUPBooster\9155\msvcp100.dllFilesize
411KB
MD5bc83108b18756547013ed443b8cdb31b
SHA179bcaad3714433e01c7f153b05b781f8d7cb318d
SHA256b2ad109c15eaa92079582787b7772ba0a2f034f7d075907ff87028df0eaea671
SHA5126e72b2d40e47567b3e506be474dafa7cacd0b53cd2c2d160c3b5384f2f461fc91bb5fdb614a351f628d4e516b3bbdabc2cc6d4cb4710970146d2938a687dd011
-
C:\Program Files (x86)\GearUPBooster\9155\msvcp140.dllFilesize
432KB
MD5a6b18a2772631cdd06f95b19d66d2d4f
SHA1c342250efab725f643e598f49d1710c74f78d022
SHA25676cc277b564e69e35a0d9c440f013a52b5d25f43ba42fd0099d6fc1f05a6ce16
SHA512f98e07c1b92ecfc662021e33486b660942de390b8e947126f304adee911da0574d6cac416748f6f03e6cce981737eb694fb3d2bcd80e1e207eba91a44b5f23e5
-
C:\Program Files (x86)\GearUPBooster\9155\msvcr100.dllFilesize
755KB
MD50e37fbfa79d349d672456923ec5fbbe3
SHA14e880fc7625ccf8d9ca799d5b94ce2b1e7597335
SHA2568793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
SHA5122bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
-
C:\Program Files (x86)\GearUPBooster\9155\ping.dllFilesize
737KB
MD5f6d2eb976262c38807a6360400cc7426
SHA1c2c74cc82d3910942902d6a3c34b049ff1dac8f4
SHA25664694d15976d2725fffe371f10c5c9203963da1d6784f7fc2873a89c4171e80d
SHA5120a233d2f87507760d3a61f3b1acd626eff89a961a37802fcd1608e5079def33bcd47c61c6c2a6e58d8b17d98eee71263ff0076591c251d5b3374dd69383a17d2
-
C:\Program Files (x86)\GearUPBooster\9155\sentry.dllFilesize
426KB
MD5bf9002bf5c878cdca749025a5f875d6b
SHA1e916d3121706dbd1ada335b414e4601373b86ef8
SHA2564d9af7c5442387ed91671d2f0360eb6cba3baa3c706b8f6b898d3018b8c7fb05
SHA51234873e1bd9c077046469db3a2176581aea162933c39c51f1ded462030fb2238a93b3d7e20ff14a497be42e019f2f23add141d98b662b395618bf69ed74a90a20
-
C:\Program Files (x86)\GearUPBooster\9155\skin.dllFilesize
12.1MB
MD5eeab6bf7b91f63905b4403415af6415b
SHA14c6fa62c41ef9441cae4d9aa37b9735474e7ba1b
SHA256f8183accf12862f017180459a1a72cc3d530e7593c71f109cb814ace51462a75
SHA5126236e0534ffc5004e4caf351db3242ebfa93d4ab46d583b893b75998f418b9ab7a75d049b6e037b9602ddcf791e432b107e64208443e7087eb83fce54b22d42d
-
C:\Program Files (x86)\GearUPBooster\9155\ui.dllFilesize
1.1MB
MD58256d3f4b3fd1eecac8ebd4966bc1d09
SHA1846197d00035e873c5a10e52e8ce99bfb10a1eb8
SHA256ff1cfc47aa9fd35610bde13e00cc71e5b16db15b5ba0e3428b19036020945e70
SHA512f554b7003ba7f3c910e863df197dbbcca664a1946852e4f16571558866207b90989d24da1211428daf7407b4c129e579181106cdbc77d91af91f822b1f9249f1
-
C:\Program Files (x86)\GearUPBooster\9155\uninstall.exeFilesize
2.1MB
MD500135bef1ab04611975e87cf59c9b866
SHA14ced109784ac42df55452ebeb92dc377ed46239c
SHA2569e7535baaa9e53830eac7eaa37e54ebd1511797978c5c6fca61d6fb805a4e761
SHA5123d0d8d28eb0f574d6892a7b9b2b0e9a0e4ce1943ffefd1267cb471a17d9cc2e41f1e941bfee89be36b13f90c10fb2d2bc5a84b7ab6a3a5d5c2b6c2e14910c5e0
-
C:\Program Files (x86)\GearUPBooster\9155\update.exeFilesize
2.2MB
MD5d53a5d4026a225ef30fda64ab61da9d4
SHA137557cb623b046a36e20001048ac49e9b3ec3ac5
SHA256eb51d2eee7bcc6839c52504205eeaeb9dab1eac318e725586ae824d14c899a5a
SHA512ac37d3e80bc865cee829c6ad31bdc946ed6f000a08041a1bcf86a66fb3c83bf03696e68c511d1ea71d4f03a72554c992123feeb3682d7f9d5899f430431fb704
-
C:\Program Files (x86)\GearUPBooster\gearup_booster_temp\7za.exeFilesize
589KB
MD5c6d72642721e84d227defc3ec4ab12e6
SHA13709a7c3cc795a0012adc6ccaf82a93628703518
SHA2560cc0de83b51dae55a4fcae559defc87bea8448010d064c316abcfe9459ece035
SHA512fa2c8b9fa34b190be45fc363f4760603cb6a389bc01fd617a1861ac709eef5e5dd42ea3d5524a1660ea8202dc17687265cd9bb87f5b4c9a9cf714744a8489389
-
C:\Program Files (x86)\GearUPBooster\launcher.exeFilesize
921KB
MD5ffda1f7fbe1d583392297d76c5676b48
SHA1e37229940a14f16c0d7988a01660b86d34ddd5bf
SHA25677fadce88805497a5fb83fe29c9c4a46b5160acd2d09bc90133314529f365868
SHA5124edcf775e4cc1e53fca84b0ad68e9e826b0b379f0675390671c87433d9db2ac1e5fc8a1a330bd2d4300c6cdff3990f051e586d32d155930deb2cb23292a345f9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD53cbcec883462b1cddae9b74d6a152d39
SHA1b3f83005264de8920bed0b5e7235f2b611a03086
SHA25676145042f207afc76c097adc61c4b26b176e14337ce4e0f8cb7f230bdca7b02c
SHA512f6d4ec85df31460371c2e64fc2c68c9d4e1bec5a8700feb8e752f43cd41f3909990c8c7e9c139ac8a8a11ba9df648402ddffceda91bf2b860401364c1c9150f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5444dbf5ccf5feaced027d8e1d7f642fd
SHA16c921bcf517e4d101d7f2ce9fa87d97c72902bd7
SHA256b3571791bf85e309beaf2aa04a50203cb637bc393ee4e9022e04dc05256da445
SHA5126bd143f0f125ac90a083281cc5867882b6ff0dae65d675823175fe23c871a81abc2307998b755ee5558d1ee372f802b99207fe1c1e64f29206dc47088931d399
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5f2d8cc0e8e05de296a500bc78f9c8eea
SHA1f224e61cd84437ae3b2d19134c180a68733961b0
SHA256fba6c4c4bfa65390a8bb8d3dfb2d8d528113a290b1efb7bf3b047f0a2b6f28d2
SHA5122f777eeeb592e7e75589742bb91947a7212b59b96cad0d0fae981e7d0a834aff564e534111229399fba33f79c31097c973b18febf68eb5ed20cbe8795ee4112d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5e895041ad43eec29067b33112b7110e7
SHA1ba43cb91e94d19ea9ea607145db4918ffe5d5679
SHA256e6f3be99b37ff5aec378c04dbd989d7c11113cbfd6c193dade565daca59f34bd
SHA5129380a1e75f0428a2637da697a82bd48741d29b6eec72ec47634fb25d44dc8c1b26b2572a1cc488e8370877a99f3ebb176a070baa35c6e80ea2f1828217f6e544
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD51018dc713aadcdc90aa3353f4bcecb9d
SHA1afb6dbb37e98624b393fc92959d0621a5f363d5d
SHA256eee07a97d7e333546058ae6065e1de9eebd0ba0886cd7c11408914d45f174978
SHA512df5197cd894ead2cd82a4affdefcce91ef2b3eb367e0de7d3a8698412d1a2728381cba111ca0a3163c87ae021865e1f9d6edae16cb5573efc64c9f7e54d85bbc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5d6673168c4ec6b29214b80ef45aef3a9
SHA19086b05ba50463f417fd41aeea8de88b6b3f0dc9
SHA256a8e9d9b637b53c00d31bb2b92e54bb3fcb10aa5b48aef6c9100eefe2f222696c
SHA512163d0b2ef2f98c9b38455a0bd0889a463b7239b2351b1f74a9ee69f96d23cd970a1a10725ad5280738ff7f6864d440cc00f66d72abd970b15051e3f273398d39
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD53a76a149bd414ebcaddf9e5e250bb346
SHA1caff04b37769dee8cc0fbedee03b01075e1fbfe1
SHA256270a43a4dbab78fee174dd3e805106587b67e77d91727556f78cc704fe941766
SHA512c9d523e51ea078f78baa34c6f3b352fac1fc924004f77c06dd8559b549b05541b41f33363c6002e89b98febedc26012ca734702f3176dc4df797cd5c20ec0ff6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5318d8e1721b507f4e4f8cf9425745e14
SHA141643f5e7c089ce40e250cae776992ae3dfaee41
SHA256a109f82aac11a3fc0a3e744245a2da49901749b41c0df4bc8ecb2e57236284f6
SHA512ea2d927c3f5d7aa3d95c5dfcc34db7dd4f0235ab2868c4321627c412153896c4b513e7c136a130ab8c1c9563a51733f831fd2e329ab499fff3d9f37a65eccfe4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5476951fd84feec1c10a311c79fbded96
SHA14e0c0f796dc6da19da649d5e6ef93cf8cb830389
SHA256ec9e94d8612bb79ddd63b8424128a2e314bf558fd31e029905a76b4bf2489438
SHA512c701b00e3d18e6466b4a2a2b06701c5b53fd720b062ebe96b400266be20631678dfb253ab6a0054522476e591632300ee4ebef3ea7f9c0e23ac2145b93c9b495
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5c2cecac438e687ec26e09dc5ea4c9b04
SHA1f849205a38916dac3e8a86f9f34edd46fd2a67e2
SHA256089a8e72cd25e2d3686f9944bbae761d1a97742d29e3a27005abf4dafbe917cb
SHA512956064fb0c3ceb6f4d51a7934b11a9035d0d35a4f669c36b2c15b3615bdd8b36bd40b2bf7e6249916ee85c57e9d022ac5c04919c3187420de78475d015397283
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD53e7d266d76379dff10cb7adde1d61881
SHA18d3bd9336f7f5ee0c5f054d1817e74b24e85e3ba
SHA2560b374c3a9923ed5ac9d24fb8465bb8a2609d30e9641d815367e142b795aa209a
SHA51219d823f95e7ba88eb0b0743ecc0debb7d9dd887077a069b8923c3fa72f6eda87f0a9b058d9970cfa7fc215f7feb4cde57d24258cfa524f239ecd237623b5bb55
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5a10b247e7f250f901b5234d091ed2a6c
SHA19f5b344373067e8681285e80d71c1583eab417f8
SHA256b0fc99e96af51b161cc3352bfe21674a57ab7cdc37edf8326b944d46102192e6
SHA512bb591b2dd29e1e55d1453f3ac3449de9deefd3c5fb7e0087e3852010d573510cdecc7409a4105f0037ab7aedd3df751c96558f2263f959b7f9b614bc21b28e65
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD59e9536b75baee0334f67a6d829f68afc
SHA192ef82408852c234993aa77955eeaa0d32f479a5
SHA256020d0b747a0363f3f8f0c37548b313ece0b114994caf3ef885dbe18c98ff0060
SHA51264bf890abb08e7f20fb2545386087c1c373eb0217bc2aa38e6965fa257638b2701cf08bc09d3ff96e1e303d99f2e6623711a9b6b2e70ce284cf982a0afc41b42
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a911.TMPFilesize
706B
MD593286f6291c7aff3ffaa57f39abaf545
SHA13e0bf898b08281dcb85cda52113410e71b628ee1
SHA256a4292660b637c9bc3dd65e746b4963ff218d123c304d96954e91674224c99164
SHA51211d69f409a14195625e518d36cdea5c285e8a985991bcf79d7f5adbb61506eda8483b20f4bc2f91af80bea5db3b4b13f1720e966d2ff25829de502c4deccea90
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD56c7ec3a3c9ba7382c0e16581e8e97ee8
SHA156b82d8bf075ee0bb7ebaac5e610b1803d67b73d
SHA25683ca7af217b692aa1d2b159217c87cf9397c86ae1d3ed4ab9181c32233ffbd1f
SHA512b415fa3b11ffe03b29f0cbc39f215cd4840bbf404e090ebc7b36106c8d092a184988939f49fc6be144942798a86026860719d7f32b72970c0c980867b1eb1c78
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5c2a2ed9ab68dfbbb2400bab16205e505
SHA1d22868218b41ba6ec2ad2ed80d23a9f8a648051d
SHA2567c5188c9b66ef88a425bcbec87d765043dfc107c6bf5220e19aad71b4fb51a7c
SHA5128bd50629e5f9918bf486a8c0dd8ff73d658a1e1f4327b04beb71779882d9378ed20c45ee2dab851c552726f54e5dafc45cd2244a0bba3ba05b5d3d0f6ed166db
-
C:\Users\Admin\AppData\Roaming\GearUPBooster\gu.logFilesize
103B
MD5548e4159e176cc28b40d771e79b295d5
SHA1bf02777839823c0564c7afcd2b3690c90684c2ed
SHA256faad95d4ab18e50a56b5b303878c51a9061e806043218ad29d44c3fd75c41ff4
SHA512c030cf579edae89aa60069eb1a13261cc7f6301b0816188eb5540ff4abcd0d2e3463ab2349318a6bce2a0874b5fb06ea9d5b45bbc38849194a7ade10fff142bb
-
C:\Users\Admin\AppData\Roaming\GearUPBooster\webdata\Cache\f_000001Filesize
59KB
MD5069a149dafa2cbe038875e6305e0a3b3
SHA18ceef3c038262849d903a18c424a858760a001f0
SHA2561f1ef835eceefdd4910051db6e922af45f44f6d4275142f13897ab20d8e5882b
SHA5122a732504b0aa573f03fb81a206a785744875bf040043510aaa28a779521586bc358254a4431b5210236a5460e53eb3a19d9ebcd999586b10650883bdb10bb0c6
-
\??\pipe\LOCAL\crashpad_540_YOJSHOLQFKWKUFAFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1620-1199-0x000000002D000000-0x000000002D001000-memory.dmpFilesize
4KB
-
memory/2140-1198-0x0000000008900000-0x0000000008901000-memory.dmpFilesize
4KB
-
memory/3460-998-0x0000000028300000-0x0000000028301000-memory.dmpFilesize
4KB
-
memory/3804-1066-0x0000000026600000-0x0000000026601000-memory.dmpFilesize
4KB
-
memory/5052-1067-0x000000001A900000-0x000000001A901000-memory.dmpFilesize
4KB
-
memory/5260-1065-0x000000003B600000-0x000000003B601000-memory.dmpFilesize
4KB
-
memory/5752-1197-0x0000000006B00000-0x0000000006B01000-memory.dmpFilesize
4KB