5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-05-2022 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
Size

7.2MB
MD5

4e68ab57fe2edc1d441dadb3fcd8c01c
SHA1

042f782dccbd8102479c9abd75d6ee7a79ad834b
SHA256

5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a
SHA512

fb16e4f9beb157b0309f4b481b674e1eadfe8c17b4337aca0f77c766136023ea8e9990ed46f2276eaddb0a43927026fd317770fd0e38ae2e81f55697a0e68963

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

PTip.exeUUBrowser.exeDeskBubble.exe

pid process

1192 PTip.exe
4996 UUBrowser.exe
1612 DeskBubble.exe

pid	process
1192	PTip.exe
4996	UUBrowser.exe
1612	DeskBubble.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Control Panel\International\Geo\Nation	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe

Loads dropped DLL 27 IoCs

Processes:

5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exeUUBrowser.exePTip.exeDeskBubble.exe

pid	process
1344	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
1344	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
4996	UUBrowser.exe
1192	PTip.exe
4996	UUBrowser.exe
1192	PTip.exe
1192	PTip.exe
4996	UUBrowser.exe
4996	UUBrowser.exe
4996	UUBrowser.exe
1192	PTip.exe
4996	UUBrowser.exe
4996	UUBrowser.exe
4996	UUBrowser.exe
4996	UUBrowser.exe
4996	UUBrowser.exe
4996	UUBrowser.exe
4996	UUBrowser.exe
1612	DeskBubble.exe
1612	DeskBubble.exe
1612	DeskBubble.exe
4996	UUBrowser.exe
4996	UUBrowser.exe
1612	DeskBubble.exe
1612	DeskBubble.exe
1192	PTip.exe
1192	PTip.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

DeskBubble.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UUGAME = "\"C:\\Program Files (x86)\\UUBrowser\\UUBrowser.exe\" -h"	DeskBubble.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

Processes:

DeskBubble.exeUUBrowser.exePTip.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	DeskBubble.exe
File opened for modification	\??\PhysicalDrive0	UUBrowser.exe
File opened for modification	\??\PhysicalDrive0	PTip.exe

Drops file in Program Files directory 22 IoCs

Processes:

5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe

description	ioc	process
File created	C:\Program Files (x86)\UUBrowser\CrashReport.exe	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\opencv_core249.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\opencv_imgproc249.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\tool\PTip.exe	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\tool\UIRender.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\tool\msvcp80.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\UUBrowser.exe	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\msvcr80.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\tool\DeskBubble.exe	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\tool\Microsoft.VC80.CRT.manifest	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\tool\msvcr80.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\tool\VersionHelper.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\UrlEncrypt.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\BaseCommon.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\UIRender.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\BrowserUtils.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\UrlParser.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\Microsoft.VC80.CRT.manifest	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\msvcp80.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\Uninstall.exe	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\tool\Mini.exe	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
File created	C:\Program Files (x86)\UUBrowser\tool\BaseCommon.dll	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\UUBrowser.exe = "9999"	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\UUBrowser.exe = "11000"	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Mini.exe = "11000"	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

PTip.exe

pid process

1192 PTip.exe
1192 PTip.exe
1192 PTip.exe
1192 PTip.exe
1192 PTip.exe
1192 PTip.exe
1192 PTip.exe
1192 PTip.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

UUBrowser.exe

pid process

4996 UUBrowser.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

UUBrowser.exe

pid process

4996 UUBrowser.exe

pid	process
1192	PTip.exe
1192	PTip.exe
1192	PTip.exe
1192	PTip.exe
1192	PTip.exe
1192	PTip.exe
1192	PTip.exe
1192	PTip.exe

pid	process
4996	UUBrowser.exe

pid	process
4996	UUBrowser.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exeDeskBubble.exe

description	pid	process	target process
PID 1344 wrote to memory of 1192	1344	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe	PTip.exe
PID 1344 wrote to memory of 1192	1344	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe	PTip.exe
PID 1344 wrote to memory of 1192	1344	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe	PTip.exe
PID 1344 wrote to memory of 4996	1344	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe	UUBrowser.exe
PID 1344 wrote to memory of 4996	1344	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe	UUBrowser.exe
PID 1344 wrote to memory of 4996	1344	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe	UUBrowser.exe
PID 1344 wrote to memory of 1612	1344	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe	DeskBubble.exe
PID 1344 wrote to memory of 1612	1344	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe	DeskBubble.exe
PID 1344 wrote to memory of 1612	1344	5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe	DeskBubble.exe
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE
PID 1612 wrote to memory of 3064	1612	DeskBubble.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe
"C:\Users\Admin\AppData\Local\Temp\5bb0634c75b1e96fcbe69a894e83c3170f2323f3668040a0dd2e3abd0d9c2a2a.exe"
2⤵
- Checks computer location settings
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1344

C:\Program Files (x86)\UUBrowser\tool\PTip.exe
"C:\Program Files (x86)\UUBrowser\tool\PTip.exe" -type=2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
PID:1192

C:\Program Files (x86)\UUBrowser\UUBrowser.exe
"C:\Program Files (x86)\UUBrowser\UUBrowser.exe" -stat=1 -pid=3064
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4996

C:\Program Files (x86)\UUBrowser\tool\DeskBubble.exe
"C:\Program Files (x86)\UUBrowser\tool\DeskBubble.exe" -query_action
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:1612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\UUBrowser\BaseCommon.dll
Filesize
3.2MB

MD5
7377b80af65f7f1a020637cfaa03d62d

SHA1
195ed825c089a0761d85c9587c8528ad9cd7a620

SHA256
56a575c236767d70a6a274eeceb13048d4a1de5ccc3077c5f8b49dc83cce78d3

SHA512
8a09f74658f21d81964a89d97394de0feb155ec14713d3c980b8390c42237fd89336a1cf4efcaa0b5730f3d3412ce2895089c26da247d7574b09892ca8a9e8ba

Download Submit
C:\Program Files (x86)\UUBrowser\BaseCommon.dll
Filesize
3.2MB

MD5
7377b80af65f7f1a020637cfaa03d62d

SHA1
195ed825c089a0761d85c9587c8528ad9cd7a620

SHA256
56a575c236767d70a6a274eeceb13048d4a1de5ccc3077c5f8b49dc83cce78d3

SHA512
8a09f74658f21d81964a89d97394de0feb155ec14713d3c980b8390c42237fd89336a1cf4efcaa0b5730f3d3412ce2895089c26da247d7574b09892ca8a9e8ba

Download Submit
C:\Program Files (x86)\UUBrowser\BaseCommon.dll
Filesize
3.2MB

MD5
7377b80af65f7f1a020637cfaa03d62d

SHA1
195ed825c089a0761d85c9587c8528ad9cd7a620

SHA256
56a575c236767d70a6a274eeceb13048d4a1de5ccc3077c5f8b49dc83cce78d3

SHA512
8a09f74658f21d81964a89d97394de0feb155ec14713d3c980b8390c42237fd89336a1cf4efcaa0b5730f3d3412ce2895089c26da247d7574b09892ca8a9e8ba

Download Submit
C:\Program Files (x86)\UUBrowser\BaseCommon.dll
Filesize
3.2MB

MD5
7377b80af65f7f1a020637cfaa03d62d

SHA1
195ed825c089a0761d85c9587c8528ad9cd7a620

SHA256
56a575c236767d70a6a274eeceb13048d4a1de5ccc3077c5f8b49dc83cce78d3

SHA512
8a09f74658f21d81964a89d97394de0feb155ec14713d3c980b8390c42237fd89336a1cf4efcaa0b5730f3d3412ce2895089c26da247d7574b09892ca8a9e8ba

Download Submit
C:\Program Files (x86)\UUBrowser\BrowserUtils.dll
Filesize
120KB

MD5
7f852ed0240e5127cd56c1db4b34e1a0

SHA1
a16330ba85e03cfd5aa8bfbf86c43edf526e19da

SHA256
9b101d330f3dc5a82bc8f526e9d7783c83f7c1c74fb2529ec1e26e9c3a16c19d

SHA512
96d3264a9e0e9eb57c9687e4c9b8a3be30f3bfb2e64fbd08bc30a3295b0711db6fbb310c9aa3c847aa6ccd46c2f0ca3f8cbf39194e125b9a0f3e116b0c8801d5

Download Submit
C:\Program Files (x86)\UUBrowser\BrowserUtils.dll
Filesize
120KB

MD5
7f852ed0240e5127cd56c1db4b34e1a0

SHA1
a16330ba85e03cfd5aa8bfbf86c43edf526e19da

SHA256
9b101d330f3dc5a82bc8f526e9d7783c83f7c1c74fb2529ec1e26e9c3a16c19d

SHA512
96d3264a9e0e9eb57c9687e4c9b8a3be30f3bfb2e64fbd08bc30a3295b0711db6fbb310c9aa3c847aa6ccd46c2f0ca3f8cbf39194e125b9a0f3e116b0c8801d5

Download Submit
C:\Program Files (x86)\UUBrowser\BrowserUtils.dll
Filesize
120KB

MD5
7f852ed0240e5127cd56c1db4b34e1a0

SHA1
a16330ba85e03cfd5aa8bfbf86c43edf526e19da

SHA256
9b101d330f3dc5a82bc8f526e9d7783c83f7c1c74fb2529ec1e26e9c3a16c19d

SHA512
96d3264a9e0e9eb57c9687e4c9b8a3be30f3bfb2e64fbd08bc30a3295b0711db6fbb310c9aa3c847aa6ccd46c2f0ca3f8cbf39194e125b9a0f3e116b0c8801d5

Download Submit
C:\Program Files (x86)\UUBrowser\UIRender.dll
Filesize
1.1MB

MD5
51ba9092c7a0ad44021675709f184c6c

SHA1
e0ab4fbeb9d8b4690ba3bf5aee5e21c24b92d17c

SHA256
4b0ed2021ae982f1cfd0de90a2cb3f9172c53c373f7762e93bda676378c6548e

SHA512
cc3828057ec735194ee7488ebe95f66226621efbab6d297e188591582428db2b1bd4dac8a8964a8fddb294a5c483cfc7a3e09704addb91292a29607c28903d1f

Download Submit
C:\Program Files (x86)\UUBrowser\UIRender.dll
Filesize
1.1MB

MD5
51ba9092c7a0ad44021675709f184c6c

SHA1
e0ab4fbeb9d8b4690ba3bf5aee5e21c24b92d17c

SHA256
4b0ed2021ae982f1cfd0de90a2cb3f9172c53c373f7762e93bda676378c6548e

SHA512
cc3828057ec735194ee7488ebe95f66226621efbab6d297e188591582428db2b1bd4dac8a8964a8fddb294a5c483cfc7a3e09704addb91292a29607c28903d1f

Download Submit
C:\Program Files (x86)\UUBrowser\UUBrowser.exe
Filesize
4.9MB

MD5
39fae7f07bb31eb7557dac952beb325c

SHA1
5c75008824ef3f036f8ac01b26c37ef91daea1b8

SHA256
830b50f6350cfd10e883d4ec805263b828b676b7201d8919b356099c41c80cd1

SHA512
38b8487de15df98db1ed11a733b2854b9613e8a0025cf24293f73e9d069de0aa9d2ff0789d17bf3c7770c7126a9070babd6094e046d7e6b640b05c7eba791e76

Download Submit
C:\Program Files (x86)\UUBrowser\UrlEncrypt.dll
Filesize
21KB

MD5
e9d2de37963778591496531ac3b09244

SHA1
7f5b4e7abf4bcb207c5a51675246fce3c5486e11

SHA256
4190d631c38641af61807bccb08922183d618d52557d9148877ad1bf8c9c10a9

SHA512
2db129bd195d6e2f74ccbcc2a6cef573120d879b63a149b7a315d1a718f70bd025d3b64b9d7c7c1dfa7dbcafe1fc4da47894236f22c244fcf7f470d21ea118e6

Download Submit
C:\Program Files (x86)\UUBrowser\UrlEncrypt.dll
Filesize
21KB

MD5
e9d2de37963778591496531ac3b09244

SHA1
7f5b4e7abf4bcb207c5a51675246fce3c5486e11

SHA256
4190d631c38641af61807bccb08922183d618d52557d9148877ad1bf8c9c10a9

SHA512
2db129bd195d6e2f74ccbcc2a6cef573120d879b63a149b7a315d1a718f70bd025d3b64b9d7c7c1dfa7dbcafe1fc4da47894236f22c244fcf7f470d21ea118e6

Download Submit
C:\Program Files (x86)\UUBrowser\UrlEncrypt.dll
Filesize
21KB

MD5
e9d2de37963778591496531ac3b09244

SHA1
7f5b4e7abf4bcb207c5a51675246fce3c5486e11

SHA256
4190d631c38641af61807bccb08922183d618d52557d9148877ad1bf8c9c10a9

SHA512
2db129bd195d6e2f74ccbcc2a6cef573120d879b63a149b7a315d1a718f70bd025d3b64b9d7c7c1dfa7dbcafe1fc4da47894236f22c244fcf7f470d21ea118e6

Download Submit
C:\Program Files (x86)\UUBrowser\UrlEncrypt.dll
Filesize
21KB

MD5
e9d2de37963778591496531ac3b09244

SHA1
7f5b4e7abf4bcb207c5a51675246fce3c5486e11

SHA256
4190d631c38641af61807bccb08922183d618d52557d9148877ad1bf8c9c10a9

SHA512
2db129bd195d6e2f74ccbcc2a6cef573120d879b63a149b7a315d1a718f70bd025d3b64b9d7c7c1dfa7dbcafe1fc4da47894236f22c244fcf7f470d21ea118e6

Download Submit
C:\Program Files (x86)\UUBrowser\UrlEncrypt.dll
Filesize
21KB

MD5
e9d2de37963778591496531ac3b09244

SHA1
7f5b4e7abf4bcb207c5a51675246fce3c5486e11

SHA256
4190d631c38641af61807bccb08922183d618d52557d9148877ad1bf8c9c10a9

SHA512
2db129bd195d6e2f74ccbcc2a6cef573120d879b63a149b7a315d1a718f70bd025d3b64b9d7c7c1dfa7dbcafe1fc4da47894236f22c244fcf7f470d21ea118e6

Download Submit
C:\Program Files (x86)\UUBrowser\UrlEncrypt.dll
Filesize
21KB

MD5
e9d2de37963778591496531ac3b09244

SHA1
7f5b4e7abf4bcb207c5a51675246fce3c5486e11

SHA256
4190d631c38641af61807bccb08922183d618d52557d9148877ad1bf8c9c10a9

SHA512
2db129bd195d6e2f74ccbcc2a6cef573120d879b63a149b7a315d1a718f70bd025d3b64b9d7c7c1dfa7dbcafe1fc4da47894236f22c244fcf7f470d21ea118e6

Download Submit
C:\Program Files (x86)\UUBrowser\UrlEncrypt.dll
Filesize
21KB

MD5
e9d2de37963778591496531ac3b09244

SHA1
7f5b4e7abf4bcb207c5a51675246fce3c5486e11

SHA256
4190d631c38641af61807bccb08922183d618d52557d9148877ad1bf8c9c10a9

SHA512
2db129bd195d6e2f74ccbcc2a6cef573120d879b63a149b7a315d1a718f70bd025d3b64b9d7c7c1dfa7dbcafe1fc4da47894236f22c244fcf7f470d21ea118e6

Download Submit
C:\Program Files (x86)\UUBrowser\UrlParser.dll
Filesize
196KB

MD5
b094dd439f0a6d780bc59a22c41050ed

SHA1
1987c394cb8a8d25d9f72c75c7986ae998f8d83a

SHA256
a40131d9e87e6127b367d7857cf302803c3104dabedeb64d86f98c5d1a1487b7

SHA512
eeb20016c10d35310d6ccda1fa335d48f6336a286d4789ac12df66d3ee76964fca14f3d7adc66e4482a6a9450847d592b248dfc8af4c6cd8fdb33bd8a0301808

Download Submit
C:\Program Files (x86)\UUBrowser\UrlParser.dll
Filesize
196KB

MD5
b094dd439f0a6d780bc59a22c41050ed

SHA1
1987c394cb8a8d25d9f72c75c7986ae998f8d83a

SHA256
a40131d9e87e6127b367d7857cf302803c3104dabedeb64d86f98c5d1a1487b7

SHA512
eeb20016c10d35310d6ccda1fa335d48f6336a286d4789ac12df66d3ee76964fca14f3d7adc66e4482a6a9450847d592b248dfc8af4c6cd8fdb33bd8a0301808

Download Submit
C:\Program Files (x86)\UUBrowser\UrlParser.dll
Filesize
196KB

MD5
b094dd439f0a6d780bc59a22c41050ed

SHA1
1987c394cb8a8d25d9f72c75c7986ae998f8d83a

SHA256
a40131d9e87e6127b367d7857cf302803c3104dabedeb64d86f98c5d1a1487b7

SHA512
eeb20016c10d35310d6ccda1fa335d48f6336a286d4789ac12df66d3ee76964fca14f3d7adc66e4482a6a9450847d592b248dfc8af4c6cd8fdb33bd8a0301808

Download Submit
C:\Program Files (x86)\UUBrowser\opencv_core249.dll
Filesize
1.9MB

MD5
14e34a83f1f0b481d0f5f8567488be17

SHA1
3980317eacccf079dca7d08e58be43c709da8d7a

SHA256
ea44a25709cd1b41eb9a79077e4ec6e1ee92a46a8758c104cfd4dbb457471e8e

SHA512
352ba1386b1fff3776b1c99df0a4cebf6bca53661457146f3f37efd5f97faf66e36229c328c1258ed9ec1d580154b6fbaca61cb1df32679ba5c1e2da887a651b

Download Submit
C:\Program Files (x86)\UUBrowser\opencv_core249.dll
Filesize
1.9MB

MD5
14e34a83f1f0b481d0f5f8567488be17

SHA1
3980317eacccf079dca7d08e58be43c709da8d7a

SHA256
ea44a25709cd1b41eb9a79077e4ec6e1ee92a46a8758c104cfd4dbb457471e8e

SHA512
352ba1386b1fff3776b1c99df0a4cebf6bca53661457146f3f37efd5f97faf66e36229c328c1258ed9ec1d580154b6fbaca61cb1df32679ba5c1e2da887a651b

Download Submit
C:\Program Files (x86)\UUBrowser\opencv_core249.dll
Filesize
1.9MB

MD5
14e34a83f1f0b481d0f5f8567488be17

SHA1
3980317eacccf079dca7d08e58be43c709da8d7a

SHA256
ea44a25709cd1b41eb9a79077e4ec6e1ee92a46a8758c104cfd4dbb457471e8e

SHA512
352ba1386b1fff3776b1c99df0a4cebf6bca53661457146f3f37efd5f97faf66e36229c328c1258ed9ec1d580154b6fbaca61cb1df32679ba5c1e2da887a651b

Download Submit
C:\Program Files (x86)\UUBrowser\opencv_imgproc249.dll
Filesize
1.8MB

MD5
c89cd957a45a4ff98439e946d95b1551

SHA1
55f1621cfc64bc9745cc1c9fccae7021959ed850

SHA256
3d2c4e01f0bd72f2c1d82794fe461b7ea10ffe1cc94db84a212d83e62ac1d224

SHA512
81dbdaa4d993ea638fa8a83ee0b4d0c6a7cd390e6653dcfd8b52691fd8028d76d9c7e74a7b9381c93fcfcd30432cfaaf843a576e25ed1ae48493c5656298aa29

Download Submit
C:\Program Files (x86)\UUBrowser\opencv_imgproc249.dll
Filesize
1.8MB

MD5
c89cd957a45a4ff98439e946d95b1551

SHA1
55f1621cfc64bc9745cc1c9fccae7021959ed850

SHA256
3d2c4e01f0bd72f2c1d82794fe461b7ea10ffe1cc94db84a212d83e62ac1d224

SHA512
81dbdaa4d993ea638fa8a83ee0b4d0c6a7cd390e6653dcfd8b52691fd8028d76d9c7e74a7b9381c93fcfcd30432cfaaf843a576e25ed1ae48493c5656298aa29

Download Submit
C:\Program Files (x86)\UUBrowser\opencv_imgproc249.dll
Filesize
1.8MB

MD5
c89cd957a45a4ff98439e946d95b1551

SHA1
55f1621cfc64bc9745cc1c9fccae7021959ed850

SHA256
3d2c4e01f0bd72f2c1d82794fe461b7ea10ffe1cc94db84a212d83e62ac1d224

SHA512
81dbdaa4d993ea638fa8a83ee0b4d0c6a7cd390e6653dcfd8b52691fd8028d76d9c7e74a7b9381c93fcfcd30432cfaaf843a576e25ed1ae48493c5656298aa29

Download Submit
C:\Program Files (x86)\UUBrowser\tool\BaseCommon.dll
Filesize
3.2MB

MD5
7377b80af65f7f1a020637cfaa03d62d

SHA1
195ed825c089a0761d85c9587c8528ad9cd7a620

SHA256
56a575c236767d70a6a274eeceb13048d4a1de5ccc3077c5f8b49dc83cce78d3

SHA512
8a09f74658f21d81964a89d97394de0feb155ec14713d3c980b8390c42237fd89336a1cf4efcaa0b5730f3d3412ce2895089c26da247d7574b09892ca8a9e8ba

Download Submit
C:\Program Files (x86)\UUBrowser\tool\BaseCommon.dll
Filesize
3.2MB

MD5
7377b80af65f7f1a020637cfaa03d62d

SHA1
195ed825c089a0761d85c9587c8528ad9cd7a620

SHA256
56a575c236767d70a6a274eeceb13048d4a1de5ccc3077c5f8b49dc83cce78d3

SHA512
8a09f74658f21d81964a89d97394de0feb155ec14713d3c980b8390c42237fd89336a1cf4efcaa0b5730f3d3412ce2895089c26da247d7574b09892ca8a9e8ba

Download Submit
C:\Program Files (x86)\UUBrowser\tool\BaseCommon.dll
Filesize
3.2MB

MD5
7377b80af65f7f1a020637cfaa03d62d

SHA1
195ed825c089a0761d85c9587c8528ad9cd7a620

SHA256
56a575c236767d70a6a274eeceb13048d4a1de5ccc3077c5f8b49dc83cce78d3

SHA512
8a09f74658f21d81964a89d97394de0feb155ec14713d3c980b8390c42237fd89336a1cf4efcaa0b5730f3d3412ce2895089c26da247d7574b09892ca8a9e8ba

Download Submit
C:\Program Files (x86)\UUBrowser\tool\BaseCommon.dll
Filesize
3.2MB

MD5
7377b80af65f7f1a020637cfaa03d62d

SHA1
195ed825c089a0761d85c9587c8528ad9cd7a620

SHA256
56a575c236767d70a6a274eeceb13048d4a1de5ccc3077c5f8b49dc83cce78d3

SHA512
8a09f74658f21d81964a89d97394de0feb155ec14713d3c980b8390c42237fd89336a1cf4efcaa0b5730f3d3412ce2895089c26da247d7574b09892ca8a9e8ba

Download Submit
C:\Program Files (x86)\UUBrowser\tool\BaseCommon.dll
Filesize
3.2MB

MD5
7377b80af65f7f1a020637cfaa03d62d

SHA1
195ed825c089a0761d85c9587c8528ad9cd7a620

SHA256
56a575c236767d70a6a274eeceb13048d4a1de5ccc3077c5f8b49dc83cce78d3

SHA512
8a09f74658f21d81964a89d97394de0feb155ec14713d3c980b8390c42237fd89336a1cf4efcaa0b5730f3d3412ce2895089c26da247d7574b09892ca8a9e8ba

Download Submit
C:\Program Files (x86)\UUBrowser\tool\DeskBubble.exe
Filesize
160KB

MD5
508f680a1ea5a6eb684a11f474fca646

SHA1
1ab064780f190b9dcdf72dadcc05973e77766dd4

SHA256
de0ac446efac755ea884efa7d21f998f2351d8ebd96614c0105b3538f068dd90

SHA512
fca7a3b6a479c211bc7ac00efc323f10f7bd931da14b877c1e2a2b74c995f0c9c5998689ee357a061a3c8ce182290a35aefd479b20c58268d9b4e4ba471d3226

Download Submit
C:\Program Files (x86)\UUBrowser\tool\PTip.exe
Filesize
452KB

MD5
4deb4e093c590323b30db90e9464dcab

SHA1
fa07bed7445567204361e3f5f234d479a3eee14b

SHA256
7b06f354b182fbfde27c14a7ff207b1da8a9c77836b92f8c708793f0cde2fec4

SHA512
e5177676005490ce040f2b3cc9e56e75f0301e77db63e1a030218915e3a51f63754fd764c0604c3349b8d45f30b87306297eca8ca82d8bfc01718eb176d9f1fb

Download Submit
C:\Program Files (x86)\UUBrowser\tool\UIRender.dll
Filesize
1.1MB

MD5
51ba9092c7a0ad44021675709f184c6c

SHA1
e0ab4fbeb9d8b4690ba3bf5aee5e21c24b92d17c

SHA256
4b0ed2021ae982f1cfd0de90a2cb3f9172c53c373f7762e93bda676378c6548e

SHA512
cc3828057ec735194ee7488ebe95f66226621efbab6d297e188591582428db2b1bd4dac8a8964a8fddb294a5c483cfc7a3e09704addb91292a29607c28903d1f

Download Submit
C:\Program Files (x86)\UUBrowser\tool\UIRender.dll
Filesize
1.1MB

MD5
51ba9092c7a0ad44021675709f184c6c

SHA1
e0ab4fbeb9d8b4690ba3bf5aee5e21c24b92d17c

SHA256
4b0ed2021ae982f1cfd0de90a2cb3f9172c53c373f7762e93bda676378c6548e

SHA512
cc3828057ec735194ee7488ebe95f66226621efbab6d297e188591582428db2b1bd4dac8a8964a8fddb294a5c483cfc7a3e09704addb91292a29607c28903d1f

Download Submit
C:\Program Files (x86)\UUBrowser\tool\UIRender.dll
Filesize
1.1MB

MD5
51ba9092c7a0ad44021675709f184c6c

SHA1
e0ab4fbeb9d8b4690ba3bf5aee5e21c24b92d17c

SHA256
4b0ed2021ae982f1cfd0de90a2cb3f9172c53c373f7762e93bda676378c6548e

SHA512
cc3828057ec735194ee7488ebe95f66226621efbab6d297e188591582428db2b1bd4dac8a8964a8fddb294a5c483cfc7a3e09704addb91292a29607c28903d1f

Download Submit
C:\Program Files (x86)\UUBrowser\tool\UIRender.dll
Filesize
1.1MB

MD5
51ba9092c7a0ad44021675709f184c6c

SHA1
e0ab4fbeb9d8b4690ba3bf5aee5e21c24b92d17c

SHA256
4b0ed2021ae982f1cfd0de90a2cb3f9172c53c373f7762e93bda676378c6548e

SHA512
cc3828057ec735194ee7488ebe95f66226621efbab6d297e188591582428db2b1bd4dac8a8964a8fddb294a5c483cfc7a3e09704addb91292a29607c28903d1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq88C.tmp\K8NsisMiniExtend.dll
Filesize
1.1MB

MD5
a6e369f96465dcd88164d1a9f3033216

SHA1
4a1b4a2ea083fe8674eb34104a8dc309414c8fe2

SHA256
39ceddad4e7f88a82bbb68584c1753d769db76835233dfe1656b583965ae7668

SHA512
706cd3b9937ccf0c8f6a39a5ad67fce17a0ff3ad3bbf2390132efeeb54e8ed2c1576af89c508d8ed765174dd28f48068d36b123359046f34e2e2e5537b65702e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq88C.tmp\System.dll
Filesize
11KB

MD5
b0c77267f13b2f87c084fd86ef51ccfc

SHA1
f7543f9e9b4f04386dfbf33c38cbed1bf205afb3

SHA256
a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77

SHA512
f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

Download Submit
C:\Users\Admin\Desktop\UUÒ³ÓÎÖúÊÖ.lnk
Filesize
1KB

MD5
ee24ad24642a37e33006e4bf394c6549

SHA1
4fd7b415b0b1c4e1186703a4298823714c0ca170

SHA256
abfc7eccb76ef4cf8d6775d48100d3204cae03c663effce9da806e5894f229f7

SHA512
887a054a30a19c9af298ba42d23d7830d521cc441e4ce8f2d67ca1e9229216e562e2e5e5b656c665b3ac8b6f0c842ce2d9d6c2e7167dc9873cd38919d6a992a5

Download Submit
memory/1192-132-0x0000000000000000-mapping.dmp

Download
memory/1192-188-0x0000000002601000-0x0000000002604000-memory.dmp

Filesize
12KB

Download
memory/1192-153-0x0000000000A50000-0x0000000000D85000-memory.dmp

Filesize
3.2MB

Download
memory/1612-185-0x0000000000A11000-0x0000000000A14000-memory.dmp

Filesize
12KB

Download
memory/1612-177-0x0000000000790000-0x00000000008A4000-memory.dmp

Filesize
1.1MB

Download
memory/1612-172-0x0000000000000000-mapping.dmp

Download
memory/4996-164-0x00000000009D0000-0x00000000009EE000-memory.dmp

Filesize
120KB

Download
memory/4996-161-0x00000000009D1000-0x00000000009E1000-memory.dmp

Filesize
64KB

Download
memory/4996-136-0x0000000000000000-mapping.dmp

Download
memory/4996-158-0x0000000000EC0000-0x0000000001123000-memory.dmp

Filesize
2.4MB

Download
memory/4996-170-0x0000000001180000-0x0000000001370000-memory.dmp

Filesize
1.9MB

Download
memory/4996-169-0x0000000001370000-0x00000000016A5000-memory.dmp

Filesize
3.2MB

Download
memory/4996-182-0x0000000001741000-0x0000000001744000-memory.dmp

Filesize
12KB

Download
memory/4996-166-0x0000000001181000-0x00000000012FE000-memory.dmp

Filesize
1.5MB

Download