Malware Analysis Report

2024-11-16 10:45

Sample ID 240603-k1bk5sba23
Target 9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118
SHA256 483767d43c556f2d17242aeffd5f31cffd72955f31964c0b7d522fe4874b254c
Tags
bootkit discovery evasion execution persistence spyware stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

483767d43c556f2d17242aeffd5f31cffd72955f31964c0b7d522fe4874b254c

Threat Level: Likely malicious

The file 9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery evasion execution persistence spyware stealer trojan

Stops running service(s)

Drops file in Drivers directory

Sets service image path in registry

Reads user/profile data of web browsers

Enumerates connected drives

Modifies Installed Components in the registry

Writes to the Master Boot Record (MBR)

Checks whether UAC is enabled

Modifies Windows Firewall

Checks computer location settings

Drops file in System32 directory

Drops file in Program Files directory

Executes dropped EXE

Checks installed software on the system

Loads dropped DLL

Drops file in Windows directory

Launches sc.exe

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: LoadsDriver

Modifies data under HKEY_USERS

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 09:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 09:03

Reported

2024-06-03 09:06

Platform

win7-20240221-en

Max time kernel

144s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\ucguard.sys C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UCGuard\ImagePath = "system32\\DRIVERS\\ucguard.sys" C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A

Stops running service(s)

evasion execution

Reads user/profile data of web browsers

spyware stealer

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9} C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\ = "UC浏览器" C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\StubPath = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\5.6.13381.9\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Localized Name = "UC浏览器" C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\IsInstalled = "1" C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Version = "43,0,0,0" C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\UCBrowser\Application\Share\target_locale C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\update.log C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\start.dat C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\en-in\start.dat C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\UCAgent.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\bookmarks\pp_helper.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\login_view\qq.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\searchbar\taobao.com.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\debug.log C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\searchbar\bing.com.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Drivers\ucguard-x64.sys C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Update\InstalledConfig.xml C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\ru\config.dat C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\libEGL.dll C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\desktop\tmall_points.ico C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\login_view\alipay.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\new_tab_search\sogou.com.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\pt-br\config.dat C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\chrome_watcher.dll C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\resources.pak C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\searchbar\tmall.com.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\update_task.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\zh-cn\share.dat C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\chrome_elf.dll C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\jobs\{8C026634-FFC9-4942-AF9C-E2A6080BC8E8}.UCBrowser C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\config_updater.dll C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\browsing_data_remover.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Backup\UCBrowser.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\bookmarks\amazon.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\bookmarks\baidu.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\wow_helper.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\extension\noads.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\0\remote\0_beta_chk.xml1.size C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\stats_uploader.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\UCService.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Extensions\zh-CN\external_extensions.json C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\extension\renren.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\bookmarks\taobao.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\0\remote\0_beta_chk.xml1 C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\es-419\share.dat C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\es-419\start.dat C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\share\ucsvc_config.dat C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\chrome.7z C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\natives_blob.bin C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\share.dat C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\en-in\config.dat C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\molt_tool.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\update_task.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\wow_helper.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\login_view\taobao.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\custom.dat C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\searchbar\baidu.com.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\new_tab_search\etao.com.png C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\scoped_dir_2436_3996\custom.dat C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\marketing\1001.ico C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Update\UpdateOption.xml C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\wow_helper.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\Share\task.ini C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Locales\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\Share\unconfirmed_config C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\UCBrowserUpdater.job C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File opened for modification C:\Windows\Tasks\UCBrowserUpdater.job C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Enumerates physical storage devices

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{DB0A02AF-0661-40D9-A76D-C04CBED38BDC} C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{DB0A02AF-0661-40D9-A76D-C04CBED38BDC}\WpadNetworkName = "Network 3" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-3f-c6-c4-4b-fd\WpadDecisionTime = 7021bbfa94b5da01 C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-3f-c6-c4-4b-fd\WpadDecision = "0" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{DB0A02AF-0661-40D9-A76D-C04CBED38BDC}\WpadDecision = "0" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{DB0A02AF-0661-40D9-A76D-C04CBED38BDC}\aa-3f-c6-c4-4b-fd C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f0116000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-3f-c6-c4-4b-fd\WpadDecisionReason = "1" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{DB0A02AF-0661-40D9-A76D-C04CBED38BDC}\WpadDecisionReason = "1" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-3f-c6-c4-4b-fd C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.XHTML\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.MHT\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.xht\ = "UCHTML" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\http\shell\open\ddeexec\ C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.MHT\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML\ = "UC HTML Document" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.MHT\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\http\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\shell\open C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.XHT\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\https\shell\ = "open" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.htm C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgids C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.shtml\ = "UCHTML" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\http\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHT\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML\shell\open C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\https\URL Protocol C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\UCHTML.AssocFile.XHTML C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.mht C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTM\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.xht C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\https\URL Protocol C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\https\shell\open\ddeexec\ C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithProgIds\UCHTML.AssocFile.MHT C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\ftp C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.HTML C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.webp\OpenWithProgids\UCHTML.AssocFile.WEBP C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTML\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.crx\OpenWithProgids\UCHTML.AssocFile.CRX C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.htm\ = "UCHTML" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.CRX C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.xhtml\OpenWithProgids\UCHTML.AssocFile.XHTML C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTM\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.crx\OpenWithProgids C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\http\URL Protocol C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\ftp\URL Protocol C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.shtm\OpenWithProgids C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.HTM\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\ftp\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\UCHTML.AssocFile.WEBP C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.WEBP\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.shtm C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\https\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1888 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe
PID 1888 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe
PID 1888 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe
PID 1888 wrote to memory of 2616 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe
PID 1888 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe
PID 1888 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe
PID 1888 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe
PID 1888 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe
PID 1888 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe
PID 1888 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe
PID 1888 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe
PID 2556 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 2556 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 2556 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 2556 wrote to memory of 576 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 2556 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 2556 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 2556 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 2556 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 2556 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 916 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 2000 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 1748 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 2556 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 2556 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 2556 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 2556 wrote to memory of 392 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 2556 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 2556 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 2556 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 2556 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 1696 wrote to memory of 1956 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe
PID 1696 wrote to memory of 1956 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe
PID 1696 wrote to memory of 1956 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe
PID 1696 wrote to memory of 1956 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe
PID 2556 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 2556 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 2556 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 2556 wrote to memory of 2452 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 1696 wrote to memory of 580 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 1696 wrote to memory of 580 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 1696 wrote to memory of 580 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 1696 wrote to memory of 580 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 2556 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 2556 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 2556 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 2556 wrote to memory of 932 N/A C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 580 wrote to memory of 2896 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 580 wrote to memory of 2896 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 580 wrote to memory of 2896 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 580 wrote to memory of 2896 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 580 wrote to memory of 2896 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe

"C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe" --sync=http://www.uc123.com/guide/install_blacklist.php?ver=5.6.13381.9&bid=800&pid=4681&mid=6277355a6c664acb0e2da627870b728f&midex=e7949e435ecb134a6549acc42c96cb7fv00000022d42e731

C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\CHROME.PACKED.7Z" --system-level --wow-bid=800 --wow-pid=4681 /s --wow-auth-url=http://www.uc123.com/guide/install_blacklist.php?ver=5.6.13381.9&bid=800&pid=4681 --wow-customized-theme="Share\customized_theme.crx" --install --wow-install-target-path="C:\Program Files (x86)\UCBrowser" --wow-participate-eip=default --installerdata="C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_17413\wow_installer.prefs"

C:\Windows\SysWOW64\sc.exe

sc.exe stop UCBrowserSvc

C:\Windows\SysWOW64\sc.exe

sc.exe delete UCBrowserSvc

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="UC浏览器" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="迅雷云加速开放平台" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="UC浏览器" description="UC浏览器" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" action=allow

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="迅雷云加速开放平台" description="迅雷云加速开放平台" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe" action=allow

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --make-default-browser

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --install --start

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

"C:\Program Files (x86)\UCBrowser\Application\UCService.exe"

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe

"C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe" --normal-stats1=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnyooLJ0YXorGkzI8f7L1BmUMx1zSILYQbR7wuYAoKg9Pz8WadRdV8JjlPzqvC5f5krHL2J9KCalhYil5TaUis/ahDw11/uNoRngua1dl60ZfqZncHtKUly2pkv45zAiM/eKziiwGCMDnMwW8whm1BVXx8cjmO3zPFurW/GQ0a3Hx6bVcHDrBqyq8xHWblh18iBM+l/XWSaId0NxzRdnzKxQX/wIFd7/s5tma9O7vO5W3HOsR+frFiZKJSrHJxF0DXwl21eXOHNS80VW2NlAh3+6QsBIPYmil5EeHo19ppzXGCiEHvCdRuIefxSJSqxr38VrxxhUNQ7fld1p15tFnLhhiOVE4GihGtVO

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --as-current-user --run="\"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe\" --wow-enable-user-experience=default"

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-enable-user-experience=default

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater /AddTask

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="580.0.1954773216\788416798" /prefetch:673131151

C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe

"C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe" --normal-stats1=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnyi7KZ0ay4nGkqE/fv3TzGRP/VrT5T8nbRp7ooASPjtPsllHtR/04ZjinimvEpnrkrj1zp9xhIRhaKRSTakKi/a1FyV16FZHRmWBQFdW7Vhfvqf6HsMltC25Pd052iyo/dCvtiw6sennAIyHwjSLE1XMy/7mLMHaFtx7z2QMW0HxwaVsHBBEmCqVR2absStyXJ4UFiG+4/qK2CVsE/niYQ9v+Q/Qx0+s5vXp4rpch1Swuh2ROBgMyFPrWf2JthdK2KA+GSG0Pmb9cSYpd/gkPr5w+A= --normal-stats2=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnWi74VtaytEEUp5nI33sfOjP/stWJOX+qNi/DErT/hsxsFmkvt3wiESx0OXTQd8r2/nwHAqwAm84/ffrvzxACbQgePbE/awM9WZZwpGXpmFdLdx6Oxe50B2uIHoTTiQVhBAnRlK6S/FmwAbHeyDXJTkMiD44/VUWTJxPBAAZ+0RAFThQu4ByIgQUtSy5Z3urbRzA3cE88hp5G1VCoGgZ33fsrCT5Qow7BfP/ihxclS1Y/+rcYR9/z3jrTDY84GMMYSJF98yx7Gzg8WVd9L7jwRi9Ifo2ChFTyfv8Ipw --normal-stats3=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnysdB90fZbeGkD8YvvDvz+RC+UZS/ZUBrR3Rh8AkNiJPChHPN6xuyNjeKDFvDZXVEo/J9R9DOrehWRp+DZ06nfaZJzd18cBXBnMzcZd/+Wnfp4vsnueviO2iq9J5+BSD/fa3gSwVO/6nIBaZAhevC9Xv79dmCkfX1vn5xSQke33x+YVIHC36mmqvwWVbpAdV3KsoNqGuefhK959tU8f6TA990TLQzMWRpuFn5npLu34wpQm+uCKC35Pyz8XJugdQ2KQuByG1qGq9f7Qctj5BFGtqE9GLQxREpH7rVkjeJijQuy2NYVOCUZN01tvGZhWCssPWMNsq6CuvwCiuo6cX1YgTEeMpqETSnpNFp93S7i4vUiFbkk=

C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe

"C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe"

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="580.1.1436645294\490796903" /prefetch:673131151

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="580.2.85520456\872508387" --lang=zh-CN --ignored=" --type=renderer " /prefetch:-645351001

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe

"C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/*AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="580.3.969590629\2044595623" /prefetch:673131151

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="580.4.55603236\439571786" --lang=zh-CN --ignored=" --type=renderer " /prefetch:-645351001

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/*AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="580.5.1501803679\488296344" /prefetch:673131151

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-warm-up --silent-launch --wow-auto-close

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --lang=zh-CN --wow-warm-up --wow-silent-launch-child-process

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" /addtask --type=wow-config-updater

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater -CEnumUpdateMode:UpdateMode_AliImTimer

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -cenumupdatemode:updatemode_aliimtimer --type=wow-config-updater

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="580.6.1316842859\99806480" --lang=zh-CN --ignored=" --type=renderer " /prefetch:-645351001

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.uc123.com udp
US 163.181.154.232:80 www.uc123.com tcp
US 8.8.8.8:53 mmstat.ucweb.com udp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.google.com udp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
US 163.181.154.232:80 www.uc123.com tcp
US 163.181.154.232:80 www.uc123.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
US 8.8.8.8:53 dabai.pc.ucweb.com udp
US 8.8.8.8:53 down.up1.uc.cn udp
US 163.181.154.232:443 www.uc123.com tcp
US 163.181.154.232:443 www.uc123.com tcp
US 163.181.154.232:443 www.uc123.com tcp
US 8.8.8.8:53 image.uc.cn udp
US 8.8.8.8:53 tbsapi.browser.taobao.com udp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
US 8.8.8.8:53 spirit.browser.taobao.com udp
US 8.8.8.8:53 g.tbcdn.cn udp
US 163.181.154.232:443 image.uc.cn tcp
US 163.181.154.232:80 image.uc.cn tcp
US 8.8.8.8:53 img.alicdn.com udp
US 8.8.8.8:53 tce.alicdn.com udp
CN 106.11.149.27:80 dabai.pc.ucweb.com tcp
US 8.8.8.8:53 ip.taobao.com udp
GB 163.171.144.40:80 down.up1.uc.cn tcp
GB 163.171.144.40:80 down.up1.uc.cn tcp
CN 59.82.9.86:80 spirit.browser.taobao.com tcp
CN 59.82.9.86:80 spirit.browser.taobao.com tcp
CN 106.11.149.27:80 dabai.pc.ucweb.com tcp
US 163.181.154.229:80 tce.alicdn.com tcp
US 163.181.154.229:80 tce.alicdn.com tcp
US 163.181.154.229:80 tce.alicdn.com tcp
US 163.181.154.229:80 tce.alicdn.com tcp
US 163.181.154.229:80 tce.alicdn.com tcp
US 163.181.154.229:80 tce.alicdn.com tcp
US 163.181.154.229:80 tce.alicdn.com tcp
US 163.181.154.229:80 tce.alicdn.com tcp
US 8.8.8.8:53 alimarket.taobao.com udp
GB 79.133.176.243:443 img.alicdn.com tcp
CN 59.82.120.12:80 ip.taobao.com tcp
CN 59.82.120.12:80 ip.taobao.com tcp
US 8.8.8.8:53 browser.taobao.com udp
US 163.181.154.201:443 alimarket.taobao.com tcp
US 163.181.154.201:443 alimarket.taobao.com tcp
US 8.8.8.8:53 g.alicdn.com udp
US 8.8.8.8:53 afpmm.alicdn.com udp
US 8.8.8.8:53 gtd.alicdn.com udp
US 163.181.154.230:80 gtd.alicdn.com tcp
US 163.181.154.230:80 gtd.alicdn.com tcp
US 163.181.154.230:80 gtd.alicdn.com tcp
US 163.181.154.230:80 gtd.alicdn.com tcp
US 163.181.154.230:80 gtd.alicdn.com tcp
CN 59.82.121.179:443 browser.taobao.com tcp
US 8.8.8.8:53 su.bdimg.com udp
CN 59.82.121.179:443 browser.taobao.com tcp
GB 79.133.176.243:80 img.alicdn.com tcp
US 163.181.154.230:80 gtd.alicdn.com tcp
GB 79.133.176.243:80 img.alicdn.com tcp
US 163.181.154.230:80 gtd.alicdn.com tcp
US 163.181.154.230:80 gtd.alicdn.com tcp
US 163.181.154.230:80 gtd.alicdn.com tcp
US 163.181.154.230:80 gtd.alicdn.com tcp
US 163.181.154.229:80 gtd.alicdn.com tcp
US 8.8.8.8:53 gw.alicdn.com udp
US 163.181.154.229:80 gw.alicdn.com tcp
US 163.181.154.230:443 gw.alicdn.com tcp
US 163.181.154.230:443 gw.alicdn.com tcp
US 163.181.154.230:443 gw.alicdn.com tcp
US 163.181.154.229:80 gw.alicdn.com tcp
CN 124.239.243.49:80 su.bdimg.com tcp
CN 124.239.243.49:80 su.bdimg.com tcp
US 8.8.8.8:53 t.alicdn.com udp
US 8.8.8.8:53 clients1.google.com udp
US 8.8.8.8:53 click.aliyun.com udp
US 8.8.8.8:53 618.tmall.com udp
US 8.8.8.8:53 c.duomai.com udp
GB 142.250.187.206:443 clients1.google.com tcp
US 8.8.8.8:53 cn.chinadaily.com.cn udp
US 8.8.8.8:53 fanyi.baidu.com udp
US 8.8.8.8:53 fanyi.youdao.com udp
US 163.181.154.230:80 t.alicdn.com tcp
US 163.181.154.230:80 t.alicdn.com tcp
US 163.181.154.230:443 t.alicdn.com tcp
US 8.8.8.8:53 af.alicdn.com udp
US 8.8.8.8:53 gad.netease.com udp
US 8.8.8.8:53 huodong.taobao.com udp
US 8.8.8.8:53 mail.163.com udp
US 8.8.8.8:53 mail.qq.com udp
US 8.8.8.8:53 log.mmstat.com udp
US 8.8.8.8:53 pvp.qq.com udp
US 8.8.8.8:53 p.yiqifa.com udp
US 163.181.154.229:443 af.alicdn.com tcp
US 8.8.8.8:53 acjs.aliyun.com udp
US 8.8.8.8:53 qq.ip138.com udp
US 8.8.8.8:53 redirect.simba.taobao.com udp
US 8.8.8.8:53 t.shuqi.com udp
US 8.8.8.8:53 tb.jiuxinban.com udp
CN 59.82.33.225:443 log.mmstat.com tcp
US 8.8.8.8:53 uland.taobao.com udp
CN 203.119.144.7:80 acjs.aliyun.com tcp
CN 59.82.33.225:443 log.mmstat.com tcp
CN 203.119.144.7:80 acjs.aliyun.com tcp
US 8.8.8.8:53 track.uc.cn udp
CN 123.182.50.159:443 track.uc.cn tcp
US 163.181.154.230:80 af.alicdn.com tcp
US 163.181.154.230:80 af.alicdn.com tcp
US 163.181.154.230:80 af.alicdn.com tcp
US 163.181.154.230:80 af.alicdn.com tcp
US 163.181.154.230:80 af.alicdn.com tcp
CN 123.182.50.159:443 track.uc.cn tcp
US 8.8.8.8:53 clients3.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.206:443 clients3.google.com tcp
CN 59.82.121.179:443 browser.taobao.com tcp
US 8.8.8.8:53 ws.mmstat.com udp
CN 59.82.33.225:443 log.mmstat.com tcp
US 8.8.8.8:53 union-click.jd.com udp
US 8.8.8.8:53 fourier.taobao.com udp
US 8.8.8.8:53 v.6.cn udp
US 8.8.8.8:53 uc.ucweb.com udp
US 8.8.8.8:53 v.qq.com udp
US 8.8.8.8:53 weibo.com udp
US 168.235.205.6:80 uc.ucweb.com tcp
CN 59.82.121.179:443 browser.taobao.com tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
CN 59.82.34.236:443 ws.mmstat.com tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
US 8.8.8.8:53 www.12306.cn udp
CN 203.119.144.7:443 acjs.aliyun.com tcp
US 8.8.8.8:53 www.163.com udp
US 8.8.8.8:53 www.1688.com udp
US 8.8.8.8:53 www.58.com udp
US 8.8.8.8:53 ynuf.aliapp.org udp
US 8.8.8.8:53 w.cnzz.com udp
US 8.8.8.8:53 ucus.ucweb.com udp
CN 203.119.144.7:443 acjs.aliyun.com tcp
US 8.8.8.8:53 www.baidu.com udp
US 168.235.206.11:443 ucus.ucweb.com tcp
US 8.8.8.8:53 m.ykimg.com udp
US 8.8.8.8:53 www.douban.com udp
US 8.8.8.8:53 www.ef.com.cn udp
US 163.181.154.232:80 m.ykimg.com tcp
US 163.181.154.232:80 m.ykimg.com tcp
US 168.235.206.11:443 ucus.ucweb.com tcp
CN 59.82.121.179:443 browser.taobao.com tcp
US 8.8.8.8:53 www.huya.com udp
CN 59.82.33.225:443 log.mmstat.com tcp
US 8.8.8.8:53 www.ifeng.com udp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 183.2.172.185:443 www.baidu.com tcp
US 8.8.8.8:53 www.myquark.cn udp
CN 220.185.168.234:80 w.cnzz.com tcp
US 8.8.8.8:53 www.qq.com udp
US 8.8.8.8:53 www.sina.com.cn udp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 220.185.168.234:80 w.cnzz.com tcp
US 8.8.8.8:53 www.sohu.com udp
CN 183.2.172.185:443 www.baidu.com tcp
US 163.181.154.232:80 www.sina.com.cn tcp
US 8.8.8.8:53 pdds.ucweb.com udp
CN 203.119.144.7:80 acjs.aliyun.com tcp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
US 8.8.8.8:53 p.tanx.com udp
US 8.8.8.8:53 bj.58.com udp
US 8.8.8.8:53 bank.ecitic.com udp
CN 59.82.31.179:80 p.tanx.com tcp
US 8.8.8.8:53 business.sohu.com udp
CN 59.82.31.179:80 p.tanx.com tcp
US 8.8.8.8:53 cn.365psd.com udp
US 8.8.8.8:53 douban.fm udp
CN 59.82.33.225:443 log.mmstat.com tcp
US 8.8.8.8:53 dribbble.com udp
US 8.8.8.8:53 finance.ifeng.com udp
US 8.8.8.8:53 finance.sina.com.cn udp
US 8.8.8.8:53 ent.163.com udp
US 8.8.8.8:53 ent.sina.com.cn udp
US 8.8.8.8:53 game.haomove.com udp
CN 59.82.121.179:80 browser.taobao.com tcp
CN 106.11.149.27:80 dabai.pc.ucweb.com tcp
US 8.8.8.8:53 game.zixia.com udp
US 8.8.8.8:53 gateway.browser.taobao.com udp
US 8.8.8.8:53 www.taobao.com udp
CN 59.82.121.179:80 browser.taobao.com tcp
US 8.8.8.8:53 games.2323wan.com udp
US 8.8.8.8:53 jx3.xoyo.com udp
US 8.8.8.8:53 k.sina.com.cn udp
GB 79.133.176.221:443 www.taobao.com tcp
CN 59.82.121.73:80 gateway.browser.taobao.com tcp
CN 203.119.144.7:80 acjs.aliyun.com tcp
CN 59.82.121.73:80 gateway.browser.taobao.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 59.82.120.12:80 ip.taobao.com tcp
CN 120.41.32.49:80 su.bdimg.com tcp
CN 120.41.32.49:80 su.bdimg.com tcp
CN 106.8.130.149:443 track.uc.cn tcp
CN 106.8.130.149:443 track.uc.cn tcp
US 8.8.8.8:53 z7.sinaimg.cn udp
US 8.8.8.8:53 inews.gtimg.com udp
BE 92.123.51.8:80 inews.gtimg.com tcp
BE 92.123.51.8:80 inews.gtimg.com tcp
US 163.181.154.236:443 z7.sinaimg.cn tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 183.2.172.42:443 www.baidu.com tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 183.2.172.42:443 www.baidu.com tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
GB 163.171.144.40:80 down.up1.uc.cn tcp
US 8.8.8.8:53 tce.taobao.com udp
HK 47.246.177.10:443 tce.taobao.com tcp
HK 47.246.177.10:443 tce.taobao.com tcp
HK 47.246.177.10:443 tce.taobao.com tcp
US 8.8.8.8:53 extensions.uc.cn udp
CN 203.119.169.41:80 extensions.uc.cn tcp
CN 203.119.169.41:80 extensions.uc.cn tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
US 168.235.206.11:443 ucus.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 121.14.156.49:80 su.bdimg.com tcp
CN 121.14.156.49:80 su.bdimg.com tcp
CN 123.182.51.94:443 track.uc.cn tcp
CN 123.182.51.94:443 track.uc.cn tcp
CN 59.82.121.179:80 browser.taobao.com tcp
CN 59.82.121.179:80 browser.taobao.com tcp
US 8.8.8.8:53 update.up1.uc.cn udp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 39.108.40.9:80 update.up1.uc.cn tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 123.235.31.49:80 su.bdimg.com tcp
CN 123.235.31.49:80 su.bdimg.com tcp
CN 39.108.40.9:80 update.up1.uc.cn tcp
CN 123.182.51.196:443 track.uc.cn tcp
CN 123.182.51.196:443 track.uc.cn tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 203.119.169.41:80 extensions.uc.cn tcp
CN 203.119.169.41:80 extensions.uc.cn tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 118.180.40.49:80 su.bdimg.com tcp
CN 118.180.40.49:80 su.bdimg.com tcp
CN 106.8.130.78:443 track.uc.cn tcp
CN 106.8.130.78:443 track.uc.cn tcp
CN 59.82.121.179:80 browser.taobao.com tcp
CN 59.82.121.179:80 browser.taobao.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 125.74.1.49:80 su.bdimg.com tcp
CN 125.74.1.49:80 su.bdimg.com tcp
CN 203.119.169.41:80 extensions.uc.cn tcp
CN 203.119.169.41:80 extensions.uc.cn tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 125.74.110.49:80 su.bdimg.com tcp
CN 125.74.110.49:80 su.bdimg.com tcp

Files

\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe

MD5 174d697c06d02aab649bc0f09e70651b
SHA1 1141c6993bc97c35062b95884f0f0f9df256073f
SHA256 0cc1194f5fb42e552affc452cd77710df6acbc8ddcefdafbd79c5a6e693e3a09
SHA512 b6be98658afbaa615c9d1cc4a6e3e4f04be863d974113ac3e930324a651fe98909024a686e12ef143d501ca93e3dff5c36c0af8a75c8a9b29a286f987484eda8

\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe

MD5 a829f040da54dd809731d403ae83caf2
SHA1 f270cb77c6e3697a90c6beaf4a93570ccf48ae79
SHA256 caf89f1dcee6d607630d6da3cd57c6de542509df361f2b19ed1222a37ecbd3e5
SHA512 d771473757f92a66ae66950634c35b285609bee9bb7d63da49cbbc3786a4f497ffd39c50e1a0f34f995d254309113a1ccc4bee6a63da7e9924b7359fcba9ea70

C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_17413\wow_installer.prefs

MD5 fcee2892d47f62139209f80783bc0a8a
SHA1 f3812192dc6d2c18165944ac3e69dcbf49428843
SHA256 37249e0d047c3560897c8cc95e256677664870d5dcd534d0e2cd5e387a70db3a
SHA512 58a9d4d1eed549fba39576ece620fbe03e985b79d3444a318ac2442f2734415a2754207cbe25b60e7633d68c1c11790167b79351a70f636fe9023249d15e6f54

C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\CHROME.PACKED.7Z

MD5 164c0f7abdb4c410e10d6eb79e7d7ce2
SHA1 f6aeed2d4552fde8f74c5b9a873d3f00d9f5c428
SHA256 ebd8d49ff72af1bede93403eacccb4fd138a61d89de8ef7a6815f849ea573164
SHA512 e5dfd3a98c7d06ab126e505756d8a0102f2dba5956cc196fccbc664cd1e2c9d8c6fbfb167509eb7ee024af879ae592b0195efb49b7446c93ceb6436e5b66f9a9

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

MD5 4a38c60ddc539e00b1c87692f574930a
SHA1 9276702ccf3c457f17378ea770b01ce577bd5996
SHA256 6bcab2e9b5b097ec22fbdc4101511fdd9a984cf20f2097714477dd1704e5c51d
SHA512 4a99b21a86f5152dddfb849d9da1074019f411c72df201a0cb73b9c79399219b71929e2460163f0a5fda47d5822997126fd5083a215bd0fcfbeb2f7b2b73822a

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk

MD5 b3108994e186bf385062ea4996311428
SHA1 7f79126b1498ff8382c3193a6d4a5504aa7bd5c5
SHA256 bd9f9db7d6ea0682e3e4a0d32e4cd7a64cbe838d56e709a214730529368bb758
SHA512 f8fc6276ccf8c30c848b96e9f8632014dcc121f07be6b9ccc74f86d0d311446c1d1213e9f41fe9f571f35e183033fa04f8086fe54fa3ac640fe887a4ac85e444

C:\Program Files (x86)\UCBrowser\Application\Uninstall.exe

MD5 0a2c658a324e3d9a8ce94caa038f789c
SHA1 b6d223c0501549b09c8fb6f3158e2a01861a729e
SHA256 3cefc87ee4f008f55336b7cf2ec4cd9480249071a72732c230be9e56870cd70d
SHA512 71c556437e4ad8ed44e4241b716d51710eb4aacce44f4d0fe336d97a490a6afb40d98ebce4356743c121c98042ab245073ff39be37def721eecd0336c87147e9

\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome_elf.dll

MD5 f5a1ef8b90b124a9b9cbd78f9709fa48
SHA1 f88d125c1d7a55ed6c98bfb81064a94eed5bef81
SHA256 91f6114c5b2150c1e04ed05425a164418036fab42f11fd5fc6eb2575a7d24f09
SHA512 f24eddcd8a6298b7b891b8a754c9a91b0e32465ac1b289f823cef57f48cd1d42fe7d2628ddd9e09668badb4d85bdafc923fe70ece08970762ed4ca3310955cc9

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

MD5 1f6c6ddf9c2b4b9f6c7acfdac48bf6df
SHA1 f1dcfeb2fdc49ceb07fa0775e975550d9b4aa92b
SHA256 4bb44f376d108f9a6b3f98c1428a6e8193153285d19284d326befe313129c4b1
SHA512 f29c2bce9b73711b69e95afedb76a9a4e26a612df0a6e79424e7ed907ee1f74dc260b1326f8c2520aac8b7ca1949eb8f64ae596e220cd3cb03df475d77c46a47

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome.dll

MD5 da4e53402330683dbef463783d43e99d
SHA1 abe40397ba0e4a9b850473e8fb706900e52ece21
SHA256 5850c625383e042c17399c9477c51c675538118632db152807a8b435bdeee5a1
SHA512 150fd0b47f13431ad8edad58ab5c6cb5adee481cff31b53135cad675cafdae87686fc93bcb564753e3637296107f40aa59eccb6237c3ba38d2f61829339573a2

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\natives_blob.bin

MD5 4d9aff8a5beab7e073410b054b59c5d8
SHA1 aa931b1fcb804b1cc3ebd4388ba4b2c3006dfa3d
SHA256 48c6a9c31422ccf362167313e74f5f829ae8d05f762074ad9be5056a2d6fe2d9
SHA512 6c0e261c1a71afde21788670112a95fc50345aeee430fd605f6e4eef209d5de2b54e015e41562efaaa3db73f208b2b3e6bd55a28b4b437991f57086d7ed4e1d7

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\snapshot_blob.bin

MD5 0ee9915ed70acca6f058c1f3bb302759
SHA1 0cbccd5d03b2dfa9f2d302476719ed949baae4e3
SHA256 aaac4bc49096e95a855d1f49e8548fac08ab92d7da47a55bcf7f7bb5de7aeaa2
SHA512 e2bf7acbb9c858e30adbbe1e76ae3e96a804e598e6d758ec95b7eb49c731e7a8f93190fc6cbd56f1d9ee0ae37114ee743c90b483651dd1bf45443b6d3e4d8d4f

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\icudtl.dat

MD5 de34dfc767739bfd182fc8874ce2b0a7
SHA1 fc8ca7b9fae7c21c0f4c2cca161cf7d457f5df51
SHA256 4d51ee5ebf33149c8891a541d91a7aa5d6cdcee5cb84aa27271b13dda725c1a1
SHA512 8a14d5d065c6ae060ad4b1b2dc0062344137e0b7e715ca57c07d0126d9ab91c0eba1e8a6c5526c7bc2583f626f71351014b3084de6964245496af812565eb8e6

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome_100_percent.pak

MD5 572104052868f41b8ccd82c0a082985a
SHA1 773c981fd33b95f945151763039ee4cdc1517ecd
SHA256 81ee9bcf23bf56616a60f2982fac8b1306e414972b95f0ed9b889b345e16e468
SHA512 2e06e3aa0642286f2d6ee94c3d8c88142c2f3f85547dfe8b97982b101ca185193f2348c83252a62412561e26f6997bd0ac6338ae5e059776a0cee6719892296f

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\PepperFlash\pepflashplayer.dll

MD5 b6fc20161d6f334634436e24fd253949
SHA1 5132d99c04f2b3f158e85e524f16c1db5a781c3a
SHA256 fb20a6705591f0687d5ec9a4d0dc2aa0ec67da78dd5130db5c5769de05194393
SHA512 0fe6c62936a89ad8894943488ba31a185a68d5b6394e414e23002452c0f949f31a4cce16042dc4a46f3f765575eefd68a15f7a34a91ceb6a19529f2403812fe9

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\resources.pak

MD5 8995c5dbc461cc501151da18e1acc4fb
SHA1 17201a9f00b42ee77d4cf96d02848e0339f43fde
SHA256 c1808b5fe3539572a69652006bddfd2b44409a49df66e9964507ab5ca42aae6c
SHA512 7f8f3a49d6e444b02b31464e85e033afb91d3056a8f0726c45f6bc93b9fa06f9f6ed33d81a85d505e02737116a94a504ac781f20350c6dcf56764a3542e99374

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\locales\zh-CN.pak

MD5 17b2bfce4f05fdd3deacee35244bedef
SHA1 0e5dd7c99b0efc8e29049f49d60c86884e884379
SHA256 1257c68222c4bc84e8f7f601a359b0afbd4976b0f52b5440cc7ee0b1d35481dc
SHA512 31ab1f9e5e7e5723f1f69acac9191a35fc781901fcb5880aa1162a08e864902ddabd4700952d0a3d1969fda21b97e59a4e91c64f377489d215c0d84ca7665e47

C:\Program Files (x86)\UCBrowser\Application\Share\custom.dat

MD5 2f70b6c6edc5c39a788e18c6cf9afdc2
SHA1 2b821f081c4223e7332e792b4b20ff0750d12c57
SHA256 a9e1b3c0b4a1332e8162fa45a1a9cb4fb12df0ccd9f98eb88e0daa40d3b40c3d
SHA512 30b80b70e383365b259fccf2705b64c5facb8aa435b870a00fbf12182629a9efc7546b925850316f653beaa603542ae30f4bc922c84d2ee4909b59cf2f780b68

C:\Program Files (x86)\UCBrowser\Application\Share\start.dat

MD5 f80999e486fefce6d8383e7753eaac41
SHA1 e11bdf431e03d020f7ddedfb7299b7e74faaa93c
SHA256 8ad8cddfa2599ff80cbbdf966515d061758996dd01e1af0f56984f1a3899d58c
SHA512 65f24ecf1404a5814d6413feb60010361548022f3ff6ded9504c040a9b9171bfb89b59fbdb6c2711d05bd71ee76c66b41d06db3f6e959a586cef913a10ccf2ed

C:\Users\Public\Desktop\UC浏览器.lnk

MD5 e64569b45d4932782fe71413683715d0
SHA1 9682529fe7ddedf2eb60ea0636611a768726e35d
SHA256 ba6e75eeef62cf5c578e10d007f8ceac3fb57cc9e18ca423f399193064b3331c
SHA512 8d3a26469f0b1166da4322ee2db1bd218787c396ddaaf9239c23936c42455eb79e6e59d36d0024fd1fa8f96a0091c8f2d11669d6d916c9334a6d87480b819a96

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk

MD5 5933866a62c7d0cdcd182ced23b3abb2
SHA1 9211dedec8426aa7f496ef95bda24a68b2356c11
SHA256 4fa07cace8a45b388879d7eb390283074535e5ef544e77592c1c8d22ff4bda29
SHA512 8e13cc58c8516dba70f2fac681688e5341e96e1640336cb5d441a068fe33b3611df771d373691d5d1ea3cd083e5354aa4938b58c7b8e5e89c29c3bf79ddab71b

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe

MD5 1882e8a3013076a821f10dd268f4a49e
SHA1 2602bfa3b318f0bfa4b046cb467ed230b32675d0
SHA256 cab75eff5e0a9bd41dc9d1e1888f06d455225b35cdd815d93673766bcc195641
SHA512 c77939a086cbe5ea7caa4096470c0f7ca831b68990cd0b2e1c0d1f07bffc6e34197b3814e8b0612f6e30eb6a3e28651d4d0437d7272d163a97bb6e8e394c85f2

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\google.com.png

MD5 fd1c0d6a9564ad18c7db41ca68831233
SHA1 e3b2e108f706d5fdeb6bab26952f3026ac1dd13e
SHA256 eb81db9f5f834e01e8952f2567589800287dc634715801f946301f1bb9a269de
SHA512 aaced8dc9555fa2db37283d3809aec9de35b562520870607d3cf74435830a44ca272fc06dab04adc45f7c26ae27ff8f518aceea55440f154fe195d4823b37f02

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\etao.com.png

MD5 cb1dadf3436c8e2bd6eba6e75bd54ff0
SHA1 e3282c7c97941bcaf4a7b24003dfed3810dde97e
SHA256 4b95ae0a53611e89bcf3955725bb9e97e6110c41748b72da6e9776fc624782d1
SHA512 b1df1de97b6386b63f51c47d0915a9cb02fd139bbf51268ae6762a9a2b0abd411ef06224445681bfbde2404e0544b61c417ceae2ac8bf4155a91feb609f70ed1

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\bing.com.png

MD5 f06fffc93bf3d08ba0c71d27b5e4335b
SHA1 c55c2bc1ce66ef2b8f908e2b76f339d54059c5c1
SHA256 d17c66e0c39382521aad834bbf7f1409b62beb41225776c4050e42a118e63ab5
SHA512 887007ba99c8b0fe64c9ab3c8458809b71f27ea5d8a961c39c6447fdb2bb73f0f34a7e76a6a543026d5b9816f43deb6fbd1007521e606b411b7301dea36df3d5

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\baidu.com.png

MD5 a22364bc92dc3a1f3d4c89ee1ee89c24
SHA1 d2d247787cb4362b95c1080437399c937e357c5f
SHA256 0a990cc8459b76198cb42f47f6b3effeff33092f4e20618e5938f2cdae23b9e2
SHA512 a1534a684dea9e5bc3b55930c4c80eb4f7b4405e4e7f0cbe6583f8f8bb9f34888bdafad4b8678ad5e97a9d79b045b2f53ef7d631ea91f417c074ecf37f898b78

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png

MD5 0a9fc68e2274bde4fb70935c0f676b00
SHA1 f6b5f67d004ad2829fb1de8e16343be7151b98e0
SHA256 a14dcf03c3b36f11cdf688be313167eb130cbf52e721e67d4fef8f535a8a2e49
SHA512 584055d760da5b1819898a4be08c191944c2e19d6cbd62d9146deff3f4bf445c41316b6b1cab1580b53a9cb449008a25cb85325fc802790960437e2fc2462cc7

C:\Program Files (x86)\UCBrowser\Application\Share\icons\marketing\1001.ico

MD5 4c6695fdb42d78ce9627280bec0abe35
SHA1 24926125d6e04d4f1074b6ce8e29cc503a708899
SHA256 8425eb2fdf398f0ee4e922ceec61e55ec812a3dae3572e67750367aa869d52ba
SHA512 0ff06b5c96ffb4a8fc5ec6fb110bbdc6ee22c6541cd9c4a9e2f91754e6b83f1e1ceca5ce7dc8b011a7caa1d5109e1ce53752ae51fa7fd478aa3c1a144f012c3d

C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\weibo.png

MD5 11b4bab51c09f5a1d733085b334b3056
SHA1 b6eb762070e23c5b86675f6b0f46c8ef60f21ddd
SHA256 4f6b32b8a4d942393a1138715b2fb89a49d1d91ecc73be3eb4b3a466474f03e5
SHA512 b76196785fa98e6420e086778695dbe9a16a217e56dec19f426980e6ad768ba2d80d7d594293c94d7097191bd3053926477e2f8a858edd59728205457e1cb3cd

C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\taobao.png

MD5 179d77b169bd715167fd0f6927808b62
SHA1 3f12c101f6129676f2029a70bf5ae78b524a0cda
SHA256 ba9d78dbc4207d5d61e9fc42dbed28cebde243179f7625d6af23a10c21678962
SHA512 d8156c9a5a6fade547c235b9b77afdd1c16bb62584f1bca0dedaeb48d80a2551ba9c232aa4e5a22fc66dc2166b060912947acedee6a6f1bf43a8d630f0ca74a7

C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\qq.png

MD5 c6c6cdf8179fd3360e2dd60dc8b3b0ec
SHA1 850caf5e4114fcfe18f57e5d82cb83f9ed6485b1
SHA256 4e5358357544531a5deb98b8170ce86dddc62d820632fd6341fdc5e2fa7a4176
SHA512 08d5ae337ca47e44a8126aff0bc47f3382e131fa34261619097afe5adbda92a7e8d4f77b324b8aa20fd91fed323d2ffeed3be80212bd1912f2e5d7e91439bfdd

C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\alipay.png

MD5 de2786e2dc5852dccde9cc1eee3b7d00
SHA1 1fecc23e53be721e3e2bd2d6e8d60936102ecbbb
SHA256 b2693209b430c72a74e34c732a14ddd99a5efae9c70ab7b367d72a39ca44e9f4
SHA512 268e764e457bcd97bc0ea8283394cfabc5ce28792a0ca13ae4d882bbf5893be5d2d3468e17d36d453bcc3d17b0260fa39635a16168698011170340c7805f91a2

C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\renren.png

MD5 d542cd4d121465265415876a13c8e6e5
SHA1 e049a1e6202a7e174ff742bfb2a25f0f729edf8f
SHA256 0fc53be0beff5dbc4a762c19f983ebd0a0bba8239cd052c3990793de457ccb24
SHA512 fcfe6b77aba31a8ea729383653081ff5f8285ad644079e908f4e137db57bc635989332b682f26ddfaa04dcb9d95694a2e40cc4ac47ccad4aafb0f14a42fd329e

C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\noads.png

MD5 d8168d458a998ba7ff997e5ba43c76db
SHA1 930f783e525a44cf695ed2fdc0c56e331d6862b8
SHA256 a35575fd03c30814af7bc6b259f7f51dd75a2c780c6f0ed6602abc55afd2130e
SHA512 f74387986dc60a40961420129fb051d37ce7d75a8ec4f02159e53bf2828f25aeab562ee72537abdd32ab19fd25e3df26f9f89a2334c62d23815e44af31c3ccb3

C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\tmall_points.ico

MD5 f980ee0aee951b86db85137ec027e491
SHA1 5ce8ca7db87622ec9bf14adb8e55a31f098fbe37
SHA256 1a430c23e1f9f79cb88ef4d532a70dde6aff7dfd03adeae9461b559a7641b8e9
SHA512 5b275e299c9bf250a5c3479fb1cf370a648e81dce74833256cfd0bc3c30db557edb363caafb1ff3d3a56995a78c920e2be6c1587177677908c1557e271784f52

C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\facebook.ico

MD5 29caceeded110cf5cdc6b2837f34f703
SHA1 c5d0fe9def646afd04a4b0f4c5a39a881e4c3624
SHA256 c735760b739f5ff8e29c023856d03c78def35ac47914e480c885acf7b18aa973
SHA512 191cfc8dce601577cb4a574693b7709912bf2ed6cd891b31981f27ec2aacef0ce72459d213d132ee53a46c5d76510639260365b001fdfe1186719e99873a857d

C:\Program Files (x86)\UCBrowser\Application\Share\config.dat

MD5 3fe2cf2c76c606f049b9f3f11837723d
SHA1 18215e2aa3c15183d6d91e2a4123b4d98691249b
SHA256 d224be4368e36092c261c3a57d5c66a52c8522699b8324dfff2e9e4a4662f072
SHA512 86deacccc789288085fdfbd9b5001024b9ee3d4d2d4b918d71af732f9b9c0532a8cab7bc0e002fb7e7425c8e26748100e2da91fe3f1fcb124a6003d15487e267

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\uc123.png

MD5 b3d961de8896d4d6e8159d6b6a6e7729
SHA1 f8d468a11da8e9f136fa54c043f5de5ebcdd62ff
SHA256 b864bd7ceddfa3c715c4befd29631bf2f6c55eed4fd5d3428eb27404af4b5129
SHA512 b441debbfe22afdc63e2ab2c0c9066c9ac5013381337d0c6c396da36be07eac906551157297965557484ef23460929c1033ea338ec06b3cadf929f0ec61bcd43

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\taobao.png

MD5 0870184d9d62fc6ea09f661ce759a680
SHA1 7a3be4d085398b2fea068a55892518f5092b84dd
SHA256 ef63a5515e3b3d09a9977b78304d0e45d76da3614f230c233441b34c62f00a05
SHA512 124a9157c8b447794f4745edb752091ac809e4d39fdb34b65c06c72c08c4be3a157c0741785881c93a139368b92990f7a445e3ad75c80d84ffcf5843a35481fa

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\pp_helper.png

MD5 4cc9b59697f7564731e8c506264f3bde
SHA1 cb9d1f897620da72c4cd3cf3a5f4712f509ab5ee
SHA256 feaa5ce8f86ee0cd34821b48cf76e330a620bb4045290891a0c8edb42054db8a
SHA512 5480d0c7c815e95500790d6a33a32058a75f3369d2ab80be0fafad78d7767ea6d41ded7d405e5ff6473c5d84bf24beabc81f5b3e59b644adb04fdc95ee48bae3

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\baidu.png

MD5 d390c92daf6ec52215544827f405a79f
SHA1 077cca8c1d73bf05c1f4001893642f4ea28ed454
SHA256 611e5b35b3f35e6e8084ca7f71f9d22f141ee8a60f62e00ab15be721a3852cf7
SHA512 0af5aa486487510ee280cc99b9547214df43e32bbacb6c933bf9d10fef72afc5c4a23fcb2e3db83231ba934a174fc535529ee88cd6ad3474691a2b779211f3ad

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\amazon.png

MD5 9fa7deb1ec538c30eff038daed4814dd
SHA1 71a3bc8a736c93812b06f66fb7b2e522d18d6b1f
SHA256 6e8bfc1ba4adabafb14c021a16d865253110dea7933658aabda0403d1f729cbb
SHA512 669c115ca531a94e522aa9f8f81422f6b5c16d51fad41d073c38f50ca6a50d0d5e6c2f1d9115aa06c68f4345bc3c273f558cf665681c10f113374e5a34dcd0c7

\Program Files (x86)\UCBrowser\Application\5.6.13381.9\libucguard.dll

MD5 ed96f14e32bb351ca7070c217a781f2d
SHA1 c8d0a14318db2b1ddc49313e69bdc662f699cdd2
SHA256 3f7efb52ac4e2187d145f29f4a06fb439009da0f1b133a3bb917cac4ac3efe53
SHA512 e371edc53de44cbef31d18ebb46a44321a7e21639ea56ca65c7ba1c1de583dd9d86e38e11ee6bf4d40bf47a8d28889ea8569f5f99a6582903a85aefd97cb92c9

C:\Program Files (x86)\UCBrowser\Application\ucsvc.log

MD5 b6b8d856163380571bb61087358354bc
SHA1 2bff75e2d73c8332aef1792e65b70f7426e80f23
SHA256 e8be04b88faea8376cc8b8f658242438d44abc7e1f1f60debaba4acd0019e707
SHA512 1ce05aeb3b79c4fe4235808b49479fd3788cbfc76af5bb37b0bd39ce2b481c739a2956d0df42e15ec6722d2a808ddd66abbbb13c64cfaa6254dc1696a47ca521

C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Windows\Temp\Tar73ED.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

memory/2896-328-0x0000000000760000-0x0000000000761000-memory.dmp

memory/2896-381-0x0000000030E00000-0x0000000030E01000-memory.dmp

memory/2896-380-0x0000000014500000-0x0000000014501000-memory.dmp

C:\Program Files (x86)\UCBrowser\Application\Share\ucsvc_config.dat

MD5 c47d884b0c0be4a2f8ae1db1ca068968
SHA1 b7a26da669c09a19f97b61b82ca47975cd2d7979
SHA256 6d113a63f1e577de338580cf3c9de4a37f3112657ed8591d9dea24fd28cc435b
SHA512 0e6da50b47c47b78a061e9d265481316dff470d620605febbc5a53be4caac3b820e26768eab083b882e7e872aafa8f28412c0989e83cfee0edb2f6f165733af9

memory/1680-436-0x0000000010B00000-0x0000000010B01000-memory.dmp

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Local State

MD5 3b9d519c1622546a1d97ebc46954457f
SHA1 bfd6eb653013ea8fcbf8f2a82898429fffe61d90
SHA256 edda806df70e8667eecf1c641a484c442d0c0bc3b5c3fff61dad655878411c0d
SHA512 2eed532e2de4fcf91ba400d23fcb10446f7f6e19354fc31853cb8a8940e139cccadc0d0e8b60c88760488787dfbaa14d4ba305ed59480b305ad78dc1b7349675

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Preferences~RFf769c01.TMP

MD5 6e25eb146c7a16a2ca60e88d90d59e14
SHA1 d6febaf50034094da7b24926b1565f433846be06
SHA256 9b2f7bcf8bd9155844395b8f2f1c5c09323f87a45fcf7ce11e731b6e4f881fc8
SHA512 58744a0606d679656cf83e431a1f67d5f03363ec1f622f40d477b8a836e538d11448dd57f4a750c064f7f4057c598c08a696ff393cedfc9d1e8a5b3b8e437d68

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Preferences

MD5 1f9d7f7ebe83036d4c003a2de9c362f8
SHA1 14019dd722ed9d0fc2b98748bdbcc21306c57316
SHA256 9fa25059f3747522167edf466b466ebefe5619a7e4374cd2de79a770a5e140bf
SHA512 0358f1d69579a79a5cfcc44ac48460e99c3fdecd16eb3a92eebc585513a3af2f902ed8f0effc72a009345c732a15c9f8f8757134680a964ea49709e3a32fa385

memory/2708-639-0x000000003C400000-0x000000003C401000-memory.dmp

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Extension State\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/452-726-0x000000002FC00000-0x000000002FC01000-memory.dmp

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Local State

MD5 074b8cf21678fce8375d567e2f1bdc11
SHA1 921a00a54e1520c3fe02e3748bb947a39cb93c43
SHA256 3841af12e54a31b49db6612285571612cb924bbc1221290ecc1d663289a3212c
SHA512 582e963354c01fc9049255d08d8ad2a707f7cf727e8091d9e228522d3ac2a3c2f50f804eda402369b3b4eb3a62fe9b1a854b592238b3aa5a8f74ded5c2f380e1

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Preferences

MD5 39a9bcbf303bd10135d27ef79b9066db
SHA1 ace5fce9eee1d94e76c0d7d907bce85b5ab7c501
SHA256 f14a7682273d941a9c0fead3ad4316f99bd4fceacbbd128fe3ae447b61cfeb62
SHA512 24d77dbe24e6ed7fffe5e2034f7ae7696fe4d5ddc30100312c66ebf97e1f8606111f9e13bd03f6bca630eea47df0eef31e78ea0becf9fb61a8964542d1fc3435

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Local State

MD5 2d319a06bab01d28515c04ff09534cf1
SHA1 2ab62ea39b03772baaac2ea25b1088be9c959db3
SHA256 78ada2444144306e5fb55810bd84b02e8f97dc130fca8ee5ed40637eba031a45
SHA512 06651c5394096268d1dae11e1e3c3880ad9e9832acfccf703cc84be7e954da6123c8ab339e8a52152b75adad8ff17e3d71f8aa0d380a6a7ae4296310cd09f438

C:\Program Files (x86)\UCBrowser\Application\Share\task.ini

MD5 aea2dc067cd94c193c7c9848d0b8d845
SHA1 683b53a9fa7ee891fca23787f0ee58f15992c6af
SHA256 904427d7b3f6e961a7d9f5f1161448b436283ba9c1835f9ef77885b96100c20e
SHA512 2729df0330c4b16e3d74c3a074079ae4f5b8c910ed792618096f6dd515c851f5d31cc03cf778be6641b3ee419ae994c0a907dcc67310299c1bc8c5f8b0670653

C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\scoped_dir_2436_3996\share.dat

MD5 a9a40d4eaaca29a2d669074a6b3720d6
SHA1 cf5c21e6f0cb8caad6001f4176d53062de54aba6
SHA256 27929cf493b7ff7517488c07cc8b74d5de065017401ce23a6267c763157cac9c
SHA512 9c49456780063a2fe956b9792ef41caa452c39fd71af34d169e9e924daf801fa9b09204ae099a921af5247a8f41f46a1d79f845fe5cc2b75434952b049aff896

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\TransportSecurity

MD5 0a402fa0e69edd5eecb93f17482453fe
SHA1 b486168bee8aa67655698ed43e335b11f3a3d25b
SHA256 bba74f33f409a7f1c95035b64a6ed363fa933f1f625073178b87ab0f9fdbce95
SHA512 913444502998f2ce9aeb8345d1f201de600f7570a2d4ab11cd78bc5dcab42202cbf16a2042f38276d0d55d3e9a3d15343c4abb7a2ea9b24c5092a25b64e8d455

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

MD5 e5771e0ab8289c1fb5022fe04fd4356c
SHA1 8e7adcd30b3047c435dc1d68016bd4402b5a7ec3
SHA256 32ce18472f29d32b872430521da96f66f0cc0c385c82e524c7daf20095875581
SHA512 7ca65c1269dc242c446ea31627048fb167239b39053c458e5e87d0f1d05f340e8b031f6e70f2bc424ce39b33e8ecab501fc731a727c8720e0e91796b15806ede

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Local State

MD5 e74eaf6ab523b9592c4a76d2810da464
SHA1 4c4ec954c2a8f5a82cb52a4644876db4bc523e62
SHA256 a85c4950a5111401cd8a85d9d8bf52ea4544b486f45af62bbba33f477e08f5d6
SHA512 09fd716e068f64451a13f3cbaead750f33349d4597d328eb411cca4b4d740fc781efba65a871b67cfb6d4e7ab2dc3d38eef5e5775c100bac79ce9fc7fc164900

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Preferences

MD5 f43fe1e00b979e4732906e1e842e1991
SHA1 e5043a7cd95c3dc5ba1c16178c44e74d3e02b72c
SHA256 f38901b622241f5c023378830fe1d35d5273ae651c53a81755cdbbf63a345fc8
SHA512 50d03675bc28b6d793769b6cb4620fd139dc047cae597359c94a0f4c57c4e36fabc4608da51c8504336702c714e96d7f6e4dd3d3fd7a37cee7d75452c8c450bf

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\TransportSecurity

MD5 7897355a557cd90cad46b4d983a1507f
SHA1 8b49ec7575304c149bf62338643bcce4aba139c6
SHA256 e84c4f31f07c2ee01bce78762645d567a6bb802cee18ca6acb1b59854789329b
SHA512 befc178303143de8de77701be2009300120e81930fa9ed9677f73126268c36eab22c986bf1031d10f3bc46dfa88fbbd337b6aae70748c8ed4357acee354024d0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 09:03

Reported

2024-06-03 09:06

Platform

win10v2004-20240226-en

Max time kernel

154s

Max time network

163s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\ucguard.sys C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\UCGuard\ImagePath = "system32\\DRIVERS\\ucguard.sys" C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A

Stops running service(s)

evasion execution

Reads user/profile data of web browsers

spyware stealer

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9} C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\ = "UC浏览器" C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\StubPath = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\5.6.13381.9\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Localized Name = "UC浏览器" C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\IsInstalled = "1" C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Version = "43,0,0,0" C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\es-419\config.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\resources.pak C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\win10_200_percent.pak C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\Share\target_locale C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\extension\renren.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\ucsvc.log C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\es-419\share.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\es-419\start.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\UCAgent.exe C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\UCService.exe C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\Share\task.ini C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\chrome.7z C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\PepperFlash\pepflashplayer.dll C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\login_view\qq.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\delegate_execute.exe C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\searchbar\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\extension\noads.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\pt-br\config.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\id\start.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\config_updater.dll C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\share\ucsvc_config.dat C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\natives_blob.bin C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\ru\config.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\en-in\start.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\chrome_child.dll C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\UCBrowser.exe C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\config_updater.log C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Extensions\id-ID\external_extensions.json C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\5.6.13381.9.manifest C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\searchbar\bing.com.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\searchbar\etaohaitao.com.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Drivers\ucguard-x64.sys C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\0\remote\0_beta_chk.xml1.size C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\ucsvc.log C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Update\curl-ca-bundle.crt C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\ru\share.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\start.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\chrome_elf.dll C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\desktop\tmall_points.ico C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\new_tab_search\etao.com.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\searchbar\sogou.com.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\chrome_watcher.dll C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Locales\zh-CN.pak C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\new_tab_search\google.com.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\wow_helper.exe C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\UpdateState.xml C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\bookmarks\baidu.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\Share\share.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\jobs\count.ini C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\config_updater.log C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\UpdateState.xml C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\chrome_100_percent.pak C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\login_view\alipay.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\master_preferences C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\0\remote\0_beta_chk.xml1 C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\custom.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\id\share.dat C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\wow_helper.exe C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\login_view\weibo.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\new_tab_search\youku.com.png C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\scoped_dir_1040_32702\start.dat C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Tasks\UCBrowserUpdater.job C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File opened for modification C:\Windows\Tasks\UCBrowserUpdater.job C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Enumerates physical storage devices

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\shell\open C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\AppUserModelId = "UCBrowser" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.WEBP\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell\open C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\https\shell\open\ddeexec C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTM\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.CRX\shell\open C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.shtm C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTML\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.MHT\shell\open C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.SHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds\UCHTML.AssocFile.HTML C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\http\URL Protocol C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.XHTML\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.shtml C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.htm C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\UCHTML.AssocFile.SHTML C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\CLSID C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.XHT\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHTML\shell\open C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.WEBP C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\AppUserModelId = "UCBrowser" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTML\shell\open C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHT\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.CRX C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\shell\open C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\UCHTML.AssocFile.XHTML C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\Application\ApplicationDescription = "UC浏览器是一款快速、安全的通用浏览器,采用Trident和WebKit双渲染引擎,从快速、安全多个方面进行优化,为广大互联网用户提供更好的用户浏览体验。" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.WEBP\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\Application\ApplicationCompany = "广州市动景计算机科技有限公司" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\UCHTML.AssocFile.XHT C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\Application\ApplicationName = "UC浏览器" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.HTM\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.SHTM\DefaultIcon C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.xht\OpenWithProgids\UCHTML.AssocFile.XHT C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTML\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\http\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,0" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTM\shell\open C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\Application C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.CRX\shell\open\command C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\http\shell C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.xhtml\OpenWithProgids C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTM\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.shtml C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\http C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ftp\shell\ = "open" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\https\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.SHTM\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\Application\AppUserModelId = "UCBrowser" C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3800 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
PID 3800 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
PID 3800 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
PID 3800 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe
PID 3800 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe
PID 3800 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe
PID 3084 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 3084 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 3084 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 3084 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 3084 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 3084 wrote to memory of 2908 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\sc.exe
PID 3084 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 2984 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 4212 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 3200 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Windows\SysWOW64\netsh.exe
PID 3084 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 3084 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 3084 wrote to memory of 3156 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 3084 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 3084 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 3084 wrote to memory of 2620 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 4472 wrote to memory of 924 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe
PID 4472 wrote to memory of 924 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe
PID 4472 wrote to memory of 924 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe
PID 3084 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 3084 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 3084 wrote to memory of 3968 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCService.exe
PID 4472 wrote to memory of 4756 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4472 wrote to memory of 4756 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4472 wrote to memory of 4756 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 3084 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 3084 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 3084 wrote to memory of 3804 N/A C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 3800 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
PID 3800 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
PID 3800 wrote to memory of 3404 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
PID 3800 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
PID 3800 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
PID 3800 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
PID 4756 wrote to memory of 4388 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4756 wrote to memory of 4388 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4756 wrote to memory of 4388 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4756 wrote to memory of 1292 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4756 wrote to memory of 1292 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4756 wrote to memory of 1292 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4756 wrote to memory of 3636 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe
PID 4756 wrote to memory of 3636 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe
PID 4756 wrote to memory of 3636 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe
PID 4756 wrote to memory of 4880 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4756 wrote to memory of 4880 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4756 wrote to memory of 4880 N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4472 wrote to memory of 2304 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4472 wrote to memory of 2304 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4472 wrote to memory of 2304 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
PID 4472 wrote to memory of 4412 N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe

"C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe" --sync=http://www.uc123.com/guide/install_blacklist.php?ver=5.6.13381.9&bid=800&pid=4681&mid=78c6bee639ce52a423d42e02d4d2a7a7&midex=d8a5806261aa7532747ac476a9d7f9d5v00000029736e110

C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\CHROME.PACKED.7Z" --system-level --wow-bid=800 --wow-pid=4681 /s --wow-auth-url=http://www.uc123.com/guide/install_blacklist.php?ver=5.6.13381.9&bid=800&pid=4681 --wow-customized-theme="Share\customized_theme.crx" --install --wow-install-target-path="C:\Program Files (x86)\UCBrowser" --wow-participate-eip=default --installerdata="C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_16213\wow_installer.prefs"

C:\Windows\SysWOW64\sc.exe

sc.exe stop UCBrowserSvc

C:\Windows\SysWOW64\sc.exe

sc.exe delete UCBrowserSvc

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="UC浏览器" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="迅雷云加速开放平台" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="UC浏览器" description="UC浏览器" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" action=allow

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="迅雷云加速开放平台" description="迅雷云加速开放平台" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe" action=allow

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --make-default-browser

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --install --start

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

"C:\Program Files (x86)\UCBrowser\Application\UCService.exe"

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe

"C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe" --normal-stats1=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkXnwYG9IEV4QQ2rgGhNFvsGtV/V70V97FG4b3VkpSVzBDyUo+eYPM0UUSPfdtRhiAVXvRmvs59bAZ0ZGX/fkBEA6nL99WHY71Y61iQlLL6iFCgtXqUKt3gKSNyCCHisZAWYtc+MVPPcUdYVfFlO30JULtqiw76CHQJ8atYLkprTV7DHAYnaye9BwuIXSO6nYALaCKnAjrM1AhDsbkNzuPAcY0hUkCtETByzJNZBVgAIApn6jfQwD59bmlM4fzlclRRNs//2ATQpUCwdkWfuPWVA/HpW8tYvolz1m6ZhygC0AtN247rpBAkDGpFqOMkb3BQLHwniw1jFH99UknBhYBVX7MV4DElmeFxybzw=

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --as-current-user --run="\"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe\" --wow-enable-user-experience=default"

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-enable-user-experience=default

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater /AddTask

C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe

"C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe" --normal-stats1=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkzeleiEL3HhSjbfO1t//Y1xpyfn32D5oyTd40BAWVXXe9bGAcZLADBzZgfYXOKZImsBta+c8qMIUFwlKLeX8GlYotI1NNZsThWJQofr9kasXoL1VGr3k49HJTAvpOzcuLF0ReMh37+Z7lnRs/vANyDyoDIMaDcuBqv19t+bItpjx8AHkQBF3QbaadY8zgxPtdIgcjQWD3qU2xTo2o83ffz979AHUyndxev7SBSJWpM+4sDwsFAEAk+/STbkprh1e+JgkDQ29H4NhRgb07/I6qbZ/Jc= --normal-stats2=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAn3em9d1L38WGTbVKv1/6a+TpxOJsGeT7LvW8C8LX0mtJNQ53dhKfpt6K+/xna90278OwlBj9ZWijFZJtW+Q87TGo9Udi4H30xjZaHhGoFSQVc+53BSrDJ6vLXhU7Os0bLN2izah3OIsaw4An36Ynk11/5MvyHFIB0r1EN6ALH52hJSnoFcFfDqYbnhEdVXWUQQr67PsB4xffBmZFOFw9xW/4iA7TT4stv/j0u7BWhyhM9djRcwZc9NbSbx2M+HsgURpd49648WxyxnZceLTB6iSzA+cANwhqX+73Arc --normal-stats3=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkPtLTO/PumqQwdHTmlBzRcfiXdx5rMBwk+KK2N8nfU7HStjbPz2GEcOMz9hYojp3BGrBW3dZYt9F/cNPw8vMIEQOhJth1+ELURwGmpRYHa+OBTlas9MG8YkirhkEKC8PC3ApWeWmnemewSpYn3yxwZwUsJm4dg2qySWnmArMlozd9CHYatEpR1jaM45bAIf/2w+onK7bKJlYPOgKcMDnYBJg/A7HORlIiY+8H3HgIOwKHrAIgGjaopoEp4jjtC1YzqI0DwVbZbeZJHDbpJTPlmbEnU+KCHc9pIeKDXnXESTjsB6ZRIRAgLYsGwrr/6goplpBmsFyllakCFLLq78v9bArHsQDcLNP9a/DX2eejZEwzb3QA==

C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe

"C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe"

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="4756.0.360111259\1307071554" --no-sandbox /prefetch:673131151

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="4756.1.153352751\66946719" --no-sandbox /prefetch:673131151

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe

"C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4756.2.1847792625\467978933" --lang=zh-CN --no-sandbox /prefetch:-645351001

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-warm-up --silent-launch --wow-auto-close

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --lang=zh-CN --wow-warm-up --wow-silent-launch-child-process

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="4756.3.548277946\816339599" --no-sandbox /prefetch:673131151

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4756.4.2070978216\1731741190" --lang=zh-CN --no-sandbox /prefetch:-645351001

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="4756.5.348910887\1453811251" --no-sandbox /prefetch:673131151

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" /addtask --type=wow-config-updater

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater -CEnumUpdateMode:UpdateMode_AliImTimer

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -cenumupdatemode:updatemode_aliimtimer --type=wow-config-updater

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4756.6.201181751\603939391" --lang=zh-CN --no-sandbox /prefetch:-645351001

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.uc123.com udp
US 163.181.154.232:80 www.uc123.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 232.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 mmstat.ucweb.com udp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
US 13.107.253.64:443 tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 163.181.154.232:80 www.uc123.com tcp
US 163.181.154.232:80 www.uc123.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
US 8.8.8.8:53 down.up1.uc.cn udp
US 8.8.8.8:53 tbsapi.browser.taobao.com udp
US 8.8.8.8:53 g.tbcdn.cn udp
US 8.8.8.8:53 img.alicdn.com udp
US 8.8.8.8:53 tce.alicdn.com udp
US 8.8.8.8:53 spirit.browser.taobao.com udp
US 163.181.154.229:80 tce.alicdn.com tcp
US 163.181.154.229:80 tce.alicdn.com tcp
US 8.8.8.8:53 image.uc.cn udp
US 163.181.154.229:80 tce.alicdn.com tcp
US 163.181.154.236:80 image.uc.cn tcp
GB 163.171.129.138:80 down.up1.uc.cn tcp
US 163.181.154.230:80 tce.alicdn.com tcp
US 163.181.154.230:80 tce.alicdn.com tcp
US 163.181.154.230:80 tce.alicdn.com tcp
US 163.181.154.230:80 tce.alicdn.com tcp
CN 59.82.9.157:80 spirit.browser.taobao.com tcp
CN 59.82.9.157:80 spirit.browser.taobao.com tcp
US 8.8.8.8:53 ip.taobao.com udp
US 8.8.8.8:53 alimarket.taobao.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 229.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 236.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 138.129.171.163.in-addr.arpa udp
GB 163.171.129.138:80 down.up1.uc.cn tcp
US 163.181.154.232:443 image.uc.cn tcp
US 163.181.154.232:443 image.uc.cn tcp
US 163.181.154.232:443 image.uc.cn tcp
US 8.8.8.8:53 230.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 clients3.google.com udp
US 163.181.154.200:443 alimarket.taobao.com tcp
US 163.181.154.200:443 alimarket.taobao.com tcp
GB 142.250.187.206:443 clients3.google.com tcp
US 163.181.154.229:443 tce.alicdn.com tcp
US 8.8.8.8:53 browser.taobao.com udp
CN 59.82.121.55:80 ip.taobao.com tcp
CN 59.82.121.55:80 ip.taobao.com tcp
US 8.8.8.8:53 g.alicdn.com udp
US 8.8.8.8:53 56.94.73.104.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.154.181.163.in-addr.arpa udp
CN 59.82.122.61:443 browser.taobao.com tcp
CN 59.82.122.61:443 browser.taobao.com tcp
US 163.181.154.229:443 g.alicdn.com tcp
US 8.8.8.8:53 track.uc.cn udp
CN 123.182.51.94:443 track.uc.cn tcp
US 8.8.8.8:53 log.mmstat.com udp
CN 123.182.51.94:443 track.uc.cn tcp
CN 59.82.33.227:443 log.mmstat.com tcp
US 8.8.8.8:53 uc.ucweb.com udp
CN 59.82.33.227:443 log.mmstat.com tcp
US 168.235.206.1:80 uc.ucweb.com tcp
US 8.8.8.8:53 ucus.ucweb.com udp
US 168.235.206.10:443 ucus.ucweb.com tcp
US 8.8.8.8:53 1.206.235.168.in-addr.arpa udp
US 8.8.8.8:53 ws.mmstat.com udp
CN 59.82.33.227:443 log.mmstat.com tcp
US 8.8.8.8:53 fourier.taobao.com udp
CN 59.82.34.234:443 ws.mmstat.com tcp
US 8.8.8.8:53 10.206.235.168.in-addr.arpa udp
CN 124.239.14.250:443 fourier.taobao.com tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
US 8.8.8.8:53 acjs.aliyun.com udp
CN 59.82.33.227:443 log.mmstat.com tcp
CN 203.119.175.231:443 acjs.aliyun.com tcp
US 8.8.8.8:53 gtd.alicdn.com udp
US 163.181.154.229:80 gtd.alicdn.com tcp
US 8.8.8.8:53 afpmm.alicdn.com udp
US 163.181.154.229:80 afpmm.alicdn.com tcp
US 163.181.154.229:80 afpmm.alicdn.com tcp
US 163.181.154.229:80 afpmm.alicdn.com tcp
US 163.181.154.229:80 afpmm.alicdn.com tcp
US 163.181.154.229:80 afpmm.alicdn.com tcp
US 8.8.8.8:53 su.bdimg.com udp
US 8.8.8.8:53 gw.alicdn.com udp
CN 203.119.175.231:443 acjs.aliyun.com tcp
US 163.181.154.229:80 gw.alicdn.com tcp
US 163.181.154.230:80 gw.alicdn.com tcp
US 163.181.154.230:80 gw.alicdn.com tcp
US 163.181.154.230:80 gw.alicdn.com tcp
US 163.181.154.230:80 gw.alicdn.com tcp
US 163.181.154.230:80 gw.alicdn.com tcp
US 163.181.154.230:80 gw.alicdn.com tcp
CN 60.188.66.49:80 su.bdimg.com tcp
US 8.8.8.8:53 618.tmall.com udp
US 8.8.8.8:53 click.aliyun.com udp
US 8.8.8.8:53 c.duomai.com udp
US 163.181.154.229:80 gw.alicdn.com tcp
CN 60.188.66.49:80 su.bdimg.com tcp
US 8.8.8.8:53 cn.chinadaily.com.cn udp
US 8.8.8.8:53 fanyi.baidu.com udp
CN 59.82.122.61:80 browser.taobao.com tcp
US 8.8.8.8:53 fanyi.youdao.com udp
US 8.8.8.8:53 dabai.pc.ucweb.com udp
US 8.8.8.8:53 gad.netease.com udp
CN 59.82.33.227:443 log.mmstat.com tcp
US 8.8.8.8:53 huodong.taobao.com udp
CN 59.82.122.61:80 browser.taobao.com tcp
US 8.8.8.8:53 mail.163.com udp
US 8.8.8.8:53 mail.qq.com udp
CN 106.11.149.27:80 dabai.pc.ucweb.com tcp
US 8.8.8.8:53 p.yiqifa.com udp
US 8.8.8.8:53 pvp.qq.com udp
CN 106.11.149.27:80 dabai.pc.ucweb.com tcp
US 8.8.8.8:53 qq.ip138.com udp
US 8.8.8.8:53 redirect.simba.taobao.com udp
US 8.8.8.8:53 t.shuqi.com udp
US 8.8.8.8:53 www.kuaidi100.com udp
US 8.8.8.8:53 www.taobao.com udp
GB 79.133.176.221:443 www.taobao.com tcp
US 163.181.154.229:443 gw.alicdn.com tcp
US 163.181.154.229:443 gw.alicdn.com tcp
US 8.8.8.8:53 221.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 gateway.browser.taobao.com udp
CN 59.82.121.73:80 gateway.browser.taobao.com tcp
CN 59.82.121.73:80 gateway.browser.taobao.com tcp
US 8.8.8.8:53 t.alicdn.com udp
US 163.181.154.229:80 t.alicdn.com tcp
US 163.181.154.229:80 t.alicdn.com tcp
US 8.8.8.8:53 bbs.uc.cn udp
US 8.8.8.8:53 beian.miit.gov.cn udp
US 8.8.8.8:53 business.sohu.com udp
US 8.8.8.8:53 clients1.google.com udp
GB 142.250.187.206:443 clients1.google.com tcp
US 8.8.8.8:53 feedback.uc.cn udp
US 8.8.8.8:53 finance.ifeng.com udp
US 163.181.154.229:80 t.alicdn.com tcp
US 163.181.154.229:80 t.alicdn.com tcp
US 8.8.8.8:53 finance.qq.com udp
US 8.8.8.8:53 finance.sina.com.cn udp
US 8.8.8.8:53 hangzhou.baixing.com udp
US 8.8.8.8:53 af.alicdn.com udp
US 8.8.8.8:53 money.163.com udp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
US 8.8.8.8:53 nbtg2.37.com udp
US 8.8.8.8:53 news.cctv.com udp
CN 59.82.122.61:443 browser.taobao.com tcp
CN 59.82.122.61:443 browser.taobao.com tcp
US 8.8.8.8:53 www.baidu.com udp
CN 59.82.122.61:443 browser.taobao.com tcp
US 8.8.8.8:53 m.ykimg.com udp
US 163.181.154.233:80 m.ykimg.com tcp
US 163.181.154.233:80 m.ykimg.com tcp
US 163.181.154.233:80 m.ykimg.com tcp
US 163.181.154.233:80 m.ykimg.com tcp
US 163.181.154.233:80 m.ykimg.com tcp
CN 183.240.99.24:443 www.baidu.com tcp
US 163.181.154.233:80 m.ykimg.com tcp
US 163.181.154.229:80 af.alicdn.com tcp
CN 183.240.99.24:443 www.baidu.com tcp
US 8.8.8.8:53 233.154.181.163.in-addr.arpa udp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 203.119.175.231:80 acjs.aliyun.com tcp
US 8.8.8.8:53 w.cnzz.com udp
CN 203.119.175.231:80 acjs.aliyun.com tcp
CN 220.185.168.234:80 w.cnzz.com tcp
CN 220.185.168.234:80 w.cnzz.com tcp
US 8.8.8.8:53 tb.jiuxinban.com udp
US 8.8.8.8:53 union-click.jd.com udp
US 8.8.8.8:53 v.6.cn udp
US 8.8.8.8:53 v.qq.com udp
CN 203.119.175.231:80 acjs.aliyun.com tcp
US 8.8.8.8:53 weibo.com udp
US 8.8.8.8:53 www.12306.cn udp
US 8.8.8.8:53 www.163.com udp
US 8.8.8.8:53 p.tanx.com udp
US 8.8.8.8:53 www.1688.com udp
US 8.8.8.8:53 www.58.com udp
US 8.8.8.8:53 www.cufou.com udp
US 8.8.8.8:53 www.douban.com udp
US 8.8.8.8:53 www.ef.com.cn udp
US 8.8.8.8:53 www.huya.com udp
US 8.8.8.8:53 www.ifeng.com udp
US 8.8.8.8:53 z7.sinaimg.cn udp
US 163.181.154.236:443 z7.sinaimg.cn tcp
US 8.8.8.8:53 inews.gtimg.com udp
CN 59.82.31.175:80 p.tanx.com tcp
BE 92.123.51.8:80 inews.gtimg.com tcp
BE 92.123.51.8:80 inews.gtimg.com tcp
CN 59.82.31.175:80 p.tanx.com tcp
US 8.8.8.8:53 8.51.123.92.in-addr.arpa udp
CN 203.119.175.231:80 acjs.aliyun.com tcp
US 8.8.8.8:53 ynuf.aliapp.org udp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 59.82.121.55:80 ip.taobao.com tcp
CN 123.182.51.196:443 track.uc.cn tcp
CN 123.182.51.196:443 track.uc.cn tcp
CN 110.185.108.49:80 su.bdimg.com tcp
CN 110.185.108.49:80 su.bdimg.com tcp
GB 163.171.129.138:80 down.up1.uc.cn tcp
US 8.8.8.8:53 tce.taobao.com udp
US 8.8.8.8:53 extensions.uc.cn udp
CN 203.119.169.82:80 extensions.uc.cn tcp
CN 203.119.169.82:80 extensions.uc.cn tcp
HK 47.246.103.58:443 tce.taobao.com tcp
HK 47.246.103.58:443 tce.taobao.com tcp
HK 47.246.103.58:443 tce.taobao.com tcp
US 8.8.8.8:53 58.103.246.47.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 168.235.206.10:443 ucus.ucweb.com tcp
CN 183.240.99.202:443 www.baidu.com tcp
CN 183.240.99.202:443 www.baidu.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
CN 106.8.130.78:443 track.uc.cn tcp
CN 106.8.130.78:443 track.uc.cn tcp
CN 111.170.25.49:80 su.bdimg.com tcp
CN 111.170.25.49:80 su.bdimg.com tcp
CN 59.82.122.61:80 browser.taobao.com tcp
CN 59.82.122.61:80 browser.taobao.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
US 8.8.8.8:53 update.up1.uc.cn udp
CN 39.108.40.9:80 update.up1.uc.cn tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
CN 39.108.40.9:80 update.up1.uc.cn tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 123.182.50.159:443 track.uc.cn tcp
CN 123.182.50.159:443 track.uc.cn tcp
CN 111.174.9.49:80 su.bdimg.com tcp
CN 111.174.9.49:80 su.bdimg.com tcp
CN 203.119.169.82:80 extensions.uc.cn tcp
CN 203.119.169.82:80 extensions.uc.cn tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 106.8.130.149:443 track.uc.cn tcp
CN 106.8.130.149:443 track.uc.cn tcp
CN 111.225.213.49:80 su.bdimg.com tcp
CN 111.225.213.49:80 su.bdimg.com tcp
CN 59.82.122.61:80 browser.taobao.com tcp
CN 59.82.122.61:80 browser.taobao.com tcp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 14.116.143.105:443 mmstat.ucweb.com tcp
CN 113.219.142.49:80 su.bdimg.com tcp
CN 113.219.142.49:80 su.bdimg.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe

MD5 174d697c06d02aab649bc0f09e70651b
SHA1 1141c6993bc97c35062b95884f0f0f9df256073f
SHA256 0cc1194f5fb42e552affc452cd77710df6acbc8ddcefdafbd79c5a6e693e3a09
SHA512 b6be98658afbaa615c9d1cc4a6e3e4f04be863d974113ac3e930324a651fe98909024a686e12ef143d501ca93e3dff5c36c0af8a75c8a9b29a286f987484eda8

C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe

MD5 a829f040da54dd809731d403ae83caf2
SHA1 f270cb77c6e3697a90c6beaf4a93570ccf48ae79
SHA256 caf89f1dcee6d607630d6da3cd57c6de542509df361f2b19ed1222a37ecbd3e5
SHA512 d771473757f92a66ae66950634c35b285609bee9bb7d63da49cbbc3786a4f497ffd39c50e1a0f34f995d254309113a1ccc4bee6a63da7e9924b7359fcba9ea70

C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_16213\wow_installer.prefs

MD5 fcee2892d47f62139209f80783bc0a8a
SHA1 f3812192dc6d2c18165944ac3e69dcbf49428843
SHA256 37249e0d047c3560897c8cc95e256677664870d5dcd534d0e2cd5e387a70db3a
SHA512 58a9d4d1eed549fba39576ece620fbe03e985b79d3444a318ac2442f2734415a2754207cbe25b60e7633d68c1c11790167b79351a70f636fe9023249d15e6f54

C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\CHROME.PACKED.7Z

MD5 164c0f7abdb4c410e10d6eb79e7d7ce2
SHA1 f6aeed2d4552fde8f74c5b9a873d3f00d9f5c428
SHA256 ebd8d49ff72af1bede93403eacccb4fd138a61d89de8ef7a6815f849ea573164
SHA512 e5dfd3a98c7d06ab126e505756d8a0102f2dba5956cc196fccbc664cd1e2c9d8c6fbfb167509eb7ee024af879ae592b0195efb49b7446c93ceb6436e5b66f9a9

C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\wow_helper.exe

MD5 8ff62237d74496dc73b58598fb934da5
SHA1 6db18def86995e9701e8fe02275ad43d7966efa4
SHA256 5f5b3d29c51b5252e80a8c1ab6a165cfd40383bcfa13594fd4488077e1352938
SHA512 51c82b182fdfebcee6fa1cc2dfeb801a9c8aa65719dc35e6ebade9e0f1adb996181c952d1b3f8347f9304f31d1e4300f03f5d8930cdaa9b81795f5e2873d83b8

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

MD5 4a38c60ddc539e00b1c87692f574930a
SHA1 9276702ccf3c457f17378ea770b01ce577bd5996
SHA256 6bcab2e9b5b097ec22fbdc4101511fdd9a984cf20f2097714477dd1704e5c51d
SHA512 4a99b21a86f5152dddfb849d9da1074019f411c72df201a0cb73b9c79399219b71929e2460163f0a5fda47d5822997126fd5083a215bd0fcfbeb2f7b2b73822a

C:\Program Files (x86)\UCBrowser\Application\Uninstall.exe

MD5 0a2c658a324e3d9a8ce94caa038f789c
SHA1 b6d223c0501549b09c8fb6f3158e2a01861a729e
SHA256 3cefc87ee4f008f55336b7cf2ec4cd9480249071a72732c230be9e56870cd70d
SHA512 71c556437e4ad8ed44e4241b716d51710eb4aacce44f4d0fe336d97a490a6afb40d98ebce4356743c121c98042ab245073ff39be37def721eecd0336c87147e9

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Configs\zh-cn\start.dat

MD5 f80999e486fefce6d8383e7753eaac41
SHA1 e11bdf431e03d020f7ddedfb7299b7e74faaa93c
SHA256 8ad8cddfa2599ff80cbbdf966515d061758996dd01e1af0f56984f1a3899d58c
SHA512 65f24ecf1404a5814d6413feb60010361548022f3ff6ded9504c040a9b9171bfb89b59fbdb6c2711d05bd71ee76c66b41d06db3f6e959a586cef913a10ccf2ed

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

MD5 1f6c6ddf9c2b4b9f6c7acfdac48bf6df
SHA1 f1dcfeb2fdc49ceb07fa0775e975550d9b4aa92b
SHA256 4bb44f376d108f9a6b3f98c1428a6e8193153285d19284d326befe313129c4b1
SHA512 f29c2bce9b73711b69e95afedb76a9a4e26a612df0a6e79424e7ed907ee1f74dc260b1326f8c2520aac8b7ca1949eb8f64ae596e220cd3cb03df475d77c46a47

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Configs\zh-cn\share.dat

MD5 a9a40d4eaaca29a2d669074a6b3720d6
SHA1 cf5c21e6f0cb8caad6001f4176d53062de54aba6
SHA256 27929cf493b7ff7517488c07cc8b74d5de065017401ce23a6267c763157cac9c
SHA512 9c49456780063a2fe956b9792ef41caa452c39fd71af34d169e9e924daf801fa9b09204ae099a921af5247a8f41f46a1d79f845fe5cc2b75434952b049aff896

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Configs\zh-cn\config.dat

MD5 3fe2cf2c76c606f049b9f3f11837723d
SHA1 18215e2aa3c15183d6d91e2a4123b4d98691249b
SHA256 d224be4368e36092c261c3a57d5c66a52c8522699b8324dfff2e9e4a4662f072
SHA512 86deacccc789288085fdfbd9b5001024b9ee3d4d2d4b918d71af732f9b9c0532a8cab7bc0e002fb7e7425c8e26748100e2da91fe3f1fcb124a6003d15487e267

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome_elf.dll

MD5 f5a1ef8b90b124a9b9cbd78f9709fa48
SHA1 f88d125c1d7a55ed6c98bfb81064a94eed5bef81
SHA256 91f6114c5b2150c1e04ed05425a164418036fab42f11fd5fc6eb2575a7d24f09
SHA512 f24eddcd8a6298b7b891b8a754c9a91b0e32465ac1b289f823cef57f48cd1d42fe7d2628ddd9e09668badb4d85bdafc923fe70ece08970762ed4ca3310955cc9

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome.dll

MD5 da4e53402330683dbef463783d43e99d
SHA1 abe40397ba0e4a9b850473e8fb706900e52ece21
SHA256 5850c625383e042c17399c9477c51c675538118632db152807a8b435bdeee5a1
SHA512 150fd0b47f13431ad8edad58ab5c6cb5adee481cff31b53135cad675cafdae87686fc93bcb564753e3637296107f40aa59eccb6237c3ba38d2f61829339573a2

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\natives_blob.bin

MD5 4d9aff8a5beab7e073410b054b59c5d8
SHA1 aa931b1fcb804b1cc3ebd4388ba4b2c3006dfa3d
SHA256 48c6a9c31422ccf362167313e74f5f829ae8d05f762074ad9be5056a2d6fe2d9
SHA512 6c0e261c1a71afde21788670112a95fc50345aeee430fd605f6e4eef209d5de2b54e015e41562efaaa3db73f208b2b3e6bd55a28b4b437991f57086d7ed4e1d7

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\snapshot_blob.bin

MD5 0ee9915ed70acca6f058c1f3bb302759
SHA1 0cbccd5d03b2dfa9f2d302476719ed949baae4e3
SHA256 aaac4bc49096e95a855d1f49e8548fac08ab92d7da47a55bcf7f7bb5de7aeaa2
SHA512 e2bf7acbb9c858e30adbbe1e76ae3e96a804e598e6d758ec95b7eb49c731e7a8f93190fc6cbd56f1d9ee0ae37114ee743c90b483651dd1bf45443b6d3e4d8d4f

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\icudtl.dat

MD5 de34dfc767739bfd182fc8874ce2b0a7
SHA1 fc8ca7b9fae7c21c0f4c2cca161cf7d457f5df51
SHA256 4d51ee5ebf33149c8891a541d91a7aa5d6cdcee5cb84aa27271b13dda725c1a1
SHA512 8a14d5d065c6ae060ad4b1b2dc0062344137e0b7e715ca57c07d0126d9ab91c0eba1e8a6c5526c7bc2583f626f71351014b3084de6964245496af812565eb8e6

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\resources.pak

MD5 8995c5dbc461cc501151da18e1acc4fb
SHA1 17201a9f00b42ee77d4cf96d02848e0339f43fde
SHA256 c1808b5fe3539572a69652006bddfd2b44409a49df66e9964507ab5ca42aae6c
SHA512 7f8f3a49d6e444b02b31464e85e033afb91d3056a8f0726c45f6bc93b9fa06f9f6ed33d81a85d505e02737116a94a504ac781f20350c6dcf56764a3542e99374

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\win10.pak

MD5 810e7992000a0cbf858833f32810c7a6
SHA1 f2c14fe755bd746ec98883badd76a367c8348035
SHA256 62c3f7f7965b5b85056a0d0f17fc69cf8324b77aec831499f884881352939589
SHA512 5310ba07134ce6fb288cce4b93f28618f50de5326da4056b3192a758dee3fbb856b11522ac6743ac1a9f200740220aa5a8f62d672a02a5e36050cc24319f6c90

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\PepperFlash\pepflashplayer.dll

MD5 b6fc20161d6f334634436e24fd253949
SHA1 5132d99c04f2b3f158e85e524f16c1db5a781c3a
SHA256 fb20a6705591f0687d5ec9a4d0dc2aa0ec67da78dd5130db5c5769de05194393
SHA512 0fe6c62936a89ad8894943488ba31a185a68d5b6394e414e23002452c0f949f31a4cce16042dc4a46f3f765575eefd68a15f7a34a91ceb6a19529f2403812fe9

C:\Program Files (x86)\UCBrowser\Application\ucsvc.log

MD5 e90bc7817d0d1a77143a2bf3b350353b
SHA1 5ce7196189c80dc4b03960359d92d1e6239b129f
SHA256 ed59abd235febec813133880a023699bca853aa1be64e93192a1060e7e964759
SHA512 476f7258f38bacaa4fb878d03f31f7a680b1148335ec29ae9ea2cd1ae6cb417016f6105eec80a37251d695c47d39b44b214aa41f38781575737b8d5744ae261e

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\locales\zh-CN.pak

MD5 17b2bfce4f05fdd3deacee35244bedef
SHA1 0e5dd7c99b0efc8e29049f49d60c86884e884379
SHA256 1257c68222c4bc84e8f7f601a359b0afbd4976b0f52b5440cc7ee0b1d35481dc
SHA512 31ab1f9e5e7e5723f1f69acac9191a35fc781901fcb5880aa1162a08e864902ddabd4700952d0a3d1969fda21b97e59a4e91c64f377489d215c0d84ca7665e47

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome_100_percent.pak

MD5 572104052868f41b8ccd82c0a082985a
SHA1 773c981fd33b95f945151763039ee4cdc1517ecd
SHA256 81ee9bcf23bf56616a60f2982fac8b1306e414972b95f0ed9b889b345e16e468
SHA512 2e06e3aa0642286f2d6ee94c3d8c88142c2f3f85547dfe8b97982b101ca185193f2348c83252a62412561e26f6997bd0ac6338ae5e059776a0cee6719892296f

C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\alipay.png

MD5 de2786e2dc5852dccde9cc1eee3b7d00
SHA1 1fecc23e53be721e3e2bd2d6e8d60936102ecbbb
SHA256 b2693209b430c72a74e34c732a14ddd99a5efae9c70ab7b367d72a39ca44e9f4
SHA512 268e764e457bcd97bc0ea8283394cfabc5ce28792a0ca13ae4d882bbf5893be5d2d3468e17d36d453bcc3d17b0260fa39635a16168698011170340c7805f91a2

C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\youku.com.png

MD5 f30c1b08ac625ca1db79750ccda77ee2
SHA1 c4efc65b575c9ed812adc7d749d848767915e776
SHA256 1eee1073e9aa360de23d860606fac2c17f948597e673bb410129e9cb62b21f5c
SHA512 64ed9b2eb445639597053d643351f483d15b37f25b071866aea3974a0da88531bd14807bbb9c536efeca92f9687d6d94f86084e487fbf94926446865bf715490

C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\tmall.com.png

MD5 714da4c57c445ac71bc51367841bd8aa
SHA1 6098db6c12152cc8618e0c8b779c0b90eec92d4e
SHA256 5ff63cbcb7c1f70a3b25d754013cba85782eebcb4fbe16d33ec39e080df55758
SHA512 977a239a5fde7a6bcc4a347215f5e530a98c02cbd97ecf25e3d34119dd6412446fb5d905f8384e029bcda9a2f81744dfc85e80136464d8a8f25d7ec76eab191d

C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\taobao.com.png

MD5 1c59038294d6a4e82bba4402e6647a49
SHA1 097d8a089d7c0fcf87d3a1984668b97a28066e8a
SHA256 985e8c4c0627433bf12e8d2da749fdda1efc0d2e7e697e7ce7f860b579e1bf9d
SHA512 2a2f50be8487fba12b7cc8b1ddb24c48db439b93ad93694b9ef31d120a916001f0a98fb8dba0ac61576269924256783a6224b4025f7a219be8d3287bc0d35721

C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\sogou.com.png

MD5 b2a4b8a0d27370dd24660e4eff1f7696
SHA1 43998656bb4432c93c777d7bedf7dd797c8db8a1
SHA256 c7787af84b0c676c9deedfacacbe432e58fcfae0d8884e4bacc86d835856ea87
SHA512 673900cc9add5479bc79cdbaf8990099677136ce01455e9373b1481b2332d0497131d8a60dde73a735ae5e19802f671a78f08c9468d8decd66b60655670d3a18

C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\google.com.png

MD5 db594713cc01443a6c04b69d261f2ca8
SHA1 ac3f36dc4429f91ba59503fa021728b57b5ee138
SHA256 054908fc579de575482d93df724a6db7354073475059b154a6958dfa219accb0
SHA512 f20f04b331db722c96906edf76a777bd501721abfd5c42acec4bd56fce2a7f8dbdcb60a6be2f1d16dc2791ad505ed31de0fcc9b04abd8f984efa4dc851e2f930

C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\etaohaitao.com.png

MD5 54671209297110351bd776275b24f806
SHA1 c53b75e2ad458507c0724c2f1499eed7bc4df087
SHA256 05d655a3efc015ba8afd45dd63e5d9704667ee8ff6779c8e895e684a6d69e8c7
SHA512 c890aff8e26a22b64352fbbd61052f5107fd1cfbc59a184b2fc8797d554ff9de5c56d4f6bd0588aa3de39b96c018b15f71123a1ed079db785553e6ead63d94e2

C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\etao.com.png

MD5 f2973496db50631d972c8bf20bed9e1b
SHA1 aa2f250083b97fd83ae0dc616e74c298349a0fd4
SHA256 7811e51b5b93a462a33964e973ffc4f01fe42423aa17fec4304c77c4196223b5
SHA512 057b6cd4b3d41ed700ba7bef89c0cb10947dec3b4c295f48afc1944298b77d00c72deccfae8566eb64a4af5e576b0302087a804c118f69a7a2a3aa0366a5fabd

C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\bing.com.png

MD5 60606600fa6865ec643e46679f7fc647
SHA1 212e33a47980307090afef0af995af9a5636b253
SHA256 eccac7102e18044557b455b7fd9685913fd282cc2c4fb9da1c3f4ad15aad134b
SHA512 4074c76798c1429acbf8b3ca83b60b00b5d66a3cfbaaedcee65a93a4a848fb0a066051cbb384285291d8b619c1e30bd5cd09ca3eb532ce059d0a1626b45c7a1b

C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\baidu.com.png

MD5 715976a2a63c98a3f38e269311e04d5f
SHA1 4dbbeeb7b8ffa6afbc112e658fa6d7966ab42ed3
SHA256 0a0ca14dc3828bf71bd596c78fd1df9b09afd8650b4df07b002f00fc35f436a3
SHA512 3d88c730a2ae45f386cbba15dc47941b584f31a9b1a55aaacd08be127476f107018e88ce47eaf238f7f2dcc4d9d96a1b6a94c6a9a67e87c16372d610aec79335

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\youku.com.png

MD5 baf4bace7566504dbde84ff69f9ecedb
SHA1 888076b162f49c6abf0289fdde8a0bae556dd850
SHA256 47cedb5b171e5abf458b60ce5dd8d0430a70e7ff1d61653634ac2c938ebab1ea
SHA512 07996d69e820d2bf0b737697b93b7b90ae51cd63e08d3dc0a5647b1704f388d560b4177bec8f9eb3d2e585da180500fac3af2fdfd87345ced26febdabb45a46f

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\tmall.com.png

MD5 4bfedaacc03075c6cce1492eaafa5fc8
SHA1 68a8850f26b92e8cf209e7d5fdcc157f0390386f
SHA256 98bda0f92529905103af47c680c82021a20c6bf16c784ae70a049cb6545c26ff
SHA512 105e27e46b4833df2c43b37f507e4df106f8a40eff14c02e2d85f2bc6519cf701559e7cf3bd63a3a18be0580935d4caaa49f2340ab3a81d729c4a7ee97c5b6ed

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\taobao.com.png

MD5 4166e28bd0b0c7ee391396526b5a18d0
SHA1 b1f76777b01aa5438308bc0e003d5ff76cae0678
SHA256 2285f06bf82384c697056bd0792a1402988637d8af9eeea750f98c2f062efeed
SHA512 a5a41472b4d1a1a5c07cf4ed4a38c9cb32a46eb0d0678ee9e8b42fe04d1303b21f90b000ebb9201e5c2a8135b4d93255956811fef8c591776baa41c4ead83cb0

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\sogou.com.png

MD5 ff731ef141a73744fd27807a77475680
SHA1 54407be83579f981e5da1350aad8d483375370f1
SHA256 58befb923bdd848dff39c52fc0effb8d70225b9c5b33438fec7430ba008d5950
SHA512 014079ccbe3faa62c466e278c9ac1c5212909f1012ddebcc8a06ac57f881f7dfd381ddc7ba9990c75e97f3d77314b5b7296d5db95fc535b812d281e88c34dacf

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\google.com.png

MD5 fd1c0d6a9564ad18c7db41ca68831233
SHA1 e3b2e108f706d5fdeb6bab26952f3026ac1dd13e
SHA256 eb81db9f5f834e01e8952f2567589800287dc634715801f946301f1bb9a269de
SHA512 aaced8dc9555fa2db37283d3809aec9de35b562520870607d3cf74435830a44ca272fc06dab04adc45f7c26ae27ff8f518aceea55440f154fe195d4823b37f02

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\etao.com.png

MD5 cb1dadf3436c8e2bd6eba6e75bd54ff0
SHA1 e3282c7c97941bcaf4a7b24003dfed3810dde97e
SHA256 4b95ae0a53611e89bcf3955725bb9e97e6110c41748b72da6e9776fc624782d1
SHA512 b1df1de97b6386b63f51c47d0915a9cb02fd139bbf51268ae6762a9a2b0abd411ef06224445681bfbde2404e0544b61c417ceae2ac8bf4155a91feb609f70ed1

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\bing.com.png

MD5 f06fffc93bf3d08ba0c71d27b5e4335b
SHA1 c55c2bc1ce66ef2b8f908e2b76f339d54059c5c1
SHA256 d17c66e0c39382521aad834bbf7f1409b62beb41225776c4050e42a118e63ab5
SHA512 887007ba99c8b0fe64c9ab3c8458809b71f27ea5d8a961c39c6447fdb2bb73f0f34a7e76a6a543026d5b9816f43deb6fbd1007521e606b411b7301dea36df3d5

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\baidu.com.png

MD5 a22364bc92dc3a1f3d4c89ee1ee89c24
SHA1 d2d247787cb4362b95c1080437399c937e357c5f
SHA256 0a990cc8459b76198cb42f47f6b3effeff33092f4e20618e5938f2cdae23b9e2
SHA512 a1534a684dea9e5bc3b55930c4c80eb4f7b4405e4e7f0cbe6583f8f8bb9f34888bdafad4b8678ad5e97a9d79b045b2f53ef7d631ea91f417c074ecf37f898b78

C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png

MD5 0a9fc68e2274bde4fb70935c0f676b00
SHA1 f6b5f67d004ad2829fb1de8e16343be7151b98e0
SHA256 a14dcf03c3b36f11cdf688be313167eb130cbf52e721e67d4fef8f535a8a2e49
SHA512 584055d760da5b1819898a4be08c191944c2e19d6cbd62d9146deff3f4bf445c41316b6b1cab1580b53a9cb449008a25cb85325fc802790960437e2fc2462cc7

C:\Program Files (x86)\UCBrowser\Application\Share\icons\marketing\1001.ico

MD5 4c6695fdb42d78ce9627280bec0abe35
SHA1 24926125d6e04d4f1074b6ce8e29cc503a708899
SHA256 8425eb2fdf398f0ee4e922ceec61e55ec812a3dae3572e67750367aa869d52ba
SHA512 0ff06b5c96ffb4a8fc5ec6fb110bbdc6ee22c6541cd9c4a9e2f91754e6b83f1e1ceca5ce7dc8b011a7caa1d5109e1ce53752ae51fa7fd478aa3c1a144f012c3d

C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\weibo.png

MD5 11b4bab51c09f5a1d733085b334b3056
SHA1 b6eb762070e23c5b86675f6b0f46c8ef60f21ddd
SHA256 4f6b32b8a4d942393a1138715b2fb89a49d1d91ecc73be3eb4b3a466474f03e5
SHA512 b76196785fa98e6420e086778695dbe9a16a217e56dec19f426980e6ad768ba2d80d7d594293c94d7097191bd3053926477e2f8a858edd59728205457e1cb3cd

C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\taobao.png

MD5 179d77b169bd715167fd0f6927808b62
SHA1 3f12c101f6129676f2029a70bf5ae78b524a0cda
SHA256 ba9d78dbc4207d5d61e9fc42dbed28cebde243179f7625d6af23a10c21678962
SHA512 d8156c9a5a6fade547c235b9b77afdd1c16bb62584f1bca0dedaeb48d80a2551ba9c232aa4e5a22fc66dc2166b060912947acedee6a6f1bf43a8d630f0ca74a7

C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\qq.png

MD5 c6c6cdf8179fd3360e2dd60dc8b3b0ec
SHA1 850caf5e4114fcfe18f57e5d82cb83f9ed6485b1
SHA256 4e5358357544531a5deb98b8170ce86dddc62d820632fd6341fdc5e2fa7a4176
SHA512 08d5ae337ca47e44a8126aff0bc47f3382e131fa34261619097afe5adbda92a7e8d4f77b324b8aa20fd91fed323d2ffeed3be80212bd1912f2e5d7e91439bfdd

C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\renren.png

MD5 d542cd4d121465265415876a13c8e6e5
SHA1 e049a1e6202a7e174ff742bfb2a25f0f729edf8f
SHA256 0fc53be0beff5dbc4a762c19f983ebd0a0bba8239cd052c3990793de457ccb24
SHA512 fcfe6b77aba31a8ea729383653081ff5f8285ad644079e908f4e137db57bc635989332b682f26ddfaa04dcb9d95694a2e40cc4ac47ccad4aafb0f14a42fd329e

C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\noads.png

MD5 d8168d458a998ba7ff997e5ba43c76db
SHA1 930f783e525a44cf695ed2fdc0c56e331d6862b8
SHA256 a35575fd03c30814af7bc6b259f7f51dd75a2c780c6f0ed6602abc55afd2130e
SHA512 f74387986dc60a40961420129fb051d37ce7d75a8ec4f02159e53bf2828f25aeab562ee72537abdd32ab19fd25e3df26f9f89a2334c62d23815e44af31c3ccb3

C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\tmall_points.ico

MD5 f980ee0aee951b86db85137ec027e491
SHA1 5ce8ca7db87622ec9bf14adb8e55a31f098fbe37
SHA256 1a430c23e1f9f79cb88ef4d532a70dde6aff7dfd03adeae9461b559a7641b8e9
SHA512 5b275e299c9bf250a5c3479fb1cf370a648e81dce74833256cfd0bc3c30db557edb363caafb1ff3d3a56995a78c920e2be6c1587177677908c1557e271784f52

C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\facebook.ico

MD5 29caceeded110cf5cdc6b2837f34f703
SHA1 c5d0fe9def646afd04a4b0f4c5a39a881e4c3624
SHA256 c735760b739f5ff8e29c023856d03c78def35ac47914e480c885acf7b18aa973
SHA512 191cfc8dce601577cb4a574693b7709912bf2ed6cd891b31981f27ec2aacef0ce72459d213d132ee53a46c5d76510639260365b001fdfe1186719e99873a857d

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\uc123.png

MD5 b3d961de8896d4d6e8159d6b6a6e7729
SHA1 f8d468a11da8e9f136fa54c043f5de5ebcdd62ff
SHA256 b864bd7ceddfa3c715c4befd29631bf2f6c55eed4fd5d3428eb27404af4b5129
SHA512 b441debbfe22afdc63e2ab2c0c9066c9ac5013381337d0c6c396da36be07eac906551157297965557484ef23460929c1033ea338ec06b3cadf929f0ec61bcd43

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\taobao.png

MD5 0870184d9d62fc6ea09f661ce759a680
SHA1 7a3be4d085398b2fea068a55892518f5092b84dd
SHA256 ef63a5515e3b3d09a9977b78304d0e45d76da3614f230c233441b34c62f00a05
SHA512 124a9157c8b447794f4745edb752091ac809e4d39fdb34b65c06c72c08c4be3a157c0741785881c93a139368b92990f7a445e3ad75c80d84ffcf5843a35481fa

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\pp_helper.png

MD5 4cc9b59697f7564731e8c506264f3bde
SHA1 cb9d1f897620da72c4cd3cf3a5f4712f509ab5ee
SHA256 feaa5ce8f86ee0cd34821b48cf76e330a620bb4045290891a0c8edb42054db8a
SHA512 5480d0c7c815e95500790d6a33a32058a75f3369d2ab80be0fafad78d7767ea6d41ded7d405e5ff6473c5d84bf24beabc81f5b3e59b644adb04fdc95ee48bae3

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\baidu.png

MD5 d390c92daf6ec52215544827f405a79f
SHA1 077cca8c1d73bf05c1f4001893642f4ea28ed454
SHA256 611e5b35b3f35e6e8084ca7f71f9d22f141ee8a60f62e00ab15be721a3852cf7
SHA512 0af5aa486487510ee280cc99b9547214df43e32bbacb6c933bf9d10fef72afc5c4a23fcb2e3db83231ba934a174fc535529ee88cd6ad3474691a2b779211f3ad

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\amazon.png

MD5 9fa7deb1ec538c30eff038daed4814dd
SHA1 71a3bc8a736c93812b06f66fb7b2e522d18d6b1f
SHA256 6e8bfc1ba4adabafb14c021a16d865253110dea7933658aabda0403d1f729cbb
SHA512 669c115ca531a94e522aa9f8f81422f6b5c16d51fad41d073c38f50ca6a50d0d5e6c2f1d9115aa06c68f4345bc3c273f558cf665681c10f113374e5a34dcd0c7

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe

MD5 1882e8a3013076a821f10dd268f4a49e
SHA1 2602bfa3b318f0bfa4b046cb467ed230b32675d0
SHA256 cab75eff5e0a9bd41dc9d1e1888f06d455225b35cdd815d93673766bcc195641
SHA512 c77939a086cbe5ea7caa4096470c0f7ca831b68990cd0b2e1c0d1f07bffc6e34197b3814e8b0612f6e30eb6a3e28651d4d0437d7272d163a97bb6e8e394c85f2

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\libucguard.dll

MD5 ed96f14e32bb351ca7070c217a781f2d
SHA1 c8d0a14318db2b1ddc49313e69bdc662f699cdd2
SHA256 3f7efb52ac4e2187d145f29f4a06fb439009da0f1b133a3bb917cac4ac3efe53
SHA512 e371edc53de44cbef31d18ebb46a44321a7e21639ea56ca65c7ba1c1de583dd9d86e38e11ee6bf4d40bf47a8d28889ea8569f5f99a6582903a85aefd97cb92c9

C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\win10_100_percent.pak

MD5 3d6f7933f4edd16d16e659d903d2b31e
SHA1 a823c4c2f6e84a4ab588e28083dedd873e81dc17
SHA256 1dd9645de136a460b6d293b78947c6f325783f70ce28698f52f5f8249258f62e
SHA512 575f8b097d787163e464861a3cc6a4e70e9a3c9caf9e549acfba5816529879d23811354d4156ae94e17ddd1fb8359a0145ab578aada49dff0890dc44733529e8

C:\Program Files (x86)\UCBrowser\Application\Share\custom.dat

MD5 2f70b6c6edc5c39a788e18c6cf9afdc2
SHA1 2b821f081c4223e7332e792b4b20ff0750d12c57
SHA256 a9e1b3c0b4a1332e8162fa45a1a9cb4fb12df0ccd9f98eb88e0daa40d3b40c3d
SHA512 30b80b70e383365b259fccf2705b64c5facb8aa435b870a00fbf12182629a9efc7546b925850316f653beaa603542ae30f4bc922c84d2ee4909b59cf2f780b68

memory/4388-285-0x000000002AB00000-0x000000002AB01000-memory.dmp

memory/4388-284-0x000000003CE00000-0x000000003CE01000-memory.dmp

memory/1292-304-0x0000000017000000-0x0000000017001000-memory.dmp

C:\Program Files (x86)\UCBrowser\Application\Share\ucsvc_config.dat

MD5 c47d884b0c0be4a2f8ae1db1ca068968
SHA1 b7a26da669c09a19f97b61b82ca47975cd2d7979
SHA256 6d113a63f1e577de338580cf3c9de4a37f3112657ed8591d9dea24fd28cc435b
SHA512 0e6da50b47c47b78a061e9d265481316dff470d620605febbc5a53be4caac3b820e26768eab083b882e7e872aafa8f28412c0989e83cfee0edb2f6f165733af9

C:\Users\Admin\AppData\Local\UCBrowser\User Data\9A48.tmp

MD5 2c24d7d5aa4b33b05213f9df5a1d8ed0
SHA1 0b8ea734ac880906e2c3408727cc14e5227b93fb
SHA256 c411b014f6b2b03d7271a541dea88861af876995a00eaa778443e491c143a31a
SHA512 a9a183cf3ab9acabc187f5157cc92e672be9a46fc93a3d3ee82f51123cda6b6a0df0b0023dd64dc3b08250ebb391b32225dfa1f846622a9f6ad68e08cbd90ef5

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Preferences

MD5 6e25eb146c7a16a2ca60e88d90d59e14
SHA1 d6febaf50034094da7b24926b1565f433846be06
SHA256 9b2f7bcf8bd9155844395b8f2f1c5c09323f87a45fcf7ce11e731b6e4f881fc8
SHA512 58744a0606d679656cf83e431a1f67d5f03363ec1f622f40d477b8a836e538d11448dd57f4a750c064f7f4057c598c08a696ff393cedfc9d1e8a5b3b8e437d68

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\9B73.tmp

MD5 a0ccc78aa78ca84306879ebec7b65cfb
SHA1 01fa504e9c77ec802acc42a787e5b7c585985ebe
SHA256 af726a32fc7c88789d2aea7766efb45c5f5b0ea1b285681fa1fe8d33d2d8b405
SHA512 09eb5484cc83d26aea6206134ab61ec36d8d48991dfebb145eed4e5101952b2b9ee4727e8a6f78f4531f5ae37c0eed21cbb43214f6910c8bba4c02bb96b3a690

C:\Users\Admin\AppData\Local\UCBrowser\User Data\A256.tmp

MD5 0936034f8064795846981327a9f79e4a
SHA1 c4b090b61c229c1f6b1e392bfff0c12bafaeccf8
SHA256 12bd7adc54fe0a44887cfc9481fdb96f74fca343c7530d5e928499c4ac5c20c7
SHA512 c8778de111c7397ac9585491d758deb2ac56bb9a69d5a32c705ebe92b3ed330091e518287ba082db284749af9316bb280f8c2d67c539cfce3a73793089b65e30

memory/3420-413-0x000000002D500000-0x000000002D501000-memory.dmp

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Extension State\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/2660-431-0x000000003BD00000-0x000000003BD01000-memory.dmp

C:\Program Files (x86)\UCBrowser\Application\Share\task.ini

MD5 aea2dc067cd94c193c7c9848d0b8d845
SHA1 683b53a9fa7ee891fca23787f0ee58f15992c6af
SHA256 904427d7b3f6e961a7d9f5f1161448b436283ba9c1835f9ef77885b96100c20e
SHA512 2729df0330c4b16e3d74c3a074079ae4f5b8c910ed792618096f6dd515c851f5d31cc03cf778be6641b3ee419ae994c0a907dcc67310299c1bc8c5f8b0670653

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\C2A7.tmp

MD5 f3f0f5e7545cdccc90cdc0419d1bcba1
SHA1 f4b63adb72b523f458bdefbf10b7a54aae4a5656
SHA256 e83b3bf407c2bedafe7d41d197b1d749e13fcd81dfbe61b2e3b8ebcdc6099dcf
SHA512 344be1d8d84d05858ba8e7514482dbe6ff59f31c3e72d84c02f5195264f07fef58af7ee10959c9ad26d156dfc2c70f518069e5b8ae658b1ede5cb065d6f38343

C:\Users\Admin\AppData\Local\UCBrowser\User Data\C8B3.tmp

MD5 2d3b2f428ad8d606527c98664116148a
SHA1 59777a38bf536b74c414dd0b90a0ed72b64a375a
SHA256 1898974b806ceb99411a588e7069a6d7801781bd8859ce1fea68797a325ad8e9
SHA512 154c7c4e556c73bd189f4cf1838d83cb737700005cc8ecd6e5ff929d4aed4a2935dfe9e242737477c1050eab721482c51b0f8fdc6dbd6e1ca00a6454aa4175ce

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\3058.tmp

MD5 1b0cad8276f4a27ef3411ba52d6dbfa8
SHA1 6e4468b0c647fcc7a56c9a3be896eb155c90f193
SHA256 2e781e03afb1222b2fbe997cbd78c8eb4f7df42ac9e07f03509946549025e38f
SHA512 7cb1d478dbe7016d3c1fb5f4133ed4a5739ddf8d59864f2b8f70adc74af833c431f98b3d10303b094d5703dc1a6d5509155c7ce833a07f28b1a34d029cc2ae34

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\TransportSecurity~RFe59306d.TMP

MD5 56b8b4cec3913be6bb14a84b9d432137
SHA1 1cde7f89da6d0b0681026bd6e2c51ce2d7a31a09
SHA256 8f27866bcdd7a53bbc5e56cc23184c4e7edfda1c647e6a0d6851121ed5563478
SHA512 deeaaad06292c6cb7b9bec3034a8a8f72e7fb28bfa73b3f94cae59563b143ed62edb3abdb048c4ead7597eccf7d8dc9f2de0ff81b2d74bc5ce10abf82d9f8fdb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

MD5 176fa00b667e1d26f678cb7b2ff40d1a
SHA1 6bf162f6b6c0ebe6a09d706809e721c8012027ee
SHA256 534961747b8d5fa2e0f7448b00bee1992b2b0b49a4a6f3f9a9ade8241a1810c4
SHA512 736f3b2a6cb172f488b3aff1482209c38e41c39d8eac6316c8a1d0ee4c149e67afd4956e22634804a4997b4248b2e8c406087fc3057ac7a0885743215b6adb7c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

MD5 961d3a1d7474f1370a910578eff5cb8e
SHA1 2df4f7d9adf10eea32777122f1d6c99b8a9d8dd5
SHA256 621afd909e61556764f7215ce1ec19b51e3f0d10656a730d6ce171c1d6bd22cd
SHA512 b714fd58b7aae5d29923020b9f9658a052e7f3281d30b7d8358aeed0f44701b2ee7ce352c7f69f060e664eae3e9de357766c061f2d1adeb928fa4c0fe87c292e

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\UCBrowser\User Data\AE94.tmp

MD5 3eb3d70ae28065448110a7214471c607
SHA1 fdcee3de14834dea3fe3a49592bc61bdf40a60ae
SHA256 e3134ad20520f445657a8b63dff7b6493f72987d52d6210853d20fbadd307719
SHA512 413cad1ae9d21edda285246213784030fc5091e3c95c3a21efd872d8011989c600d02bb8c2f8329f0589c8280a6eeee207f59e0b8d6e352d446369bccf4ecb53

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

MD5 4cb0bd64889fb522df758de02944b4c6
SHA1 8a955cf2b8f7f9cd979fd6d4b8eda2d89122a47a
SHA256 f0b6909fb1a1f97fd2dffb7a3775a61bf53b2e19661e8b59c4354fd9e816e56a
SHA512 0889e0bf6e3c5153b5b419505ac802a4ca76d709559d0cb699582cf58d3988cd0d6e9fcec181a6fce7dbe8312217a76ed9c0f395e9bba1ee96e5395f4cbc3118

C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\1965.tmp

MD5 1771cc7b9f7cc749d7f539a6fa506126
SHA1 f498ec91e7eced8b03409e9dae54bac4782220a3
SHA256 ae6ab2375f6ff3b025637560b08168a799c9441196f81236a448ed467938df2d
SHA512 50c7c87985ff0cdcd6a33ed69c06f93feb41584fb820a0da7e4f2a2ede7f021920bd4bd68ca9f09ab13eac319847d58fbe314bf1e081da8f2ab8d8c44c254b48

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

MD5 a3847c12ce1bee88b3c3a8844c242cc7
SHA1 6b24b147a671df4d2804be3f4bb32af966017a11
SHA256 2185ae1ae1f20f90eb0942f524f0a982e6ba728021faf66636887438fa9aa13e
SHA512 cb100c1e4cfc72b146216d5a7a0bc60fb91b717cca9a5e07cb553419801740c8c976dcc248ab4b42f264fa56d45aa654c0f5bea11c6a4e3d9d31d275b6fdee29