Analysis Overview
SHA256
483767d43c556f2d17242aeffd5f31cffd72955f31964c0b7d522fe4874b254c
Threat Level: Likely malicious
The file 9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Stops running service(s)
Drops file in Drivers directory
Sets service image path in registry
Reads user/profile data of web browsers
Enumerates connected drives
Modifies Installed Components in the registry
Writes to the Master Boot Record (MBR)
Checks whether UAC is enabled
Modifies Windows Firewall
Checks computer location settings
Drops file in System32 directory
Drops file in Program Files directory
Executes dropped EXE
Checks installed software on the system
Loads dropped DLL
Drops file in Windows directory
Launches sc.exe
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Modifies data under HKEY_USERS
Modifies system certificate store
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 09:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 09:03
Reported
2024-06-03 09:06
Platform
win7-20240221-en
Max time kernel
144s
Max time network
153s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\ucguard.sys | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\UCGuard\ImagePath = "system32\\DRIVERS\\ucguard.sys" | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
Stops running service(s)
Reads user/profile data of web browsers
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9} | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\ = "UC浏览器" | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\StubPath = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\5.6.13381.9\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Localized Name = "UC浏览器" | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\IsInstalled = "1" | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Version = "43,0,0,0" | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357 | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357 | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\UCBrowser\Application\Share\target_locale | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\update.log | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\en-in\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\UCAgent.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\bookmarks\pp_helper.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\login_view\qq.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\searchbar\taobao.com.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\debug.log | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\searchbar\bing.com.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Drivers\ucguard-x64.sys | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Update\InstalledConfig.xml | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\ru\config.dat | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\libEGL.dll | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\desktop\tmall_points.ico | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\login_view\alipay.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\new_tab_search\sogou.com.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\pt-br\config.dat | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\chrome_watcher.dll | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\resources.pak | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\searchbar\tmall.com.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\update_task.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log | C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\zh-cn\share.dat | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\chrome_elf.dll | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\jobs\{8C026634-FFC9-4942-AF9C-E2A6080BC8E8}.UCBrowser | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\config_updater.dll | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\browsing_data_remover.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Backup\UCBrowser.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\bookmarks\amazon.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\bookmarks\baidu.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\wow_helper.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\libGLESv2.dll | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\extension\noads.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\0\remote\0_beta_chk.xml1.size | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\stats_uploader.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\UCService.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Extensions\zh-CN\external_extensions.json | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\extension\renren.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\bookmarks\taobao.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\0\remote\0_beta_chk.xml1 | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\es-419\share.dat | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\es-419\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\share\ucsvc_config.dat | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\chrome.7z | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\natives_blob.bin | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\share.dat | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Configs\en-in\config.dat | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\molt_tool.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\update_task.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\wow_helper.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\login_view\taobao.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\custom.dat | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\searchbar\baidu.com.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\new_tab_search\etao.com.png | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log | C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\scoped_dir_2436_3996\custom.dat | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\Share\icons\marketing\1001.ico | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Update\UpdateOption.xml | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\wow_helper.exe | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\Share\task.ini | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source2556_32266\Chrome-bin\5.6.13381.9\Locales\zh-CN.pak | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\Share\unconfirmed_config | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\UCBrowserUpdater.job | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File opened for modification | C:\Windows\Tasks\UCBrowserUpdater.job | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Executes dropped EXE
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{DB0A02AF-0661-40D9-A76D-C04CBED38BDC} | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{DB0A02AF-0661-40D9-A76D-C04CBED38BDC}\WpadNetworkName = "Network 3" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-3f-c6-c4-4b-fd\WpadDecisionTime = 7021bbfa94b5da01 | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-3f-c6-c4-4b-fd\WpadDecision = "0" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{DB0A02AF-0661-40D9-A76D-C04CBED38BDC}\WpadDecision = "0" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{DB0A02AF-0661-40D9-A76D-C04CBED38BDC}\aa-3f-c6-c4-4b-fd | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f0116000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-3f-c6-c4-4b-fd\WpadDecisionReason = "1" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{DB0A02AF-0661-40D9-A76D-C04CBED38BDC}\WpadDecisionReason = "1" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-3f-c6-c4-4b-fd | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.XHTML\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.MHT\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.xht\ = "UCHTML" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\http\shell\open\ddeexec\ | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.MHT\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML\ = "UC HTML Document" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.MHT\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\http\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\shell\open | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.XHT\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\https\shell\ = "open" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.htm | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgids | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.shtml\ = "UCHTML" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\http\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHT\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML\shell\open | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\https\URL Protocol | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\UCHTML.AssocFile.XHTML | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.mht | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTM\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.xht | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\https\URL Protocol | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\https\shell\open\ddeexec\ | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithProgIds\UCHTML.AssocFile.MHT | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\ftp | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.HTML | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.webp\OpenWithProgids\UCHTML.AssocFile.WEBP | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTML\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.crx\OpenWithProgids\UCHTML.AssocFile.CRX | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.htm\ = "UCHTML" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.CRX | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.xhtml\OpenWithProgids\UCHTML.AssocFile.XHTML | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.html | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTM\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.crx\OpenWithProgids | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\http\URL Protocol | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\ftp\URL Protocol | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.shtm\OpenWithProgids | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.HTM\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\ftp\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\UCHTML.AssocFile.WEBP | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\UCHTML.AssocFile.WEBP\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.shtm | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\https\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe
"C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe" --sync=http://www.uc123.com/guide/install_blacklist.php?ver=5.6.13381.9&bid=800&pid=4681&mid=6277355a6c664acb0e2da627870b728f&midex=e7949e435ecb134a6549acc42c96cb7fv00000022d42e731
C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\CHROME.PACKED.7Z" --system-level --wow-bid=800 --wow-pid=4681 /s --wow-auth-url=http://www.uc123.com/guide/install_blacklist.php?ver=5.6.13381.9&bid=800&pid=4681 --wow-customized-theme="Share\customized_theme.crx" --install --wow-install-target-path="C:\Program Files (x86)\UCBrowser" --wow-participate-eip=default --installerdata="C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_17413\wow_installer.prefs"
C:\Windows\SysWOW64\sc.exe
sc.exe stop UCBrowserSvc
C:\Windows\SysWOW64\sc.exe
sc.exe delete UCBrowserSvc
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="UCæµè§ˆå™¨" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="è¿…é›·äº‘åŠ é€Ÿå¼€æ”¾å¹³å°" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="UCæµè§ˆå™¨" description="UCæµè§ˆå™¨" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" action=allow
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="è¿…é›·äº‘åŠ é€Ÿå¼€æ”¾å¹³å°" description="è¿…é›·äº‘åŠ é€Ÿå¼€æ”¾å¹³å°" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe" action=allow
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --make-default-browser
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --install --start
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
"C:\Program Files (x86)\UCBrowser\Application\UCService.exe"
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe
"C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe" --normal-stats1=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnyooLJ0YXorGkzI8f7L1BmUMx1zSILYQbR7wuYAoKg9Pz8WadRdV8JjlPzqvC5f5krHL2J9KCalhYil5TaUis/ahDw11/uNoRngua1dl60ZfqZncHtKUly2pkv45zAiM/eKziiwGCMDnMwW8whm1BVXx8cjmO3zPFurW/GQ0a3Hx6bVcHDrBqyq8xHWblh18iBM+l/XWSaId0NxzRdnzKxQX/wIFd7/s5tma9O7vO5W3HOsR+frFiZKJSrHJxF0DXwl21eXOHNS80VW2NlAh3+6QsBIPYmil5EeHo19ppzXGCiEHvCdRuIefxSJSqxr38VrxxhUNQ7fld1p15tFnLhhiOVE4GihGtVO
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --as-current-user --run="\"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe\" --wow-enable-user-experience=default"
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-enable-user-experience=default
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater /AddTask
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="580.0.1954773216\788416798" /prefetch:673131151
C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe
"C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe" --normal-stats1=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnyi7KZ0ay4nGkqE/fv3TzGRP/VrT5T8nbRp7ooASPjtPsllHtR/04ZjinimvEpnrkrj1zp9xhIRhaKRSTakKi/a1FyV16FZHRmWBQFdW7Vhfvqf6HsMltC25Pd052iyo/dCvtiw6sennAIyHwjSLE1XMy/7mLMHaFtx7z2QMW0HxwaVsHBBEmCqVR2absStyXJ4UFiG+4/qK2CVsE/niYQ9v+Q/Qx0+s5vXp4rpch1Swuh2ROBgMyFPrWf2JthdK2KA+GSG0Pmb9cSYpd/gkPr5w+A= --normal-stats2=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnWi74VtaytEEUp5nI33sfOjP/stWJOX+qNi/DErT/hsxsFmkvt3wiESx0OXTQd8r2/nwHAqwAm84/ffrvzxACbQgePbE/awM9WZZwpGXpmFdLdx6Oxe50B2uIHoTTiQVhBAnRlK6S/FmwAbHeyDXJTkMiD44/VUWTJxPBAAZ+0RAFThQu4ByIgQUtSy5Z3urbRzA3cE88hp5G1VCoGgZ33fsrCT5Qow7BfP/ihxclS1Y/+rcYR9/z3jrTDY84GMMYSJF98yx7Gzg8WVd9L7jwRi9Ifo2ChFTyfv8Ipw --normal-stats3=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnysdB90fZbeGkD8YvvDvz+RC+UZS/ZUBrR3Rh8AkNiJPChHPN6xuyNjeKDFvDZXVEo/J9R9DOrehWRp+DZ06nfaZJzd18cBXBnMzcZd/+Wnfp4vsnueviO2iq9J5+BSD/fa3gSwVO/6nIBaZAhevC9Xv79dmCkfX1vn5xSQke33x+YVIHC36mmqvwWVbpAdV3KsoNqGuefhK959tU8f6TA990TLQzMWRpuFn5npLu34wpQm+uCKC35Pyz8XJugdQ2KQuByG1qGq9f7Qctj5BFGtqE9GLQxREpH7rVkjeJijQuy2NYVOCUZN01tvGZhWCssPWMNsq6CuvwCiuo6cX1YgTEeMpqETSnpNFp93S7i4vUiFbkk=
C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe
"C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe"
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="580.1.1436645294\490796903" /prefetch:673131151
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="580.2.85520456\872508387" --lang=zh-CN --ignored=" --type=renderer " /prefetch:-645351001
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe
"C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/*AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="580.3.969590629\2044595623" /prefetch:673131151
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="580.4.55603236\439571786" --lang=zh-CN --ignored=" --type=renderer " /prefetch:-645351001
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/*AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="580.5.1501803679\488296344" /prefetch:673131151
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-warm-up --silent-launch --wow-auto-close
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --lang=zh-CN --wow-warm-up --wow-silent-launch-child-process
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" /addtask --type=wow-config-updater
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater -CEnumUpdateMode:UpdateMode_AliImTimer
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -cenumupdatemode:updatemode_aliimtimer --type=wow-config-updater
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="580.6.1316842859\99806480" --lang=zh-CN --ignored=" --type=renderer " /prefetch:-645351001
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.uc123.com | udp |
| US | 163.181.154.232:80 | www.uc123.com | tcp |
| US | 8.8.8.8:53 | mmstat.ucweb.com | udp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| US | 163.181.154.232:80 | www.uc123.com | tcp |
| US | 163.181.154.232:80 | www.uc123.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | dabai.pc.ucweb.com | udp |
| US | 8.8.8.8:53 | down.up1.uc.cn | udp |
| US | 163.181.154.232:443 | www.uc123.com | tcp |
| US | 163.181.154.232:443 | www.uc123.com | tcp |
| US | 163.181.154.232:443 | www.uc123.com | tcp |
| US | 8.8.8.8:53 | image.uc.cn | udp |
| US | 8.8.8.8:53 | tbsapi.browser.taobao.com | udp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | spirit.browser.taobao.com | udp |
| US | 8.8.8.8:53 | g.tbcdn.cn | udp |
| US | 163.181.154.232:443 | image.uc.cn | tcp |
| US | 163.181.154.232:80 | image.uc.cn | tcp |
| US | 8.8.8.8:53 | img.alicdn.com | udp |
| US | 8.8.8.8:53 | tce.alicdn.com | udp |
| CN | 106.11.149.27:80 | dabai.pc.ucweb.com | tcp |
| US | 8.8.8.8:53 | ip.taobao.com | udp |
| GB | 163.171.144.40:80 | down.up1.uc.cn | tcp |
| GB | 163.171.144.40:80 | down.up1.uc.cn | tcp |
| CN | 59.82.9.86:80 | spirit.browser.taobao.com | tcp |
| CN | 59.82.9.86:80 | spirit.browser.taobao.com | tcp |
| CN | 106.11.149.27:80 | dabai.pc.ucweb.com | tcp |
| US | 163.181.154.229:80 | tce.alicdn.com | tcp |
| US | 163.181.154.229:80 | tce.alicdn.com | tcp |
| US | 163.181.154.229:80 | tce.alicdn.com | tcp |
| US | 163.181.154.229:80 | tce.alicdn.com | tcp |
| US | 163.181.154.229:80 | tce.alicdn.com | tcp |
| US | 163.181.154.229:80 | tce.alicdn.com | tcp |
| US | 163.181.154.229:80 | tce.alicdn.com | tcp |
| US | 163.181.154.229:80 | tce.alicdn.com | tcp |
| US | 8.8.8.8:53 | alimarket.taobao.com | udp |
| GB | 79.133.176.243:443 | img.alicdn.com | tcp |
| CN | 59.82.120.12:80 | ip.taobao.com | tcp |
| CN | 59.82.120.12:80 | ip.taobao.com | tcp |
| US | 8.8.8.8:53 | browser.taobao.com | udp |
| US | 163.181.154.201:443 | alimarket.taobao.com | tcp |
| US | 163.181.154.201:443 | alimarket.taobao.com | tcp |
| US | 8.8.8.8:53 | g.alicdn.com | udp |
| US | 8.8.8.8:53 | afpmm.alicdn.com | udp |
| US | 8.8.8.8:53 | gtd.alicdn.com | udp |
| US | 163.181.154.230:80 | gtd.alicdn.com | tcp |
| US | 163.181.154.230:80 | gtd.alicdn.com | tcp |
| US | 163.181.154.230:80 | gtd.alicdn.com | tcp |
| US | 163.181.154.230:80 | gtd.alicdn.com | tcp |
| US | 163.181.154.230:80 | gtd.alicdn.com | tcp |
| CN | 59.82.121.179:443 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | su.bdimg.com | udp |
| CN | 59.82.121.179:443 | browser.taobao.com | tcp |
| GB | 79.133.176.243:80 | img.alicdn.com | tcp |
| US | 163.181.154.230:80 | gtd.alicdn.com | tcp |
| GB | 79.133.176.243:80 | img.alicdn.com | tcp |
| US | 163.181.154.230:80 | gtd.alicdn.com | tcp |
| US | 163.181.154.230:80 | gtd.alicdn.com | tcp |
| US | 163.181.154.230:80 | gtd.alicdn.com | tcp |
| US | 163.181.154.230:80 | gtd.alicdn.com | tcp |
| US | 163.181.154.229:80 | gtd.alicdn.com | tcp |
| US | 8.8.8.8:53 | gw.alicdn.com | udp |
| US | 163.181.154.229:80 | gw.alicdn.com | tcp |
| US | 163.181.154.230:443 | gw.alicdn.com | tcp |
| US | 163.181.154.230:443 | gw.alicdn.com | tcp |
| US | 163.181.154.230:443 | gw.alicdn.com | tcp |
| US | 163.181.154.229:80 | gw.alicdn.com | tcp |
| CN | 124.239.243.49:80 | su.bdimg.com | tcp |
| CN | 124.239.243.49:80 | su.bdimg.com | tcp |
| US | 8.8.8.8:53 | t.alicdn.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| US | 8.8.8.8:53 | click.aliyun.com | udp |
| US | 8.8.8.8:53 | 618.tmall.com | udp |
| US | 8.8.8.8:53 | c.duomai.com | udp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | cn.chinadaily.com.cn | udp |
| US | 8.8.8.8:53 | fanyi.baidu.com | udp |
| US | 8.8.8.8:53 | fanyi.youdao.com | udp |
| US | 163.181.154.230:80 | t.alicdn.com | tcp |
| US | 163.181.154.230:80 | t.alicdn.com | tcp |
| US | 163.181.154.230:443 | t.alicdn.com | tcp |
| US | 8.8.8.8:53 | af.alicdn.com | udp |
| US | 8.8.8.8:53 | gad.netease.com | udp |
| US | 8.8.8.8:53 | huodong.taobao.com | udp |
| US | 8.8.8.8:53 | mail.163.com | udp |
| US | 8.8.8.8:53 | mail.qq.com | udp |
| US | 8.8.8.8:53 | log.mmstat.com | udp |
| US | 8.8.8.8:53 | pvp.qq.com | udp |
| US | 8.8.8.8:53 | p.yiqifa.com | udp |
| US | 163.181.154.229:443 | af.alicdn.com | tcp |
| US | 8.8.8.8:53 | acjs.aliyun.com | udp |
| US | 8.8.8.8:53 | qq.ip138.com | udp |
| US | 8.8.8.8:53 | redirect.simba.taobao.com | udp |
| US | 8.8.8.8:53 | t.shuqi.com | udp |
| US | 8.8.8.8:53 | tb.jiuxinban.com | udp |
| CN | 59.82.33.225:443 | log.mmstat.com | tcp |
| US | 8.8.8.8:53 | uland.taobao.com | udp |
| CN | 203.119.144.7:80 | acjs.aliyun.com | tcp |
| CN | 59.82.33.225:443 | log.mmstat.com | tcp |
| CN | 203.119.144.7:80 | acjs.aliyun.com | tcp |
| US | 8.8.8.8:53 | track.uc.cn | udp |
| CN | 123.182.50.159:443 | track.uc.cn | tcp |
| US | 163.181.154.230:80 | af.alicdn.com | tcp |
| US | 163.181.154.230:80 | af.alicdn.com | tcp |
| US | 163.181.154.230:80 | af.alicdn.com | tcp |
| US | 163.181.154.230:80 | af.alicdn.com | tcp |
| US | 163.181.154.230:80 | af.alicdn.com | tcp |
| CN | 123.182.50.159:443 | track.uc.cn | tcp |
| US | 8.8.8.8:53 | clients3.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.206:443 | clients3.google.com | tcp |
| CN | 59.82.121.179:443 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | ws.mmstat.com | udp |
| CN | 59.82.33.225:443 | log.mmstat.com | tcp |
| US | 8.8.8.8:53 | union-click.jd.com | udp |
| US | 8.8.8.8:53 | fourier.taobao.com | udp |
| US | 8.8.8.8:53 | v.6.cn | udp |
| US | 8.8.8.8:53 | uc.ucweb.com | udp |
| US | 8.8.8.8:53 | v.qq.com | udp |
| US | 8.8.8.8:53 | weibo.com | udp |
| US | 168.235.205.6:80 | uc.ucweb.com | tcp |
| CN | 59.82.121.179:443 | browser.taobao.com | tcp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| CN | 59.82.34.236:443 | ws.mmstat.com | tcp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| US | 8.8.8.8:53 | www.12306.cn | udp |
| CN | 203.119.144.7:443 | acjs.aliyun.com | tcp |
| US | 8.8.8.8:53 | www.163.com | udp |
| US | 8.8.8.8:53 | www.1688.com | udp |
| US | 8.8.8.8:53 | www.58.com | udp |
| US | 8.8.8.8:53 | ynuf.aliapp.org | udp |
| US | 8.8.8.8:53 | w.cnzz.com | udp |
| US | 8.8.8.8:53 | ucus.ucweb.com | udp |
| CN | 203.119.144.7:443 | acjs.aliyun.com | tcp |
| US | 8.8.8.8:53 | www.baidu.com | udp |
| US | 168.235.206.11:443 | ucus.ucweb.com | tcp |
| US | 8.8.8.8:53 | m.ykimg.com | udp |
| US | 8.8.8.8:53 | www.douban.com | udp |
| US | 8.8.8.8:53 | www.ef.com.cn | udp |
| US | 163.181.154.232:80 | m.ykimg.com | tcp |
| US | 163.181.154.232:80 | m.ykimg.com | tcp |
| US | 168.235.206.11:443 | ucus.ucweb.com | tcp |
| CN | 59.82.121.179:443 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | www.huya.com | udp |
| CN | 59.82.33.225:443 | log.mmstat.com | tcp |
| US | 8.8.8.8:53 | www.ifeng.com | udp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| CN | 183.2.172.185:443 | www.baidu.com | tcp |
| US | 8.8.8.8:53 | www.myquark.cn | udp |
| CN | 220.185.168.234:80 | w.cnzz.com | tcp |
| US | 8.8.8.8:53 | www.qq.com | udp |
| US | 8.8.8.8:53 | www.sina.com.cn | udp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| CN | 220.185.168.234:80 | w.cnzz.com | tcp |
| US | 8.8.8.8:53 | www.sohu.com | udp |
| CN | 183.2.172.185:443 | www.baidu.com | tcp |
| US | 163.181.154.232:80 | www.sina.com.cn | tcp |
| US | 8.8.8.8:53 | pdds.ucweb.com | udp |
| CN | 203.119.144.7:80 | acjs.aliyun.com | tcp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| US | 8.8.8.8:53 | p.tanx.com | udp |
| US | 8.8.8.8:53 | bj.58.com | udp |
| US | 8.8.8.8:53 | bank.ecitic.com | udp |
| CN | 59.82.31.179:80 | p.tanx.com | tcp |
| US | 8.8.8.8:53 | business.sohu.com | udp |
| CN | 59.82.31.179:80 | p.tanx.com | tcp |
| US | 8.8.8.8:53 | cn.365psd.com | udp |
| US | 8.8.8.8:53 | douban.fm | udp |
| CN | 59.82.33.225:443 | log.mmstat.com | tcp |
| US | 8.8.8.8:53 | dribbble.com | udp |
| US | 8.8.8.8:53 | finance.ifeng.com | udp |
| US | 8.8.8.8:53 | finance.sina.com.cn | udp |
| US | 8.8.8.8:53 | ent.163.com | udp |
| US | 8.8.8.8:53 | ent.sina.com.cn | udp |
| US | 8.8.8.8:53 | game.haomove.com | udp |
| CN | 59.82.121.179:80 | browser.taobao.com | tcp |
| CN | 106.11.149.27:80 | dabai.pc.ucweb.com | tcp |
| US | 8.8.8.8:53 | game.zixia.com | udp |
| US | 8.8.8.8:53 | gateway.browser.taobao.com | udp |
| US | 8.8.8.8:53 | www.taobao.com | udp |
| CN | 59.82.121.179:80 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | games.2323wan.com | udp |
| US | 8.8.8.8:53 | jx3.xoyo.com | udp |
| US | 8.8.8.8:53 | k.sina.com.cn | udp |
| GB | 79.133.176.221:443 | www.taobao.com | tcp |
| CN | 59.82.121.73:80 | gateway.browser.taobao.com | tcp |
| CN | 203.119.144.7:80 | acjs.aliyun.com | tcp |
| CN | 59.82.121.73:80 | gateway.browser.taobao.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 59.82.120.12:80 | ip.taobao.com | tcp |
| CN | 120.41.32.49:80 | su.bdimg.com | tcp |
| CN | 120.41.32.49:80 | su.bdimg.com | tcp |
| CN | 106.8.130.149:443 | track.uc.cn | tcp |
| CN | 106.8.130.149:443 | track.uc.cn | tcp |
| US | 8.8.8.8:53 | z7.sinaimg.cn | udp |
| US | 8.8.8.8:53 | inews.gtimg.com | udp |
| BE | 92.123.51.8:80 | inews.gtimg.com | tcp |
| BE | 92.123.51.8:80 | inews.gtimg.com | tcp |
| US | 163.181.154.236:443 | z7.sinaimg.cn | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| CN | 183.2.172.42:443 | www.baidu.com | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| CN | 183.2.172.42:443 | www.baidu.com | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| GB | 163.171.144.40:80 | down.up1.uc.cn | tcp |
| US | 8.8.8.8:53 | tce.taobao.com | udp |
| HK | 47.246.177.10:443 | tce.taobao.com | tcp |
| HK | 47.246.177.10:443 | tce.taobao.com | tcp |
| HK | 47.246.177.10:443 | tce.taobao.com | tcp |
| US | 8.8.8.8:53 | extensions.uc.cn | udp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| US | 168.235.206.11:443 | ucus.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 121.14.156.49:80 | su.bdimg.com | tcp |
| CN | 121.14.156.49:80 | su.bdimg.com | tcp |
| CN | 123.182.51.94:443 | track.uc.cn | tcp |
| CN | 123.182.51.94:443 | track.uc.cn | tcp |
| CN | 59.82.121.179:80 | browser.taobao.com | tcp |
| CN | 59.82.121.179:80 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | update.up1.uc.cn | udp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 39.108.40.9:80 | update.up1.uc.cn | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 123.235.31.49:80 | su.bdimg.com | tcp |
| CN | 123.235.31.49:80 | su.bdimg.com | tcp |
| CN | 39.108.40.9:80 | update.up1.uc.cn | tcp |
| CN | 123.182.51.196:443 | track.uc.cn | tcp |
| CN | 123.182.51.196:443 | track.uc.cn | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 118.180.40.49:80 | su.bdimg.com | tcp |
| CN | 118.180.40.49:80 | su.bdimg.com | tcp |
| CN | 106.8.130.78:443 | track.uc.cn | tcp |
| CN | 106.8.130.78:443 | track.uc.cn | tcp |
| CN | 59.82.121.179:80 | browser.taobao.com | tcp |
| CN | 59.82.121.179:80 | browser.taobao.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 125.74.1.49:80 | su.bdimg.com | tcp |
| CN | 125.74.1.49:80 | su.bdimg.com | tcp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 125.74.110.49:80 | su.bdimg.com | tcp |
| CN | 125.74.110.49:80 | su.bdimg.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\scoped_dir1888_10434\stats_uploader.exe
| MD5 | 174d697c06d02aab649bc0f09e70651b |
| SHA1 | 1141c6993bc97c35062b95884f0f0f9df256073f |
| SHA256 | 0cc1194f5fb42e552affc452cd77710df6acbc8ddcefdafbd79c5a6e693e3a09 |
| SHA512 | b6be98658afbaa615c9d1cc4a6e3e4f04be863d974113ac3e930324a651fe98909024a686e12ef143d501ca93e3dff5c36c0af8a75c8a9b29a286f987484eda8 |
\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\setup.exe
| MD5 | a829f040da54dd809731d403ae83caf2 |
| SHA1 | f270cb77c6e3697a90c6beaf4a93570ccf48ae79 |
| SHA256 | caf89f1dcee6d607630d6da3cd57c6de542509df361f2b19ed1222a37ecbd3e5 |
| SHA512 | d771473757f92a66ae66950634c35b285609bee9bb7d63da49cbbc3786a4f497ffd39c50e1a0f34f995d254309113a1ccc4bee6a63da7e9924b7359fcba9ea70 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir1888_17413\wow_installer.prefs
| MD5 | fcee2892d47f62139209f80783bc0a8a |
| SHA1 | f3812192dc6d2c18165944ac3e69dcbf49428843 |
| SHA256 | 37249e0d047c3560897c8cc95e256677664870d5dcd534d0e2cd5e387a70db3a |
| SHA512 | 58a9d4d1eed549fba39576ece620fbe03e985b79d3444a318ac2442f2734415a2754207cbe25b60e7633d68c1c11790167b79351a70f636fe9023249d15e6f54 |
C:\Users\Admin\AppData\Local\Temp\CR_F1B47.tmp\CHROME.PACKED.7Z
| MD5 | 164c0f7abdb4c410e10d6eb79e7d7ce2 |
| SHA1 | f6aeed2d4552fde8f74c5b9a873d3f00d9f5c428 |
| SHA256 | ebd8d49ff72af1bede93403eacccb4fd138a61d89de8ef7a6815f849ea573164 |
| SHA512 | e5dfd3a98c7d06ab126e505756d8a0102f2dba5956cc196fccbc664cd1e2c9d8c6fbfb167509eb7ee024af879ae592b0195efb49b7446c93ceb6436e5b66f9a9 |
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
| MD5 | 4a38c60ddc539e00b1c87692f574930a |
| SHA1 | 9276702ccf3c457f17378ea770b01ce577bd5996 |
| SHA256 | 6bcab2e9b5b097ec22fbdc4101511fdd9a984cf20f2097714477dd1704e5c51d |
| SHA512 | 4a99b21a86f5152dddfb849d9da1074019f411c72df201a0cb73b9c79399219b71929e2460163f0a5fda47d5822997126fd5083a215bd0fcfbeb2f7b2b73822a |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
| MD5 | b3108994e186bf385062ea4996311428 |
| SHA1 | 7f79126b1498ff8382c3193a6d4a5504aa7bd5c5 |
| SHA256 | bd9f9db7d6ea0682e3e4a0d32e4cd7a64cbe838d56e709a214730529368bb758 |
| SHA512 | f8fc6276ccf8c30c848b96e9f8632014dcc121f07be6b9ccc74f86d0d311446c1d1213e9f41fe9f571f35e183033fa04f8086fe54fa3ac640fe887a4ac85e444 |
C:\Program Files (x86)\UCBrowser\Application\Uninstall.exe
| MD5 | 0a2c658a324e3d9a8ce94caa038f789c |
| SHA1 | b6d223c0501549b09c8fb6f3158e2a01861a729e |
| SHA256 | 3cefc87ee4f008f55336b7cf2ec4cd9480249071a72732c230be9e56870cd70d |
| SHA512 | 71c556437e4ad8ed44e4241b716d51710eb4aacce44f4d0fe336d97a490a6afb40d98ebce4356743c121c98042ab245073ff39be37def721eecd0336c87147e9 |
\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome_elf.dll
| MD5 | f5a1ef8b90b124a9b9cbd78f9709fa48 |
| SHA1 | f88d125c1d7a55ed6c98bfb81064a94eed5bef81 |
| SHA256 | 91f6114c5b2150c1e04ed05425a164418036fab42f11fd5fc6eb2575a7d24f09 |
| SHA512 | f24eddcd8a6298b7b891b8a754c9a91b0e32465ac1b289f823cef57f48cd1d42fe7d2628ddd9e09668badb4d85bdafc923fe70ece08970762ed4ca3310955cc9 |
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
| MD5 | 1f6c6ddf9c2b4b9f6c7acfdac48bf6df |
| SHA1 | f1dcfeb2fdc49ceb07fa0775e975550d9b4aa92b |
| SHA256 | 4bb44f376d108f9a6b3f98c1428a6e8193153285d19284d326befe313129c4b1 |
| SHA512 | f29c2bce9b73711b69e95afedb76a9a4e26a612df0a6e79424e7ed907ee1f74dc260b1326f8c2520aac8b7ca1949eb8f64ae596e220cd3cb03df475d77c46a47 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome.dll
| MD5 | da4e53402330683dbef463783d43e99d |
| SHA1 | abe40397ba0e4a9b850473e8fb706900e52ece21 |
| SHA256 | 5850c625383e042c17399c9477c51c675538118632db152807a8b435bdeee5a1 |
| SHA512 | 150fd0b47f13431ad8edad58ab5c6cb5adee481cff31b53135cad675cafdae87686fc93bcb564753e3637296107f40aa59eccb6237c3ba38d2f61829339573a2 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\natives_blob.bin
| MD5 | 4d9aff8a5beab7e073410b054b59c5d8 |
| SHA1 | aa931b1fcb804b1cc3ebd4388ba4b2c3006dfa3d |
| SHA256 | 48c6a9c31422ccf362167313e74f5f829ae8d05f762074ad9be5056a2d6fe2d9 |
| SHA512 | 6c0e261c1a71afde21788670112a95fc50345aeee430fd605f6e4eef209d5de2b54e015e41562efaaa3db73f208b2b3e6bd55a28b4b437991f57086d7ed4e1d7 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\snapshot_blob.bin
| MD5 | 0ee9915ed70acca6f058c1f3bb302759 |
| SHA1 | 0cbccd5d03b2dfa9f2d302476719ed949baae4e3 |
| SHA256 | aaac4bc49096e95a855d1f49e8548fac08ab92d7da47a55bcf7f7bb5de7aeaa2 |
| SHA512 | e2bf7acbb9c858e30adbbe1e76ae3e96a804e598e6d758ec95b7eb49c731e7a8f93190fc6cbd56f1d9ee0ae37114ee743c90b483651dd1bf45443b6d3e4d8d4f |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\icudtl.dat
| MD5 | de34dfc767739bfd182fc8874ce2b0a7 |
| SHA1 | fc8ca7b9fae7c21c0f4c2cca161cf7d457f5df51 |
| SHA256 | 4d51ee5ebf33149c8891a541d91a7aa5d6cdcee5cb84aa27271b13dda725c1a1 |
| SHA512 | 8a14d5d065c6ae060ad4b1b2dc0062344137e0b7e715ca57c07d0126d9ab91c0eba1e8a6c5526c7bc2583f626f71351014b3084de6964245496af812565eb8e6 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome_100_percent.pak
| MD5 | 572104052868f41b8ccd82c0a082985a |
| SHA1 | 773c981fd33b95f945151763039ee4cdc1517ecd |
| SHA256 | 81ee9bcf23bf56616a60f2982fac8b1306e414972b95f0ed9b889b345e16e468 |
| SHA512 | 2e06e3aa0642286f2d6ee94c3d8c88142c2f3f85547dfe8b97982b101ca185193f2348c83252a62412561e26f6997bd0ac6338ae5e059776a0cee6719892296f |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\PepperFlash\pepflashplayer.dll
| MD5 | b6fc20161d6f334634436e24fd253949 |
| SHA1 | 5132d99c04f2b3f158e85e524f16c1db5a781c3a |
| SHA256 | fb20a6705591f0687d5ec9a4d0dc2aa0ec67da78dd5130db5c5769de05194393 |
| SHA512 | 0fe6c62936a89ad8894943488ba31a185a68d5b6394e414e23002452c0f949f31a4cce16042dc4a46f3f765575eefd68a15f7a34a91ceb6a19529f2403812fe9 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\resources.pak
| MD5 | 8995c5dbc461cc501151da18e1acc4fb |
| SHA1 | 17201a9f00b42ee77d4cf96d02848e0339f43fde |
| SHA256 | c1808b5fe3539572a69652006bddfd2b44409a49df66e9964507ab5ca42aae6c |
| SHA512 | 7f8f3a49d6e444b02b31464e85e033afb91d3056a8f0726c45f6bc93b9fa06f9f6ed33d81a85d505e02737116a94a504ac781f20350c6dcf56764a3542e99374 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\locales\zh-CN.pak
| MD5 | 17b2bfce4f05fdd3deacee35244bedef |
| SHA1 | 0e5dd7c99b0efc8e29049f49d60c86884e884379 |
| SHA256 | 1257c68222c4bc84e8f7f601a359b0afbd4976b0f52b5440cc7ee0b1d35481dc |
| SHA512 | 31ab1f9e5e7e5723f1f69acac9191a35fc781901fcb5880aa1162a08e864902ddabd4700952d0a3d1969fda21b97e59a4e91c64f377489d215c0d84ca7665e47 |
C:\Program Files (x86)\UCBrowser\Application\Share\custom.dat
| MD5 | 2f70b6c6edc5c39a788e18c6cf9afdc2 |
| SHA1 | 2b821f081c4223e7332e792b4b20ff0750d12c57 |
| SHA256 | a9e1b3c0b4a1332e8162fa45a1a9cb4fb12df0ccd9f98eb88e0daa40d3b40c3d |
| SHA512 | 30b80b70e383365b259fccf2705b64c5facb8aa435b870a00fbf12182629a9efc7546b925850316f653beaa603542ae30f4bc922c84d2ee4909b59cf2f780b68 |
C:\Program Files (x86)\UCBrowser\Application\Share\start.dat
| MD5 | f80999e486fefce6d8383e7753eaac41 |
| SHA1 | e11bdf431e03d020f7ddedfb7299b7e74faaa93c |
| SHA256 | 8ad8cddfa2599ff80cbbdf966515d061758996dd01e1af0f56984f1a3899d58c |
| SHA512 | 65f24ecf1404a5814d6413feb60010361548022f3ff6ded9504c040a9b9171bfb89b59fbdb6c2711d05bd71ee76c66b41d06db3f6e959a586cef913a10ccf2ed |
C:\Users\Public\Desktop\UC浏览器.lnk
| MD5 | e64569b45d4932782fe71413683715d0 |
| SHA1 | 9682529fe7ddedf2eb60ea0636611a768726e35d |
| SHA256 | ba6e75eeef62cf5c578e10d007f8ceac3fb57cc9e18ca423f399193064b3331c |
| SHA512 | 8d3a26469f0b1166da4322ee2db1bd218787c396ddaaf9239c23936c42455eb79e6e59d36d0024fd1fa8f96a0091c8f2d11669d6d916c9334a6d87480b819a96 |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
| MD5 | 5933866a62c7d0cdcd182ced23b3abb2 |
| SHA1 | 9211dedec8426aa7f496ef95bda24a68b2356c11 |
| SHA256 | 4fa07cace8a45b388879d7eb390283074535e5ef544e77592c1c8d22ff4bda29 |
| SHA512 | 8e13cc58c8516dba70f2fac681688e5341e96e1640336cb5d441a068fe33b3611df771d373691d5d1ea3cd083e5354aa4938b58c7b8e5e89c29c3bf79ddab71b |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe
| MD5 | 1882e8a3013076a821f10dd268f4a49e |
| SHA1 | 2602bfa3b318f0bfa4b046cb467ed230b32675d0 |
| SHA256 | cab75eff5e0a9bd41dc9d1e1888f06d455225b35cdd815d93673766bcc195641 |
| SHA512 | c77939a086cbe5ea7caa4096470c0f7ca831b68990cd0b2e1c0d1f07bffc6e34197b3814e8b0612f6e30eb6a3e28651d4d0437d7272d163a97bb6e8e394c85f2 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\google.com.png
| MD5 | fd1c0d6a9564ad18c7db41ca68831233 |
| SHA1 | e3b2e108f706d5fdeb6bab26952f3026ac1dd13e |
| SHA256 | eb81db9f5f834e01e8952f2567589800287dc634715801f946301f1bb9a269de |
| SHA512 | aaced8dc9555fa2db37283d3809aec9de35b562520870607d3cf74435830a44ca272fc06dab04adc45f7c26ae27ff8f518aceea55440f154fe195d4823b37f02 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\etao.com.png
| MD5 | cb1dadf3436c8e2bd6eba6e75bd54ff0 |
| SHA1 | e3282c7c97941bcaf4a7b24003dfed3810dde97e |
| SHA256 | 4b95ae0a53611e89bcf3955725bb9e97e6110c41748b72da6e9776fc624782d1 |
| SHA512 | b1df1de97b6386b63f51c47d0915a9cb02fd139bbf51268ae6762a9a2b0abd411ef06224445681bfbde2404e0544b61c417ceae2ac8bf4155a91feb609f70ed1 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\bing.com.png
| MD5 | f06fffc93bf3d08ba0c71d27b5e4335b |
| SHA1 | c55c2bc1ce66ef2b8f908e2b76f339d54059c5c1 |
| SHA256 | d17c66e0c39382521aad834bbf7f1409b62beb41225776c4050e42a118e63ab5 |
| SHA512 | 887007ba99c8b0fe64c9ab3c8458809b71f27ea5d8a961c39c6447fdb2bb73f0f34a7e76a6a543026d5b9816f43deb6fbd1007521e606b411b7301dea36df3d5 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\baidu.com.png
| MD5 | a22364bc92dc3a1f3d4c89ee1ee89c24 |
| SHA1 | d2d247787cb4362b95c1080437399c937e357c5f |
| SHA256 | 0a990cc8459b76198cb42f47f6b3effeff33092f4e20618e5938f2cdae23b9e2 |
| SHA512 | a1534a684dea9e5bc3b55930c4c80eb4f7b4405e4e7f0cbe6583f8f8bb9f34888bdafad4b8678ad5e97a9d79b045b2f53ef7d631ea91f417c074ecf37f898b78 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png
| MD5 | 0a9fc68e2274bde4fb70935c0f676b00 |
| SHA1 | f6b5f67d004ad2829fb1de8e16343be7151b98e0 |
| SHA256 | a14dcf03c3b36f11cdf688be313167eb130cbf52e721e67d4fef8f535a8a2e49 |
| SHA512 | 584055d760da5b1819898a4be08c191944c2e19d6cbd62d9146deff3f4bf445c41316b6b1cab1580b53a9cb449008a25cb85325fc802790960437e2fc2462cc7 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\marketing\1001.ico
| MD5 | 4c6695fdb42d78ce9627280bec0abe35 |
| SHA1 | 24926125d6e04d4f1074b6ce8e29cc503a708899 |
| SHA256 | 8425eb2fdf398f0ee4e922ceec61e55ec812a3dae3572e67750367aa869d52ba |
| SHA512 | 0ff06b5c96ffb4a8fc5ec6fb110bbdc6ee22c6541cd9c4a9e2f91754e6b83f1e1ceca5ce7dc8b011a7caa1d5109e1ce53752ae51fa7fd478aa3c1a144f012c3d |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\weibo.png
| MD5 | 11b4bab51c09f5a1d733085b334b3056 |
| SHA1 | b6eb762070e23c5b86675f6b0f46c8ef60f21ddd |
| SHA256 | 4f6b32b8a4d942393a1138715b2fb89a49d1d91ecc73be3eb4b3a466474f03e5 |
| SHA512 | b76196785fa98e6420e086778695dbe9a16a217e56dec19f426980e6ad768ba2d80d7d594293c94d7097191bd3053926477e2f8a858edd59728205457e1cb3cd |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\taobao.png
| MD5 | 179d77b169bd715167fd0f6927808b62 |
| SHA1 | 3f12c101f6129676f2029a70bf5ae78b524a0cda |
| SHA256 | ba9d78dbc4207d5d61e9fc42dbed28cebde243179f7625d6af23a10c21678962 |
| SHA512 | d8156c9a5a6fade547c235b9b77afdd1c16bb62584f1bca0dedaeb48d80a2551ba9c232aa4e5a22fc66dc2166b060912947acedee6a6f1bf43a8d630f0ca74a7 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\qq.png
| MD5 | c6c6cdf8179fd3360e2dd60dc8b3b0ec |
| SHA1 | 850caf5e4114fcfe18f57e5d82cb83f9ed6485b1 |
| SHA256 | 4e5358357544531a5deb98b8170ce86dddc62d820632fd6341fdc5e2fa7a4176 |
| SHA512 | 08d5ae337ca47e44a8126aff0bc47f3382e131fa34261619097afe5adbda92a7e8d4f77b324b8aa20fd91fed323d2ffeed3be80212bd1912f2e5d7e91439bfdd |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\alipay.png
| MD5 | de2786e2dc5852dccde9cc1eee3b7d00 |
| SHA1 | 1fecc23e53be721e3e2bd2d6e8d60936102ecbbb |
| SHA256 | b2693209b430c72a74e34c732a14ddd99a5efae9c70ab7b367d72a39ca44e9f4 |
| SHA512 | 268e764e457bcd97bc0ea8283394cfabc5ce28792a0ca13ae4d882bbf5893be5d2d3468e17d36d453bcc3d17b0260fa39635a16168698011170340c7805f91a2 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\renren.png
| MD5 | d542cd4d121465265415876a13c8e6e5 |
| SHA1 | e049a1e6202a7e174ff742bfb2a25f0f729edf8f |
| SHA256 | 0fc53be0beff5dbc4a762c19f983ebd0a0bba8239cd052c3990793de457ccb24 |
| SHA512 | fcfe6b77aba31a8ea729383653081ff5f8285ad644079e908f4e137db57bc635989332b682f26ddfaa04dcb9d95694a2e40cc4ac47ccad4aafb0f14a42fd329e |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\noads.png
| MD5 | d8168d458a998ba7ff997e5ba43c76db |
| SHA1 | 930f783e525a44cf695ed2fdc0c56e331d6862b8 |
| SHA256 | a35575fd03c30814af7bc6b259f7f51dd75a2c780c6f0ed6602abc55afd2130e |
| SHA512 | f74387986dc60a40961420129fb051d37ce7d75a8ec4f02159e53bf2828f25aeab562ee72537abdd32ab19fd25e3df26f9f89a2334c62d23815e44af31c3ccb3 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\tmall_points.ico
| MD5 | f980ee0aee951b86db85137ec027e491 |
| SHA1 | 5ce8ca7db87622ec9bf14adb8e55a31f098fbe37 |
| SHA256 | 1a430c23e1f9f79cb88ef4d532a70dde6aff7dfd03adeae9461b559a7641b8e9 |
| SHA512 | 5b275e299c9bf250a5c3479fb1cf370a648e81dce74833256cfd0bc3c30db557edb363caafb1ff3d3a56995a78c920e2be6c1587177677908c1557e271784f52 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\facebook.ico
| MD5 | 29caceeded110cf5cdc6b2837f34f703 |
| SHA1 | c5d0fe9def646afd04a4b0f4c5a39a881e4c3624 |
| SHA256 | c735760b739f5ff8e29c023856d03c78def35ac47914e480c885acf7b18aa973 |
| SHA512 | 191cfc8dce601577cb4a574693b7709912bf2ed6cd891b31981f27ec2aacef0ce72459d213d132ee53a46c5d76510639260365b001fdfe1186719e99873a857d |
C:\Program Files (x86)\UCBrowser\Application\Share\config.dat
| MD5 | 3fe2cf2c76c606f049b9f3f11837723d |
| SHA1 | 18215e2aa3c15183d6d91e2a4123b4d98691249b |
| SHA256 | d224be4368e36092c261c3a57d5c66a52c8522699b8324dfff2e9e4a4662f072 |
| SHA512 | 86deacccc789288085fdfbd9b5001024b9ee3d4d2d4b918d71af732f9b9c0532a8cab7bc0e002fb7e7425c8e26748100e2da91fe3f1fcb124a6003d15487e267 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\uc123.png
| MD5 | b3d961de8896d4d6e8159d6b6a6e7729 |
| SHA1 | f8d468a11da8e9f136fa54c043f5de5ebcdd62ff |
| SHA256 | b864bd7ceddfa3c715c4befd29631bf2f6c55eed4fd5d3428eb27404af4b5129 |
| SHA512 | b441debbfe22afdc63e2ab2c0c9066c9ac5013381337d0c6c396da36be07eac906551157297965557484ef23460929c1033ea338ec06b3cadf929f0ec61bcd43 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\taobao.png
| MD5 | 0870184d9d62fc6ea09f661ce759a680 |
| SHA1 | 7a3be4d085398b2fea068a55892518f5092b84dd |
| SHA256 | ef63a5515e3b3d09a9977b78304d0e45d76da3614f230c233441b34c62f00a05 |
| SHA512 | 124a9157c8b447794f4745edb752091ac809e4d39fdb34b65c06c72c08c4be3a157c0741785881c93a139368b92990f7a445e3ad75c80d84ffcf5843a35481fa |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\pp_helper.png
| MD5 | 4cc9b59697f7564731e8c506264f3bde |
| SHA1 | cb9d1f897620da72c4cd3cf3a5f4712f509ab5ee |
| SHA256 | feaa5ce8f86ee0cd34821b48cf76e330a620bb4045290891a0c8edb42054db8a |
| SHA512 | 5480d0c7c815e95500790d6a33a32058a75f3369d2ab80be0fafad78d7767ea6d41ded7d405e5ff6473c5d84bf24beabc81f5b3e59b644adb04fdc95ee48bae3 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\baidu.png
| MD5 | d390c92daf6ec52215544827f405a79f |
| SHA1 | 077cca8c1d73bf05c1f4001893642f4ea28ed454 |
| SHA256 | 611e5b35b3f35e6e8084ca7f71f9d22f141ee8a60f62e00ab15be721a3852cf7 |
| SHA512 | 0af5aa486487510ee280cc99b9547214df43e32bbacb6c933bf9d10fef72afc5c4a23fcb2e3db83231ba934a174fc535529ee88cd6ad3474691a2b779211f3ad |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\amazon.png
| MD5 | 9fa7deb1ec538c30eff038daed4814dd |
| SHA1 | 71a3bc8a736c93812b06f66fb7b2e522d18d6b1f |
| SHA256 | 6e8bfc1ba4adabafb14c021a16d865253110dea7933658aabda0403d1f729cbb |
| SHA512 | 669c115ca531a94e522aa9f8f81422f6b5c16d51fad41d073c38f50ca6a50d0d5e6c2f1d9115aa06c68f4345bc3c273f558cf665681c10f113374e5a34dcd0c7 |
\Program Files (x86)\UCBrowser\Application\5.6.13381.9\libucguard.dll
| MD5 | ed96f14e32bb351ca7070c217a781f2d |
| SHA1 | c8d0a14318db2b1ddc49313e69bdc662f699cdd2 |
| SHA256 | 3f7efb52ac4e2187d145f29f4a06fb439009da0f1b133a3bb917cac4ac3efe53 |
| SHA512 | e371edc53de44cbef31d18ebb46a44321a7e21639ea56ca65c7ba1c1de583dd9d86e38e11ee6bf4d40bf47a8d28889ea8569f5f99a6582903a85aefd97cb92c9 |
C:\Program Files (x86)\UCBrowser\Application\ucsvc.log
| MD5 | b6b8d856163380571bb61087358354bc |
| SHA1 | 2bff75e2d73c8332aef1792e65b70f7426e80f23 |
| SHA256 | e8be04b88faea8376cc8b8f658242438d44abc7e1f1f60debaba4acd0019e707 |
| SHA512 | 1ce05aeb3b79c4fe4235808b49479fd3788cbfc76af5bb37b0bd39ce2b481c739a2956d0df42e15ec6722d2a808ddd66abbbb13c64cfaa6254dc1696a47ca521 |
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Windows\Temp\Tar73ED.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
memory/2896-328-0x0000000000760000-0x0000000000761000-memory.dmp
memory/2896-381-0x0000000030E00000-0x0000000030E01000-memory.dmp
memory/2896-380-0x0000000014500000-0x0000000014501000-memory.dmp
C:\Program Files (x86)\UCBrowser\Application\Share\ucsvc_config.dat
| MD5 | c47d884b0c0be4a2f8ae1db1ca068968 |
| SHA1 | b7a26da669c09a19f97b61b82ca47975cd2d7979 |
| SHA256 | 6d113a63f1e577de338580cf3c9de4a37f3112657ed8591d9dea24fd28cc435b |
| SHA512 | 0e6da50b47c47b78a061e9d265481316dff470d620605febbc5a53be4caac3b820e26768eab083b882e7e872aafa8f28412c0989e83cfee0edb2f6f165733af9 |
memory/1680-436-0x0000000010B00000-0x0000000010B01000-memory.dmp
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Local State
| MD5 | 3b9d519c1622546a1d97ebc46954457f |
| SHA1 | bfd6eb653013ea8fcbf8f2a82898429fffe61d90 |
| SHA256 | edda806df70e8667eecf1c641a484c442d0c0bc3b5c3fff61dad655878411c0d |
| SHA512 | 2eed532e2de4fcf91ba400d23fcb10446f7f6e19354fc31853cb8a8940e139cccadc0d0e8b60c88760488787dfbaa14d4ba305ed59480b305ad78dc1b7349675 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Preferences~RFf769c01.TMP
| MD5 | 6e25eb146c7a16a2ca60e88d90d59e14 |
| SHA1 | d6febaf50034094da7b24926b1565f433846be06 |
| SHA256 | 9b2f7bcf8bd9155844395b8f2f1c5c09323f87a45fcf7ce11e731b6e4f881fc8 |
| SHA512 | 58744a0606d679656cf83e431a1f67d5f03363ec1f622f40d477b8a836e538d11448dd57f4a750c064f7f4057c598c08a696ff393cedfc9d1e8a5b3b8e437d68 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Preferences
| MD5 | 1f9d7f7ebe83036d4c003a2de9c362f8 |
| SHA1 | 14019dd722ed9d0fc2b98748bdbcc21306c57316 |
| SHA256 | 9fa25059f3747522167edf466b466ebefe5619a7e4374cd2de79a770a5e140bf |
| SHA512 | 0358f1d69579a79a5cfcc44ac48460e99c3fdecd16eb3a92eebc585513a3af2f902ed8f0effc72a009345c732a15c9f8f8757134680a964ea49709e3a32fa385 |
memory/2708-639-0x000000003C400000-0x000000003C401000-memory.dmp
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Extension State\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/452-726-0x000000002FC00000-0x000000002FC01000-memory.dmp
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Local State
| MD5 | 074b8cf21678fce8375d567e2f1bdc11 |
| SHA1 | 921a00a54e1520c3fe02e3748bb947a39cb93c43 |
| SHA256 | 3841af12e54a31b49db6612285571612cb924bbc1221290ecc1d663289a3212c |
| SHA512 | 582e963354c01fc9049255d08d8ad2a707f7cf727e8091d9e228522d3ac2a3c2f50f804eda402369b3b4eb3a62fe9b1a854b592238b3aa5a8f74ded5c2f380e1 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Preferences
| MD5 | 39a9bcbf303bd10135d27ef79b9066db |
| SHA1 | ace5fce9eee1d94e76c0d7d907bce85b5ab7c501 |
| SHA256 | f14a7682273d941a9c0fead3ad4316f99bd4fceacbbd128fe3ae447b61cfeb62 |
| SHA512 | 24d77dbe24e6ed7fffe5e2034f7ae7696fe4d5ddc30100312c66ebf97e1f8606111f9e13bd03f6bca630eea47df0eef31e78ea0becf9fb61a8964542d1fc3435 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Local State
| MD5 | 2d319a06bab01d28515c04ff09534cf1 |
| SHA1 | 2ab62ea39b03772baaac2ea25b1088be9c959db3 |
| SHA256 | 78ada2444144306e5fb55810bd84b02e8f97dc130fca8ee5ed40637eba031a45 |
| SHA512 | 06651c5394096268d1dae11e1e3c3880ad9e9832acfccf703cc84be7e954da6123c8ab339e8a52152b75adad8ff17e3d71f8aa0d380a6a7ae4296310cd09f438 |
C:\Program Files (x86)\UCBrowser\Application\Share\task.ini
| MD5 | aea2dc067cd94c193c7c9848d0b8d845 |
| SHA1 | 683b53a9fa7ee891fca23787f0ee58f15992c6af |
| SHA256 | 904427d7b3f6e961a7d9f5f1161448b436283ba9c1835f9ef77885b96100c20e |
| SHA512 | 2729df0330c4b16e3d74c3a074079ae4f5b8c910ed792618096f6dd515c851f5d31cc03cf778be6641b3ee419ae994c0a907dcc67310299c1bc8c5f8b0670653 |
C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\scoped_dir_2436_3996\share.dat
| MD5 | a9a40d4eaaca29a2d669074a6b3720d6 |
| SHA1 | cf5c21e6f0cb8caad6001f4176d53062de54aba6 |
| SHA256 | 27929cf493b7ff7517488c07cc8b74d5de065017401ce23a6267c763157cac9c |
| SHA512 | 9c49456780063a2fe956b9792ef41caa452c39fd71af34d169e9e924daf801fa9b09204ae099a921af5247a8f41f46a1d79f845fe5cc2b75434952b049aff896 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\TransportSecurity
| MD5 | 0a402fa0e69edd5eecb93f17482453fe |
| SHA1 | b486168bee8aa67655698ed43e335b11f3a3d25b |
| SHA256 | bba74f33f409a7f1c95035b64a6ed363fa933f1f625073178b87ab0f9fdbce95 |
| SHA512 | 913444502998f2ce9aeb8345d1f201de600f7570a2d4ab11cd78bc5dcab42202cbf16a2042f38276d0d55d3e9a3d15343c4abb7a2ea9b24c5092a25b64e8d455 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms
| MD5 | e5771e0ab8289c1fb5022fe04fd4356c |
| SHA1 | 8e7adcd30b3047c435dc1d68016bd4402b5a7ec3 |
| SHA256 | 32ce18472f29d32b872430521da96f66f0cc0c385c82e524c7daf20095875581 |
| SHA512 | 7ca65c1269dc242c446ea31627048fb167239b39053c458e5e87d0f1d05f340e8b031f6e70f2bc424ce39b33e8ecab501fc731a727c8720e0e91796b15806ede |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Local State
| MD5 | e74eaf6ab523b9592c4a76d2810da464 |
| SHA1 | 4c4ec954c2a8f5a82cb52a4644876db4bc523e62 |
| SHA256 | a85c4950a5111401cd8a85d9d8bf52ea4544b486f45af62bbba33f477e08f5d6 |
| SHA512 | 09fd716e068f64451a13f3cbaead750f33349d4597d328eb411cca4b4d740fc781efba65a871b67cfb6d4e7ab2dc3d38eef5e5775c100bac79ce9fc7fc164900 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Preferences
| MD5 | f43fe1e00b979e4732906e1e842e1991 |
| SHA1 | e5043a7cd95c3dc5ba1c16178c44e74d3e02b72c |
| SHA256 | f38901b622241f5c023378830fe1d35d5273ae651c53a81755cdbbf63a345fc8 |
| SHA512 | 50d03675bc28b6d793769b6cb4620fd139dc047cae597359c94a0f4c57c4e36fabc4608da51c8504336702c714e96d7f6e4dd3d3fd7a37cee7d75452c8c450bf |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\TransportSecurity
| MD5 | 7897355a557cd90cad46b4d983a1507f |
| SHA1 | 8b49ec7575304c149bf62338643bcce4aba139c6 |
| SHA256 | e84c4f31f07c2ee01bce78762645d567a6bb802cee18ca6acb1b59854789329b |
| SHA512 | befc178303143de8de77701be2009300120e81930fa9ed9677f73126268c36eab22c986bf1031d10f3bc46dfa88fbbd337b6aae70748c8ed4357acee354024d0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 09:03
Reported
2024-06-03 09:06
Platform
win10v2004-20240226-en
Max time kernel
154s
Max time network
163s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\ucguard.sys | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\UCGuard\ImagePath = "system32\\DRIVERS\\ucguard.sys" | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
Stops running service(s)
Reads user/profile data of web browsers
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Modifies Installed Components in the registry
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9} | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\ = "UC浏览器" | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\StubPath = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\5.6.13381.9\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Localized Name = "UC浏览器" | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\IsInstalled = "1" | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Version = "43,0,0,0" | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File opened for modification | \??\PHYSICALDRIVE0 | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\es-419\config.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\resources.pak | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\win10_200_percent.pak | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\Share\target_locale | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\extension\renren.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\ucsvc.log | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log | C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\es-419\share.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\es-419\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\UCAgent.exe | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\UCService.exe | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\Share\task.ini | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\chrome.7z | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\PepperFlash\pepflashplayer.dll | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\login_view\qq.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\delegate_execute.exe | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\searchbar\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\extension\noads.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\pt-br\config.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\id\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\config_updater.dll | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\share\ucsvc_config.dat | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\natives_blob.bin | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\ru\config.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\en-in\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\chrome_child.dll | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\UCBrowser.exe | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\config_updater.log | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Extensions\id-ID\external_extensions.json | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\5.6.13381.9.manifest | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\searchbar\bing.com.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\searchbar\etaohaitao.com.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Drivers\ucguard-x64.sys | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\0\remote\0_beta_chk.xml1.size | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\ucsvc.log | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Update\curl-ca-bundle.crt | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\ru\share.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\chrome_elf.dll | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\desktop\tmall_points.ico | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\new_tab_search\etao.com.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\searchbar\sogou.com.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\chrome_watcher.dll | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Locales\zh-CN.pak | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\new_tab_search\google.com.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\wow_helper.exe | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\UpdateState.xml | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\bookmarks\baidu.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\Share\share.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\jobs\count.ini | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\config_updater.log | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\UpdateState.xml | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\chrome_100_percent.pak | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\login_view\alipay.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\master_preferences | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Update\0\remote\0_beta_chk.xml1 | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\custom.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\5.6.13381.9\Configs\id\share.dat | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\wow_helper.exe | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\login_view\weibo.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\Share\icons\new_tab_search\youku.com.png | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\scoped_dir_1040_32702\start.dat | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\UCBrowserUpdater.job | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File opened for modification | C:\Windows\Tasks\UCBrowserUpdater.job | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Executes dropped EXE
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Loads dropped DLL
Enumerates physical storage devices
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\shell\open | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\AppUserModelId = "UCBrowser" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.WEBP\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell\open | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\https\shell\open\ddeexec | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTM\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.CRX\shell\open | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.shtm | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTML\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.MHT\shell\open | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.SHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds\UCHTML.AssocFile.HTML | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\http\URL Protocol | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.XHTML\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.shtml | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.htm | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\UCHTML.AssocFile.SHTML | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\CLSID | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.XHT\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHTML\shell\open | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.WEBP | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\AppUserModelId = "UCBrowser" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTML\shell\open | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHT\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.CRX | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\shell\open | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\UCHTML.AssocFile.XHTML | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\Application\ApplicationDescription = "UC浏览器是一款快速、安全的通用浏览器,采用Trident和WebKit双渲染引擎,从快速、安全多个方面进行优化,为广大互联网用户提供更好的用户浏览体验。" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.WEBP\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\Application\ApplicationCompany = "广州市动景计算机科技有限公司" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\UCHTML.AssocFile.XHT | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\Application\ApplicationName = "UC浏览器" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.HTM\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.SHTM\DefaultIcon | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.xht\OpenWithProgids\UCHTML.AssocFile.XHT | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTML\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\http\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,0" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTM\shell\open | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.WEBP | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML\Application | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.CRX\shell\open\command | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\http\shell | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.xhtml\OpenWithProgids | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTM\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\.shtml | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\http | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\ftp\shell\ = "open" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\https\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\UCHTML.AssocFile.SHTM\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\Application\AppUserModelId = "UCBrowser" | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9137ad342e6d77194f8a57d4f9e92bac_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
"C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe" --sync=http://www.uc123.com/guide/install_blacklist.php?ver=5.6.13381.9&bid=800&pid=4681&mid=78c6bee639ce52a423d42e02d4d2a7a7&midex=d8a5806261aa7532747ac476a9d7f9d5v00000029736e110
C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\CHROME.PACKED.7Z" --system-level --wow-bid=800 --wow-pid=4681 /s --wow-auth-url=http://www.uc123.com/guide/install_blacklist.php?ver=5.6.13381.9&bid=800&pid=4681 --wow-customized-theme="Share\customized_theme.crx" --install --wow-install-target-path="C:\Program Files (x86)\UCBrowser" --wow-participate-eip=default --installerdata="C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_16213\wow_installer.prefs"
C:\Windows\SysWOW64\sc.exe
sc.exe stop UCBrowserSvc
C:\Windows\SysWOW64\sc.exe
sc.exe delete UCBrowserSvc
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="UCæµè§ˆå™¨" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="è¿…é›·äº‘åŠ é€Ÿå¼€æ”¾å¹³å°" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="UCæµè§ˆå™¨" description="UCæµè§ˆå™¨" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" action=allow
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="è¿…é›·äº‘åŠ é€Ÿå¼€æ”¾å¹³å°" description="è¿…é›·äº‘åŠ é€Ÿå¼€æ”¾å¹³å°" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe" action=allow
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --make-default-browser
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --install --start
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
"C:\Program Files (x86)\UCBrowser\Application\UCService.exe"
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe
"C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe" --normal-stats1=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkXnwYG9IEV4QQ2rgGhNFvsGtV/V70V97FG4b3VkpSVzBDyUo+eYPM0UUSPfdtRhiAVXvRmvs59bAZ0ZGX/fkBEA6nL99WHY71Y61iQlLL6iFCgtXqUKt3gKSNyCCHisZAWYtc+MVPPcUdYVfFlO30JULtqiw76CHQJ8atYLkprTV7DHAYnaye9BwuIXSO6nYALaCKnAjrM1AhDsbkNzuPAcY0hUkCtETByzJNZBVgAIApn6jfQwD59bmlM4fzlclRRNs//2ATQpUCwdkWfuPWVA/HpW8tYvolz1m6ZhygC0AtN247rpBAkDGpFqOMkb3BQLHwniw1jFH99UknBhYBVX7MV4DElmeFxybzw=
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --as-current-user --run="\"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe\" --wow-enable-user-experience=default"
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-enable-user-experience=default
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater /AddTask
C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
"C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe" --normal-stats1=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkzeleiEL3HhSjbfO1t//Y1xpyfn32D5oyTd40BAWVXXe9bGAcZLADBzZgfYXOKZImsBta+c8qMIUFwlKLeX8GlYotI1NNZsThWJQofr9kasXoL1VGr3k49HJTAvpOzcuLF0ReMh37+Z7lnRs/vANyDyoDIMaDcuBqv19t+bItpjx8AHkQBF3QbaadY8zgxPtdIgcjQWD3qU2xTo2o83ffz979AHUyndxev7SBSJWpM+4sDwsFAEAk+/STbkprh1e+JgkDQ29H4NhRgb07/I6qbZ/Jc= --normal-stats2=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAn3em9d1L38WGTbVKv1/6a+TpxOJsGeT7LvW8C8LX0mtJNQ53dhKfpt6K+/xna90278OwlBj9ZWijFZJtW+Q87TGo9Udi4H30xjZaHhGoFSQVc+53BSrDJ6vLXhU7Os0bLN2izah3OIsaw4An36Ynk11/5MvyHFIB0r1EN6ALH52hJSnoFcFfDqYbnhEdVXWUQQr67PsB4xffBmZFOFw9xW/4iA7TT4stv/j0u7BWhyhM9djRcwZc9NbSbx2M+HsgURpd49648WxyxnZceLTB6iSzA+cANwhqX+73Arc --normal-stats3=https://mmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkPtLTO/PumqQwdHTmlBzRcfiXdx5rMBwk+KK2N8nfU7HStjbPz2GEcOMz9hYojp3BGrBW3dZYt9F/cNPw8vMIEQOhJth1+ELURwGmpRYHa+OBTlas9MG8YkirhkEKC8PC3ApWeWmnemewSpYn3yxwZwUsJm4dg2qySWnmArMlozd9CHYatEpR1jaM45bAIf/2w+onK7bKJlYPOgKcMDnYBJg/A7HORlIiY+8H3HgIOwKHrAIgGjaopoEp4jjtC1YzqI0DwVbZbeZJHDbpJTPlmbEnU+KCHc9pIeKDXnXESTjsB6ZRIRAgLYsGwrr/6goplpBmsFyllakCFLLq78v9bArHsQDcLNP9a/DX2eejZEwzb3QA==
C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
"C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe"
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="4756.0.360111259\1307071554" --no-sandbox /prefetch:673131151
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="4756.1.153352751\66946719" --no-sandbox /prefetch:673131151
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe
"C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4756.2.1847792625\467978933" --lang=zh-CN --no-sandbox /prefetch:-645351001
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-warm-up --silent-launch --wow-auto-close
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --lang=zh-CN --wow-warm-up --wow-silent-launch-child-process
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4076 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="4756.3.548277946\816339599" --no-sandbox /prefetch:673131151
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4756.4.2070978216\1731741190" --lang=zh-CN --no-sandbox /prefetch:-645351001
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --lang=zh-CN --force-fieldtrials=AsyncSetAsDefault/Enabled/AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Default/ChromotingQUIC/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/*IntelligentSessionRestore/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/Default/SafeBrowsingReportPhishingErrorLink/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/UseDelayAgnosticAEC/DefaultEnabled/VarationsServiceControl/Interval_30min/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/ --wow-extension-center-url=http://extensions.uc.cn/newindex.htm --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/5.6.13381.9 --channel="4756.5.348910887\1453811251" --no-sandbox /prefetch:673131151
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" /addtask --type=wow-config-updater
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater -CEnumUpdateMode:UpdateMode_AliImTimer
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -cenumupdatemode:updatemode_aliimtimer --type=wow-config-updater
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4756.6.201181751\603939391" --lang=zh-CN --no-sandbox /prefetch:-645351001
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.uc123.com | udp |
| US | 163.181.154.232:80 | www.uc123.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | mmstat.ucweb.com | udp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| US | 13.107.253.64:443 | tcp | |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 163.181.154.232:80 | www.uc123.com | tcp |
| US | 163.181.154.232:80 | www.uc123.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | down.up1.uc.cn | udp |
| US | 8.8.8.8:53 | tbsapi.browser.taobao.com | udp |
| US | 8.8.8.8:53 | g.tbcdn.cn | udp |
| US | 8.8.8.8:53 | img.alicdn.com | udp |
| US | 8.8.8.8:53 | tce.alicdn.com | udp |
| US | 8.8.8.8:53 | spirit.browser.taobao.com | udp |
| US | 163.181.154.229:80 | tce.alicdn.com | tcp |
| US | 163.181.154.229:80 | tce.alicdn.com | tcp |
| US | 8.8.8.8:53 | image.uc.cn | udp |
| US | 163.181.154.229:80 | tce.alicdn.com | tcp |
| US | 163.181.154.236:80 | image.uc.cn | tcp |
| GB | 163.171.129.138:80 | down.up1.uc.cn | tcp |
| US | 163.181.154.230:80 | tce.alicdn.com | tcp |
| US | 163.181.154.230:80 | tce.alicdn.com | tcp |
| US | 163.181.154.230:80 | tce.alicdn.com | tcp |
| US | 163.181.154.230:80 | tce.alicdn.com | tcp |
| CN | 59.82.9.157:80 | spirit.browser.taobao.com | tcp |
| CN | 59.82.9.157:80 | spirit.browser.taobao.com | tcp |
| US | 8.8.8.8:53 | ip.taobao.com | udp |
| US | 8.8.8.8:53 | alimarket.taobao.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.129.171.163.in-addr.arpa | udp |
| GB | 163.171.129.138:80 | down.up1.uc.cn | tcp |
| US | 163.181.154.232:443 | image.uc.cn | tcp |
| US | 163.181.154.232:443 | image.uc.cn | tcp |
| US | 163.181.154.232:443 | image.uc.cn | tcp |
| US | 8.8.8.8:53 | 230.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients3.google.com | udp |
| US | 163.181.154.200:443 | alimarket.taobao.com | tcp |
| US | 163.181.154.200:443 | alimarket.taobao.com | tcp |
| GB | 142.250.187.206:443 | clients3.google.com | tcp |
| US | 163.181.154.229:443 | tce.alicdn.com | tcp |
| US | 8.8.8.8:53 | browser.taobao.com | udp |
| CN | 59.82.121.55:80 | ip.taobao.com | tcp |
| CN | 59.82.121.55:80 | ip.taobao.com | tcp |
| US | 8.8.8.8:53 | g.alicdn.com | udp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.154.181.163.in-addr.arpa | udp |
| CN | 59.82.122.61:443 | browser.taobao.com | tcp |
| CN | 59.82.122.61:443 | browser.taobao.com | tcp |
| US | 163.181.154.229:443 | g.alicdn.com | tcp |
| US | 8.8.8.8:53 | track.uc.cn | udp |
| CN | 123.182.51.94:443 | track.uc.cn | tcp |
| US | 8.8.8.8:53 | log.mmstat.com | udp |
| CN | 123.182.51.94:443 | track.uc.cn | tcp |
| CN | 59.82.33.227:443 | log.mmstat.com | tcp |
| US | 8.8.8.8:53 | uc.ucweb.com | udp |
| CN | 59.82.33.227:443 | log.mmstat.com | tcp |
| US | 168.235.206.1:80 | uc.ucweb.com | tcp |
| US | 8.8.8.8:53 | ucus.ucweb.com | udp |
| US | 168.235.206.10:443 | ucus.ucweb.com | tcp |
| US | 8.8.8.8:53 | 1.206.235.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ws.mmstat.com | udp |
| CN | 59.82.33.227:443 | log.mmstat.com | tcp |
| US | 8.8.8.8:53 | fourier.taobao.com | udp |
| CN | 59.82.34.234:443 | ws.mmstat.com | tcp |
| US | 8.8.8.8:53 | 10.206.235.168.in-addr.arpa | udp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| US | 8.8.8.8:53 | acjs.aliyun.com | udp |
| CN | 59.82.33.227:443 | log.mmstat.com | tcp |
| CN | 203.119.175.231:443 | acjs.aliyun.com | tcp |
| US | 8.8.8.8:53 | gtd.alicdn.com | udp |
| US | 163.181.154.229:80 | gtd.alicdn.com | tcp |
| US | 8.8.8.8:53 | afpmm.alicdn.com | udp |
| US | 163.181.154.229:80 | afpmm.alicdn.com | tcp |
| US | 163.181.154.229:80 | afpmm.alicdn.com | tcp |
| US | 163.181.154.229:80 | afpmm.alicdn.com | tcp |
| US | 163.181.154.229:80 | afpmm.alicdn.com | tcp |
| US | 163.181.154.229:80 | afpmm.alicdn.com | tcp |
| US | 8.8.8.8:53 | su.bdimg.com | udp |
| US | 8.8.8.8:53 | gw.alicdn.com | udp |
| CN | 203.119.175.231:443 | acjs.aliyun.com | tcp |
| US | 163.181.154.229:80 | gw.alicdn.com | tcp |
| US | 163.181.154.230:80 | gw.alicdn.com | tcp |
| US | 163.181.154.230:80 | gw.alicdn.com | tcp |
| US | 163.181.154.230:80 | gw.alicdn.com | tcp |
| US | 163.181.154.230:80 | gw.alicdn.com | tcp |
| US | 163.181.154.230:80 | gw.alicdn.com | tcp |
| US | 163.181.154.230:80 | gw.alicdn.com | tcp |
| CN | 60.188.66.49:80 | su.bdimg.com | tcp |
| US | 8.8.8.8:53 | 618.tmall.com | udp |
| US | 8.8.8.8:53 | click.aliyun.com | udp |
| US | 8.8.8.8:53 | c.duomai.com | udp |
| US | 163.181.154.229:80 | gw.alicdn.com | tcp |
| CN | 60.188.66.49:80 | su.bdimg.com | tcp |
| US | 8.8.8.8:53 | cn.chinadaily.com.cn | udp |
| US | 8.8.8.8:53 | fanyi.baidu.com | udp |
| CN | 59.82.122.61:80 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | fanyi.youdao.com | udp |
| US | 8.8.8.8:53 | dabai.pc.ucweb.com | udp |
| US | 8.8.8.8:53 | gad.netease.com | udp |
| CN | 59.82.33.227:443 | log.mmstat.com | tcp |
| US | 8.8.8.8:53 | huodong.taobao.com | udp |
| CN | 59.82.122.61:80 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | mail.163.com | udp |
| US | 8.8.8.8:53 | mail.qq.com | udp |
| CN | 106.11.149.27:80 | dabai.pc.ucweb.com | tcp |
| US | 8.8.8.8:53 | p.yiqifa.com | udp |
| US | 8.8.8.8:53 | pvp.qq.com | udp |
| CN | 106.11.149.27:80 | dabai.pc.ucweb.com | tcp |
| US | 8.8.8.8:53 | qq.ip138.com | udp |
| US | 8.8.8.8:53 | redirect.simba.taobao.com | udp |
| US | 8.8.8.8:53 | t.shuqi.com | udp |
| US | 8.8.8.8:53 | www.kuaidi100.com | udp |
| US | 8.8.8.8:53 | www.taobao.com | udp |
| GB | 79.133.176.221:443 | www.taobao.com | tcp |
| US | 163.181.154.229:443 | gw.alicdn.com | tcp |
| US | 163.181.154.229:443 | gw.alicdn.com | tcp |
| US | 8.8.8.8:53 | 221.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gateway.browser.taobao.com | udp |
| CN | 59.82.121.73:80 | gateway.browser.taobao.com | tcp |
| CN | 59.82.121.73:80 | gateway.browser.taobao.com | tcp |
| US | 8.8.8.8:53 | t.alicdn.com | udp |
| US | 163.181.154.229:80 | t.alicdn.com | tcp |
| US | 163.181.154.229:80 | t.alicdn.com | tcp |
| US | 8.8.8.8:53 | bbs.uc.cn | udp |
| US | 8.8.8.8:53 | beian.miit.gov.cn | udp |
| US | 8.8.8.8:53 | business.sohu.com | udp |
| US | 8.8.8.8:53 | clients1.google.com | udp |
| GB | 142.250.187.206:443 | clients1.google.com | tcp |
| US | 8.8.8.8:53 | feedback.uc.cn | udp |
| US | 8.8.8.8:53 | finance.ifeng.com | udp |
| US | 163.181.154.229:80 | t.alicdn.com | tcp |
| US | 163.181.154.229:80 | t.alicdn.com | tcp |
| US | 8.8.8.8:53 | finance.qq.com | udp |
| US | 8.8.8.8:53 | finance.sina.com.cn | udp |
| US | 8.8.8.8:53 | hangzhou.baixing.com | udp |
| US | 8.8.8.8:53 | af.alicdn.com | udp |
| US | 8.8.8.8:53 | money.163.com | udp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | nbtg2.37.com | udp |
| US | 8.8.8.8:53 | news.cctv.com | udp |
| CN | 59.82.122.61:443 | browser.taobao.com | tcp |
| CN | 59.82.122.61:443 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | www.baidu.com | udp |
| CN | 59.82.122.61:443 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | m.ykimg.com | udp |
| US | 163.181.154.233:80 | m.ykimg.com | tcp |
| US | 163.181.154.233:80 | m.ykimg.com | tcp |
| US | 163.181.154.233:80 | m.ykimg.com | tcp |
| US | 163.181.154.233:80 | m.ykimg.com | tcp |
| US | 163.181.154.233:80 | m.ykimg.com | tcp |
| CN | 183.240.99.24:443 | www.baidu.com | tcp |
| US | 163.181.154.233:80 | m.ykimg.com | tcp |
| US | 163.181.154.229:80 | af.alicdn.com | tcp |
| CN | 183.240.99.24:443 | www.baidu.com | tcp |
| US | 8.8.8.8:53 | 233.154.181.163.in-addr.arpa | udp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 203.119.175.231:80 | acjs.aliyun.com | tcp |
| US | 8.8.8.8:53 | w.cnzz.com | udp |
| CN | 203.119.175.231:80 | acjs.aliyun.com | tcp |
| CN | 220.185.168.234:80 | w.cnzz.com | tcp |
| CN | 220.185.168.234:80 | w.cnzz.com | tcp |
| US | 8.8.8.8:53 | tb.jiuxinban.com | udp |
| US | 8.8.8.8:53 | union-click.jd.com | udp |
| US | 8.8.8.8:53 | v.6.cn | udp |
| US | 8.8.8.8:53 | v.qq.com | udp |
| CN | 203.119.175.231:80 | acjs.aliyun.com | tcp |
| US | 8.8.8.8:53 | weibo.com | udp |
| US | 8.8.8.8:53 | www.12306.cn | udp |
| US | 8.8.8.8:53 | www.163.com | udp |
| US | 8.8.8.8:53 | p.tanx.com | udp |
| US | 8.8.8.8:53 | www.1688.com | udp |
| US | 8.8.8.8:53 | www.58.com | udp |
| US | 8.8.8.8:53 | www.cufou.com | udp |
| US | 8.8.8.8:53 | www.douban.com | udp |
| US | 8.8.8.8:53 | www.ef.com.cn | udp |
| US | 8.8.8.8:53 | www.huya.com | udp |
| US | 8.8.8.8:53 | www.ifeng.com | udp |
| US | 8.8.8.8:53 | z7.sinaimg.cn | udp |
| US | 163.181.154.236:443 | z7.sinaimg.cn | tcp |
| US | 8.8.8.8:53 | inews.gtimg.com | udp |
| CN | 59.82.31.175:80 | p.tanx.com | tcp |
| BE | 92.123.51.8:80 | inews.gtimg.com | tcp |
| BE | 92.123.51.8:80 | inews.gtimg.com | tcp |
| CN | 59.82.31.175:80 | p.tanx.com | tcp |
| US | 8.8.8.8:53 | 8.51.123.92.in-addr.arpa | udp |
| CN | 203.119.175.231:80 | acjs.aliyun.com | tcp |
| US | 8.8.8.8:53 | ynuf.aliapp.org | udp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 59.82.121.55:80 | ip.taobao.com | tcp |
| CN | 123.182.51.196:443 | track.uc.cn | tcp |
| CN | 123.182.51.196:443 | track.uc.cn | tcp |
| CN | 110.185.108.49:80 | su.bdimg.com | tcp |
| CN | 110.185.108.49:80 | su.bdimg.com | tcp |
| GB | 163.171.129.138:80 | down.up1.uc.cn | tcp |
| US | 8.8.8.8:53 | tce.taobao.com | udp |
| US | 8.8.8.8:53 | extensions.uc.cn | udp |
| CN | 203.119.169.82:80 | extensions.uc.cn | tcp |
| CN | 203.119.169.82:80 | extensions.uc.cn | tcp |
| HK | 47.246.103.58:443 | tce.taobao.com | tcp |
| HK | 47.246.103.58:443 | tce.taobao.com | tcp |
| HK | 47.246.103.58:443 | tce.taobao.com | tcp |
| US | 8.8.8.8:53 | 58.103.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 168.235.206.10:443 | ucus.ucweb.com | tcp |
| CN | 183.240.99.202:443 | www.baidu.com | tcp |
| CN | 183.240.99.202:443 | www.baidu.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| CN | 106.8.130.78:443 | track.uc.cn | tcp |
| CN | 106.8.130.78:443 | track.uc.cn | tcp |
| CN | 111.170.25.49:80 | su.bdimg.com | tcp |
| CN | 111.170.25.49:80 | su.bdimg.com | tcp |
| CN | 59.82.122.61:80 | browser.taobao.com | tcp |
| CN | 59.82.122.61:80 | browser.taobao.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | update.up1.uc.cn | udp |
| CN | 39.108.40.9:80 | update.up1.uc.cn | tcp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| CN | 39.108.40.9:80 | update.up1.uc.cn | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 123.182.50.159:443 | track.uc.cn | tcp |
| CN | 123.182.50.159:443 | track.uc.cn | tcp |
| CN | 111.174.9.49:80 | su.bdimg.com | tcp |
| CN | 111.174.9.49:80 | su.bdimg.com | tcp |
| CN | 203.119.169.82:80 | extensions.uc.cn | tcp |
| CN | 203.119.169.82:80 | extensions.uc.cn | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 106.8.130.149:443 | track.uc.cn | tcp |
| CN | 106.8.130.149:443 | track.uc.cn | tcp |
| CN | 111.225.213.49:80 | su.bdimg.com | tcp |
| CN | 111.225.213.49:80 | su.bdimg.com | tcp |
| CN | 59.82.122.61:80 | browser.taobao.com | tcp |
| CN | 59.82.122.61:80 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 14.116.143.105:443 | mmstat.ucweb.com | tcp |
| CN | 113.219.142.49:80 | su.bdimg.com | tcp |
| CN | 113.219.142.49:80 | su.bdimg.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_25535\stats_uploader.exe
| MD5 | 174d697c06d02aab649bc0f09e70651b |
| SHA1 | 1141c6993bc97c35062b95884f0f0f9df256073f |
| SHA256 | 0cc1194f5fb42e552affc452cd77710df6acbc8ddcefdafbd79c5a6e693e3a09 |
| SHA512 | b6be98658afbaa615c9d1cc4a6e3e4f04be863d974113ac3e930324a651fe98909024a686e12ef143d501ca93e3dff5c36c0af8a75c8a9b29a286f987484eda8 |
C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\setup.exe
| MD5 | a829f040da54dd809731d403ae83caf2 |
| SHA1 | f270cb77c6e3697a90c6beaf4a93570ccf48ae79 |
| SHA256 | caf89f1dcee6d607630d6da3cd57c6de542509df361f2b19ed1222a37ecbd3e5 |
| SHA512 | d771473757f92a66ae66950634c35b285609bee9bb7d63da49cbbc3786a4f497ffd39c50e1a0f34f995d254309113a1ccc4bee6a63da7e9924b7359fcba9ea70 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3800_16213\wow_installer.prefs
| MD5 | fcee2892d47f62139209f80783bc0a8a |
| SHA1 | f3812192dc6d2c18165944ac3e69dcbf49428843 |
| SHA256 | 37249e0d047c3560897c8cc95e256677664870d5dcd534d0e2cd5e387a70db3a |
| SHA512 | 58a9d4d1eed549fba39576ece620fbe03e985b79d3444a318ac2442f2734415a2754207cbe25b60e7633d68c1c11790167b79351a70f636fe9023249d15e6f54 |
C:\Users\Admin\AppData\Local\Temp\CR_14C75.tmp\CHROME.PACKED.7Z
| MD5 | 164c0f7abdb4c410e10d6eb79e7d7ce2 |
| SHA1 | f6aeed2d4552fde8f74c5b9a873d3f00d9f5c428 |
| SHA256 | ebd8d49ff72af1bede93403eacccb4fd138a61d89de8ef7a6815f849ea573164 |
| SHA512 | e5dfd3a98c7d06ab126e505756d8a0102f2dba5956cc196fccbc664cd1e2c9d8c6fbfb167509eb7ee024af879ae592b0195efb49b7446c93ceb6436e5b66f9a9 |
C:\Program Files (x86)\UCBrowser\Temp\source3084_12454\Chrome-bin\wow_helper.exe
| MD5 | 8ff62237d74496dc73b58598fb934da5 |
| SHA1 | 6db18def86995e9701e8fe02275ad43d7966efa4 |
| SHA256 | 5f5b3d29c51b5252e80a8c1ab6a165cfd40383bcfa13594fd4488077e1352938 |
| SHA512 | 51c82b182fdfebcee6fa1cc2dfeb801a9c8aa65719dc35e6ebade9e0f1adb996181c952d1b3f8347f9304f31d1e4300f03f5d8930cdaa9b81795f5e2873d83b8 |
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
| MD5 | 4a38c60ddc539e00b1c87692f574930a |
| SHA1 | 9276702ccf3c457f17378ea770b01ce577bd5996 |
| SHA256 | 6bcab2e9b5b097ec22fbdc4101511fdd9a984cf20f2097714477dd1704e5c51d |
| SHA512 | 4a99b21a86f5152dddfb849d9da1074019f411c72df201a0cb73b9c79399219b71929e2460163f0a5fda47d5822997126fd5083a215bd0fcfbeb2f7b2b73822a |
C:\Program Files (x86)\UCBrowser\Application\Uninstall.exe
| MD5 | 0a2c658a324e3d9a8ce94caa038f789c |
| SHA1 | b6d223c0501549b09c8fb6f3158e2a01861a729e |
| SHA256 | 3cefc87ee4f008f55336b7cf2ec4cd9480249071a72732c230be9e56870cd70d |
| SHA512 | 71c556437e4ad8ed44e4241b716d51710eb4aacce44f4d0fe336d97a490a6afb40d98ebce4356743c121c98042ab245073ff39be37def721eecd0336c87147e9 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Configs\zh-cn\start.dat
| MD5 | f80999e486fefce6d8383e7753eaac41 |
| SHA1 | e11bdf431e03d020f7ddedfb7299b7e74faaa93c |
| SHA256 | 8ad8cddfa2599ff80cbbdf966515d061758996dd01e1af0f56984f1a3899d58c |
| SHA512 | 65f24ecf1404a5814d6413feb60010361548022f3ff6ded9504c040a9b9171bfb89b59fbdb6c2711d05bd71ee76c66b41d06db3f6e959a586cef913a10ccf2ed |
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
| MD5 | 1f6c6ddf9c2b4b9f6c7acfdac48bf6df |
| SHA1 | f1dcfeb2fdc49ceb07fa0775e975550d9b4aa92b |
| SHA256 | 4bb44f376d108f9a6b3f98c1428a6e8193153285d19284d326befe313129c4b1 |
| SHA512 | f29c2bce9b73711b69e95afedb76a9a4e26a612df0a6e79424e7ed907ee1f74dc260b1326f8c2520aac8b7ca1949eb8f64ae596e220cd3cb03df475d77c46a47 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Configs\zh-cn\share.dat
| MD5 | a9a40d4eaaca29a2d669074a6b3720d6 |
| SHA1 | cf5c21e6f0cb8caad6001f4176d53062de54aba6 |
| SHA256 | 27929cf493b7ff7517488c07cc8b74d5de065017401ce23a6267c763157cac9c |
| SHA512 | 9c49456780063a2fe956b9792ef41caa452c39fd71af34d169e9e924daf801fa9b09204ae099a921af5247a8f41f46a1d79f845fe5cc2b75434952b049aff896 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\Configs\zh-cn\config.dat
| MD5 | 3fe2cf2c76c606f049b9f3f11837723d |
| SHA1 | 18215e2aa3c15183d6d91e2a4123b4d98691249b |
| SHA256 | d224be4368e36092c261c3a57d5c66a52c8522699b8324dfff2e9e4a4662f072 |
| SHA512 | 86deacccc789288085fdfbd9b5001024b9ee3d4d2d4b918d71af732f9b9c0532a8cab7bc0e002fb7e7425c8e26748100e2da91fe3f1fcb124a6003d15487e267 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome_elf.dll
| MD5 | f5a1ef8b90b124a9b9cbd78f9709fa48 |
| SHA1 | f88d125c1d7a55ed6c98bfb81064a94eed5bef81 |
| SHA256 | 91f6114c5b2150c1e04ed05425a164418036fab42f11fd5fc6eb2575a7d24f09 |
| SHA512 | f24eddcd8a6298b7b891b8a754c9a91b0e32465ac1b289f823cef57f48cd1d42fe7d2628ddd9e09668badb4d85bdafc923fe70ece08970762ed4ca3310955cc9 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome.dll
| MD5 | da4e53402330683dbef463783d43e99d |
| SHA1 | abe40397ba0e4a9b850473e8fb706900e52ece21 |
| SHA256 | 5850c625383e042c17399c9477c51c675538118632db152807a8b435bdeee5a1 |
| SHA512 | 150fd0b47f13431ad8edad58ab5c6cb5adee481cff31b53135cad675cafdae87686fc93bcb564753e3637296107f40aa59eccb6237c3ba38d2f61829339573a2 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\natives_blob.bin
| MD5 | 4d9aff8a5beab7e073410b054b59c5d8 |
| SHA1 | aa931b1fcb804b1cc3ebd4388ba4b2c3006dfa3d |
| SHA256 | 48c6a9c31422ccf362167313e74f5f829ae8d05f762074ad9be5056a2d6fe2d9 |
| SHA512 | 6c0e261c1a71afde21788670112a95fc50345aeee430fd605f6e4eef209d5de2b54e015e41562efaaa3db73f208b2b3e6bd55a28b4b437991f57086d7ed4e1d7 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\snapshot_blob.bin
| MD5 | 0ee9915ed70acca6f058c1f3bb302759 |
| SHA1 | 0cbccd5d03b2dfa9f2d302476719ed949baae4e3 |
| SHA256 | aaac4bc49096e95a855d1f49e8548fac08ab92d7da47a55bcf7f7bb5de7aeaa2 |
| SHA512 | e2bf7acbb9c858e30adbbe1e76ae3e96a804e598e6d758ec95b7eb49c731e7a8f93190fc6cbd56f1d9ee0ae37114ee743c90b483651dd1bf45443b6d3e4d8d4f |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\icudtl.dat
| MD5 | de34dfc767739bfd182fc8874ce2b0a7 |
| SHA1 | fc8ca7b9fae7c21c0f4c2cca161cf7d457f5df51 |
| SHA256 | 4d51ee5ebf33149c8891a541d91a7aa5d6cdcee5cb84aa27271b13dda725c1a1 |
| SHA512 | 8a14d5d065c6ae060ad4b1b2dc0062344137e0b7e715ca57c07d0126d9ab91c0eba1e8a6c5526c7bc2583f626f71351014b3084de6964245496af812565eb8e6 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\resources.pak
| MD5 | 8995c5dbc461cc501151da18e1acc4fb |
| SHA1 | 17201a9f00b42ee77d4cf96d02848e0339f43fde |
| SHA256 | c1808b5fe3539572a69652006bddfd2b44409a49df66e9964507ab5ca42aae6c |
| SHA512 | 7f8f3a49d6e444b02b31464e85e033afb91d3056a8f0726c45f6bc93b9fa06f9f6ed33d81a85d505e02737116a94a504ac781f20350c6dcf56764a3542e99374 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\win10.pak
| MD5 | 810e7992000a0cbf858833f32810c7a6 |
| SHA1 | f2c14fe755bd746ec98883badd76a367c8348035 |
| SHA256 | 62c3f7f7965b5b85056a0d0f17fc69cf8324b77aec831499f884881352939589 |
| SHA512 | 5310ba07134ce6fb288cce4b93f28618f50de5326da4056b3192a758dee3fbb856b11522ac6743ac1a9f200740220aa5a8f62d672a02a5e36050cc24319f6c90 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\PepperFlash\pepflashplayer.dll
| MD5 | b6fc20161d6f334634436e24fd253949 |
| SHA1 | 5132d99c04f2b3f158e85e524f16c1db5a781c3a |
| SHA256 | fb20a6705591f0687d5ec9a4d0dc2aa0ec67da78dd5130db5c5769de05194393 |
| SHA512 | 0fe6c62936a89ad8894943488ba31a185a68d5b6394e414e23002452c0f949f31a4cce16042dc4a46f3f765575eefd68a15f7a34a91ceb6a19529f2403812fe9 |
C:\Program Files (x86)\UCBrowser\Application\ucsvc.log
| MD5 | e90bc7817d0d1a77143a2bf3b350353b |
| SHA1 | 5ce7196189c80dc4b03960359d92d1e6239b129f |
| SHA256 | ed59abd235febec813133880a023699bca853aa1be64e93192a1060e7e964759 |
| SHA512 | 476f7258f38bacaa4fb878d03f31f7a680b1148335ec29ae9ea2cd1ae6cb417016f6105eec80a37251d695c47d39b44b214aa41f38781575737b8d5744ae261e |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\locales\zh-CN.pak
| MD5 | 17b2bfce4f05fdd3deacee35244bedef |
| SHA1 | 0e5dd7c99b0efc8e29049f49d60c86884e884379 |
| SHA256 | 1257c68222c4bc84e8f7f601a359b0afbd4976b0f52b5440cc7ee0b1d35481dc |
| SHA512 | 31ab1f9e5e7e5723f1f69acac9191a35fc781901fcb5880aa1162a08e864902ddabd4700952d0a3d1969fda21b97e59a4e91c64f377489d215c0d84ca7665e47 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\chrome_100_percent.pak
| MD5 | 572104052868f41b8ccd82c0a082985a |
| SHA1 | 773c981fd33b95f945151763039ee4cdc1517ecd |
| SHA256 | 81ee9bcf23bf56616a60f2982fac8b1306e414972b95f0ed9b889b345e16e468 |
| SHA512 | 2e06e3aa0642286f2d6ee94c3d8c88142c2f3f85547dfe8b97982b101ca185193f2348c83252a62412561e26f6997bd0ac6338ae5e059776a0cee6719892296f |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\alipay.png
| MD5 | de2786e2dc5852dccde9cc1eee3b7d00 |
| SHA1 | 1fecc23e53be721e3e2bd2d6e8d60936102ecbbb |
| SHA256 | b2693209b430c72a74e34c732a14ddd99a5efae9c70ab7b367d72a39ca44e9f4 |
| SHA512 | 268e764e457bcd97bc0ea8283394cfabc5ce28792a0ca13ae4d882bbf5893be5d2d3468e17d36d453bcc3d17b0260fa39635a16168698011170340c7805f91a2 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\youku.com.png
| MD5 | f30c1b08ac625ca1db79750ccda77ee2 |
| SHA1 | c4efc65b575c9ed812adc7d749d848767915e776 |
| SHA256 | 1eee1073e9aa360de23d860606fac2c17f948597e673bb410129e9cb62b21f5c |
| SHA512 | 64ed9b2eb445639597053d643351f483d15b37f25b071866aea3974a0da88531bd14807bbb9c536efeca92f9687d6d94f86084e487fbf94926446865bf715490 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\tmall.com.png
| MD5 | 714da4c57c445ac71bc51367841bd8aa |
| SHA1 | 6098db6c12152cc8618e0c8b779c0b90eec92d4e |
| SHA256 | 5ff63cbcb7c1f70a3b25d754013cba85782eebcb4fbe16d33ec39e080df55758 |
| SHA512 | 977a239a5fde7a6bcc4a347215f5e530a98c02cbd97ecf25e3d34119dd6412446fb5d905f8384e029bcda9a2f81744dfc85e80136464d8a8f25d7ec76eab191d |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\taobao.com.png
| MD5 | 1c59038294d6a4e82bba4402e6647a49 |
| SHA1 | 097d8a089d7c0fcf87d3a1984668b97a28066e8a |
| SHA256 | 985e8c4c0627433bf12e8d2da749fdda1efc0d2e7e697e7ce7f860b579e1bf9d |
| SHA512 | 2a2f50be8487fba12b7cc8b1ddb24c48db439b93ad93694b9ef31d120a916001f0a98fb8dba0ac61576269924256783a6224b4025f7a219be8d3287bc0d35721 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\sogou.com.png
| MD5 | b2a4b8a0d27370dd24660e4eff1f7696 |
| SHA1 | 43998656bb4432c93c777d7bedf7dd797c8db8a1 |
| SHA256 | c7787af84b0c676c9deedfacacbe432e58fcfae0d8884e4bacc86d835856ea87 |
| SHA512 | 673900cc9add5479bc79cdbaf8990099677136ce01455e9373b1481b2332d0497131d8a60dde73a735ae5e19802f671a78f08c9468d8decd66b60655670d3a18 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\google.com.png
| MD5 | db594713cc01443a6c04b69d261f2ca8 |
| SHA1 | ac3f36dc4429f91ba59503fa021728b57b5ee138 |
| SHA256 | 054908fc579de575482d93df724a6db7354073475059b154a6958dfa219accb0 |
| SHA512 | f20f04b331db722c96906edf76a777bd501721abfd5c42acec4bd56fce2a7f8dbdcb60a6be2f1d16dc2791ad505ed31de0fcc9b04abd8f984efa4dc851e2f930 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\etaohaitao.com.png
| MD5 | 54671209297110351bd776275b24f806 |
| SHA1 | c53b75e2ad458507c0724c2f1499eed7bc4df087 |
| SHA256 | 05d655a3efc015ba8afd45dd63e5d9704667ee8ff6779c8e895e684a6d69e8c7 |
| SHA512 | c890aff8e26a22b64352fbbd61052f5107fd1cfbc59a184b2fc8797d554ff9de5c56d4f6bd0588aa3de39b96c018b15f71123a1ed079db785553e6ead63d94e2 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\etao.com.png
| MD5 | f2973496db50631d972c8bf20bed9e1b |
| SHA1 | aa2f250083b97fd83ae0dc616e74c298349a0fd4 |
| SHA256 | 7811e51b5b93a462a33964e973ffc4f01fe42423aa17fec4304c77c4196223b5 |
| SHA512 | 057b6cd4b3d41ed700ba7bef89c0cb10947dec3b4c295f48afc1944298b77d00c72deccfae8566eb64a4af5e576b0302087a804c118f69a7a2a3aa0366a5fabd |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\bing.com.png
| MD5 | 60606600fa6865ec643e46679f7fc647 |
| SHA1 | 212e33a47980307090afef0af995af9a5636b253 |
| SHA256 | eccac7102e18044557b455b7fd9685913fd282cc2c4fb9da1c3f4ad15aad134b |
| SHA512 | 4074c76798c1429acbf8b3ca83b60b00b5d66a3cfbaaedcee65a93a4a848fb0a066051cbb384285291d8b619c1e30bd5cd09ca3eb532ce059d0a1626b45c7a1b |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\searchbar\baidu.com.png
| MD5 | 715976a2a63c98a3f38e269311e04d5f |
| SHA1 | 4dbbeeb7b8ffa6afbc112e658fa6d7966ab42ed3 |
| SHA256 | 0a0ca14dc3828bf71bd596c78fd1df9b09afd8650b4df07b002f00fc35f436a3 |
| SHA512 | 3d88c730a2ae45f386cbba15dc47941b584f31a9b1a55aaacd08be127476f107018e88ce47eaf238f7f2dcc4d9d96a1b6a94c6a9a67e87c16372d610aec79335 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\youku.com.png
| MD5 | baf4bace7566504dbde84ff69f9ecedb |
| SHA1 | 888076b162f49c6abf0289fdde8a0bae556dd850 |
| SHA256 | 47cedb5b171e5abf458b60ce5dd8d0430a70e7ff1d61653634ac2c938ebab1ea |
| SHA512 | 07996d69e820d2bf0b737697b93b7b90ae51cd63e08d3dc0a5647b1704f388d560b4177bec8f9eb3d2e585da180500fac3af2fdfd87345ced26febdabb45a46f |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\tmall.com.png
| MD5 | 4bfedaacc03075c6cce1492eaafa5fc8 |
| SHA1 | 68a8850f26b92e8cf209e7d5fdcc157f0390386f |
| SHA256 | 98bda0f92529905103af47c680c82021a20c6bf16c784ae70a049cb6545c26ff |
| SHA512 | 105e27e46b4833df2c43b37f507e4df106f8a40eff14c02e2d85f2bc6519cf701559e7cf3bd63a3a18be0580935d4caaa49f2340ab3a81d729c4a7ee97c5b6ed |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\taobao.com.png
| MD5 | 4166e28bd0b0c7ee391396526b5a18d0 |
| SHA1 | b1f76777b01aa5438308bc0e003d5ff76cae0678 |
| SHA256 | 2285f06bf82384c697056bd0792a1402988637d8af9eeea750f98c2f062efeed |
| SHA512 | a5a41472b4d1a1a5c07cf4ed4a38c9cb32a46eb0d0678ee9e8b42fe04d1303b21f90b000ebb9201e5c2a8135b4d93255956811fef8c591776baa41c4ead83cb0 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\sogou.com.png
| MD5 | ff731ef141a73744fd27807a77475680 |
| SHA1 | 54407be83579f981e5da1350aad8d483375370f1 |
| SHA256 | 58befb923bdd848dff39c52fc0effb8d70225b9c5b33438fec7430ba008d5950 |
| SHA512 | 014079ccbe3faa62c466e278c9ac1c5212909f1012ddebcc8a06ac57f881f7dfd381ddc7ba9990c75e97f3d77314b5b7296d5db95fc535b812d281e88c34dacf |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\google.com.png
| MD5 | fd1c0d6a9564ad18c7db41ca68831233 |
| SHA1 | e3b2e108f706d5fdeb6bab26952f3026ac1dd13e |
| SHA256 | eb81db9f5f834e01e8952f2567589800287dc634715801f946301f1bb9a269de |
| SHA512 | aaced8dc9555fa2db37283d3809aec9de35b562520870607d3cf74435830a44ca272fc06dab04adc45f7c26ae27ff8f518aceea55440f154fe195d4823b37f02 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\etao.com.png
| MD5 | cb1dadf3436c8e2bd6eba6e75bd54ff0 |
| SHA1 | e3282c7c97941bcaf4a7b24003dfed3810dde97e |
| SHA256 | 4b95ae0a53611e89bcf3955725bb9e97e6110c41748b72da6e9776fc624782d1 |
| SHA512 | b1df1de97b6386b63f51c47d0915a9cb02fd139bbf51268ae6762a9a2b0abd411ef06224445681bfbde2404e0544b61c417ceae2ac8bf4155a91feb609f70ed1 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\bing.com.png
| MD5 | f06fffc93bf3d08ba0c71d27b5e4335b |
| SHA1 | c55c2bc1ce66ef2b8f908e2b76f339d54059c5c1 |
| SHA256 | d17c66e0c39382521aad834bbf7f1409b62beb41225776c4050e42a118e63ab5 |
| SHA512 | 887007ba99c8b0fe64c9ab3c8458809b71f27ea5d8a961c39c6447fdb2bb73f0f34a7e76a6a543026d5b9816f43deb6fbd1007521e606b411b7301dea36df3d5 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\baidu.com.png
| MD5 | a22364bc92dc3a1f3d4c89ee1ee89c24 |
| SHA1 | d2d247787cb4362b95c1080437399c937e357c5f |
| SHA256 | 0a990cc8459b76198cb42f47f6b3effeff33092f4e20618e5938f2cdae23b9e2 |
| SHA512 | a1534a684dea9e5bc3b55930c4c80eb4f7b4405e4e7f0cbe6583f8f8bb9f34888bdafad4b8678ad5e97a9d79b045b2f53ef7d631ea91f417c074ecf37f898b78 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\new_tab_search\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png
| MD5 | 0a9fc68e2274bde4fb70935c0f676b00 |
| SHA1 | f6b5f67d004ad2829fb1de8e16343be7151b98e0 |
| SHA256 | a14dcf03c3b36f11cdf688be313167eb130cbf52e721e67d4fef8f535a8a2e49 |
| SHA512 | 584055d760da5b1819898a4be08c191944c2e19d6cbd62d9146deff3f4bf445c41316b6b1cab1580b53a9cb449008a25cb85325fc802790960437e2fc2462cc7 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\marketing\1001.ico
| MD5 | 4c6695fdb42d78ce9627280bec0abe35 |
| SHA1 | 24926125d6e04d4f1074b6ce8e29cc503a708899 |
| SHA256 | 8425eb2fdf398f0ee4e922ceec61e55ec812a3dae3572e67750367aa869d52ba |
| SHA512 | 0ff06b5c96ffb4a8fc5ec6fb110bbdc6ee22c6541cd9c4a9e2f91754e6b83f1e1ceca5ce7dc8b011a7caa1d5109e1ce53752ae51fa7fd478aa3c1a144f012c3d |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\weibo.png
| MD5 | 11b4bab51c09f5a1d733085b334b3056 |
| SHA1 | b6eb762070e23c5b86675f6b0f46c8ef60f21ddd |
| SHA256 | 4f6b32b8a4d942393a1138715b2fb89a49d1d91ecc73be3eb4b3a466474f03e5 |
| SHA512 | b76196785fa98e6420e086778695dbe9a16a217e56dec19f426980e6ad768ba2d80d7d594293c94d7097191bd3053926477e2f8a858edd59728205457e1cb3cd |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\taobao.png
| MD5 | 179d77b169bd715167fd0f6927808b62 |
| SHA1 | 3f12c101f6129676f2029a70bf5ae78b524a0cda |
| SHA256 | ba9d78dbc4207d5d61e9fc42dbed28cebde243179f7625d6af23a10c21678962 |
| SHA512 | d8156c9a5a6fade547c235b9b77afdd1c16bb62584f1bca0dedaeb48d80a2551ba9c232aa4e5a22fc66dc2166b060912947acedee6a6f1bf43a8d630f0ca74a7 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\qq.png
| MD5 | c6c6cdf8179fd3360e2dd60dc8b3b0ec |
| SHA1 | 850caf5e4114fcfe18f57e5d82cb83f9ed6485b1 |
| SHA256 | 4e5358357544531a5deb98b8170ce86dddc62d820632fd6341fdc5e2fa7a4176 |
| SHA512 | 08d5ae337ca47e44a8126aff0bc47f3382e131fa34261619097afe5adbda92a7e8d4f77b324b8aa20fd91fed323d2ffeed3be80212bd1912f2e5d7e91439bfdd |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\renren.png
| MD5 | d542cd4d121465265415876a13c8e6e5 |
| SHA1 | e049a1e6202a7e174ff742bfb2a25f0f729edf8f |
| SHA256 | 0fc53be0beff5dbc4a762c19f983ebd0a0bba8239cd052c3990793de457ccb24 |
| SHA512 | fcfe6b77aba31a8ea729383653081ff5f8285ad644079e908f4e137db57bc635989332b682f26ddfaa04dcb9d95694a2e40cc4ac47ccad4aafb0f14a42fd329e |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\noads.png
| MD5 | d8168d458a998ba7ff997e5ba43c76db |
| SHA1 | 930f783e525a44cf695ed2fdc0c56e331d6862b8 |
| SHA256 | a35575fd03c30814af7bc6b259f7f51dd75a2c780c6f0ed6602abc55afd2130e |
| SHA512 | f74387986dc60a40961420129fb051d37ce7d75a8ec4f02159e53bf2828f25aeab562ee72537abdd32ab19fd25e3df26f9f89a2334c62d23815e44af31c3ccb3 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\tmall_points.ico
| MD5 | f980ee0aee951b86db85137ec027e491 |
| SHA1 | 5ce8ca7db87622ec9bf14adb8e55a31f098fbe37 |
| SHA256 | 1a430c23e1f9f79cb88ef4d532a70dde6aff7dfd03adeae9461b559a7641b8e9 |
| SHA512 | 5b275e299c9bf250a5c3479fb1cf370a648e81dce74833256cfd0bc3c30db557edb363caafb1ff3d3a56995a78c920e2be6c1587177677908c1557e271784f52 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\facebook.ico
| MD5 | 29caceeded110cf5cdc6b2837f34f703 |
| SHA1 | c5d0fe9def646afd04a4b0f4c5a39a881e4c3624 |
| SHA256 | c735760b739f5ff8e29c023856d03c78def35ac47914e480c885acf7b18aa973 |
| SHA512 | 191cfc8dce601577cb4a574693b7709912bf2ed6cd891b31981f27ec2aacef0ce72459d213d132ee53a46c5d76510639260365b001fdfe1186719e99873a857d |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\uc123.png
| MD5 | b3d961de8896d4d6e8159d6b6a6e7729 |
| SHA1 | f8d468a11da8e9f136fa54c043f5de5ebcdd62ff |
| SHA256 | b864bd7ceddfa3c715c4befd29631bf2f6c55eed4fd5d3428eb27404af4b5129 |
| SHA512 | b441debbfe22afdc63e2ab2c0c9066c9ac5013381337d0c6c396da36be07eac906551157297965557484ef23460929c1033ea338ec06b3cadf929f0ec61bcd43 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\taobao.png
| MD5 | 0870184d9d62fc6ea09f661ce759a680 |
| SHA1 | 7a3be4d085398b2fea068a55892518f5092b84dd |
| SHA256 | ef63a5515e3b3d09a9977b78304d0e45d76da3614f230c233441b34c62f00a05 |
| SHA512 | 124a9157c8b447794f4745edb752091ac809e4d39fdb34b65c06c72c08c4be3a157c0741785881c93a139368b92990f7a445e3ad75c80d84ffcf5843a35481fa |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\pp_helper.png
| MD5 | 4cc9b59697f7564731e8c506264f3bde |
| SHA1 | cb9d1f897620da72c4cd3cf3a5f4712f509ab5ee |
| SHA256 | feaa5ce8f86ee0cd34821b48cf76e330a620bb4045290891a0c8edb42054db8a |
| SHA512 | 5480d0c7c815e95500790d6a33a32058a75f3369d2ab80be0fafad78d7767ea6d41ded7d405e5ff6473c5d84bf24beabc81f5b3e59b644adb04fdc95ee48bae3 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\baidu.png
| MD5 | d390c92daf6ec52215544827f405a79f |
| SHA1 | 077cca8c1d73bf05c1f4001893642f4ea28ed454 |
| SHA256 | 611e5b35b3f35e6e8084ca7f71f9d22f141ee8a60f62e00ab15be721a3852cf7 |
| SHA512 | 0af5aa486487510ee280cc99b9547214df43e32bbacb6c933bf9d10fef72afc5c4a23fcb2e3db83231ba934a174fc535529ee88cd6ad3474691a2b779211f3ad |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\amazon.png
| MD5 | 9fa7deb1ec538c30eff038daed4814dd |
| SHA1 | 71a3bc8a736c93812b06f66fb7b2e522d18d6b1f |
| SHA256 | 6e8bfc1ba4adabafb14c021a16d865253110dea7933658aabda0403d1f729cbb |
| SHA512 | 669c115ca531a94e522aa9f8f81422f6b5c16d51fad41d073c38f50ca6a50d0d5e6c2f1d9115aa06c68f4345bc3c273f558cf665681c10f113374e5a34dcd0c7 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\stats_uploader.exe
| MD5 | 1882e8a3013076a821f10dd268f4a49e |
| SHA1 | 2602bfa3b318f0bfa4b046cb467ed230b32675d0 |
| SHA256 | cab75eff5e0a9bd41dc9d1e1888f06d455225b35cdd815d93673766bcc195641 |
| SHA512 | c77939a086cbe5ea7caa4096470c0f7ca831b68990cd0b2e1c0d1f07bffc6e34197b3814e8b0612f6e30eb6a3e28651d4d0437d7272d163a97bb6e8e394c85f2 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\libucguard.dll
| MD5 | ed96f14e32bb351ca7070c217a781f2d |
| SHA1 | c8d0a14318db2b1ddc49313e69bdc662f699cdd2 |
| SHA256 | 3f7efb52ac4e2187d145f29f4a06fb439009da0f1b133a3bb917cac4ac3efe53 |
| SHA512 | e371edc53de44cbef31d18ebb46a44321a7e21639ea56ca65c7ba1c1de583dd9d86e38e11ee6bf4d40bf47a8d28889ea8569f5f99a6582903a85aefd97cb92c9 |
C:\Program Files (x86)\UCBrowser\Application\5.6.13381.9\win10_100_percent.pak
| MD5 | 3d6f7933f4edd16d16e659d903d2b31e |
| SHA1 | a823c4c2f6e84a4ab588e28083dedd873e81dc17 |
| SHA256 | 1dd9645de136a460b6d293b78947c6f325783f70ce28698f52f5f8249258f62e |
| SHA512 | 575f8b097d787163e464861a3cc6a4e70e9a3c9caf9e549acfba5816529879d23811354d4156ae94e17ddd1fb8359a0145ab578aada49dff0890dc44733529e8 |
C:\Program Files (x86)\UCBrowser\Application\Share\custom.dat
| MD5 | 2f70b6c6edc5c39a788e18c6cf9afdc2 |
| SHA1 | 2b821f081c4223e7332e792b4b20ff0750d12c57 |
| SHA256 | a9e1b3c0b4a1332e8162fa45a1a9cb4fb12df0ccd9f98eb88e0daa40d3b40c3d |
| SHA512 | 30b80b70e383365b259fccf2705b64c5facb8aa435b870a00fbf12182629a9efc7546b925850316f653beaa603542ae30f4bc922c84d2ee4909b59cf2f780b68 |
memory/4388-285-0x000000002AB00000-0x000000002AB01000-memory.dmp
memory/4388-284-0x000000003CE00000-0x000000003CE01000-memory.dmp
memory/1292-304-0x0000000017000000-0x0000000017001000-memory.dmp
C:\Program Files (x86)\UCBrowser\Application\Share\ucsvc_config.dat
| MD5 | c47d884b0c0be4a2f8ae1db1ca068968 |
| SHA1 | b7a26da669c09a19f97b61b82ca47975cd2d7979 |
| SHA256 | 6d113a63f1e577de338580cf3c9de4a37f3112657ed8591d9dea24fd28cc435b |
| SHA512 | 0e6da50b47c47b78a061e9d265481316dff470d620605febbc5a53be4caac3b820e26768eab083b882e7e872aafa8f28412c0989e83cfee0edb2f6f165733af9 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\9A48.tmp
| MD5 | 2c24d7d5aa4b33b05213f9df5a1d8ed0 |
| SHA1 | 0b8ea734ac880906e2c3408727cc14e5227b93fb |
| SHA256 | c411b014f6b2b03d7271a541dea88861af876995a00eaa778443e491c143a31a |
| SHA512 | a9a183cf3ab9acabc187f5157cc92e672be9a46fc93a3d3ee82f51123cda6b6a0df0b0023dd64dc3b08250ebb391b32225dfa1f846622a9f6ad68e08cbd90ef5 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Preferences
| MD5 | 6e25eb146c7a16a2ca60e88d90d59e14 |
| SHA1 | d6febaf50034094da7b24926b1565f433846be06 |
| SHA256 | 9b2f7bcf8bd9155844395b8f2f1c5c09323f87a45fcf7ce11e731b6e4f881fc8 |
| SHA512 | 58744a0606d679656cf83e431a1f67d5f03363ec1f622f40d477b8a836e538d11448dd57f4a750c064f7f4057c598c08a696ff393cedfc9d1e8a5b3b8e437d68 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\9B73.tmp
| MD5 | a0ccc78aa78ca84306879ebec7b65cfb |
| SHA1 | 01fa504e9c77ec802acc42a787e5b7c585985ebe |
| SHA256 | af726a32fc7c88789d2aea7766efb45c5f5b0ea1b285681fa1fe8d33d2d8b405 |
| SHA512 | 09eb5484cc83d26aea6206134ab61ec36d8d48991dfebb145eed4e5101952b2b9ee4727e8a6f78f4531f5ae37c0eed21cbb43214f6910c8bba4c02bb96b3a690 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\A256.tmp
| MD5 | 0936034f8064795846981327a9f79e4a |
| SHA1 | c4b090b61c229c1f6b1e392bfff0c12bafaeccf8 |
| SHA256 | 12bd7adc54fe0a44887cfc9481fdb96f74fca343c7530d5e928499c4ac5c20c7 |
| SHA512 | c8778de111c7397ac9585491d758deb2ac56bb9a69d5a32c705ebe92b3ed330091e518287ba082db284749af9316bb280f8c2d67c539cfce3a73793089b65e30 |
memory/3420-413-0x000000002D500000-0x000000002D501000-memory.dmp
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Extension State\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/2660-431-0x000000003BD00000-0x000000003BD01000-memory.dmp
C:\Program Files (x86)\UCBrowser\Application\Share\task.ini
| MD5 | aea2dc067cd94c193c7c9848d0b8d845 |
| SHA1 | 683b53a9fa7ee891fca23787f0ee58f15992c6af |
| SHA256 | 904427d7b3f6e961a7d9f5f1161448b436283ba9c1835f9ef77885b96100c20e |
| SHA512 | 2729df0330c4b16e3d74c3a074079ae4f5b8c910ed792618096f6dd515c851f5d31cc03cf778be6641b3ee419ae994c0a907dcc67310299c1bc8c5f8b0670653 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\C2A7.tmp
| MD5 | f3f0f5e7545cdccc90cdc0419d1bcba1 |
| SHA1 | f4b63adb72b523f458bdefbf10b7a54aae4a5656 |
| SHA256 | e83b3bf407c2bedafe7d41d197b1d749e13fcd81dfbe61b2e3b8ebcdc6099dcf |
| SHA512 | 344be1d8d84d05858ba8e7514482dbe6ff59f31c3e72d84c02f5195264f07fef58af7ee10959c9ad26d156dfc2c70f518069e5b8ae658b1ede5cb065d6f38343 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\C8B3.tmp
| MD5 | 2d3b2f428ad8d606527c98664116148a |
| SHA1 | 59777a38bf536b74c414dd0b90a0ed72b64a375a |
| SHA256 | 1898974b806ceb99411a588e7069a6d7801781bd8859ce1fea68797a325ad8e9 |
| SHA512 | 154c7c4e556c73bd189f4cf1838d83cb737700005cc8ecd6e5ff929d4aed4a2935dfe9e242737477c1050eab721482c51b0f8fdc6dbd6e1ca00a6454aa4175ce |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\3058.tmp
| MD5 | 1b0cad8276f4a27ef3411ba52d6dbfa8 |
| SHA1 | 6e4468b0c647fcc7a56c9a3be896eb155c90f193 |
| SHA256 | 2e781e03afb1222b2fbe997cbd78c8eb4f7df42ac9e07f03509946549025e38f |
| SHA512 | 7cb1d478dbe7016d3c1fb5f4133ed4a5739ddf8d59864f2b8f70adc74af833c431f98b3d10303b094d5703dc1a6d5509155c7ce833a07f28b1a34d029cc2ae34 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\TransportSecurity~RFe59306d.TMP
| MD5 | 56b8b4cec3913be6bb14a84b9d432137 |
| SHA1 | 1cde7f89da6d0b0681026bd6e2c51ce2d7a31a09 |
| SHA256 | 8f27866bcdd7a53bbc5e56cc23184c4e7edfda1c647e6a0d6851121ed5563478 |
| SHA512 | deeaaad06292c6cb7b9bec3034a8a8f72e7fb28bfa73b3f94cae59563b143ed62edb3abdb048c4ead7597eccf7d8dc9f2de0ff81b2d74bc5ce10abf82d9f8fdb |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms
| MD5 | 176fa00b667e1d26f678cb7b2ff40d1a |
| SHA1 | 6bf162f6b6c0ebe6a09d706809e721c8012027ee |
| SHA256 | 534961747b8d5fa2e0f7448b00bee1992b2b0b49a4a6f3f9a9ade8241a1810c4 |
| SHA512 | 736f3b2a6cb172f488b3aff1482209c38e41c39d8eac6316c8a1d0ee4c149e67afd4956e22634804a4997b4248b2e8c406087fc3057ac7a0885743215b6adb7c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms
| MD5 | 961d3a1d7474f1370a910578eff5cb8e |
| SHA1 | 2df4f7d9adf10eea32777122f1d6c99b8a9d8dd5 |
| SHA256 | 621afd909e61556764f7215ce1ec19b51e3f0d10656a730d6ce171c1d6bd22cd |
| SHA512 | b714fd58b7aae5d29923020b9f9658a052e7f3281d30b7d8358aeed0f44701b2ee7ce352c7f69f060e664eae3e9de357766c061f2d1adeb928fa4c0fe87c292e |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\AE94.tmp
| MD5 | 3eb3d70ae28065448110a7214471c607 |
| SHA1 | fdcee3de14834dea3fe3a49592bc61bdf40a60ae |
| SHA256 | e3134ad20520f445657a8b63dff7b6493f72987d52d6210853d20fbadd307719 |
| SHA512 | 413cad1ae9d21edda285246213784030fc5091e3c95c3a21efd872d8011989c600d02bb8c2f8329f0589c8280a6eeee207f59e0b8d6e352d446369bccf4ecb53 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms
| MD5 | 4cb0bd64889fb522df758de02944b4c6 |
| SHA1 | 8a955cf2b8f7f9cd979fd6d4b8eda2d89122a47a |
| SHA256 | f0b6909fb1a1f97fd2dffb7a3775a61bf53b2e19661e8b59c4354fd9e816e56a |
| SHA512 | 0889e0bf6e3c5153b5b419505ac802a4ca76d709559d0cb699582cf58d3988cd0d6e9fcec181a6fce7dbe8312217a76ed9c0f395e9bba1ee96e5395f4cbc3118 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data\Default\1965.tmp
| MD5 | 1771cc7b9f7cc749d7f539a6fa506126 |
| SHA1 | f498ec91e7eced8b03409e9dae54bac4782220a3 |
| SHA256 | ae6ab2375f6ff3b025637560b08168a799c9441196f81236a448ed467938df2d |
| SHA512 | 50c7c87985ff0cdcd6a33ed69c06f93feb41584fb820a0da7e4f2a2ede7f021920bd4bd68ca9f09ab13eac319847d58fbe314bf1e081da8f2ab8d8c44c254b48 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms
| MD5 | a3847c12ce1bee88b3c3a8844c242cc7 |
| SHA1 | 6b24b147a671df4d2804be3f4bb32af966017a11 |
| SHA256 | 2185ae1ae1f20f90eb0942f524f0a982e6ba728021faf66636887438fa9aa13e |
| SHA512 | cb100c1e4cfc72b146216d5a7a0bc60fb91b717cca9a5e07cb553419801740c8c976dcc248ab4b42f264fa56d45aa654c0f5bea11c6a4e3d9d31d275b6fdee29 |