Analysis

  • max time kernel
    348s
  • max time network
    359s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    07/11/2024, 22:33

General

  • Target

    readyfile.zip

  • Size

    16.0MB

  • MD5

    0abdfadb3b87d3f9eedcbcdbdb113316

  • SHA1

    25d7f48841c4feed8a023203d6dcac829490730a

  • SHA256

    88c091ba3072107a1c873c0bf5360e7fd7a4ae99c06af9bbc0f5676795cf1fd2

  • SHA512

    8845a63e33a4662a7734fefa66bc2ba85669abd8faba43a01cf0bf635915e4d0a8d1f2f81e4286506c91c7616447cb31a8011aaec7a9b6260237492fd5eba3a6

  • SSDEEP

    393216:NRXC7xZpAkB/7M8L0YJL+4MRYichQMKYbk/lSq3GYe:NRS7xHAkN75oX49hQNYIJGYe

Malware Config

Extracted

Family

lumma

C2

https://worddosofrm.shop/api

https://mutterissuen.shop/api

https://standartedby.shop/api

https://nightybinybz.shop/api

https://conceszustyb.shop/api

https://bakedstusteeb.shop/api

https://respectabosiz.shop/api

https://moutheventushz.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

  • Lumma family
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

  • Downloads MZ/PE file
  • Modifies Windows Firewall 2 TTPs 4 IoCs
  • Stops running service(s) 4 TTPs
  • Checks computer location settings 2 TTPs 8 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 48 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 3 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 4 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 60 IoCs
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Time Discovery 1 TTPs 6 IoCs

    Adversary may gather the system time and/or time zone settings from a local or remote system.

  • Checks SCSI registry key(s) 3 TTPs 23 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 52 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 38 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\readyfile.zip"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1584
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4084
    • C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      1⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3012
    • C:\Users\Admin\Desktop\✱SatUp\Setup.exe
      "C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:548
      • C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
        C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
        2⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4512
        • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
          "C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAj7dQNK6LtoLWDco0X9hF1kXqV2z9WP44X7a4gYIXSG/I+iQ6IhGt6IpY9xKAOifpjlS7Xap9BCcY23D1Sep0Z7OvDsyup091JeHH47GgLDdyrQnsEWge/zTMmcSj7X1texUH/BU7QLr5wajUO+Py9G1utI9OsgT3PmG+5H2PP3B+4XQJx50ZozIeHG2yiKxMo0COh9NSMYjmFMCKrxPFGubu3yIPnXVFquWXGe2Y3tC9pD8lJAMo131M5elQlxvUetX2QyNFJIT0N5M
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1752
        • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
          "C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAgTdTOH8Ls4YgjckIOthD7uDqbWVJ2mAzg7Rww1vW3X1GOjnJ7ZG8+3dLpKj96Uul5ECQVplpaNuUzx0LCSofR0ZvVv8HZj8X4vQpkDbj3owyvnXQMv1q11TPNvoC7Q1sUIHaxhX6uCo1FBXHJ3SMdOW7mm13o7n/VOGT7QQMWCBFtjCBzg0vZSTf7mu83tgIZUOwa20RbsQbFcqDSMfFyBssHTLf2jQb+mMR6O6Y1VT+pH/UvtRwewtfsWDZhgK0WkEifBQHoTKqk9BIxziA7H9/Qqf1/qI0DLUfvWhl8Q=
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1612
        • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
          "C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkzi1m+EKzBuSgqeslt3Y59zv6n53VQ+NiSpLC9ASVnLeMPMdcC/RZNzSsq1XMrjdG0waaDL1+7XAbI9mLfxoaZehItaNODHWRXSWRWy3tSDXnpDkj+fjbNJeenT92n9SbQQ5xwiLODivccFV6NVh0vx4IajaHPdL6sxpeSWbJ3xm1VwdwABbBnaFYclzkQlJImkjuVH7yCEgvBs85TrTC+DxyTMGJwHN/EPigiK8WfAoiIYElK/PSa3vCmY8tR/mbvfqdQjmUjOsnXE
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1944
      • C:\Windows\SysWOW64\choice.exe
        C:\Windows\SysWOW64\choice.exe
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:1672
        • C:\Windows\SysWOW64\SearchIndexer.exe
          C:\Windows\SysWOW64\SearchIndexer.exe
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3516
    • C:\Users\Admin\Desktop\✱SatUp\Setup.exe
      "C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1088
      • C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
        C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:4396
      • C:\Windows\SysWOW64\choice.exe
        C:\Windows\SysWOW64\choice.exe
        2⤵
        • System Location Discovery: System Language Discovery
        PID:3320
    • C:\Users\Admin\Desktop\✱SatUp\Setup.exe
      "C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3060
      • C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
        C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2384
      • C:\Windows\SysWOW64\choice.exe
        C:\Windows\SysWOW64\choice.exe
        2⤵
        • System Location Discovery: System Language Discovery
        PID:3880
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3012
    • C:\Users\Admin\Desktop\✱SatUp\Setup.exe
      "C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3840
      • C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
        C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3876
        • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
          "C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkP9KIK/DuJ7QxdAgWmhx/kd6Q3T4oMw8U96WnZ83YF/E2p6oPkmPzIOwyTaYigPhheSfVaKFKhMRg175Q+pER4WvHuyh/3lhETnZ34IwID9OHQ3UJpAc2wqUm+CQzWVdSjUPzCVTcr7KGZrYCXPO7FzegKd4eiLDCSmU8EmPH3BK4VQJ6tUHtxjWBnmbGLhUjdCSr/q6A4TOfNaGtjP9Ks3O1xIV9Xdpjx2RPfEI2siaNAMdAMs221g009V2lwv0WNXGYwA9EojU1eo
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1844
        • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
          "C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnb9OoByDtx5EBcyg4+hK/2n6VHXXYm26aRxHSAn281xwGS9qPAlWcgXjvS8S2WyzWXC1RxHRS0FsVz6RbSojSWJvev04/getomwwDtPz67ufjljOuEVbXJ5XCWdszQdzRqHU5QBStqFnjAhC9GSPQHSLm3rrK75LiGmQeVwMQCxdtjiF5YUz+UBX+8d9zskd5FOhZ8u5e3H5vf0MMufj9R0MOx/mchaWgNswaxmI+k5DtFrhDlxb7fvnmta1hja+bkEeegO/kYziK8HqGii959JvX513Zpujzh0QDA5CUI=
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2116
        • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
          "C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAn4Jz3x6Akt9GOOZh/+JceWX8bvftt8rH75eUQQILX0GJ7nmscViYtRpj+n0gOA1qrlaB3JpoD9yo6HsPyfJWc7O3LPC+gEE0ldzBohGWA4BSvy5DAXMQCKT1rxAj4VBrewkS/iUKU9NJ/ruPm83GR01wuBpery00rl6HKv2/O2h+8Xgh16Y5zqIjPBASgqnzg16DBONFKWdWJfhiLzf+BOby1AwftGQIOt6GXk2K4Gudtim8NA43BM1P0jvQryXQes3QRxNqJu1kB/x
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1464
        • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
          "C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkYSoYGCG2V4QPrLgG+X1fsH3x/V6sTd7FY5z3VoCaVyBIcQpepPXM0ResPfcKohiAkQK0zhZ3lVW+KqGmdxyRYOBCOq4rCqv1+ipHd2/vr3GpptXv1vRnkLabKJLyl5YQzQY8T8vBGMD3e0fX+1nUclQJyvsiPiHXHhStZ2bM3Re1XAV+bx6e8w5QIXWuRjYH3EyKnVfxM+cGBfKRwrYLd7h8hUlqzuSXM/U4IG0ZVcJgKqnthP+oQt7G56AlRHwyNds8bE3kg4dqN0g1ybYGcTkqFXyRbS/Xl3OelQCNnqOd+qosnL8VlyIWwqFtcChjEEygiZA2TOJKNW60EafQBvA4QnzNaeem70XGNLquGnIIje/qFI5/4wJ0+GbkYh
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3484
      • C:\Windows\SysWOW64\choice.exe
        C:\Windows\SysWOW64\choice.exe
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:2400
        • C:\Windows\SysWOW64\SearchIndexer.exe
          C:\Windows\SysWOW64\SearchIndexer.exe
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2096
    • C:\Users\Admin\Desktop\✱SatUp\Setup.exe
      "C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1668
      • C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
        C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3884
      • C:\Windows\SysWOW64\choice.exe
        C:\Windows\SysWOW64\choice.exe
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: MapViewOfSection
        PID:4916
        • C:\Windows\SysWOW64\SearchIndexer.exe
          C:\Windows\SysWOW64\SearchIndexer.exe
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3056
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
        PID:3288
      • C:\Users\Admin\Desktop\✱SatUp\Setup.exe
        "C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1848
        • C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
          C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
          2⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1560
          • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe
            "C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe" --d="C:\Program Files (x86)\UCBrowser" --wow-as-default-browser=false --wow-join-user-expericence-plan=false --enable-logging --verbose-logging --v=2 --log-file="C:\Users\Admin\AppData\Local\Temp\inst.log" /s
            3⤵
            • Executes dropped EXE
            • Drops file in Program Files directory
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            PID:856
            • C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe
              "C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe" --sync=http://www.uc123.com/guide/install_blacklist.php?ver=6.0.1308.1016&bid=35151&pid=4601&mid=1a5c5dc8b30f5483455c27bbd36a87eb&midex=1d046889ed4d2ae943510f679df2e1b8v000000249d49d6f
              4⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:2892
            • C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe
              "C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\CHROME.PACKED.7Z" --d="C:\Program Files (x86)\UCBrowser" --wow-as-default-browser=false --wow-join-user-expericence-plan=false --enable-logging --verbose-logging --v=2 --log-file="C:\Users\Admin\AppData\Local\Temp\inst.log" /s --system-level --wow-bid=35151 --wow-pid=4601 --wow-auth-url=http://www.uc123.com/guide/install_blacklist.php?ver=6.0.1308.1016&bid=35151&pid=4601 --wow-customized-theme="Share\customized_theme.crx" --install --wow-install-target-path="C:\Program Files (x86)\UCBrowser" --wow-make-chrome-default=false --wow-participate-eip=false --installerdata="C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1124\wow_installer.prefs"
              4⤵
              • Boot or Logon Autostart Execution: Active Setup
              • Executes dropped EXE
              • Drops file in Program Files directory
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              PID:4624
              • C:\Windows\SysWOW64\sc.exe
                sc.exe stop UCBrowserSvc
                5⤵
                • Launches sc.exe
                • System Location Discovery: System Language Discovery
                PID:1792
              • C:\Windows\SysWOW64\sc.exe
                sc.exe delete UCBrowserSvc
                5⤵
                • Launches sc.exe
                • System Location Discovery: System Language Discovery
                PID:4860
              • C:\Windows\SysWOW64\netsh.exe
                netsh advfirewall firewall delete rule name="UC浏览器" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"
                5⤵
                • Modifies Windows Firewall
                • Event Triggered Execution: Netsh Helper DLL
                • System Location Discovery: System Language Discovery
                PID:3036
              • C:\Windows\SysWOW64\netsh.exe
                netsh advfirewall firewall delete rule name="迅雷云加速开放平台" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe"
                5⤵
                • Modifies Windows Firewall
                • Event Triggered Execution: Netsh Helper DLL
                • System Location Discovery: System Language Discovery
                PID:3372
              • C:\Windows\SysWOW64\netsh.exe
                netsh advfirewall firewall add rule name="UC浏览器" description="UC浏览器" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" action=allow
                5⤵
                • Modifies Windows Firewall
                • Event Triggered Execution: Netsh Helper DLL
                • System Location Discovery: System Language Discovery
                PID:3788
              • C:\Windows\SysWOW64\netsh.exe
                netsh advfirewall firewall add rule name="迅雷云加速开放平台" description="迅雷云加速开放平台" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe" action=allow
                5⤵
                • Modifies Windows Firewall
                • Event Triggered Execution: Netsh Helper DLL
                • System Location Discovery: System Language Discovery
                PID:3048
              • C:\Program Files (x86)\UCBrowser\Application\UCService.exe
                "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --install --start
                5⤵
                • Executes dropped EXE
                • Checks whether UAC is enabled
                • Drops file in Program Files directory
                • System Location Discovery: System Language Discovery
                PID:3192
              • C:\Program Files (x86)\UCBrowser\Application\UCService.exe
                "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --as-current-user --run="\"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe\" --wow-enable-user-experience=false --wow-make-chrome-default=false"
                5⤵
                • Executes dropped EXE
                • Checks whether UAC is enabled
                • Drops file in Program Files directory
                • System Location Discovery: System Language Discovery
                PID:3020
              • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
                "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater /AddTask
                5⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in Program Files directory
                • Drops file in Windows directory
                • System Location Discovery: System Language Discovery
                PID:3692
                • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
                  "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" /addtask --type=wow-config-updater
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Drops file in Program Files directory
                  • System Location Discovery: System Language Discovery
                  PID:948
        • C:\Windows\SysWOW64\choice.exe
          C:\Windows\SysWOW64\choice.exe
          2⤵
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: MapViewOfSection
          PID:1048
          • C:\Windows\SysWOW64\SearchIndexer.exe
            C:\Windows\SysWOW64\SearchIndexer.exe
            3⤵
            • System Location Discovery: System Language Discovery
            PID:3756
      • C:\Program Files (x86)\UCBrowser\Application\UCService.exe
        "C:\Program Files (x86)\UCBrowser\Application\UCService.exe"
        1⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        • Suspicious use of AdjustPrivilegeToken
        PID:924
        • C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe
          "C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAn5R/B962h7eGLt0YvoZrD+QQdUZsoesBr5m3h8IDTGFJ5yhOcOKAyNpJwjFgFAHVLmKdYBp2PSHo7knqCcJ8SbOHNva+omZCVf788VGCEijSgz/sgWkbyOTPktDjyWlCezEL1yU8fbyJyIXZ28nkys10poDevQXX7my/xT2fD3x+0WQd16g4mmItA2VSnqJRA1qcoWNrNL0WM8e47w/RG+bqyyNfvtgQ+cS6Jg3faOteaLDrozq2GxsS7dQQmPYTLotakFbvivl85ETOL8hKhyZOSFqx/YNA0yGhhc5KMKoGPDUYRAL
          2⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:956
        • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
          "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-enable-user-experience=false --wow-make-chrome-default=false
          2⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          • System Location Discovery: System Language Discovery
          • Modifies system certificate store
          PID:4204
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SpdyEnableDependencies/Enable/StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.0.369893011\447528975" /prefetch:1
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • System Time Discovery
            PID:5116
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.1.1793040896\577445914" --lang=en-US --no-sandbox /prefetch:8
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • System Location Discovery: System Language Discovery
            PID:4268
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SpdyEnableDependencies/Enable/StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.2.2145424282\477535159" /prefetch:1
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • System Time Discovery
            PID:3100
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.3.1570626021\1327413791" /prefetch:1
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • System Time Discovery
            PID:4740
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.4.933816584\1791673414" /prefetch:1
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • System Time Discovery
            PID:4144
          • C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\chrmstp.exe
            "C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser" --force-configure-user-settings
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3388
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.5.537052634\1302400405" --lang=en-US --ignored=" --type=renderer " /prefetch:8
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:2940
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.6.1583695217\1606980859" --lang=en-US --ignored=" --type=renderer " /prefetch:8
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:1664
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.7.1205344473\663375871" --lang=en-US --utility-allowed-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805" --ignored=" --type=renderer " /prefetch:8
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:4656
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater -CEnumUpdateMode:UpdateMode_AliImTimer
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • System Location Discovery: System Language Discovery
            PID:396
            • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
              "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -cenumupdatemode:updatemode_aliimtimer --type=wow-config-updater
              4⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              • System Location Discovery: System Language Discovery
              PID:4452
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.8.1351239208\1749826390" --lang=en-US --ignored=" --type=renderer " /prefetch:8
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:1260
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.9.491867213\1626980658" --lang=en-US --ignored=" --type=renderer " /prefetch:8
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:4600
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=ppapi-broker --channel="4204.10.1769792489\196744152" --lang=en-US --device-scale-factor=1 /prefetch:4
            3⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            PID:1500
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.11.104166010\1333932649" /prefetch:1
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            • System Location Discovery: System Language Discovery
            • System Time Discovery
            PID:1456
          • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
            "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.12.18004746\1915555139" /prefetch:1
            3⤵
            • Checks computer location settings
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • System Time Discovery
            PID:2456
        • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
          "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-warm-up --silent-launch --wow-auto-close
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:5080
        • C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
          "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --lang=en-US --wow-warm-up --wow-silent-launch-child-process
          2⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:4392
        • C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe
          "C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAjZ+3p+yjzheUJaW4gq/UD8g55kZlQAWhmb9BJ8o2bmFwVApNb2rraPBRrJF0CLTVOmYuYBRk6YHq/Z1KOeR4SaOpMvacmSPic9ugUWWNmSjukITsi3LJaO7zRHD7zkdCUygh1zMOAhyX+ut51/dNysFaDYDoldV32EVPZR2LB3xe5Xwd5al5OlAyQ8VekyVRB28HoXle4h0IGTEY9y7rG87F4SNRkruw8/DUhjnH9etms9o4Hn6N7m66qCQxrgpU6gk6QpPV0h2iS9x8uOIL0jInG1Pwb9zmO6IiJpEDUf8t7FGIfCYDZNRfQKmKvj/Hk18isbhFIM9FZztMx+GwFY3xzOv5LKB
          2⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Modifies data under HKEY_USERS
          PID:1512

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Configs\config.dat

              Filesize

              120KB

              MD5

              ee387ebe6a87ba7e7681d22214d1c4d6

              SHA1

              3d998a1cf0fcc230b4cab7f052e875b6da2b5742

              SHA256

              1f61cbd1d1cea6453a9b77d81995a9f2fdd529ba640dacf41dde308b2162657e

              SHA512

              ed13be1778944b5f7ec5d1f71cf0b46e5f6a98f4dc154007cda3c04f12e4a2f38cee8f7e946be7ee5bde58ca3491bdd852ec02096cd3ec7a62666a314f83d3a8

            • C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Configs\share.dat

              Filesize

              66B

              MD5

              e373911dbf6d089af21a759b35e30505

              SHA1

              eaee63f64e55565f0c7ad528184849d01d5b90d7

              SHA256

              e04fbfd74992c29d27018543961c0d0568e5ea1cff8aa3bdbae6bf489814dce8

              SHA512

              ca623a9aaadf05be4852d91fb87ce1d57410629e9cc67f0f40a649f91075b25dec9900d8fbe7223b753af7bf0343c55ae95f24823a471aa1c3a9158458806770

            • C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Configs\start.dat

              Filesize

              8KB

              MD5

              dda2e6b34e62461aacab3317b8f8751d

              SHA1

              28892a09922fe011e95fd8450a1dd9d56da5df7c

              SHA256

              8e8026bff3c3cf40c63529860174e04e9a0cd66e7fae658d56d254b3820bd03d

              SHA512

              0deabd7acf8cce8dc8c353b4824dad263795b38f0862ab2f8564836a00870e6f31407304038bcb816e5316c83ef126a7f8faafca5b18ec08c778febd8dea6bce

            • C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe

              Filesize

              297KB

              MD5

              43b42c720ca4ae32b5cf7f6effa35ae1

              SHA1

              62a38eca99a75f8e8f4b92533475af04c5a2b9f0

              SHA256

              f5bfa49feb01e326c2110b60cbe9c798d83cbb627928dd86c3d971daabe6aa3d

              SHA512

              5a79177d367f5796caddc16cbe6aab52ccf248ba4e10de54b9852dba26c2edfd02aab4d2cebd0b0c1d91cbf889912222e8303aa916475b49d6513110cbb8fcb8

            • C:\Program Files (x86)\UCBrowser\Application\Share\custom.dat

              Filesize

              915B

              MD5

              6ef3f6e140431c5bdb55ed2ea2f6ec5c

              SHA1

              7d1e19d98bfeeac07990ccf5759d8aff7b7a724e

              SHA256

              f011e03aea934adeab09bb24d0d1a2f9cfb4d1cf2a51a04e94180f179a219e8a

              SHA512

              f94e424f29a919371882ad35bb7b28717ad506aa705d3ae55db14987fdb542b8eaf4d01b37481fd4af0a6b08edd69813fef9f09ef8d25f4c9d38a43d57f17bf3

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\amazon.png

              Filesize

              507B

              MD5

              9fa7deb1ec538c30eff038daed4814dd

              SHA1

              71a3bc8a736c93812b06f66fb7b2e522d18d6b1f

              SHA256

              6e8bfc1ba4adabafb14c021a16d865253110dea7933658aabda0403d1f729cbb

              SHA512

              669c115ca531a94e522aa9f8f81422f6b5c16d51fad41d073c38f50ca6a50d0d5e6c2f1d9115aa06c68f4345bc3c273f558cf665681c10f113374e5a34dcd0c7

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\baidu.png

              Filesize

              1KB

              MD5

              d390c92daf6ec52215544827f405a79f

              SHA1

              077cca8c1d73bf05c1f4001893642f4ea28ed454

              SHA256

              611e5b35b3f35e6e8084ca7f71f9d22f141ee8a60f62e00ab15be721a3852cf7

              SHA512

              0af5aa486487510ee280cc99b9547214df43e32bbacb6c933bf9d10fef72afc5c4a23fcb2e3db83231ba934a174fc535529ee88cd6ad3474691a2b779211f3ad

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\pp_helper.png

              Filesize

              1KB

              MD5

              4cc9b59697f7564731e8c506264f3bde

              SHA1

              cb9d1f897620da72c4cd3cf3a5f4712f509ab5ee

              SHA256

              feaa5ce8f86ee0cd34821b48cf76e330a620bb4045290891a0c8edb42054db8a

              SHA512

              5480d0c7c815e95500790d6a33a32058a75f3369d2ab80be0fafad78d7767ea6d41ded7d405e5ff6473c5d84bf24beabc81f5b3e59b644adb04fdc95ee48bae3

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\taobao.png

              Filesize

              389B

              MD5

              0870184d9d62fc6ea09f661ce759a680

              SHA1

              7a3be4d085398b2fea068a55892518f5092b84dd

              SHA256

              ef63a5515e3b3d09a9977b78304d0e45d76da3614f230c233441b34c62f00a05

              SHA512

              124a9157c8b447794f4745edb752091ac809e4d39fdb34b65c06c72c08c4be3a157c0741785881c93a139368b92990f7a445e3ad75c80d84ffcf5843a35481fa

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\uc123.png

              Filesize

              1KB

              MD5

              b3d961de8896d4d6e8159d6b6a6e7729

              SHA1

              f8d468a11da8e9f136fa54c043f5de5ebcdd62ff

              SHA256

              b864bd7ceddfa3c715c4befd29631bf2f6c55eed4fd5d3428eb27404af4b5129

              SHA512

              b441debbfe22afdc63e2ab2c0c9066c9ac5013381337d0c6c396da36be07eac906551157297965557484ef23460929c1033ea338ec06b3cadf929f0ec61bcd43

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\facebook.ico

              Filesize

              128KB

              MD5

              29caceeded110cf5cdc6b2837f34f703

              SHA1

              c5d0fe9def646afd04a4b0f4c5a39a881e4c3624

              SHA256

              c735760b739f5ff8e29c023856d03c78def35ac47914e480c885acf7b18aa973

              SHA512

              191cfc8dce601577cb4a574693b7709912bf2ed6cd891b31981f27ec2aacef0ce72459d213d132ee53a46c5d76510639260365b001fdfe1186719e99873a857d

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\tmall_points.ico

              Filesize

              141KB

              MD5

              f980ee0aee951b86db85137ec027e491

              SHA1

              5ce8ca7db87622ec9bf14adb8e55a31f098fbe37

              SHA256

              1a430c23e1f9f79cb88ef4d532a70dde6aff7dfd03adeae9461b559a7641b8e9

              SHA512

              5b275e299c9bf250a5c3479fb1cf370a648e81dce74833256cfd0bc3c30db557edb363caafb1ff3d3a56995a78c920e2be6c1587177677908c1557e271784f52

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\noads.png

              Filesize

              3KB

              MD5

              d8168d458a998ba7ff997e5ba43c76db

              SHA1

              930f783e525a44cf695ed2fdc0c56e331d6862b8

              SHA256

              a35575fd03c30814af7bc6b259f7f51dd75a2c780c6f0ed6602abc55afd2130e

              SHA512

              f74387986dc60a40961420129fb051d37ce7d75a8ec4f02159e53bf2828f25aeab562ee72537abdd32ab19fd25e3df26f9f89a2334c62d23815e44af31c3ccb3

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\renren.png

              Filesize

              4KB

              MD5

              d542cd4d121465265415876a13c8e6e5

              SHA1

              e049a1e6202a7e174ff742bfb2a25f0f729edf8f

              SHA256

              0fc53be0beff5dbc4a762c19f983ebd0a0bba8239cd052c3990793de457ccb24

              SHA512

              fcfe6b77aba31a8ea729383653081ff5f8285ad644079e908f4e137db57bc635989332b682f26ddfaa04dcb9d95694a2e40cc4ac47ccad4aafb0f14a42fd329e

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\taohuoyuan.png

              Filesize

              19KB

              MD5

              b86e13d5cc74c8a352e288b3afce040b

              SHA1

              e1a7fdeaa600d019600822906944aa41b8fd60c9

              SHA256

              bba66079d2e41c1494887ae112487719af586f445e8997a6157126b2242111e2

              SHA512

              97d3452c1fd7fff2d23324ab328171026954fe37bdf5d53b6e6acbe0982308f290e5300c393b39b9f22658ed51e982933844a7504b85d75a522b06b5ec4932e9

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\alipay.png

              Filesize

              2KB

              MD5

              de2786e2dc5852dccde9cc1eee3b7d00

              SHA1

              1fecc23e53be721e3e2bd2d6e8d60936102ecbbb

              SHA256

              b2693209b430c72a74e34c732a14ddd99a5efae9c70ab7b367d72a39ca44e9f4

              SHA512

              268e764e457bcd97bc0ea8283394cfabc5ce28792a0ca13ae4d882bbf5893be5d2d3468e17d36d453bcc3d17b0260fa39635a16168698011170340c7805f91a2

            • C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\qq.png

              Filesize

              2KB

              MD5

              c6c6cdf8179fd3360e2dd60dc8b3b0ec

              SHA1

              850caf5e4114fcfe18f57e5d82cb83f9ed6485b1

              SHA256

              4e5358357544531a5deb98b8170ce86dddc62d820632fd6341fdc5e2fa7a4176

              SHA512

              08d5ae337ca47e44a8126aff0bc47f3382e131fa34261619097afe5adbda92a7e8d4f77b324b8aa20fd91fed323d2ffeed3be80212bd1912f2e5d7e91439bfdd

            • C:\Program Files (x86)\UCBrowser\Application\Share\target_locale

              Filesize

              5B

              MD5

              cce16c45e622d9ceae4b626c9353ecec

              SHA1

              5a7bd4149d0d34d3ec86181cdab1cb8dd3f441d7

              SHA256

              5c49f88dafe66e0ecdca8f682ae0b38c38ccd3ad464e3358e899beca88c18560

              SHA512

              49bece6ba2cf39624a2947d9660b44c0c0f3f6970e6671b02f2050fb954cef700b3bad782c00b7e3fd196ae541f0d6c684fd0f77704bd9c9d68d35b94e89a755

            • C:\Program Files (x86)\UCBrowser\Application\Share\task.ini

              Filesize

              42B

              MD5

              53e0c922ce631022c07db5045bdf8a63

              SHA1

              baab41405d97bb1081c60e6a65cadd222713f11a

              SHA256

              01c2c1331fa4d99f47f1a03406d2cb4ee5708c9b726f8d01de0474f6aaba60f1

              SHA512

              8558f532fe84798ff824865a8f7b3501b36d92bf6486fec381d9439905bef45ff31e70715f1d4496553a107dfad551555244776616811c70d9364d6383978798

            • C:\Program Files (x86)\UCBrowser\Application\Share\task.ini

              Filesize

              134B

              MD5

              31c6c2ed57a8e0dbe04b0ca40d58cc2a

              SHA1

              d7e087431a0a129ccec8a4ca2d501a8dc2c8314e

              SHA256

              d2716bc430c6eb73e0a4cd3df48de19d4980823ff7ed6b1b3e85969eb26bb67a

              SHA512

              d24d831b4e89130510dd67970f8b3af9127d68ef363b2440c0641347dac8e0290436b8e521c041a06dc421587b0b00a004b54b5153fe3edb65785300ab9d909e

            • C:\Program Files (x86)\UCBrowser\Application\UCService.exe

              Filesize

              614KB

              MD5

              76df26d9c21bae4902c3a63c85a64888

              SHA1

              7684cfa29ce48d13d86e9107ec09acf47584cb3f

              SHA256

              7d97175cfc19ea346d13103fd49a16d3d180f12e669ec8c51ff2bb5bfd60ed0b

              SHA512

              54fafc770d8c69527d84dde3f690900dfdd3eba53362a3d9c2e08ed05e8fd6962edee14fed0dcbeb1a0637900b4f2da544a763c92dd1689d21255c304882ed79

            • C:\Program Files (x86)\UCBrowser\Application\ucsvc.log

              Filesize

              625B

              MD5

              685a6aff96476d64aee438f547b9dcf5

              SHA1

              9e460e1e77fac6db3902415984cd959e466374a7

              SHA256

              1ea4d62e2e85064a7c90f13d16bf941dad81a41a5a4c2758443d2ab2757531d0

              SHA512

              0f7d5e8d7d1b005b23f8bc52896cdea1e946f40d66a1c6d925808da1f95f8b5c3055424a183914a8daa3b7d3a08daba6d5048020f177c3b4db8d76f0b5613446

            • C:\Users\Admin\AppData\Local\Temp\67dc1b01

              Filesize

              2.3MB

              MD5

              67434cac886d37cda4ca9940d2bfdad3

              SHA1

              59bb1570f257c265c1aef57921a3752b87076371

              SHA256

              e33a1dd217d1d5e9aa852c6b93b2780b5e0201e094839a3233d00e44473d7b45

              SHA512

              70f6e8dbfc9d6ac3c3d7fc2c6eec93e278c5fbeb86545678434a5f650b135725e29e51abcf6b803317a7767d0ed6a52e156a99c766ff2e28a350b80449cfc0ba

            • C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\CHROME.PACKED.7Z

              Filesize

              46.1MB

              MD5

              1feca07c05340ec8d52a1f6a0ec69cef

              SHA1

              f97809278d61b0c506c3961f26323e3c7ac5121f

              SHA256

              e92992043669325b3607c8a3ec685b1a6c40c91e1c6416cc1d2e0101d236b977

              SHA512

              2cd1ec470f23068ef154cde993c3aaa12034ce666cddf5c40bdf9456835b10ff1eb1661a796107a6117723c6344a13cac59de36aec4d4493f1aacad959756416

            • C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe

              Filesize

              1.1MB

              MD5

              ab1284ff7cf39cb1763d75d895b99c96

              SHA1

              c633d323cb72d262adafb7ea8a947ae421f985eb

              SHA256

              18198db8b533a4f4df8f1a8aa5360c40c7a7b31bc1ecde743e0e797786e55b11

              SHA512

              32a75e4d313fceff9c83896972d5c4deb1a0ad6bddc9db0ccb9bcc8b3b173aeae14820e242a89600eb0c45ecc84909aaf3e85420062ceb15a1ca7af94641505e

            • C:\Users\Admin\AppData\Local\Temp\SafeBrowsingDataBase.wow

              Filesize

              13.8MB

              MD5

              aa9d2979b6ba1783650fe5685ff6554f

              SHA1

              998bd488eeb1c5a662da2cd9e249f57714143b57

              SHA256

              f8b2333fe6b7af853ac9692ecc18c054ab2d299d579812bd259c14acfedc910a

              SHA512

              eb00fecaa6d35de31af30a184a2c3baaa754c8bbf8034e32e0d81b013e46ef23aad4773e5248bc46920cd0bd6945519ccdd9c940327f92d725515974cb4fdb2e

            • C:\Users\Admin\AppData\Local\Temp\c57e0a2d

              Filesize

              2.3MB

              MD5

              694227b44a89f01f7cae622235589da5

              SHA1

              d306aba72d68def5b3f57b2cf2851147b7b5b1af

              SHA256

              4a1479b9bb02ec1d756d8bd5913a96f36936ddd6b660a095a212a3da0502d8a5

              SHA512

              6037ad5e82f7ff2ff626e8ae5a451972d904a7f76997f7ec9ccf638eb97b232213c844e8d0a2f7c6ba91b2cad50eb5bd0d84cf2c0449383219fe554849d818f8

            • C:\Users\Admin\AppData\Local\Temp\ddd7c80c

              Filesize

              2.3MB

              MD5

              f9be84174b1f71a12a44d320b964dbe9

              SHA1

              cdfdad4941b7c1e85e5c802b32ed3e9528583260

              SHA256

              2ae58a81d684d33e56a90389e77eeade37c2a8c456e9b7236005bd07691a2278

              SHA512

              1478c6e534798ca6d60353706f126a3744768f359c49245c6b2536d35db029b742e266f5745000a7eef1c8f6607b892339cbe287fb828380623fbb8f99dd5160

            • C:\Users\Admin\AppData\Local\Temp\ddf82cec

              Filesize

              2.3MB

              MD5

              4e8e6e2af7f5c70bf6ff0cd82784fbca

              SHA1

              632a5a4d307e91a72b77bbb77b2e58717cc51775

              SHA256

              a96b785d905ef12bc03967475ad3491b31057650f2e7548f45c8821127ceb323

              SHA512

              5ab3da6e5c45aa629b4cda69c16ba649395dea2a3163a47db409348ad21db3986e4dc85178929456c43e4833943e2c0d84fd04f54e88ef037294d5d6e4afb9c8

            • C:\Users\Admin\AppData\Local\Temp\etilqs_mgKQ9OnkI6kkylh

              Filesize

              8KB

              MD5

              8caa7a63d5bc62d0bf59d13979dccdf0

              SHA1

              620d889e587f94c3d2a0a85be65a5a6949ae9e44

              SHA256

              b336b52d09eb1820a9e292b26d51514cee5f64450785266b2a1b200501227a08

              SHA512

              f0274abf50814d8626348aaf61b0c8a61d63f794dc528e44d62d7634cb02919c9e1f8555a354e39a57ce9693c1783292dfb5925a0e5d74b2e24d200f3bea83b7

            • C:\Users\Admin\AppData\Local\Temp\inst.log

              Filesize

              3KB

              MD5

              81738dd3fd05b54caf84d3a93ab3a15d

              SHA1

              6dbcbf5e7d89b9555084be6dd39ec8d99289184b

              SHA256

              319828faac8773cf7416c40f27dce079dc2c0dcb39f5c5d89db405c82d62e014

              SHA512

              7c9824b1665f0ab0137b7435c2a3316d229578943d60429e17ecfebec53a57f4bead57e4dbcd64b6cc670fe0cf406fc3f7f738172fc082e64b8777f1564065ff

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1124\wow_installer.prefs

              Filesize

              237B

              MD5

              f1732baa1efdab3eefb3d95554ce38a7

              SHA1

              6744f85ebfb4730fea1e503e6145fc4fc16546bc

              SHA256

              78ecf2c9c0bf1c64ea6eecc655a4e5cf8921f5bf9464b062a6da73905d6e4550

              SHA512

              c710201b5b833e6976a0931aa00a620c519875a3ac58a690d9904479a074a096fd72481ea654fbe1229f098a88a6717c59db4ac8cfb00c7454bdd35bd2a0ecbd

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe

              Filesize

              297KB

              MD5

              432c1d62f0ca83d9905b797aa6ef044b

              SHA1

              287dd42f0d85d30286b7b59584d27a0f1d4103de

              SHA256

              22611504b994873d238e11a93c5bbdbf186eda64f67182dc721100896913d958

              SHA512

              a0f8258f867089bb5a2e913c2d809a078a3ece11d15fbf5c17b52b9470eb0b11250421280cc7178848fbc5a72ef925a5a24fdae98ac6f3cf7b045cad8eec745d

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\_locales\en\messages.json

              Filesize

              6KB

              MD5

              665e0ddff92e16e35bcca24fe48149ce

              SHA1

              bfe508c7a7d226caca9a095b00a029a5fa8d58ce

              SHA256

              39dba0c62ca7f75df600b4fa7528d3e2ef7938b8bda7ecb5a42e25fa2fc4a520

              SHA512

              d7f0e381700c98511fa9114ddcb33ef630ef7009a8fd87fb8dcceb85f641a510d1f4511abcf52738faed7bb24b5a2ee637b368311dfdc2114c5602c932d3f51a

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\i18n-ebusiness-amazon.js

              Filesize

              12KB

              MD5

              c63906cd61bca7f06b805d6efe7034d8

              SHA1

              8f9923f28cf2871fbc7739df3a797be66292fb46

              SHA256

              735bc0c83289bdea77b614c9cd4093df3fce850402f4597c60e068da27df1841

              SHA512

              80120bd9965795c00dbb8a333c517d1d9243ac8d83fe5f3cf87d09f4b0cfb1bf2d261500675151fa662ad544376786aee83e9c1f2ba7395142182e4e73423f31

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\image-gallery.js

              Filesize

              44KB

              MD5

              ec202908fc0babdd067cfddc766a557b

              SHA1

              3e6916303508d79539693a166e1fcfbb7f1252d6

              SHA256

              4642602ea0dde84c108a91fc09e0ec6fd01fa3b27ea904b1426744ea955124e2

              SHA512

              420c6556e5037e3672f94e75abdac417c6fe36339b989f055d1b5b67b17fbca84f8c3a8ed57d87ab44ddc29eb8bd380f74bfa80505ae54af675a4d7a1cef0e38

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\price-recommend.js

              Filesize

              34KB

              MD5

              293c065d74f23d63a2cf569c18156444

              SHA1

              7000cfdf2c45497f6f1977fd4bb3fa5d226672dd

              SHA256

              b268e2e13128f26e2a74c14d68e42ba2fd21a49add71ae42d9c79787963ac37b

              SHA512

              abaacbf848fc69b9d99afa093b5f4a1ebdcbb76b27e97cc756384f6ddf564247d42a977ca4fe426597b3996b3dcbef8e373a2b72d3195797e21624805dec3a20

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\retailer-auto-complete.js

              Filesize

              33KB

              MD5

              192b060dec4f383455b9c95a495f1a1a

              SHA1

              625b991953ff6ed2ea5192659760f7d4b858f54c

              SHA256

              1807b4c272e88590d272e52903d902f518d1b3f2af0342ef43cec3b9f45ec565

              SHA512

              99e5e0e3a2d2fdc26674108ab4b24abdb66f4838bc40a3a4e3efb22442ebacc5182e392c478c2bee6526dd13af3e64484879578f9b88885b8498f46823cbe8b4

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\retailer-install-QN.js

              Filesize

              7KB

              MD5

              560f427408659375b96a8a177ddba729

              SHA1

              806052ea6c6a54937255e1d038482d1068faa33b

              SHA256

              2edf427c524679a45dcd1f9fc9de71a5406c438029a7b5590fc076eb0c8dbc5d

              SHA512

              33a9b5d3f1e40ba2d799abba221aaecbeab628723e47dc4598e35c7481db17ed8f3fe988348a567235e686c4bb17128657d78c1015ac82f00893d4015560445c

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\retailer-window.js

              Filesize

              7KB

              MD5

              211646f8d3ad85a9132d9f8bf0fa02a5

              SHA1

              eba961da53df32d86fc46cc65964767cf85bcf5a

              SHA256

              b3f14984de69d19775c6fc94d1b8398ff681b77658fc044837a859ee6095de04

              SHA512

              4fc456a55292bf54f2b5471c0add63086d0fd998142e96dd5d46f6eaa795d4ba45a1e412da1eead904e46dbea3cede92c8f4ddbf241d68f23305650dece7720d

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\seller-assist.js

              Filesize

              4KB

              MD5

              16394d1858a118e0096115f278ecc034

              SHA1

              91bad49932bab5b948cc91a703771350df7da65e

              SHA256

              38d8eb1f1bd1c3bfc85a9df9a6405e93485dd6a1b3b341980f0e3770fe8bb826

              SHA512

              352c4f60862f0c3737ff29dbee85d51f65867824658716705444e7c086ad2a1eeed69ae5e81522d64070d0b88c3a1ac6dbfafc6c31a76fb2911da90d67ee0aba

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\video-download-youtube.js

              Filesize

              7KB

              MD5

              4a7e8c7784f1442f6b18f14d2688af9b

              SHA1

              2e951a0bff80f43a2f1b4c78abb79a2c560df239

              SHA256

              b56a5036d12e6a3743ef70151f68262d11e936ea667f528f6e45d2829c8642db

              SHA512

              47499d780127265280b47efca0b3a23c846640c8b78bcf90a1ac95a2f7acc94d87cbdf2ac2a94013208a866beea26212056d97523b7811910cb764cbe9c5de15

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\video-download.js

              Filesize

              7KB

              MD5

              a87a7af79016978654e25f3555ebf8f7

              SHA1

              57e5c3b45344f7c3f887043c031d1c675a76dede

              SHA256

              cc81c94617c61044ad114bca63db0054165159ac992979907a73583a57487ce9

              SHA512

              51ea0fee40c41c2294c05b59efadc8f8ab91444f7544c4583de1943fd161860a731c23a8c7c38d9b0d263b288de66739fa50c11f871f4b6da0f7fef2ae154e43

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\video-toolbar.js

              Filesize

              79KB

              MD5

              bcedeab88530d3d01d05c987287e3594

              SHA1

              430f75d9272cf0334f89e21a92c1a2ded43afa07

              SHA256

              a33baec85cb90db0432074d4a014f939e08c26d9f6ddf883fd8cbaa54369bbfe

              SHA512

              17f4f4b04bb7b2d5a84cc3078d28eb3e1ba78773dc33dc08f567c7fca5c35f53327143ea1f6a69e0f4c19ab1e89f5e070a316f81a7e7572be77c12bbe1fa5b69

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\lib\Flip-fps.js

              Filesize

              25KB

              MD5

              8c486b651fe04ce3d00e4765103d4c94

              SHA1

              01e7bdb67c1d4eb6cac81178735ce84f9586878d

              SHA256

              7ac9c402a2b2d61354050055cf67f8122e418fb0c29abd1e7c0f6727e0b54f9c

              SHA512

              c90edfe6b4ff6bc2c2ef5218b68ee14c17dc48c586e2b3204ee44384ea4327046c1b5f0bb6d1f7d378bd1b9d48551c5e687362375195f6c35b8317b8f3ba97b2

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\i18n-ebusiness-amazon.css

              Filesize

              7KB

              MD5

              28581f5cc2e94f968e9cce043d488ace

              SHA1

              0534efe8e56ce57c4b14240140269a307747995a

              SHA256

              044db6a5a520a93afb18491fe59db78dcf9cae2f6e22cf5f5088d83fb4b3f097

              SHA512

              32a3aa867a2b83440b77712b883f8c46d6b4d3ad2b909372104781203f48cce178d58fe785893fb0932baa78eed806866c832c3d053d0b1dc65ec51deb4f628c

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\price-recommend.css

              Filesize

              45B

              MD5

              9097da8bbbe336e6ce2d3a7ef27dc691

              SHA1

              d9d5e7facb1f5e4def47bb1c894d9a8658a36661

              SHA256

              0431cb9d385971fe33aa99cde1b609ec516a439b6f71d1302122b07c4b0d5ca3

              SHA512

              2944c74b0aed554ae1818262dc551e5a88b980b5b32fe861564e5065a6c972adddc914d47237983bf14419cbacacf582bbff5c6a77b2728d00f122b9ba8abc09

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\retailer-window.css

              Filesize

              467B

              MD5

              6604d1a60773dbf1afcdd641ef182ef9

              SHA1

              22e8cbdb116ee8afd9631b861be13d182307f75f

              SHA256

              90a0923c7bc28b3af718a4b688cb41cf694b7c72e2d1df7105c693beaf1f8fbe

              SHA512

              138ddf85a8e54496c6d633826f70a597d2e685bd6e08423bfc444fb34d8ff790d92607cdad2477197bb8038999fb35bf771972217aa082fd5f52ed67807bb9d1

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\retailerMode-icon.css

              Filesize

              3KB

              MD5

              eecd027dd4b571dab0df03d7153bb206

              SHA1

              aa44781e6e82175fe303c2a23add73e5e3eb0b9b

              SHA256

              01bd3b2a364e4dde0caa57a6d2137ad27b41547e243159652064a07b12565ce2

              SHA512

              712d3b0678c25a3c13b6b657534e2671e9ae21b7bb391f734375502f76693a92eb90f5504776769ea647e4e2a592368a456537bdd100d4ba43bec3d8f622272b

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\seller-assist-temp.css

              Filesize

              9KB

              MD5

              a309c463a580bdd670ea6789d0939713

              SHA1

              472c5ddb448d0c2d093c2606eb10dc0ebdf0a5bd

              SHA256

              3b5aa92ecf98d4fd3769abfbf5ebba8e849029c1b53fc791f2d70eeb1ac38fcd

              SHA512

              29de18c99e86dd8264fe636cb0d45857b1c5b83402b1344c3bad88edbc3783cfd99019562a200ff99f90d6f835d246eb8ec7a5257587039df97f40d412e49cc4

            • C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\video-download.css

              Filesize

              8KB

              MD5

              0881a8916609980018797697238e8a56

              SHA1

              8f2bf6ab2a066045f19826e503c9923c14787c12

              SHA256

              76043af9b7b432e40cd38de23ddfe72c7795273b5fb2701b9bfe70fd9992783f

              SHA512

              f834fcab638cf529c211a1aed6278a851a3c130d84de6574568612870d51f939bfa9588fa535d0ffb36cf6ee29ab2a1306f6c396266b2297d34ba901f21b753c

            • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\download.log

              Filesize

              5KB

              MD5

              3fd9ef588b8be66f28cad0e29ce9ea35

              SHA1

              a2b2aad6b18ca8bf421a71c30191be12fe297cd2

              SHA256

              2b14d0a82d373dfce90322deb0723aaac227e391ae3dccfac64ea38fc30fb096

              SHA512

              32ce644254106cc306b1248666e57350dcca5db040d9ff9c4a735f626b7e69db655b541dc3ead3e22d7990c69aeb8886134162fc30d56320b696ae1bc656269d

            • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe

              Filesize

              48.6MB

              MD5

              fbec985463163b7b33229f524758c6ef

              SHA1

              ad93610ce37ed0eb56d1c8411a154dcecec4b459

              SHA256

              d540a4aaee8eb9dbdaf9dd7c613b8a2ab1b0f3de8f44392d3db5d1095bc427dc

              SHA512

              6bf604a11952c834a70b07977e28ff5563808b807ba1177c766e287d80dd3a586769134e0247ec9dc16d3f7ef0379f37a70c366b2848d00173eeccc0e6a3489a

            • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer_url_config

              Filesize

              654B

              MD5

              632fbb87464786d29f33b9246d675f06

              SHA1

              2309a93ab04ce1f0e07c1db09ad5dbdf6281a349

              SHA256

              32e01091480eddd9e3f235ed407547c9f2c5883aeaa2b05b4b59e23526d4633e

              SHA512

              a91c5723b0d00545da93d3c7e8ecc1ba8713dffee96edc653ae24256b947383c5e2574034bd611d544370b40c90e25b7cf61c362e77daa199f3b87379fba523b

            • C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

              Filesize

              338KB

              MD5

              efdbe75dfe959d5eaa84334d4825adc2

              SHA1

              9c7655a1052c2ce0d2e0b9571885e9c898dcb5cf

              SHA256

              5ef424188b952c5aef34f508b13cf422d4c22e1476c3330ee3b729082f7116ee

              SHA512

              4b6ce786ba90635d51e82c4dd7dede3394b5c0f19c394ebc835e182f0d8fd8c898a581b388bb23e348cc0744925b8352bfa3e683d193c5355849c89db9eaea35

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\89EB.tmp

              Filesize

              28KB

              MD5

              4de14f78f1d5ff3f3cc36370b26dc17e

              SHA1

              ceb6323da4f11efccfbe59a8d504856bdc13c8db

              SHA256

              c86ae547d592ee699189c9571f1d87427a2df2d48ba01fc2367bbc0eaa79aaa2

              SHA512

              946aa2feb65dcaa9d0e391c220cd893e08dd90ae1e0a9ea2877a073434809929b9e9fde4b10f8711545ff6f0df274741168cb9dfd8630d7356fb9c192bb4371c

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\D7BC.tmp

              Filesize

              10KB

              MD5

              1eda594f620319abe6b2abb14fbd1879

              SHA1

              075caee8f910386c5d97033ce493fd5ff033382a

              SHA256

              8135a068e646221b9b6611171f7b28348aa3e2277b49d7682c10d7958306504f

              SHA512

              245f9d5026bf6054a225804dd036c3f68bdd8b819b9ac5d07abc358f37721a032573490f8e930e23e97c8f1e94bd605bd9a221570828a1d3752a844a9e11bf78

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\58C8.tmp

              Filesize

              641B

              MD5

              aafc31bdfeedf1fb002daeaf9062ba94

              SHA1

              87e820d7805d1a9c9960039593bd7495d5e6bb9a

              SHA256

              d53bbf92b346c10a76d6f6739f4d4c04882ac34a83c1bb2a6e59ec6f1c42f2a0

              SHA512

              6ac6d83c801f3756ebfdff11e2f7aab7e29b6b84115a14aa4f3b148e97c25e1f55fee172f65a25fcfc49aa96bfeb0423715a4fcb536e80d74becf904caf11acf

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\A1E9.tmp

              Filesize

              6KB

              MD5

              23ab63724a7a42a77b67c74a2ee4602d

              SHA1

              be03b0c4832d6bab93b0655998c2af8a14bc497f

              SHA256

              2906ccea44b4e713656304c837f92fc708fba4bafb5a79780987cb9b8e83688f

              SHA512

              2f9a287f76c6b1bcd794e8e59a4bd1e50b562011edc0d2734605551f0b371c8667415bc716825584843955e27eb2e0f0af62ff1e84196e0dbdbac5d336be84a4

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\AB7F.tmp

              Filesize

              959B

              MD5

              cc5f2f0f099f656586332f32ab8df38b

              SHA1

              6356617ddbdb4e6d6071b92436f948e393d47b3e

              SHA256

              531c4f1d3f79f7bfc0140681301c12a69d43e7568c9d6bea0de673e4d460acf4

              SHA512

              f1269a512a7db4f2a4c08dae5b9bbba9504c3f795fae3c96330a908aff157628871404de15a868f543d009656325607be1b6bc62ef14ac5b153a978922f437f0

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\B09A.tmp

              Filesize

              6KB

              MD5

              928d5307cf725c33b23ce48ad87b1a49

              SHA1

              1b4952495c8590a682d3277d1b141066d1d09e01

              SHA256

              6a7ff2c8987a47745910b9e4429ed9fe5a036aaf0fdf0ed7869bd8570afabd6e

              SHA512

              b5fb5b378c86f1cd191517221a0e65d51c017d90c2feed9701eb8b1e2d4dac2353062dcbc7298d1d9224005f99ce58c7171d5d17e03163bf8bc16753be780b91

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\CEB6.tmp

              Filesize

              7KB

              MD5

              ea9530fa97fe6651894ea343022c6586

              SHA1

              a91832be098649f707eb8f5ce6c31beaa05f743e

              SHA256

              14e0178cf703fa3dbd016019ae7a6f6718f6debb96c348591591260c9ad7b56b

              SHA512

              adcea8146db2ad2f05cd69aa334f56f987b8b96e2af3467201517278f57ca763d91c76b2c0931c293dd57dae998b7a37e97f51c87ff0cf90f3aa3121e8b83e94

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\E3A8.tmp

              Filesize

              959B

              MD5

              83f91395b3fff51f12d44add5132f189

              SHA1

              f3353817c2e6fe6ec334840c5358c98db880f148

              SHA256

              a7dbc8421ddba717f609d4c5dfd5e8c9b40dc87ef6b1a25c8a5a50187f22e872

              SHA512

              30c61b69aa043f7fee2599df1af7c134d0bbaaadce7d3a05f1bad5b00a23239437f36da301a39558bdea658eae05c2e707b3450fc61bc36092b301917a17524c

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Extension Rules\CURRENT

              Filesize

              16B

              MD5

              46295cac801e5d4857d09837238a6394

              SHA1

              44e0fa1b517dbf802b18faf0785eeea6ac51594b

              SHA256

              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

              SHA512

              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Extension State\MANIFEST-000001

              Filesize

              41B

              MD5

              5af87dfd673ba2115e2fcf5cfdb727ab

              SHA1

              d5b5bbf396dc291274584ef71f444f420b6056f1

              SHA256

              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

              SHA512

              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Preferences

              Filesize

              6KB

              MD5

              55e15ac07dfacd7b56f04bdd0e42d300

              SHA1

              336ebca758cb05ff72fd767d4b93078193f25cae

              SHA256

              61a92fb885dd07227afb5c907b073092793c630e51891744e7e6936946cce00d

              SHA512

              720383c0e379ba701af194e1fef759ef59619b1a8e956dfe66f0e3ec67a2b2ca4433488ef3abaeb3c2ed47e061e7c0732fbcfc946cc7e694bab8b82afa4f5b7d

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Preferences~RFe5ab0a4.TMP

              Filesize

              2KB

              MD5

              33ed14f93928d35a97d57226fc1e081b

              SHA1

              45ee9ab56a526c0ae450fe1e657333afb72c5553

              SHA256

              59bf13a635169f5048faab3c6b5373a702ade59bd3b0ef27c06c441b0ec18907

              SHA512

              b4310fa59135a423291ea355b7a187b4e5d6c5f8ccc3bb55f23314d311b5c0e0f65c6bdfc8acee17fbb9075514dd4e20696a8b842dd21efd91f356a87ab97c51

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\TransportSecurity~RFe5b58bb.TMP

              Filesize

              323B

              MD5

              0d285bb29df4b88a944573b649c98e6c

              SHA1

              e323ebe13a06bfee1e3880ab798639a8fac70db7

              SHA256

              dda757a43e8f0e7de2a3cd29932e2e47af1108c8fb56e1eae8705449b38f19cf

              SHA512

              61f0815a07467f977d470976af02f5e4f037f71bedf3b9c9d19f9f012a66dd3b363c454746d2b91db80a4839edc0e358e7999c37387cdaeeaefb64f240b5d2bd

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Local State~RFe5ad7b4.TMP

              Filesize

              10KB

              MD5

              646f018f0b22ca48bb885e0f4d6cfe6f

              SHA1

              ea7f80241f6ebe00e7cef6aaacaa172e9123b895

              SHA256

              a93093f2670b1b0452647af9a65e751b7eeaf79681f4ad5558358c8f28673c06

              SHA512

              30f8df76bd4bf443c08c071126f287a6b6c66579c4d9619aba26a46050e2caeb4372cc7a7235b9b6bec8212557a72170a85e419c47f0866332ede712f887510c

            • C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Extension Blacklist

              Filesize

              45KB

              MD5

              989cab5415e22e78cabf01730b41b211

              SHA1

              d8cf7e68568250714632ba03fb7c9a2b93b8a5d5

              SHA256

              c26a95db49b8202d48b495d29f6e07a462cacb6422e4d7aa2a02be3be6a657e8

              SHA512

              1925f961d30b9e6da9e0c653b79e878e61009a2aa44573286ecee5b3c56ca8558995db8abca4e7b58d7542b21f856479c71f65e9726367faee08bb6f98a4a224

            • C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

              Filesize

              1.3MB

              MD5

              649215a7c140fa697740693cf915d088

              SHA1

              035ccb917c7be1ba40ccdad606ca3c67d127251e

              SHA256

              297bcec264323cd1d6de6286cfa69a572e92552df5a3347856f8bcce8d3e9eb1

              SHA512

              ec123a7f9af0926956d41bc002546a18b7b8b776fd11332f351eac828ac7ec02497f76351f2f5c026075746156583100287e09010269257dcd00cf70fa5a003c

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

              Filesize

              3KB

              MD5

              31da309d76b45965430b32fba1416dd6

              SHA1

              3f979d7517e12f46ef7ef768932cdbfe67a1145f

              SHA256

              86055f05319488ec16f6b45fd78ced1475ea89e342bb8461ca258ba470956de9

              SHA512

              ea32115bdab4eb6d1af4ecc5265f6982f4f23a2d6d949a4bdd7360cdd4a6cb3615273e0786d7380bac243253974c2c327fc2dc0af16df4ab4391ade8b73dae1d

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

              Filesize

              3KB

              MD5

              136b3d76d6235c4e966eb2d6209af2d5

              SHA1

              f77294d6ca3759679938e94a80f002cbcc07a47b

              SHA256

              6c717ed8c688193d13f381247cb485eebaff7a441f1b717c5039abca3c6d2b3e

              SHA512

              5c2d3395575764b8dde9cdb2b63c4134ae2792d7c81787cd6671f4a35debb4d75b06cfb025b58fcb703268c346349f6ca7335a52c13c57e552d345c37bdc4542

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

              Filesize

              3KB

              MD5

              77c62ad22ca3e4b619cd43a2daa8e46c

              SHA1

              f24a22eed3b8eda9206ce81c4d27c2a6661f29d1

              SHA256

              56347ea1f956e33d65cdb8ce487f99355eb77bed32852667c33d3fcb0d7e891c

              SHA512

              8993df312c2bf24d63e43fd15c850548c63378317c3efeba3609257820170eb73c53d00fa90a45250dd407eb970dda655023afae94dae27a1b747baf7d63244b

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

              Filesize

              3KB

              MD5

              6277885d3afbff9478b5ac4507ed8c44

              SHA1

              a113dd03aea3ddbd2ceff0c220152dbd137ce0fb

              SHA256

              7eb1e744dd1b09283a3643b2f601c8c16fb7f392747c61757410bb07a73b522a

              SHA512

              9db215d255e1cfd92582237ac7838cf03e72beb9711cdbaa395b1c6136421485c5995b5108f21a48de11f11e372c014de2a7a4838b4507d174a96eecd09bd949

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

              Filesize

              3KB

              MD5

              5c4cc292f58f746bed3e0adeae8ee64a

              SHA1

              bf0581c5a180fba96dd1c26adfd51170f38517ad

              SHA256

              e5cce7f38fcf60173712a6d44258422d1a2f8c79c8b34759b2d7af76d276a7c5

              SHA512

              509199fb0090b75520fb595eef54e59360062a09fa6bb5437f981f1ff13d94835888f28f55d50a97670b71885fd8a0795d1d40f7931e4e017d2fb54448299471

            • C:\Users\Admin\Desktop\✱SatUp\Setup.exe

              Filesize

              8.3MB

              MD5

              b43b96e4483dce09976dc250f87ecf1a

              SHA1

              4290076db1e87a46b73e8391186025f1f5b492bb

              SHA256

              5eaf95ad5163607ea220e439f13e58ae1bd9b408d94e06d5d721e8daca911c12

              SHA512

              383b723d2d547f775a661bf6990e834b0233849822c7cbc3f0aaf0f276b1c05b0f7bde754dae3da133f7a8aae669b31547889495e5370a6617c09a2a3b61c438

            • C:\Users\Admin\Desktop\✱SatUp\pdfium.dll

              Filesize

              4.3MB

              MD5

              8057f67de20331fb5dad3fd9486b01c3

              SHA1

              067e470192707b8f5eaa757bf4b121c94d505795

              SHA256

              fcbc591306dc6e4840de82372886428dd2260af4f9b7fe8494510aa1a80761eb

              SHA512

              68dedc7e5ba8fa16f18ded8ef811a41ecd9441639181b0a6e0854db96c7c0e35abe088c8409f226a42f3beb85139fbf67cd9de1c02325701a7482ac7fb6bd372

            • C:\Users\Admin\Desktop\✱SatUp\wmhhsfn

              Filesize

              9KB

              MD5

              1dcb5f7d98dfde582cc231c480eba329

              SHA1

              dc41a04034450908423f4ac8f73cf6389f6dd084

              SHA256

              c89abb0b00fd5a442b8a147027d3881b348974bf38298f05f0debaebca7fc16e

              SHA512

              f2482f55ea6601bfe5fa0530fd3bbf2231c1d8e3355fada10bb57cba1ffd1bc8b43618e491d55bd317b6b0a74377b96da411961f53f7f4b28a35cbbca9c193fe

            • C:\Users\Admin\Desktop\✱SatUp\yughafo

              Filesize

              1.7MB

              MD5

              52a7086c19ce28806ac2d68e63f87398

              SHA1

              81a522f4cc6bfd65a4501f5616727393d8ad9962

              SHA256

              6ed145c01f07a8aff4f6c293e899e5ff7a140648dd8a9e5f24a08710c7b0bad8

              SHA512

              1c4976dabd1a1582a35765d9f447ef2b51d9800469bdde1bdc4441d451e3f4a1dcbbaf4099b04078c4d9a682a92b61fe9f5f99c6509fb32069d125cc6a59f348

            • memory/548-94-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

              Filesize

              2.0MB

            • memory/548-115-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/548-96-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/548-93-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/548-107-0x0000000000400000-0x0000000000C88000-memory.dmp

              Filesize

              8.5MB

            • memory/1088-111-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/1088-124-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/1088-113-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/1088-123-0x0000000000400000-0x0000000000C88000-memory.dmp

              Filesize

              8.5MB

            • memory/1088-112-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

              Filesize

              2.0MB

            • memory/1668-181-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/1668-191-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/1668-190-0x0000000000400000-0x0000000000C88000-memory.dmp

              Filesize

              8.5MB

            • memory/1668-180-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

              Filesize

              2.0MB

            • memory/1668-179-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/1672-143-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

              Filesize

              2.0MB

            • memory/1672-150-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/1848-196-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/1848-197-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

              Filesize

              2.0MB

            • memory/1848-199-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/1848-209-0x0000000000400000-0x0000000000C88000-memory.dmp

              Filesize

              8.5MB

            • memory/2096-214-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

              Filesize

              2.0MB

            • memory/2400-188-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

              Filesize

              2.0MB

            • memory/3012-135-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

              Filesize

              4KB

            • memory/3012-138-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

              Filesize

              4KB

            • memory/3012-136-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

              Filesize

              4KB

            • memory/3012-139-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

              Filesize

              4KB

            • memory/3012-130-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

              Filesize

              4KB

            • memory/3012-131-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

              Filesize

              4KB

            • memory/3012-129-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

              Filesize

              4KB

            • memory/3012-137-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

              Filesize

              4KB

            • memory/3012-141-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

              Filesize

              4KB

            • memory/3012-140-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

              Filesize

              4KB

            • memory/3060-121-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/3060-119-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/3060-120-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

              Filesize

              2.0MB

            • memory/3060-142-0x0000000000400000-0x0000000000C88000-memory.dmp

              Filesize

              8.5MB

            • memory/3060-148-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/3516-168-0x0000000000D30000-0x0000000000D90000-memory.dmp

              Filesize

              384KB

            • memory/3516-167-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

              Filesize

              2.0MB

            • memory/3516-171-0x0000000000D30000-0x0000000000D90000-memory.dmp

              Filesize

              384KB

            • memory/3516-187-0x0000000000D30000-0x0000000000D90000-memory.dmp

              Filesize

              384KB

            • memory/3840-155-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

              Filesize

              2.0MB

            • memory/3840-157-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/3840-154-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB

            • memory/3840-169-0x0000000000400000-0x0000000000C88000-memory.dmp

              Filesize

              8.5MB

            • memory/3840-170-0x0000000073DC0000-0x000000007405A000-memory.dmp

              Filesize

              2.6MB