Analysis Overview
SHA256
88c091ba3072107a1c873c0bf5360e7fd7a4ae99c06af9bbc0f5676795cf1fd2
Threat Level: Known bad
The file readyfile.zip was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer, LummaC
Lumma family
Modifies Windows Firewall
Stops running service(s)
Downloads MZ/PE file
Boot or Logon Autostart Execution: Active Setup
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Checks installed software on the system
Checks whether UAC is enabled
Enumerates connected drives
Suspicious use of SetThreadContext
Drops file in System32 directory
Launches sc.exe
Drops file in Windows directory
Executes dropped EXE
Drops file in Program Files directory
Enumerates physical storage devices
Program crash
Reads user/profile data of web browsers
System Time Discovery
System Location Discovery: System Language Discovery
Unsigned PE
Event Triggered Execution: Netsh Helper DLL
Checks SCSI registry key(s)
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-07 22:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
97s
Max time network
154s
Command Line
Signatures
Lumma Stealer, LummaC
Lumma family
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3672 set thread context of 3792 | N/A | C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe | C:\Windows\SysWOW64\choice.exe |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe | N/A |
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\choice.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\choice.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\choice.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe"
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAgTMHWj8XflhgiBXu+sD7Y2DSxfnJxZRIwwXe8BgEbXXHaskCLsR6LDL2G9Y7HZJIp2sM/ozfR2GCdTOq3ch6W4eNMNiTCZGno0o2FSCOhL5jl6FVMZt/wlVKe6tU2R5vBZYsuUPMxJP3bT2MMnIoSaR+PFfkMkmhlOHjl8UzFpgFeiHxHiX1YaSn968/tA7ppkwgGu/jV8Bai6rDDST0KMjD7hAYNI6ROl9v5W67X1m8h7yuKq13sc/uko7MuQnIXvPEXxbv3m5igrl
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnvML2Z3XetnGyA5vfkDMbGtS3vrShxXX7UcPJITF/npPKpsGtkYAkZwlQM6qTv8cUv8E7gkLJjTlIVPj5wgVXXRNbPEziPxiHp/oxUBNRziLBPxNi459BG3fcK39mSUpd9Zn91NYGg8x7uP0xmeipkXqKcquY8UqGyH/H+gw7AGp+bvsCDXiLu6mJTDkYluW8s838PJgNwxByrFIm/Da8wYBMhnIM+xdJRnJkr07dfFsB99wEroauF6926wTqDSaTGccXiztXnNC5B0JvaoFTPLpxwZIqeHyYGBafKlnK8=
C:\Windows\SysWOW64\choice.exe
C:\Windows\SysWOW64\choice.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i18nmmstat.ucweb.com | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.36.55:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | styleclinic-beautyicon.shop | udp |
| US | 104.21.63.234:443 | styleclinic-beautyicon.shop | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | worddosofrm.shop | udp |
| US | 104.21.16.142:443 | worddosofrm.shop | tcp |
| US | 8.8.8.8:53 | mutterissuen.shop | udp |
| US | 104.21.11.225:443 | mutterissuen.shop | tcp |
| US | 8.8.8.8:53 | standartedby.shop | udp |
| US | 172.67.220.135:443 | standartedby.shop | tcp |
| US | 8.8.8.8:53 | 142.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nightybinybz.shop | udp |
| US | 172.67.219.152:443 | nightybinybz.shop | tcp |
| US | 8.8.8.8:53 | 135.220.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | conceszustyb.shop | udp |
| US | 172.67.178.164:443 | conceszustyb.shop | tcp |
| US | 8.8.8.8:53 | 152.219.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bakedstusteeb.shop | udp |
| US | 8.8.8.8:53 | 164.178.67.172.in-addr.arpa | udp |
| US | 104.21.45.184:443 | bakedstusteeb.shop | tcp |
| US | 8.8.8.8:53 | respectabosiz.shop | udp |
| US | 104.21.4.29:443 | respectabosiz.shop | tcp |
| US | 8.8.8.8:53 | 184.45.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | moutheventushz.shop | udp |
| US | 8.8.8.8:53 | 29.4.21.104.in-addr.arpa | udp |
| US | 104.21.50.62:443 | moutheventushz.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 62.50.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | marshal-zhukov.com | udp |
| US | 104.21.82.174:443 | marshal-zhukov.com | tcp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.82.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
memory/3672-0-0x0000000000FE0000-0x0000000000FE1000-memory.dmp
memory/3672-1-0x0000000074240000-0x00000000744DA000-memory.dmp
memory/3672-2-0x00007FFFE3270000-0x00007FFFE3468000-memory.dmp
memory/3672-3-0x0000000074253000-0x0000000074254000-memory.dmp
memory/3672-5-0x0000000074240000-0x00000000744DA000-memory.dmp
memory/3672-8-0x0000000074240000-0x00000000744DA000-memory.dmp
memory/3672-6-0x0000000074240000-0x00000000744DA000-memory.dmp
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
| MD5 | 649215a7c140fa697740693cf915d088 |
| SHA1 | 035ccb917c7be1ba40ccdad606ca3c67d127251e |
| SHA256 | 297bcec264323cd1d6de6286cfa69a572e92552df5a3347856f8bcce8d3e9eb1 |
| SHA512 | ec123a7f9af0926956d41bc002546a18b7b8b776fd11332f351eac828ac7ec02497f76351f2f5c026075746156583100287e09010269257dcd00cf70fa5a003c |
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
| MD5 | efdbe75dfe959d5eaa84334d4825adc2 |
| SHA1 | 9c7655a1052c2ce0d2e0b9571885e9c898dcb5cf |
| SHA256 | 5ef424188b952c5aef34f508b13cf422d4c22e1476c3330ee3b729082f7116ee |
| SHA512 | 4b6ce786ba90635d51e82c4dd7dede3394b5c0f19c394ebc835e182f0d8fd8c898a581b388bb23e348cc0744925b8352bfa3e683d193c5355849c89db9eaea35 |
memory/3672-17-0x0000000000FE0000-0x0000000000FE1000-memory.dmp
memory/3672-16-0x0000000000400000-0x0000000000C88000-memory.dmp
memory/3672-18-0x0000000074253000-0x0000000074254000-memory.dmp
memory/3672-19-0x0000000074240000-0x00000000744DA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4eac24ea
| MD5 | d91c2efc799e035e2bf4f9d9afa668d1 |
| SHA1 | 5f14510428f898ba34c1d944e4987ab037978775 |
| SHA256 | 500f905d1cebd26b5b496c1a6559960a6c9ae40f99ec9ae241aff754043dc733 |
| SHA512 | 304ad1f53b4029a26750d512088b85555a98b55f38a894d9f2ad1d6a210bf1e7c97ddafd437bd9723e2ddbd92b083dfd1fe98d3ba17b71ef04a9e8f7b5d2f813 |
memory/3792-25-0x00007FFFE3270000-0x00007FFFE3468000-memory.dmp
memory/3792-26-0x0000000074240000-0x00000000744DA000-memory.dmp
memory/3824-28-0x00007FFFE3270000-0x00007FFFE3468000-memory.dmp
memory/3824-29-0x0000000000F40000-0x0000000000FA0000-memory.dmp
memory/3824-30-0x0000000000F40000-0x0000000000FA0000-memory.dmp
memory/3824-31-0x0000000000F40000-0x0000000000FA0000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
92s
Max time network
161s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\libvlc.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
memory/3200-0-0x00007FFEF3E90000-0x00007FFEF3EC4000-memory.dmp
memory/3200-1-0x00007FFEE4DC0000-0x00007FFEE5076000-memory.dmp
Analysis: behavioral4
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
96s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\libvlccore.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
memory/1516-0-0x00007FFE9D520000-0x00007FFE9D7D6000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
98s
Max time network
145s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\audio_output\libwasapi_plugin.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| NL | 20.86.201.138:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
149s
Max time network
161s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\audio_output\libdirectsound_plugin.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.36.55:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
93s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\codec\libavcodec_plugin.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.105.99.58:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
Files
Analysis: behavioral11
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
98s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\codec\libd3d11va_plugin.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
96s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libdirect3d11_plugin.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| NL | 20.103.156.88:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
149s
Max time network
169s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libvmem_plugin.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
96s
Max time network
149s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libdirect3d9_plugin.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| IE | 20.223.36.55:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
95s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libdrawable_plugin.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:41
Platform
win10ltsc2021-20241023-en
Max time kernel
348s
Max time network
359s
Command Line
Signatures
Lumma Stealer, LummaC
Lumma family
Boot or Logon Autostart Execution: Active Setup
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\StubPath = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\6.0.1308.1016\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --wow-install-target-path=\"C:\\Program Files (x86)\\UCBrowser\"" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Localized Name = "UC Browser" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\IsInstalled = "1" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Version = "43,0,0,0" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9} | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\ = "UC Browser" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| File opened for modification | C:\Windows\System32\devmgmt.msc | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 548 set thread context of 1672 | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | C:\Windows\SysWOW64\choice.exe |
| PID 3840 set thread context of 2400 | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | C:\Windows\SysWOW64\choice.exe |
| PID 1668 set thread context of 4916 | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | C:\Windows\SysWOW64\choice.exe |
| PID 1848 set thread context of 1048 | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | C:\Windows\SysWOW64\choice.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\youku.com.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\Uninstall.exe | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\ucsvc.log | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\zh-cn\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Languages\settings.xml | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\bing.com.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\en-in\share.dat | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\id\share.dat | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\pt-br\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\new_tab_search\baidu.com.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\google.com.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\chrome.7z | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\7z.dll | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\chrome_watcher.dll | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Update\0\remote\0_beta_chk.xml1.size | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\RtlLib_xp.dll | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\sogou.com.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\taobao.com.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\UCService.exe | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\molt_tool.exe | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Extensions\zh-CN\external_extensions.json | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Locales\es-419.pak | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Locales\es.pak | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\Share\task.ini | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\chrome_elf.dll | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCWiFi\Locales\es.pak | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\new_tab_search\taobao.com.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Update\UpdateState.xml | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Locales\id.pak | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\RtlIhvOid.dll | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\ucsvc.log | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Update\jobs\count.ini | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\78BC.tmp | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\IpLib.dll | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\libeay32.dll | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\VisualElements\Logo.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\baidu.com.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\etao.com.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\id\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\natives_blob.bin | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCWiFi\Locales\pt-BR.pak | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\new_tab_search\etao.com.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\setup.exe | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\6B6D.tmp | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\id\config.dat | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCWiFi\Locales\ru.pak | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\tmall.com.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\es-419\start.dat | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCWiFi\resources.pak | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\extension\taohuoyuan.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\VERSION | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\Share\target_locale | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\debug.log | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\config_updater.dll | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCAgent.exe | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\login_view\qq.png | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\scoped_dir_948_31014\custom.dat | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File opened for modification | C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\config_updater.log | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCWiFi.exe | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\INF\c_magneticstripereader.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_display.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscontinuousbackup.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsopenfilebackup.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsreplication.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsencryption.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_firmware.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscompression.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\Tasks\UCBrowserUpdater.job | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Windows\INF\c_fsquotamgmt.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsactivitymonitor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\Tasks\UCBrowserUpdater.job | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Windows\INF\c_swcomponent.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscopyprotection.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_camera.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssecurityenhancer.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\xusb22.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssystemrecovery.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsphysicalquotamgmt.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_cashdrawer.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\rawsilo.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_receiptprinter.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_processor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_smrvolume.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_apo.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fshsm.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_media.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_monitor.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\Tasks\UCBrowserUpdaterCore.job | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Windows\INF\c_sslaccel.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_barcodescanner.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscontentscreener.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_diskdrive.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_scmvolume.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\miradisp.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_extension.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\ts_generic.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsantivirus.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fscfsmetadataserver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_computeaccelerator.PNF | C:\Windows\system32\mmc.exe | N/A |
| File opened for modification | C:\Windows\Tasks\UCBrowserUpdaterCore.job | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Windows\INF\c_linedisplay.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_netdriver.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\digitalmediadevice.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsinfrastructure.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsvirtualization.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fsundelete.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\Tasks\UCBrowserUpdaterCore.job | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| File created | C:\Windows\INF\remoteposdrv.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_mcx.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_scmdisk.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_volume.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_ucm.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_proximity.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\oposdrv.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\wsdprint.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\dc1-controller.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_smrdisk.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\c_fssystem.PNF | C:\Windows\system32\mmc.exe | N/A |
| File created | C:\Windows\INF\rdcameradriver.PNF | C:\Windows\system32\mmc.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\chrmstp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\SearchIndexer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\mmc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\mmc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\mmc.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Program Files (x86)\UCBrowser\Application\UCService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\Application\ApplicationName = "UC Browser" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.MHT\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\shell\open\command | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT\shell | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.MHT | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.crx\OpenWithProgids\UCHTML.AssocFile.CRX | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTML | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.MHT\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.CRX\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.webp | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\Application\ApplicationDescription = "UC Browser is a fast, secure browser using dual rending engine (Trident and WebKit), optimized in speed and security, to provide superb browsing experience. " | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.XHT\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.XHT\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.XHTML\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.HTM\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTML\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.MHT\shell | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\Application\ApplicationCompany = "UCWeb Inc." | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTML\shell | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTM\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML\CLSID | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\Application\ApplicationIcon = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,0" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.HTM\shell\open\command | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTM\shell\open\command | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTM\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHTML\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.xhtml | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.HTML\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTM\shell | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.XHTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTM\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,1" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.HTM\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.HTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHT\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell\open\command | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.CRX\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.mht\OpenWithProgids | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.MHT | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.CRX\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,1" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\Application\AppUserModelId = "UCBrowser" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT\shell\open\command | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.WEBP\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.html | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTML\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\UCHTML\shell\open\command | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTM\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.xht | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.crx | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTM\shell\open | C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\choice.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\choice.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\choice.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\choice.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Windows\system32\mmc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\✱SatUp\Setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\readyfile.zip"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
C:\Users\Admin\Desktop\✱SatUp\Setup.exe
"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAj7dQNK6LtoLWDco0X9hF1kXqV2z9WP44X7a4gYIXSG/I+iQ6IhGt6IpY9xKAOifpjlS7Xap9BCcY23D1Sep0Z7OvDsyup091JeHH47GgLDdyrQnsEWge/zTMmcSj7X1texUH/BU7QLr5wajUO+Py9G1utI9OsgT3PmG+5H2PP3B+4XQJx50ZozIeHG2yiKxMo0COh9NSMYjmFMCKrxPFGubu3yIPnXVFquWXGe2Y3tC9pD8lJAMo131M5elQlxvUetX2QyNFJIT0N5M
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAgTdTOH8Ls4YgjckIOthD7uDqbWVJ2mAzg7Rww1vW3X1GOjnJ7ZG8+3dLpKj96Uul5ECQVplpaNuUzx0LCSofR0ZvVv8HZj8X4vQpkDbj3owyvnXQMv1q11TPNvoC7Q1sUIHaxhX6uCo1FBXHJ3SMdOW7mm13o7n/VOGT7QQMWCBFtjCBzg0vZSTf7mu83tgIZUOwa20RbsQbFcqDSMfFyBssHTLf2jQb+mMR6O6Y1VT+pH/UvtRwewtfsWDZhgK0WkEifBQHoTKqk9BIxziA7H9/Qqf1/qI0DLUfvWhl8Q=
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkzi1m+EKzBuSgqeslt3Y59zv6n53VQ+NiSpLC9ASVnLeMPMdcC/RZNzSsq1XMrjdG0waaDL1+7XAbI9mLfxoaZehItaNODHWRXSWRWy3tSDXnpDkj+fjbNJeenT92n9SbQQ5xwiLODivccFV6NVh0vx4IajaHPdL6sxpeSWbJ3xm1VwdwABbBnaFYclzkQlJImkjuVH7yCEgvBs85TrTC+DxyTMGJwHN/EPigiK8WfAoiIYElK/PSa3vCmY8tR/mbvfqdQjmUjOsnXE
C:\Users\Admin\Desktop\✱SatUp\Setup.exe
"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Windows\SysWOW64\choice.exe
C:\Windows\SysWOW64\choice.exe
C:\Users\Admin\Desktop\✱SatUp\Setup.exe
"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Windows\SysWOW64\choice.exe
C:\Windows\SysWOW64\choice.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\choice.exe
C:\Windows\SysWOW64\choice.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Users\Admin\Desktop\✱SatUp\Setup.exe
"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkP9KIK/DuJ7QxdAgWmhx/kd6Q3T4oMw8U96WnZ83YF/E2p6oPkmPzIOwyTaYigPhheSfVaKFKhMRg175Q+pER4WvHuyh/3lhETnZ34IwID9OHQ3UJpAc2wqUm+CQzWVdSjUPzCVTcr7KGZrYCXPO7FzegKd4eiLDCSmU8EmPH3BK4VQJ6tUHtxjWBnmbGLhUjdCSr/q6A4TOfNaGtjP9Ks3O1xIV9Xdpjx2RPfEI2siaNAMdAMs221g009V2lwv0WNXGYwA9EojU1eo
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnb9OoByDtx5EBcyg4+hK/2n6VHXXYm26aRxHSAn281xwGS9qPAlWcgXjvS8S2WyzWXC1RxHRS0FsVz6RbSojSWJvev04/getomwwDtPz67ufjljOuEVbXJ5XCWdszQdzRqHU5QBStqFnjAhC9GSPQHSLm3rrK75LiGmQeVwMQCxdtjiF5YUz+UBX+8d9zskd5FOhZ8u5e3H5vf0MMufj9R0MOx/mchaWgNswaxmI+k5DtFrhDlxb7fvnmta1hja+bkEeegO/kYziK8HqGii959JvX513Zpujzh0QDA5CUI=
C:\Windows\SysWOW64\choice.exe
C:\Windows\SysWOW64\choice.exe
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAn4Jz3x6Akt9GOOZh/+JceWX8bvftt8rH75eUQQILX0GJ7nmscViYtRpj+n0gOA1qrlaB3JpoD9yo6HsPyfJWc7O3LPC+gEE0ldzBohGWA4BSvy5DAXMQCKT1rxAj4VBrewkS/iUKU9NJ/ruPm83GR01wuBpery00rl6HKv2/O2h+8Xgh16Y5zqIjPBASgqnzg16DBONFKWdWJfhiLzf+BOby1AwftGQIOt6GXk2K4Gudtim8NA43BM1P0jvQryXQes3QRxNqJu1kB/x
C:\Users\Admin\Desktop\✱SatUp\Setup.exe
"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkYSoYGCG2V4QPrLgG+X1fsH3x/V6sTd7FY5z3VoCaVyBIcQpepPXM0ResPfcKohiAkQK0zhZ3lVW+KqGmdxyRYOBCOq4rCqv1+ipHd2/vr3GpptXv1vRnkLabKJLyl5YQzQY8T8vBGMD3e0fX+1nUclQJyvsiPiHXHhStZ2bM3Re1XAV+bx6e8w5QIXWuRjYH3EyKnVfxM+cGBfKRwrYLd7h8hUlqzuSXM/U4IG0ZVcJgKqnthP+oQt7G56AlRHwyNds8bE3kg4dqN0g1ybYGcTkqFXyRbS/Xl3OelQCNnqOd+qosnL8VlyIWwqFtcChjEEygiZA2TOJKNW60EafQBvA4QnzNaeem70XGNLquGnIIje/qFI5/4wJ0+GbkYh
C:\Windows\SysWOW64\choice.exe
C:\Windows\SysWOW64\choice.exe
C:\Users\Admin\Desktop\✱SatUp\Setup.exe
"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\choice.exe
C:\Windows\SysWOW64\choice.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Windows\SysWOW64\SearchIndexer.exe
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe
"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe" --d="C:\Program Files (x86)\UCBrowser" --wow-as-default-browser=false --wow-join-user-expericence-plan=false --enable-logging --verbose-logging --v=2 --log-file="C:\Users\Admin\AppData\Local\Temp\inst.log" /s
C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe
"C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe" --sync=http://www.uc123.com/guide/install_blacklist.php?ver=6.0.1308.1016&bid=35151&pid=4601&mid=1a5c5dc8b30f5483455c27bbd36a87eb&midex=1d046889ed4d2ae943510f679df2e1b8v000000249d49d6f
C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\CHROME.PACKED.7Z" --d="C:\Program Files (x86)\UCBrowser" --wow-as-default-browser=false --wow-join-user-expericence-plan=false --enable-logging --verbose-logging --v=2 --log-file="C:\Users\Admin\AppData\Local\Temp\inst.log" /s --system-level --wow-bid=35151 --wow-pid=4601 --wow-auth-url=http://www.uc123.com/guide/install_blacklist.php?ver=6.0.1308.1016&bid=35151&pid=4601 --wow-customized-theme="Share\customized_theme.crx" --install --wow-install-target-path="C:\Program Files (x86)\UCBrowser" --wow-make-chrome-default=false --wow-participate-eip=false --installerdata="C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1124\wow_installer.prefs"
C:\Windows\SysWOW64\sc.exe
sc.exe stop UCBrowserSvc
C:\Windows\SysWOW64\sc.exe
sc.exe delete UCBrowserSvc
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="UCæµè§ˆå™¨" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall delete rule name="è¿…é›·äº‘åŠ é€Ÿå¼€æ”¾å¹³å°" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="UCæµè§ˆå™¨" description="UCæµè§ˆå™¨" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" action=allow
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="è¿…é›·äº‘åŠ é€Ÿå¼€æ”¾å¹³å°" description="è¿…é›·äº‘åŠ é€Ÿå¼€æ”¾å¹³å°" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe" action=allow
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --install --start
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
"C:\Program Files (x86)\UCBrowser\Application\UCService.exe"
C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe
"C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAn5R/B962h7eGLt0YvoZrD+QQdUZsoesBr5m3h8IDTGFJ5yhOcOKAyNpJwjFgFAHVLmKdYBp2PSHo7knqCcJ8SbOHNva+omZCVf788VGCEijSgz/sgWkbyOTPktDjyWlCezEL1yU8fbyJyIXZ28nkys10poDevQXX7my/xT2fD3x+0WQd16g4mmItA2VSnqJRA1qcoWNrNL0WM8e47w/RG+bqyyNfvtgQ+cS6Jg3faOteaLDrozq2GxsS7dQQmPYTLotakFbvivl85ETOL8hKhyZOSFqx/YNA0yGhhc5KMKoGPDUYRAL
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --as-current-user --run="\"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe\" --wow-enable-user-experience=false --wow-make-chrome-default=false"
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-enable-user-experience=false --wow-make-chrome-default=false
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater /AddTask
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SpdyEnableDependencies/Enable/StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.0.369893011\447528975" /prefetch:1
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.1.1793040896\577445914" --lang=en-US --no-sandbox /prefetch:8
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SpdyEnableDependencies/Enable/StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.2.2145424282\477535159" /prefetch:1
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.3.1570626021\1327413791" /prefetch:1
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.4.933816584\1791673414" /prefetch:1
C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\chrmstp.exe
"C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser" --force-configure-user-settings
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-warm-up --silent-launch --wow-auto-close
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --lang=en-US --wow-warm-up --wow-silent-launch-child-process
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" /addtask --type=wow-config-updater
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.5.537052634\1302400405" --lang=en-US --ignored=" --type=renderer " /prefetch:8
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.6.1583695217\1606980859" --lang=en-US --ignored=" --type=renderer " /prefetch:8
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.7.1205344473\663375871" --lang=en-US --utility-allowed-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805" --ignored=" --type=renderer " /prefetch:8
C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe
"C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAjZ+3p+yjzheUJaW4gq/UD8g55kZlQAWhmb9BJ8o2bmFwVApNb2rraPBRrJF0CLTVOmYuYBRk6YHq/Z1KOeR4SaOpMvacmSPic9ugUWWNmSjukITsi3LJaO7zRHD7zkdCUygh1zMOAhyX+ut51/dNysFaDYDoldV32EVPZR2LB3xe5Xwd5al5OlAyQ8VekyVRB28HoXle4h0IGTEY9y7rG87F4SNRkruw8/DUhjnH9etms9o4Hn6N7m66qCQxrgpU6gk6QpPV0h2iS9x8uOIL0jInG1Pwb9zmO6IiJpEDUf8t7FGIfCYDZNRfQKmKvj/Hk18isbhFIM9FZztMx+GwFY3xzOv5LKB
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater -CEnumUpdateMode:UpdateMode_AliImTimer
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -cenumupdatemode:updatemode_aliimtimer --type=wow-config-updater
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.8.1351239208\1749826390" --lang=en-US --ignored=" --type=renderer " /prefetch:8
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.9.491867213\1626980658" --lang=en-US --ignored=" --type=renderer " /prefetch:8
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=ppapi-broker --channel="4204.10.1769792489\196744152" --lang=en-US --device-scale-factor=1 /prefetch:4
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.11.104166010\1333932649" /prefetch:1
C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.12.18004746\1915555139" /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.208.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| NL | 20.86.201.138:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.140.244.186:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i18nmmstat.ucweb.com | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | 104.208.201.84.in-addr.arpa | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | styleclinic-beautyicon.shop | udp |
| US | 104.21.63.234:443 | styleclinic-beautyicon.shop | tcp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | worddosofrm.shop | udp |
| US | 8.8.8.8:53 | 234.63.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 172.67.212.246:443 | worddosofrm.shop | tcp |
| US | 8.8.8.8:53 | www.uc123.com | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| FR | 47.246.50.181:80 | www.uc123.com | tcp |
| US | 8.8.8.8:53 | umpackpc.ucweb.com | udp |
| US | 8.8.8.8:53 | 181.50.246.47.in-addr.arpa | udp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| US | 8.8.8.8:53 | mutterissuen.shop | udp |
| US | 8.8.8.8:53 | umcdnpc.ucweb.com | udp |
| US | 8.8.8.8:53 | 246.212.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.50.181.163.in-addr.arpa | udp |
| GB | 2.19.117.34:80 | umcdnpc.ucweb.com | tcp |
| US | 8.8.8.8:53 | 34.117.19.2.in-addr.arpa | udp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| GB | 2.19.117.34:80 | umcdnpc.ucweb.com | tcp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| GB | 2.19.117.34:80 | umcdnpc.ucweb.com | tcp |
| US | 104.21.11.225:443 | mutterissuen.shop | tcp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| GB | 2.19.117.34:80 | umcdnpc.ucweb.com | tcp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| US | 8.8.8.8:53 | standartedby.shop | udp |
| US | 172.67.220.135:443 | standartedby.shop | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| GB | 2.19.117.34:80 | umcdnpc.ucweb.com | tcp |
| US | 8.8.8.8:53 | nightybinybz.shop | udp |
| US | 172.67.219.152:443 | nightybinybz.shop | tcp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| GB | 2.19.117.34:80 | umcdnpc.ucweb.com | tcp |
| US | 8.8.8.8:53 | 225.11.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.220.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.219.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | conceszustyb.shop | udp |
| US | 104.21.17.229:443 | conceszustyb.shop | tcp |
| US | 8.8.8.8:53 | bakedstusteeb.shop | udp |
| US | 172.67.218.30:443 | bakedstusteeb.shop | tcp |
| US | 8.8.8.8:53 | 229.17.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | respectabosiz.shop | udp |
| US | 104.21.4.29:443 | respectabosiz.shop | tcp |
| US | 8.8.8.8:53 | moutheventushz.shop | udp |
| US | 172.67.157.139:443 | moutheventushz.shop | tcp |
| US | 8.8.8.8:53 | 29.4.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.218.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | marshal-zhukov.com | udp |
| US | 172.67.160.80:443 | marshal-zhukov.com | tcp |
| US | 8.8.8.8:53 | 139.157.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.160.67.172.in-addr.arpa | udp |
| FR | 47.246.50.181:80 | www.uc123.com | tcp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| US | 8.8.8.8:53 | umcdnpc.ucweb.com | udp |
| GB | 2.19.117.20:80 | umcdnpc.ucweb.com | tcp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| GB | 2.19.117.20:80 | umcdnpc.ucweb.com | tcp |
| US | 8.8.8.8:53 | 20.117.19.2.in-addr.arpa | udp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| GB | 2.19.117.20:80 | umcdnpc.ucweb.com | tcp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| GB | 2.19.117.20:80 | umcdnpc.ucweb.com | tcp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| GB | 2.19.117.20:80 | umcdnpc.ucweb.com | tcp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| GB | 2.19.117.20:80 | umcdnpc.ucweb.com | tcp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| GB | 2.19.117.20:80 | umcdnpc.ucweb.com | tcp |
| IT | 163.181.50.224:80 | umpackpc.ucweb.com | tcp |
| GB | 2.19.117.20:80 | umcdnpc.ucweb.com | tcp |
| US | 8.8.8.8:53 | wow.ucweb.com | udp |
| RU | 104.166.182.20:80 | wow.ucweb.com | tcp |
| US | 8.8.8.8:53 | 20.182.166.104.in-addr.arpa | udp |
| RU | 104.166.182.20:80 | wow.ucweb.com | tcp |
| US | 104.21.63.234:443 | styleclinic-beautyicon.shop | tcp |
| US | 172.67.212.246:443 | worddosofrm.shop | tcp |
| US | 104.21.11.225:443 | mutterissuen.shop | tcp |
| US | 172.67.220.135:443 | standartedby.shop | tcp |
| US | 172.67.219.152:443 | nightybinybz.shop | tcp |
| US | 104.21.17.229:443 | conceszustyb.shop | tcp |
| US | 172.67.218.30:443 | bakedstusteeb.shop | tcp |
| US | 104.21.4.29:443 | respectabosiz.shop | tcp |
| US | 172.67.157.139:443 | moutheventushz.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 104.21.63.234:443 | styleclinic-beautyicon.shop | tcp |
| US | 172.67.212.246:443 | worddosofrm.shop | tcp |
| US | 104.21.11.225:443 | mutterissuen.shop | tcp |
| US | 172.67.220.135:443 | standartedby.shop | tcp |
| US | 172.67.219.152:443 | nightybinybz.shop | tcp |
| US | 104.21.17.229:443 | conceszustyb.shop | tcp |
| US | 172.67.218.30:443 | bakedstusteeb.shop | tcp |
| US | 104.21.4.29:443 | respectabosiz.shop | tcp |
| US | 172.67.157.139:443 | moutheventushz.shop | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | ucip.uc.cn | udp |
| US | 172.67.160.80:443 | marshal-zhukov.com | tcp |
| CN | 219.133.46.154:80 | ucip.uc.cn | tcp |
| US | 8.8.8.8:53 | www.uc123.com | udp |
| FR | 47.246.50.179:80 | www.uc123.com | tcp |
| US | 8.8.8.8:53 | 179.50.246.47.in-addr.arpa | udp |
| US | 104.21.63.234:443 | styleclinic-beautyicon.shop | tcp |
| US | 172.67.212.246:443 | worddosofrm.shop | tcp |
| US | 104.21.11.225:443 | mutterissuen.shop | tcp |
| US | 172.67.220.135:443 | standartedby.shop | tcp |
| US | 172.67.219.152:443 | nightybinybz.shop | tcp |
| US | 104.21.17.229:443 | conceszustyb.shop | tcp |
| US | 172.67.218.30:443 | bakedstusteeb.shop | tcp |
| US | 104.21.4.29:443 | respectabosiz.shop | tcp |
| US | 172.67.157.139:443 | moutheventushz.shop | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.123.95.227:443 | steamcommunity.com | tcp |
| US | 172.67.160.80:443 | marshal-zhukov.com | tcp |
| US | 8.8.8.8:53 | 227.95.123.104.in-addr.arpa | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | wow.uc.cn | udp |
| US | 8.8.8.8:53 | mmstat1.taobao.com | udp |
| US | 8.8.8.8:53 | image.uc.cn | udp |
| US | 8.8.8.8:53 | gj.track.uc.cn | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | ip.taobao.com | udp |
| FR | 47.246.50.179:80 | wow.uc.cn | tcp |
| US | 8.8.8.8:53 | browser.taobao.com | udp |
| NL | 47.246.48.225:80 | image.uc.cn | tcp |
| CN | 59.82.122.130:80 | browser.taobao.com | tcp |
| US | 157.185.189.158:9080 | gj.track.uc.cn | tcp |
| FR | 47.246.50.179:80 | wow.uc.cn | tcp |
| US | 157.185.189.158:9080 | gj.track.uc.cn | tcp |
| CN | 59.82.122.130:80 | browser.taobao.com | tcp |
| US | 47.246.137.66:443 | mmstat1.taobao.com | tcp |
| CN | 59.82.120.242:80 | ip.taobao.com | tcp |
| CN | 59.82.120.242:80 | ip.taobao.com | tcp |
| CN | 59.82.120.242:80 | ip.taobao.com | tcp |
| US | 8.8.8.8:53 | pc.ucweb.com | udp |
| US | 157.185.188.1:80 | pc.ucweb.com | tcp |
| US | 157.185.188.1:80 | pc.ucweb.com | tcp |
| US | 157.185.188.1:80 | pc.ucweb.com | tcp |
| US | 8.8.8.8:53 | 225.48.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.137.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.188.185.157.in-addr.arpa | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | uc.ucweb.com | udp |
| US | 168.235.205.6:80 | uc.ucweb.com | tcp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 168.235.205.6:80 | uc.ucweb.com | tcp |
| US | 8.8.8.8:53 | pcus.ucweb.com | udp |
| CN | 219.133.46.241:443 | pcus.ucweb.com | tcp |
| CN | 219.133.46.241:443 | pcus.ucweb.com | tcp |
| US | 8.8.8.8:53 | 6.205.235.168.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | tcp |
| GB | 172.217.16.227:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| CN | 59.82.122.130:80 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | extensions.uc.cn | udp |
| US | 157.185.189.158:9080 | gj.track.uc.cn | tcp |
| CN | 59.82.120.242:80 | ip.taobao.com | tcp |
| US | 157.185.189.158:9080 | gj.track.uc.cn | tcp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| CN | 59.82.120.242:80 | ip.taobao.com | tcp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| US | 8.8.8.8:53 | wow.ucweb.com | udp |
| RU | 104.166.182.27:80 | wow.ucweb.com | tcp |
| US | 8.8.8.8:53 | 27.182.166.104.in-addr.arpa | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| CN | 219.133.46.241:443 | pcus.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 157.185.189.158:9080 | gj.track.uc.cn | tcp |
| RU | 104.166.182.27:80 | wow.ucweb.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| CN | 59.82.122.130:80 | browser.taobao.com | tcp |
| US | 157.185.189.158:9080 | gj.track.uc.cn | tcp |
| FR | 47.246.50.179:80 | wow.uc.cn | tcp |
| CN | 59.82.122.130:80 | browser.taobao.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | track.uc.cn | udp |
| CN | 123.182.51.94:443 | track.uc.cn | tcp |
| CN | 123.182.51.94:443 | track.uc.cn | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | uma-browser.taobao.com | udp |
| US | 8.8.8.8:53 | wow-upgrade.uc.cn | udp |
| CN | 39.108.40.9:443 | wow-upgrade.uc.cn | tcp |
| CN | 59.82.121.179:443 | uma-browser.taobao.com | tcp |
| CN | 59.82.121.179:443 | uma-browser.taobao.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| CN | 39.108.40.9:443 | wow-upgrade.uc.cn | tcp |
| US | 8.8.8.8:53 | down.up1.uc.cn | udp |
| US | 8.8.8.8:53 | g.tbcdn.cn | udp |
| GB | 168.235.193.88:80 | down.up1.uc.cn | tcp |
| FR | 47.246.50.176:80 | g.tbcdn.cn | tcp |
| FR | 47.246.50.176:80 | g.tbcdn.cn | tcp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| US | 8.8.8.8:53 | tce.alicdn.com | udp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| FR | 47.246.50.175:443 | tce.alicdn.com | tcp |
| FR | 47.246.50.175:443 | tce.alicdn.com | tcp |
| FR | 47.246.50.175:443 | tce.alicdn.com | tcp |
| FR | 47.246.50.175:443 | tce.alicdn.com | tcp |
| CN | 106.8.130.149:443 | track.uc.cn | tcp |
| US | 8.8.8.8:53 | 175.50.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.50.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.193.235.168.in-addr.arpa | udp |
| CN | 106.8.130.149:443 | track.uc.cn | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 157.185.189.158:9080 | gj.track.uc.cn | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 157.185.189.158:9080 | gj.track.uc.cn | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1---sn-aigl6ner.gvt1.com | udp |
| GB | 173.194.183.134:443 | r1---sn-aigl6ner.gvt1.com | tcp |
| GB | 173.194.183.134:443 | r1---sn-aigl6ner.gvt1.com | tcp |
| GB | 173.194.183.134:443 | r1---sn-aigl6ner.gvt1.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.183.194.173.in-addr.arpa | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| CN | 59.82.122.130:80 | browser.taobao.com | tcp |
| CN | 59.82.122.130:80 | browser.taobao.com | tcp |
| CN | 123.182.50.159:443 | track.uc.cn | tcp |
| CN | 123.182.50.159:443 | track.uc.cn | tcp |
| CN | 123.182.51.94:443 | track.uc.cn | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |
| CN | 106.8.130.78:443 | track.uc.cn | tcp |
| CN | 106.8.130.78:443 | track.uc.cn | tcp |
| CN | 106.8.130.149:443 | track.uc.cn | tcp |
| US | 8.8.8.8:53 | safebrowsing.google.com | udp |
| GB | 142.250.200.46:443 | safebrowsing.google.com | tcp |
| US | 8.8.8.8:53 | alt2-safebrowsing.google.com | udp |
| FR | 172.217.18.46:443 | alt2-safebrowsing.google.com | tcp |
| US | 8.8.8.8:53 | 46.18.217.172.in-addr.arpa | udp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | browser.taobao.com | udp |
| CN | 59.82.121.179:80 | browser.taobao.com | tcp |
| CN | 59.82.121.179:80 | browser.taobao.com | tcp |
| CN | 123.182.51.196:443 | track.uc.cn | tcp |
| CN | 123.182.51.196:443 | track.uc.cn | tcp |
| CN | 123.182.50.159:443 | track.uc.cn | tcp |
| CN | 59.82.121.179:443 | browser.taobao.com | tcp |
| CN | 59.82.121.179:443 | browser.taobao.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 168.235.203.193:443 | i18nmmstat.ucweb.com | tcp |
| US | 8.8.8.8:53 | extensions.uc.cn | udp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
| CN | 203.119.169.41:80 | extensions.uc.cn | tcp |
Files
C:\Users\Admin\Desktop\✱SatUp\Setup.exe
| MD5 | b43b96e4483dce09976dc250f87ecf1a |
| SHA1 | 4290076db1e87a46b73e8391186025f1f5b492bb |
| SHA256 | 5eaf95ad5163607ea220e439f13e58ae1bd9b408d94e06d5d721e8daca911c12 |
| SHA512 | 383b723d2d547f775a661bf6990e834b0233849822c7cbc3f0aaf0f276b1c05b0f7bde754dae3da133f7a8aae669b31547889495e5370a6617c09a2a3b61c438 |
C:\Users\Admin\Desktop\✱SatUp\pdfium.dll
| MD5 | 8057f67de20331fb5dad3fd9486b01c3 |
| SHA1 | 067e470192707b8f5eaa757bf4b121c94d505795 |
| SHA256 | fcbc591306dc6e4840de82372886428dd2260af4f9b7fe8494510aa1a80761eb |
| SHA512 | 68dedc7e5ba8fa16f18ded8ef811a41ecd9441639181b0a6e0854db96c7c0e35abe088c8409f226a42f3beb85139fbf67cd9de1c02325701a7482ac7fb6bd372 |
C:\Users\Admin\Desktop\✱SatUp\wmhhsfn
| MD5 | 1dcb5f7d98dfde582cc231c480eba329 |
| SHA1 | dc41a04034450908423f4ac8f73cf6389f6dd084 |
| SHA256 | c89abb0b00fd5a442b8a147027d3881b348974bf38298f05f0debaebca7fc16e |
| SHA512 | f2482f55ea6601bfe5fa0530fd3bbf2231c1d8e3355fada10bb57cba1ffd1bc8b43618e491d55bd317b6b0a74377b96da411961f53f7f4b28a35cbbca9c193fe |
C:\Users\Admin\Desktop\✱SatUp\yughafo
| MD5 | 52a7086c19ce28806ac2d68e63f87398 |
| SHA1 | 81a522f4cc6bfd65a4501f5616727393d8ad9962 |
| SHA256 | 6ed145c01f07a8aff4f6c293e899e5ff7a140648dd8a9e5f24a08710c7b0bad8 |
| SHA512 | 1c4976dabd1a1582a35765d9f447ef2b51d9800469bdde1bdc4441d451e3f4a1dcbbaf4099b04078c4d9a682a92b61fe9f5f99c6509fb32069d125cc6a59f348 |
memory/548-93-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/548-94-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp
memory/548-96-0x0000000073DC0000-0x000000007405A000-memory.dmp
C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
| MD5 | 649215a7c140fa697740693cf915d088 |
| SHA1 | 035ccb917c7be1ba40ccdad606ca3c67d127251e |
| SHA256 | 297bcec264323cd1d6de6286cfa69a572e92552df5a3347856f8bcce8d3e9eb1 |
| SHA512 | ec123a7f9af0926956d41bc002546a18b7b8b776fd11332f351eac828ac7ec02497f76351f2f5c026075746156583100287e09010269257dcd00cf70fa5a003c |
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
| MD5 | efdbe75dfe959d5eaa84334d4825adc2 |
| SHA1 | 9c7655a1052c2ce0d2e0b9571885e9c898dcb5cf |
| SHA256 | 5ef424188b952c5aef34f508b13cf422d4c22e1476c3330ee3b729082f7116ee |
| SHA512 | 4b6ce786ba90635d51e82c4dd7dede3394b5c0f19c394ebc835e182f0d8fd8c898a581b388bb23e348cc0744925b8352bfa3e683d193c5355849c89db9eaea35 |
memory/548-107-0x0000000000400000-0x0000000000C88000-memory.dmp
memory/1088-111-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/1088-112-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp
memory/1088-113-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/548-115-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/3060-119-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/3060-120-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp
memory/3060-121-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/1088-123-0x0000000000400000-0x0000000000C88000-memory.dmp
memory/1088-124-0x0000000073DC0000-0x000000007405A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ddf82cec
| MD5 | 4e8e6e2af7f5c70bf6ff0cd82784fbca |
| SHA1 | 632a5a4d307e91a72b77bbb77b2e58717cc51775 |
| SHA256 | a96b785d905ef12bc03967475ad3491b31057650f2e7548f45c8821127ceb323 |
| SHA512 | 5ab3da6e5c45aa629b4cda69c16ba649395dea2a3163a47db409348ad21db3986e4dc85178929456c43e4833943e2c0d84fd04f54e88ef037294d5d6e4afb9c8 |
memory/3012-130-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp
memory/3012-131-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp
memory/3012-129-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp
memory/3012-137-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp
memory/3012-135-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp
memory/3012-141-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp
memory/3012-140-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp
memory/3012-139-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp
memory/3012-138-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp
memory/3012-136-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp
memory/3060-142-0x0000000000400000-0x0000000000C88000-memory.dmp
memory/1672-143-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp
memory/3060-148-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/1672-150-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/3840-154-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/3840-155-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp
memory/3840-157-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/3516-167-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp
memory/3516-168-0x0000000000D30000-0x0000000000D90000-memory.dmp
memory/3840-169-0x0000000000400000-0x0000000000C88000-memory.dmp
memory/3840-170-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/3516-171-0x0000000000D30000-0x0000000000D90000-memory.dmp
memory/1668-179-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/1668-180-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp
memory/1668-181-0x0000000073DC0000-0x000000007405A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ddd7c80c
| MD5 | f9be84174b1f71a12a44d320b964dbe9 |
| SHA1 | cdfdad4941b7c1e85e5c802b32ed3e9528583260 |
| SHA256 | 2ae58a81d684d33e56a90389e77eeade37c2a8c456e9b7236005bd07691a2278 |
| SHA512 | 1478c6e534798ca6d60353706f126a3744768f359c49245c6b2536d35db029b742e266f5745000a7eef1c8f6607b892339cbe287fb828380623fbb8f99dd5160 |
memory/3516-187-0x0000000000D30000-0x0000000000D90000-memory.dmp
memory/2400-188-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp
memory/1668-190-0x0000000000400000-0x0000000000C88000-memory.dmp
memory/1668-191-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/1848-196-0x0000000073DC0000-0x000000007405A000-memory.dmp
memory/1848-197-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp
memory/1848-199-0x0000000073DC0000-0x000000007405A000-memory.dmp
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\download.log
| MD5 | 3fd9ef588b8be66f28cad0e29ce9ea35 |
| SHA1 | a2b2aad6b18ca8bf421a71c30191be12fe297cd2 |
| SHA256 | 2b14d0a82d373dfce90322deb0723aaac227e391ae3dccfac64ea38fc30fb096 |
| SHA512 | 32ce644254106cc306b1248666e57350dcca5db040d9ff9c4a735f626b7e69db655b541dc3ead3e22d7990c69aeb8886134162fc30d56320b696ae1bc656269d |
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer_url_config
| MD5 | 632fbb87464786d29f33b9246d675f06 |
| SHA1 | 2309a93ab04ce1f0e07c1db09ad5dbdf6281a349 |
| SHA256 | 32e01091480eddd9e3f235ed407547c9f2c5883aeaa2b05b4b59e23526d4633e |
| SHA512 | a91c5723b0d00545da93d3c7e8ecc1ba8713dffee96edc653ae24256b947383c5e2574034bd611d544370b40c90e25b7cf61c362e77daa199f3b87379fba523b |
memory/1848-209-0x0000000000400000-0x0000000000C88000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\67dc1b01
| MD5 | 67434cac886d37cda4ca9940d2bfdad3 |
| SHA1 | 59bb1570f257c265c1aef57921a3752b87076371 |
| SHA256 | e33a1dd217d1d5e9aa852c6b93b2780b5e0201e094839a3233d00e44473d7b45 |
| SHA512 | 70f6e8dbfc9d6ac3c3d7fc2c6eec93e278c5fbeb86545678434a5f650b135725e29e51abcf6b803317a7767d0ed6a52e156a99c766ff2e28a350b80449cfc0ba |
memory/2096-214-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\c57e0a2d
| MD5 | 694227b44a89f01f7cae622235589da5 |
| SHA1 | d306aba72d68def5b3f57b2cf2851147b7b5b1af |
| SHA256 | 4a1479b9bb02ec1d756d8bd5913a96f36936ddd6b660a095a212a3da0502d8a5 |
| SHA512 | 6037ad5e82f7ff2ff626e8ae5a451972d904a7f76997f7ec9ccf638eb97b232213c844e8d0a2f7c6ba91b2cad50eb5bd0d84cf2c0449383219fe554849d818f8 |
C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe
| MD5 | fbec985463163b7b33229f524758c6ef |
| SHA1 | ad93610ce37ed0eb56d1c8411a154dcecec4b459 |
| SHA256 | d540a4aaee8eb9dbdaf9dd7c613b8a2ab1b0f3de8f44392d3db5d1095bc427dc |
| SHA512 | 6bf604a11952c834a70b07977e28ff5563808b807ba1177c766e287d80dd3a586769134e0247ec9dc16d3f7ef0379f37a70c366b2848d00173eeccc0e6a3489a |
C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe
| MD5 | 432c1d62f0ca83d9905b797aa6ef044b |
| SHA1 | 287dd42f0d85d30286b7b59584d27a0f1d4103de |
| SHA256 | 22611504b994873d238e11a93c5bbdbf186eda64f67182dc721100896913d958 |
| SHA512 | a0f8258f867089bb5a2e913c2d809a078a3ece11d15fbf5c17b52b9470eb0b11250421280cc7178848fbc5a72ef925a5a24fdae98ac6f3cf7b045cad8eec745d |
C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe
| MD5 | ab1284ff7cf39cb1763d75d895b99c96 |
| SHA1 | c633d323cb72d262adafb7ea8a947ae421f985eb |
| SHA256 | 18198db8b533a4f4df8f1a8aa5360c40c7a7b31bc1ecde743e0e797786e55b11 |
| SHA512 | 32a75e4d313fceff9c83896972d5c4deb1a0ad6bddc9db0ccb9bcc8b3b173aeae14820e242a89600eb0c45ecc84909aaf3e85420062ceb15a1ca7af94641505e |
C:\Users\Admin\AppData\Local\Temp\inst.log
| MD5 | 81738dd3fd05b54caf84d3a93ab3a15d |
| SHA1 | 6dbcbf5e7d89b9555084be6dd39ec8d99289184b |
| SHA256 | 319828faac8773cf7416c40f27dce079dc2c0dcb39f5c5d89db405c82d62e014 |
| SHA512 | 7c9824b1665f0ab0137b7435c2a3316d229578943d60429e17ecfebec53a57f4bead57e4dbcd64b6cc670fe0cf406fc3f7f738172fc082e64b8777f1564065ff |
C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1124\wow_installer.prefs
| MD5 | f1732baa1efdab3eefb3d95554ce38a7 |
| SHA1 | 6744f85ebfb4730fea1e503e6145fc4fc16546bc |
| SHA256 | 78ecf2c9c0bf1c64ea6eecc655a4e5cf8921f5bf9464b062a6da73905d6e4550 |
| SHA512 | c710201b5b833e6976a0931aa00a620c519875a3ac58a690d9904479a074a096fd72481ea654fbe1229f098a88a6717c59db4ac8cfb00c7454bdd35bd2a0ecbd |
C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\CHROME.PACKED.7Z
| MD5 | 1feca07c05340ec8d52a1f6a0ec69cef |
| SHA1 | f97809278d61b0c506c3961f26323e3c7ac5121f |
| SHA256 | e92992043669325b3607c8a3ec685b1a6c40c91e1c6416cc1d2e0101d236b977 |
| SHA512 | 2cd1ec470f23068ef154cde993c3aaa12034ce666cddf5c40bdf9456835b10ff1eb1661a796107a6117723c6344a13cac59de36aec4d4493f1aacad959756416 |
C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Configs\start.dat
| MD5 | dda2e6b34e62461aacab3317b8f8751d |
| SHA1 | 28892a09922fe011e95fd8450a1dd9d56da5df7c |
| SHA256 | 8e8026bff3c3cf40c63529860174e04e9a0cd66e7fae658d56d254b3820bd03d |
| SHA512 | 0deabd7acf8cce8dc8c353b4824dad263795b38f0862ab2f8564836a00870e6f31407304038bcb816e5316c83ef126a7f8faafca5b18ec08c778febd8dea6bce |
C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Configs\share.dat
| MD5 | e373911dbf6d089af21a759b35e30505 |
| SHA1 | eaee63f64e55565f0c7ad528184849d01d5b90d7 |
| SHA256 | e04fbfd74992c29d27018543961c0d0568e5ea1cff8aa3bdbae6bf489814dce8 |
| SHA512 | ca623a9aaadf05be4852d91fb87ce1d57410629e9cc67f0f40a649f91075b25dec9900d8fbe7223b753af7bf0343c55ae95f24823a471aa1c3a9158458806770 |
C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Configs\config.dat
| MD5 | ee387ebe6a87ba7e7681d22214d1c4d6 |
| SHA1 | 3d998a1cf0fcc230b4cab7f052e875b6da2b5742 |
| SHA256 | 1f61cbd1d1cea6453a9b77d81995a9f2fdd529ba640dacf41dde308b2162657e |
| SHA512 | ed13be1778944b5f7ec5d1f71cf0b46e5f6a98f4dc154007cda3c04f12e4a2f38cee8f7e946be7ee5bde58ca3491bdd852ec02096cd3ec7a62666a314f83d3a8 |
C:\Program Files (x86)\UCBrowser\Application\UCService.exe
| MD5 | 76df26d9c21bae4902c3a63c85a64888 |
| SHA1 | 7684cfa29ce48d13d86e9107ec09acf47584cb3f |
| SHA256 | 7d97175cfc19ea346d13103fd49a16d3d180f12e669ec8c51ff2bb5bfd60ed0b |
| SHA512 | 54fafc770d8c69527d84dde3f690900dfdd3eba53362a3d9c2e08ed05e8fd6962edee14fed0dcbeb1a0637900b4f2da544a763c92dd1689d21255c304882ed79 |
C:\Program Files (x86)\UCBrowser\Application\ucsvc.log
| MD5 | 685a6aff96476d64aee438f547b9dcf5 |
| SHA1 | 9e460e1e77fac6db3902415984cd959e466374a7 |
| SHA256 | 1ea4d62e2e85064a7c90f13d16bf941dad81a41a5a4c2758443d2ab2757531d0 |
| SHA512 | 0f7d5e8d7d1b005b23f8bc52896cdea1e946f40d66a1c6d925808da1f95f8b5c3055424a183914a8daa3b7d3a08daba6d5048020f177c3b4db8d76f0b5613446 |
C:\Program Files (x86)\UCBrowser\Application\Share\target_locale
| MD5 | cce16c45e622d9ceae4b626c9353ecec |
| SHA1 | 5a7bd4149d0d34d3ec86181cdab1cb8dd3f441d7 |
| SHA256 | 5c49f88dafe66e0ecdca8f682ae0b38c38ccd3ad464e3358e899beca88c18560 |
| SHA512 | 49bece6ba2cf39624a2947d9660b44c0c0f3f6970e6671b02f2050fb954cef700b3bad782c00b7e3fd196ae541f0d6c684fd0f77704bd9c9d68d35b94e89a755 |
C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe
| MD5 | 43b42c720ca4ae32b5cf7f6effa35ae1 |
| SHA1 | 62a38eca99a75f8e8f4b92533475af04c5a2b9f0 |
| SHA256 | f5bfa49feb01e326c2110b60cbe9c798d83cbb627928dd86c3d971daabe6aa3d |
| SHA512 | 5a79177d367f5796caddc16cbe6aab52ccf248ba4e10de54b9852dba26c2edfd02aab4d2cebd0b0c1d91cbf889912222e8303aa916475b49d6513110cbb8fcb8 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\facebook.ico
| MD5 | 29caceeded110cf5cdc6b2837f34f703 |
| SHA1 | c5d0fe9def646afd04a4b0f4c5a39a881e4c3624 |
| SHA256 | c735760b739f5ff8e29c023856d03c78def35ac47914e480c885acf7b18aa973 |
| SHA512 | 191cfc8dce601577cb4a574693b7709912bf2ed6cd891b31981f27ec2aacef0ce72459d213d132ee53a46c5d76510639260365b001fdfe1186719e99873a857d |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\qq.png
| MD5 | c6c6cdf8179fd3360e2dd60dc8b3b0ec |
| SHA1 | 850caf5e4114fcfe18f57e5d82cb83f9ed6485b1 |
| SHA256 | 4e5358357544531a5deb98b8170ce86dddc62d820632fd6341fdc5e2fa7a4176 |
| SHA512 | 08d5ae337ca47e44a8126aff0bc47f3382e131fa34261619097afe5adbda92a7e8d4f77b324b8aa20fd91fed323d2ffeed3be80212bd1912f2e5d7e91439bfdd |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\alipay.png
| MD5 | de2786e2dc5852dccde9cc1eee3b7d00 |
| SHA1 | 1fecc23e53be721e3e2bd2d6e8d60936102ecbbb |
| SHA256 | b2693209b430c72a74e34c732a14ddd99a5efae9c70ab7b367d72a39ca44e9f4 |
| SHA512 | 268e764e457bcd97bc0ea8283394cfabc5ce28792a0ca13ae4d882bbf5893be5d2d3468e17d36d453bcc3d17b0260fa39635a16168698011170340c7805f91a2 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\taohuoyuan.png
| MD5 | b86e13d5cc74c8a352e288b3afce040b |
| SHA1 | e1a7fdeaa600d019600822906944aa41b8fd60c9 |
| SHA256 | bba66079d2e41c1494887ae112487719af586f445e8997a6157126b2242111e2 |
| SHA512 | 97d3452c1fd7fff2d23324ab328171026954fe37bdf5d53b6e6acbe0982308f290e5300c393b39b9f22658ed51e982933844a7504b85d75a522b06b5ec4932e9 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\renren.png
| MD5 | d542cd4d121465265415876a13c8e6e5 |
| SHA1 | e049a1e6202a7e174ff742bfb2a25f0f729edf8f |
| SHA256 | 0fc53be0beff5dbc4a762c19f983ebd0a0bba8239cd052c3990793de457ccb24 |
| SHA512 | fcfe6b77aba31a8ea729383653081ff5f8285ad644079e908f4e137db57bc635989332b682f26ddfaa04dcb9d95694a2e40cc4ac47ccad4aafb0f14a42fd329e |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\noads.png
| MD5 | d8168d458a998ba7ff997e5ba43c76db |
| SHA1 | 930f783e525a44cf695ed2fdc0c56e331d6862b8 |
| SHA256 | a35575fd03c30814af7bc6b259f7f51dd75a2c780c6f0ed6602abc55afd2130e |
| SHA512 | f74387986dc60a40961420129fb051d37ce7d75a8ec4f02159e53bf2828f25aeab562ee72537abdd32ab19fd25e3df26f9f89a2334c62d23815e44af31c3ccb3 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\uc123.png
| MD5 | b3d961de8896d4d6e8159d6b6a6e7729 |
| SHA1 | f8d468a11da8e9f136fa54c043f5de5ebcdd62ff |
| SHA256 | b864bd7ceddfa3c715c4befd29631bf2f6c55eed4fd5d3428eb27404af4b5129 |
| SHA512 | b441debbfe22afdc63e2ab2c0c9066c9ac5013381337d0c6c396da36be07eac906551157297965557484ef23460929c1033ea338ec06b3cadf929f0ec61bcd43 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\taobao.png
| MD5 | 0870184d9d62fc6ea09f661ce759a680 |
| SHA1 | 7a3be4d085398b2fea068a55892518f5092b84dd |
| SHA256 | ef63a5515e3b3d09a9977b78304d0e45d76da3614f230c233441b34c62f00a05 |
| SHA512 | 124a9157c8b447794f4745edb752091ac809e4d39fdb34b65c06c72c08c4be3a157c0741785881c93a139368b92990f7a445e3ad75c80d84ffcf5843a35481fa |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\pp_helper.png
| MD5 | 4cc9b59697f7564731e8c506264f3bde |
| SHA1 | cb9d1f897620da72c4cd3cf3a5f4712f509ab5ee |
| SHA256 | feaa5ce8f86ee0cd34821b48cf76e330a620bb4045290891a0c8edb42054db8a |
| SHA512 | 5480d0c7c815e95500790d6a33a32058a75f3369d2ab80be0fafad78d7767ea6d41ded7d405e5ff6473c5d84bf24beabc81f5b3e59b644adb04fdc95ee48bae3 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\baidu.png
| MD5 | d390c92daf6ec52215544827f405a79f |
| SHA1 | 077cca8c1d73bf05c1f4001893642f4ea28ed454 |
| SHA256 | 611e5b35b3f35e6e8084ca7f71f9d22f141ee8a60f62e00ab15be721a3852cf7 |
| SHA512 | 0af5aa486487510ee280cc99b9547214df43e32bbacb6c933bf9d10fef72afc5c4a23fcb2e3db83231ba934a174fc535529ee88cd6ad3474691a2b779211f3ad |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\amazon.png
| MD5 | 9fa7deb1ec538c30eff038daed4814dd |
| SHA1 | 71a3bc8a736c93812b06f66fb7b2e522d18d6b1f |
| SHA256 | 6e8bfc1ba4adabafb14c021a16d865253110dea7933658aabda0403d1f729cbb |
| SHA512 | 669c115ca531a94e522aa9f8f81422f6b5c16d51fad41d073c38f50ca6a50d0d5e6c2f1d9115aa06c68f4345bc3c273f558cf665681c10f113374e5a34dcd0c7 |
C:\Program Files (x86)\UCBrowser\Application\Share\custom.dat
| MD5 | 6ef3f6e140431c5bdb55ed2ea2f6ec5c |
| SHA1 | 7d1e19d98bfeeac07990ccf5759d8aff7b7a724e |
| SHA256 | f011e03aea934adeab09bb24d0d1a2f9cfb4d1cf2a51a04e94180f179a219e8a |
| SHA512 | f94e424f29a919371882ad35bb7b28717ad506aa705d3ae55db14987fdb542b8eaf4d01b37481fd4af0a6b08edd69813fef9f09ef8d25f4c9d38a43d57f17bf3 |
C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\tmall_points.ico
| MD5 | f980ee0aee951b86db85137ec027e491 |
| SHA1 | 5ce8ca7db87622ec9bf14adb8e55a31f098fbe37 |
| SHA256 | 1a430c23e1f9f79cb88ef4d532a70dde6aff7dfd03adeae9461b559a7641b8e9 |
| SHA512 | 5b275e299c9bf250a5c3479fb1cf370a648e81dce74833256cfd0bc3c30db557edb363caafb1ff3d3a56995a78c920e2be6c1587177677908c1557e271784f52 |
C:\Users\Admin\AppData\Local\Temp\etilqs_mgKQ9OnkI6kkylh
| MD5 | 8caa7a63d5bc62d0bf59d13979dccdf0 |
| SHA1 | 620d889e587f94c3d2a0a85be65a5a6949ae9e44 |
| SHA256 | b336b52d09eb1820a9e292b26d51514cee5f64450785266b2a1b200501227a08 |
| SHA512 | f0274abf50814d8626348aaf61b0c8a61d63f794dc528e44d62d7634cb02919c9e1f8555a354e39a57ce9693c1783292dfb5925a0e5d74b2e24d200f3bea83b7 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Extension Rules\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Extension State\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Preferences~RFe5ab0a4.TMP
| MD5 | 33ed14f93928d35a97d57226fc1e081b |
| SHA1 | 45ee9ab56a526c0ae450fe1e657333afb72c5553 |
| SHA256 | 59bf13a635169f5048faab3c6b5373a702ade59bd3b0ef27c06c441b0ec18907 |
| SHA512 | b4310fa59135a423291ea355b7a187b4e5d6c5f8ccc3bb55f23314d311b5c0e0f65c6bdfc8acee17fbb9075514dd4e20696a8b842dd21efd91f356a87ab97c51 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\B09A.tmp
| MD5 | 928d5307cf725c33b23ce48ad87b1a49 |
| SHA1 | 1b4952495c8590a682d3277d1b141066d1d09e01 |
| SHA256 | 6a7ff2c8987a47745910b9e4429ed9fe5a036aaf0fdf0ed7869bd8570afabd6e |
| SHA512 | b5fb5b378c86f1cd191517221a0e65d51c017d90c2feed9701eb8b1e2d4dac2353062dcbc7298d1d9224005f99ce58c7171d5d17e03163bf8bc16753be780b91 |
C:\Program Files (x86)\UCBrowser\Application\Share\task.ini
| MD5 | 53e0c922ce631022c07db5045bdf8a63 |
| SHA1 | baab41405d97bb1081c60e6a65cadd222713f11a |
| SHA256 | 01c2c1331fa4d99f47f1a03406d2cb4ee5708c9b726f8d01de0474f6aaba60f1 |
| SHA512 | 8558f532fe84798ff824865a8f7b3501b36d92bf6486fec381d9439905bef45ff31e70715f1d4496553a107dfad551555244776616811c70d9364d6383978798 |
C:\Program Files (x86)\UCBrowser\Application\Share\task.ini
| MD5 | 31c6c2ed57a8e0dbe04b0ca40d58cc2a |
| SHA1 | d7e087431a0a129ccec8a4ca2d501a8dc2c8314e |
| SHA256 | d2716bc430c6eb73e0a4cd3df48de19d4980823ff7ed6b1b3e85969eb26bb67a |
| SHA512 | d24d831b4e89130510dd67970f8b3af9127d68ef363b2440c0641347dac8e0290436b8e521c041a06dc421587b0b00a004b54b5153fe3edb65785300ab9d909e |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\D7BC.tmp
| MD5 | 1eda594f620319abe6b2abb14fbd1879 |
| SHA1 | 075caee8f910386c5d97033ce493fd5ff033382a |
| SHA256 | 8135a068e646221b9b6611171f7b28348aa3e2277b49d7682c10d7958306504f |
| SHA512 | 245f9d5026bf6054a225804dd036c3f68bdd8b819b9ac5d07abc358f37721a032573490f8e930e23e97c8f1e94bd605bd9a221570828a1d3752a844a9e11bf78 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Local State~RFe5ad7b4.TMP
| MD5 | 646f018f0b22ca48bb885e0f4d6cfe6f |
| SHA1 | ea7f80241f6ebe00e7cef6aaacaa172e9123b895 |
| SHA256 | a93093f2670b1b0452647af9a65e751b7eeaf79681f4ad5558358c8f28673c06 |
| SHA512 | 30f8df76bd4bf443c08c071126f287a6b6c66579c4d9619aba26a46050e2caeb4372cc7a7235b9b6bec8212557a72170a85e419c47f0866332ede712f887510c |
C:\Users\Admin\AppData\Local\Temp\SafeBrowsingDataBase.wow
| MD5 | aa9d2979b6ba1783650fe5685ff6554f |
| SHA1 | 998bd488eeb1c5a662da2cd9e249f57714143b57 |
| SHA256 | f8b2333fe6b7af853ac9692ecc18c054ab2d299d579812bd259c14acfedc910a |
| SHA512 | eb00fecaa6d35de31af30a184a2c3baaa754c8bbf8034e32e0d81b013e46ef23aad4773e5248bc46920cd0bd6945519ccdd9c940327f92d725515974cb4fdb2e |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\price-recommend.css
| MD5 | 9097da8bbbe336e6ce2d3a7ef27dc691 |
| SHA1 | d9d5e7facb1f5e4def47bb1c894d9a8658a36661 |
| SHA256 | 0431cb9d385971fe33aa99cde1b609ec516a439b6f71d1302122b07c4b0d5ca3 |
| SHA512 | 2944c74b0aed554ae1818262dc551e5a88b980b5b32fe861564e5065a6c972adddc914d47237983bf14419cbacacf582bbff5c6a77b2728d00f122b9ba8abc09 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\video-download.css
| MD5 | 0881a8916609980018797697238e8a56 |
| SHA1 | 8f2bf6ab2a066045f19826e503c9923c14787c12 |
| SHA256 | 76043af9b7b432e40cd38de23ddfe72c7795273b5fb2701b9bfe70fd9992783f |
| SHA512 | f834fcab638cf529c211a1aed6278a851a3c130d84de6574568612870d51f939bfa9588fa535d0ffb36cf6ee29ab2a1306f6c396266b2297d34ba901f21b753c |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\seller-assist-temp.css
| MD5 | a309c463a580bdd670ea6789d0939713 |
| SHA1 | 472c5ddb448d0c2d093c2606eb10dc0ebdf0a5bd |
| SHA256 | 3b5aa92ecf98d4fd3769abfbf5ebba8e849029c1b53fc791f2d70eeb1ac38fcd |
| SHA512 | 29de18c99e86dd8264fe636cb0d45857b1c5b83402b1344c3bad88edbc3783cfd99019562a200ff99f90d6f835d246eb8ec7a5257587039df97f40d412e49cc4 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\retailerMode-icon.css
| MD5 | eecd027dd4b571dab0df03d7153bb206 |
| SHA1 | aa44781e6e82175fe303c2a23add73e5e3eb0b9b |
| SHA256 | 01bd3b2a364e4dde0caa57a6d2137ad27b41547e243159652064a07b12565ce2 |
| SHA512 | 712d3b0678c25a3c13b6b657534e2671e9ae21b7bb391f734375502f76693a92eb90f5504776769ea647e4e2a592368a456537bdd100d4ba43bec3d8f622272b |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\retailer-window.css
| MD5 | 6604d1a60773dbf1afcdd641ef182ef9 |
| SHA1 | 22e8cbdb116ee8afd9631b861be13d182307f75f |
| SHA256 | 90a0923c7bc28b3af718a4b688cb41cf694b7c72e2d1df7105c693beaf1f8fbe |
| SHA512 | 138ddf85a8e54496c6d633826f70a597d2e685bd6e08423bfc444fb34d8ff790d92607cdad2477197bb8038999fb35bf771972217aa082fd5f52ed67807bb9d1 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\i18n-ebusiness-amazon.css
| MD5 | 28581f5cc2e94f968e9cce043d488ace |
| SHA1 | 0534efe8e56ce57c4b14240140269a307747995a |
| SHA256 | 044db6a5a520a93afb18491fe59db78dcf9cae2f6e22cf5f5088d83fb4b3f097 |
| SHA512 | 32a3aa867a2b83440b77712b883f8c46d6b4d3ad2b909372104781203f48cce178d58fe785893fb0932baa78eed806866c832c3d053d0b1dc65ec51deb4f628c |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\_locales\en\messages.json
| MD5 | 665e0ddff92e16e35bcca24fe48149ce |
| SHA1 | bfe508c7a7d226caca9a095b00a029a5fa8d58ce |
| SHA256 | 39dba0c62ca7f75df600b4fa7528d3e2ef7938b8bda7ecb5a42e25fa2fc4a520 |
| SHA512 | d7f0e381700c98511fa9114ddcb33ef630ef7009a8fd87fb8dcceb85f641a510d1f4511abcf52738faed7bb24b5a2ee637b368311dfdc2114c5602c932d3f51a |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\lib\Flip-fps.js
| MD5 | 8c486b651fe04ce3d00e4765103d4c94 |
| SHA1 | 01e7bdb67c1d4eb6cac81178735ce84f9586878d |
| SHA256 | 7ac9c402a2b2d61354050055cf67f8122e418fb0c29abd1e7c0f6727e0b54f9c |
| SHA512 | c90edfe6b4ff6bc2c2ef5218b68ee14c17dc48c586e2b3204ee44384ea4327046c1b5f0bb6d1f7d378bd1b9d48551c5e687362375195f6c35b8317b8f3ba97b2 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\image-gallery.js
| MD5 | ec202908fc0babdd067cfddc766a557b |
| SHA1 | 3e6916303508d79539693a166e1fcfbb7f1252d6 |
| SHA256 | 4642602ea0dde84c108a91fc09e0ec6fd01fa3b27ea904b1426744ea955124e2 |
| SHA512 | 420c6556e5037e3672f94e75abdac417c6fe36339b989f055d1b5b67b17fbca84f8c3a8ed57d87ab44ddc29eb8bd380f74bfa80505ae54af675a4d7a1cef0e38 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\video-download-youtube.js
| MD5 | 4a7e8c7784f1442f6b18f14d2688af9b |
| SHA1 | 2e951a0bff80f43a2f1b4c78abb79a2c560df239 |
| SHA256 | b56a5036d12e6a3743ef70151f68262d11e936ea667f528f6e45d2829c8642db |
| SHA512 | 47499d780127265280b47efca0b3a23c846640c8b78bcf90a1ac95a2f7acc94d87cbdf2ac2a94013208a866beea26212056d97523b7811910cb764cbe9c5de15 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\seller-assist.js
| MD5 | 16394d1858a118e0096115f278ecc034 |
| SHA1 | 91bad49932bab5b948cc91a703771350df7da65e |
| SHA256 | 38d8eb1f1bd1c3bfc85a9df9a6405e93485dd6a1b3b341980f0e3770fe8bb826 |
| SHA512 | 352c4f60862f0c3737ff29dbee85d51f65867824658716705444e7c086ad2a1eeed69ae5e81522d64070d0b88c3a1ac6dbfafc6c31a76fb2911da90d67ee0aba |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\retailer-window.js
| MD5 | 211646f8d3ad85a9132d9f8bf0fa02a5 |
| SHA1 | eba961da53df32d86fc46cc65964767cf85bcf5a |
| SHA256 | b3f14984de69d19775c6fc94d1b8398ff681b77658fc044837a859ee6095de04 |
| SHA512 | 4fc456a55292bf54f2b5471c0add63086d0fd998142e96dd5d46f6eaa795d4ba45a1e412da1eead904e46dbea3cede92c8f4ddbf241d68f23305650dece7720d |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\retailer-install-QN.js
| MD5 | 560f427408659375b96a8a177ddba729 |
| SHA1 | 806052ea6c6a54937255e1d038482d1068faa33b |
| SHA256 | 2edf427c524679a45dcd1f9fc9de71a5406c438029a7b5590fc076eb0c8dbc5d |
| SHA512 | 33a9b5d3f1e40ba2d799abba221aaecbeab628723e47dc4598e35c7481db17ed8f3fe988348a567235e686c4bb17128657d78c1015ac82f00893d4015560445c |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\retailer-auto-complete.js
| MD5 | 192b060dec4f383455b9c95a495f1a1a |
| SHA1 | 625b991953ff6ed2ea5192659760f7d4b858f54c |
| SHA256 | 1807b4c272e88590d272e52903d902f518d1b3f2af0342ef43cec3b9f45ec565 |
| SHA512 | 99e5e0e3a2d2fdc26674108ab4b24abdb66f4838bc40a3a4e3efb22442ebacc5182e392c478c2bee6526dd13af3e64484879578f9b88885b8498f46823cbe8b4 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\price-recommend.js
| MD5 | 293c065d74f23d63a2cf569c18156444 |
| SHA1 | 7000cfdf2c45497f6f1977fd4bb3fa5d226672dd |
| SHA256 | b268e2e13128f26e2a74c14d68e42ba2fd21a49add71ae42d9c79787963ac37b |
| SHA512 | abaacbf848fc69b9d99afa093b5f4a1ebdcbb76b27e97cc756384f6ddf564247d42a977ca4fe426597b3996b3dcbef8e373a2b72d3195797e21624805dec3a20 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\i18n-ebusiness-amazon.js
| MD5 | c63906cd61bca7f06b805d6efe7034d8 |
| SHA1 | 8f9923f28cf2871fbc7739df3a797be66292fb46 |
| SHA256 | 735bc0c83289bdea77b614c9cd4093df3fce850402f4597c60e068da27df1841 |
| SHA512 | 80120bd9965795c00dbb8a333c517d1d9243ac8d83fe5f3cf87d09f4b0cfb1bf2d261500675151fa662ad544376786aee83e9c1f2ba7395142182e4e73423f31 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\video-download.js
| MD5 | a87a7af79016978654e25f3555ebf8f7 |
| SHA1 | 57e5c3b45344f7c3f887043c031d1c675a76dede |
| SHA256 | cc81c94617c61044ad114bca63db0054165159ac992979907a73583a57487ce9 |
| SHA512 | 51ea0fee40c41c2294c05b59efadc8f8ab91444f7544c4583de1943fd161860a731c23a8c7c38d9b0d263b288de66739fa50c11f871f4b6da0f7fef2ae154e43 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\video-toolbar.js
| MD5 | bcedeab88530d3d01d05c987287e3594 |
| SHA1 | 430f75d9272cf0334f89e21a92c1a2ded43afa07 |
| SHA256 | a33baec85cb90db0432074d4a014f939e08c26d9f6ddf883fd8cbaa54369bbfe |
| SHA512 | 17f4f4b04bb7b2d5a84cc3078d28eb3e1ba78773dc33dc08f567c7fca5c35f53327143ea1f6a69e0f4c19ab1e89f5e070a316f81a7e7572be77c12bbe1fa5b69 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms
| MD5 | 136b3d76d6235c4e966eb2d6209af2d5 |
| SHA1 | f77294d6ca3759679938e94a80f002cbcc07a47b |
| SHA256 | 6c717ed8c688193d13f381247cb485eebaff7a441f1b717c5039abca3c6d2b3e |
| SHA512 | 5c2d3395575764b8dde9cdb2b63c4134ae2792d7c81787cd6671f4a35debb4d75b06cfb025b58fcb703268c346349f6ca7335a52c13c57e552d345c37bdc4542 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms
| MD5 | 31da309d76b45965430b32fba1416dd6 |
| SHA1 | 3f979d7517e12f46ef7ef768932cdbfe67a1145f |
| SHA256 | 86055f05319488ec16f6b45fd78ced1475ea89e342bb8461ca258ba470956de9 |
| SHA512 | ea32115bdab4eb6d1af4ecc5265f6982f4f23a2d6d949a4bdd7360cdd4a6cb3615273e0786d7380bac243253974c2c327fc2dc0af16df4ab4391ade8b73dae1d |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\TransportSecurity~RFe5b58bb.TMP
| MD5 | 0d285bb29df4b88a944573b649c98e6c |
| SHA1 | e323ebe13a06bfee1e3880ab798639a8fac70db7 |
| SHA256 | dda757a43e8f0e7de2a3cd29932e2e47af1108c8fb56e1eae8705449b38f19cf |
| SHA512 | 61f0815a07467f977d470976af02f5e4f037f71bedf3b9c9d19f9f012a66dd3b363c454746d2b91db80a4839edc0e358e7999c37387cdaeeaefb64f240b5d2bd |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\58C8.tmp
| MD5 | aafc31bdfeedf1fb002daeaf9062ba94 |
| SHA1 | 87e820d7805d1a9c9960039593bd7495d5e6bb9a |
| SHA256 | d53bbf92b346c10a76d6f6739f4d4c04882ac34a83c1bb2a6e59ec6f1c42f2a0 |
| SHA512 | 6ac6d83c801f3756ebfdff11e2f7aab7e29b6b84115a14aa4f3b148e97c25e1f55fee172f65a25fcfc49aa96bfeb0423715a4fcb536e80d74becf904caf11acf |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\89EB.tmp
| MD5 | 4de14f78f1d5ff3f3cc36370b26dc17e |
| SHA1 | ceb6323da4f11efccfbe59a8d504856bdc13c8db |
| SHA256 | c86ae547d592ee699189c9571f1d87427a2df2d48ba01fc2367bbc0eaa79aaa2 |
| SHA512 | 946aa2feb65dcaa9d0e391c220cd893e08dd90ae1e0a9ea2877a073434809929b9e9fde4b10f8711545ff6f0df274741168cb9dfd8630d7356fb9c192bb4371c |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\A1E9.tmp
| MD5 | 23ab63724a7a42a77b67c74a2ee4602d |
| SHA1 | be03b0c4832d6bab93b0655998c2af8a14bc497f |
| SHA256 | 2906ccea44b4e713656304c837f92fc708fba4bafb5a79780987cb9b8e83688f |
| SHA512 | 2f9a287f76c6b1bcd794e8e59a4bd1e50b562011edc0d2734605551f0b371c8667415bc716825584843955e27eb2e0f0af62ff1e84196e0dbdbac5d336be84a4 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\AB7F.tmp
| MD5 | cc5f2f0f099f656586332f32ab8df38b |
| SHA1 | 6356617ddbdb4e6d6071b92436f948e393d47b3e |
| SHA256 | 531c4f1d3f79f7bfc0140681301c12a69d43e7568c9d6bea0de673e4d460acf4 |
| SHA512 | f1269a512a7db4f2a4c08dae5b9bbba9504c3f795fae3c96330a908aff157628871404de15a868f543d009656325607be1b6bc62ef14ac5b153a978922f437f0 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms
| MD5 | 77c62ad22ca3e4b619cd43a2daa8e46c |
| SHA1 | f24a22eed3b8eda9206ce81c4d27c2a6661f29d1 |
| SHA256 | 56347ea1f956e33d65cdb8ce487f99355eb77bed32852667c33d3fcb0d7e891c |
| SHA512 | 8993df312c2bf24d63e43fd15c850548c63378317c3efeba3609257820170eb73c53d00fa90a45250dd407eb970dda655023afae94dae27a1b747baf7d63244b |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\E3A8.tmp
| MD5 | 83f91395b3fff51f12d44add5132f189 |
| SHA1 | f3353817c2e6fe6ec334840c5358c98db880f148 |
| SHA256 | a7dbc8421ddba717f609d4c5dfd5e8c9b40dc87ef6b1a25c8a5a50187f22e872 |
| SHA512 | 30c61b69aa043f7fee2599df1af7c134d0bbaaadce7d3a05f1bad5b00a23239437f36da301a39558bdea658eae05c2e707b3450fc61bc36092b301917a17524c |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Preferences
| MD5 | 55e15ac07dfacd7b56f04bdd0e42d300 |
| SHA1 | 336ebca758cb05ff72fd767d4b93078193f25cae |
| SHA256 | 61a92fb885dd07227afb5c907b073092793c630e51891744e7e6936946cce00d |
| SHA512 | 720383c0e379ba701af194e1fef759ef59619b1a8e956dfe66f0e3ec67a2b2ca4433488ef3abaeb3c2ed47e061e7c0732fbcfc946cc7e694bab8b82afa4f5b7d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms
| MD5 | 6277885d3afbff9478b5ac4507ed8c44 |
| SHA1 | a113dd03aea3ddbd2ceff0c220152dbd137ce0fb |
| SHA256 | 7eb1e744dd1b09283a3643b2f601c8c16fb7f392747c61757410bb07a73b522a |
| SHA512 | 9db215d255e1cfd92582237ac7838cf03e72beb9711cdbaa395b1c6136421485c5995b5108f21a48de11f11e372c014de2a7a4838b4507d174a96eecd09bd949 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Extension Blacklist
| MD5 | 989cab5415e22e78cabf01730b41b211 |
| SHA1 | d8cf7e68568250714632ba03fb7c9a2b93b8a5d5 |
| SHA256 | c26a95db49b8202d48b495d29f6e07a462cacb6422e4d7aa2a02be3be6a657e8 |
| SHA512 | 1925f961d30b9e6da9e0c653b79e878e61009a2aa44573286ecee5b3c56ca8558995db8abca4e7b58d7542b21f856479c71f65e9726367faee08bb6f98a4a224 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms
| MD5 | 5c4cc292f58f746bed3e0adeae8ee64a |
| SHA1 | bf0581c5a180fba96dd1c26adfd51170f38517ad |
| SHA256 | e5cce7f38fcf60173712a6d44258422d1a2f8c79c8b34759b2d7af76d276a7c5 |
| SHA512 | 509199fb0090b75520fb595eef54e59360062a09fa6bb5437f981f1ff13d94835888f28f55d50a97670b71885fd8a0795d1d40f7931e4e017d2fb54448299471 |
C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\CEB6.tmp
| MD5 | ea9530fa97fe6651894ea343022c6586 |
| SHA1 | a91832be098649f707eb8f5ce6c31beaa05f743e |
| SHA256 | 14e0178cf703fa3dbd016019ae7a6f6718f6debb96c348591591260c9ad7b56b |
| SHA512 | adcea8146db2ad2f05cd69aa334f56f987b8b96e2af3467201517278f57ca763d91c76b2c0931c293dd57dae998b7a37e97f51c87ff0cf90f3aa3121e8b83e94 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
150s
Max time network
159s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4888 wrote to memory of 2024 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4888 wrote to memory of 2024 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4888 wrote to memory of 2024 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\pdfium.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\pdfium.dll,#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2024 -ip 2024
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 588
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2024 -ip 2024
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 804
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| NL | 20.103.156.88:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
149s
Max time network
158s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\access\libfilesystem_plugin.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-11-07 22:33
Reported
2024-11-07 22:37
Platform
win10ltsc2021-20241023-en
Max time kernel
94s
Max time network
147s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\access\libimem_plugin.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |