Malware Analysis Report

2025-06-16 00:48

Sample ID 241107-2gshzszcnc
Target readyfile.zip
SHA256 88c091ba3072107a1c873c0bf5360e7fd7a4ae99c06af9bbc0f5676795cf1fd2
Tags
lumma discovery spyware stealer evasion execution persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

88c091ba3072107a1c873c0bf5360e7fd7a4ae99c06af9bbc0f5676795cf1fd2

Threat Level: Known bad

The file readyfile.zip was found to be: Known bad.

Malicious Activity Summary

lumma discovery spyware stealer evasion execution persistence privilege_escalation trojan

Lumma Stealer, LummaC

Lumma family

Modifies Windows Firewall

Stops running service(s)

Downloads MZ/PE file

Boot or Logon Autostart Execution: Active Setup

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks installed software on the system

Checks whether UAC is enabled

Enumerates connected drives

Suspicious use of SetThreadContext

Drops file in System32 directory

Launches sc.exe

Drops file in Windows directory

Executes dropped EXE

Drops file in Program Files directory

Enumerates physical storage devices

Program crash

Reads user/profile data of web browsers

System Time Discovery

System Location Discovery: System Language Discovery

Unsigned PE

Event Triggered Execution: Netsh Helper DLL

Checks SCSI registry key(s)

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-07 22:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

97s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe"

Signatures

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 3672 set thread context of 3792 N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\SearchIndexer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\choice.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe N/A
N/A N/A C:\Windows\SysWOW64\choice.exe N/A
N/A N/A C:\Windows\SysWOW64\choice.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe N/A
N/A N/A C:\Windows\SysWOW64\choice.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3672 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 3672 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 3672 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 4012 wrote to memory of 100 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4012 wrote to memory of 100 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4012 wrote to memory of 100 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4012 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4012 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4012 wrote to memory of 2256 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 3672 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3672 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3672 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3672 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3792 wrote to memory of 3824 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe
PID 3792 wrote to memory of 3824 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe
PID 3792 wrote to memory of 3824 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe
PID 3792 wrote to memory of 3824 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe
PID 3792 wrote to memory of 3824 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\✱SatUp\Setup.exe"

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAgTMHWj8XflhgiBXu+sD7Y2DSxfnJxZRIwwXe8BgEbXXHaskCLsR6LDL2G9Y7HZJIp2sM/ozfR2GCdTOq3ch6W4eNMNiTCZGno0o2FSCOhL5jl6FVMZt/wlVKe6tU2R5vBZYsuUPMxJP3bT2MMnIoSaR+PFfkMkmhlOHjl8UzFpgFeiHxHiX1YaSn968/tA7ppkwgGu/jV8Bai6rDDST0KMjD7hAYNI6ROl9v5W67X1m8h7yuKq13sc/uko7MuQnIXvPEXxbv3m5igrl

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnvML2Z3XetnGyA5vfkDMbGtS3vrShxXX7UcPJITF/npPKpsGtkYAkZwlQM6qTv8cUv8E7gkLJjTlIVPj5wgVXXRNbPEziPxiHp/oxUBNRziLBPxNi459BG3fcK39mSUpd9Zn91NYGg8x7uP0xmeipkXqKcquY8UqGyH/H+gw7AGp+bvsCDXiLu6mJTDkYluW8s838PJgNwxByrFIm/Da8wYBMhnIM+xdJRnJkr07dfFsB99wEroauF6926wTqDSaTGccXiztXnNC5B0JvaoFTPLpxwZIqeHyYGBafKlnK8=

C:\Windows\SysWOW64\choice.exe

C:\Windows\SysWOW64\choice.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\SearchIndexer.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 71.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 i18nmmstat.ucweb.com udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.36.55:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 styleclinic-beautyicon.shop udp
US 104.21.63.234:443 styleclinic-beautyicon.shop tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 234.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 worddosofrm.shop udp
US 104.21.16.142:443 worddosofrm.shop tcp
US 8.8.8.8:53 mutterissuen.shop udp
US 104.21.11.225:443 mutterissuen.shop tcp
US 8.8.8.8:53 standartedby.shop udp
US 172.67.220.135:443 standartedby.shop tcp
US 8.8.8.8:53 142.16.21.104.in-addr.arpa udp
US 8.8.8.8:53 nightybinybz.shop udp
US 172.67.219.152:443 nightybinybz.shop tcp
US 8.8.8.8:53 135.220.67.172.in-addr.arpa udp
US 8.8.8.8:53 225.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 conceszustyb.shop udp
US 172.67.178.164:443 conceszustyb.shop tcp
US 8.8.8.8:53 152.219.67.172.in-addr.arpa udp
US 8.8.8.8:53 bakedstusteeb.shop udp
US 8.8.8.8:53 164.178.67.172.in-addr.arpa udp
US 104.21.45.184:443 bakedstusteeb.shop tcp
US 8.8.8.8:53 respectabosiz.shop udp
US 104.21.4.29:443 respectabosiz.shop tcp
US 8.8.8.8:53 184.45.21.104.in-addr.arpa udp
US 8.8.8.8:53 moutheventushz.shop udp
US 8.8.8.8:53 29.4.21.104.in-addr.arpa udp
US 104.21.50.62:443 moutheventushz.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 62.50.21.104.in-addr.arpa udp
US 8.8.8.8:53 marshal-zhukov.com udp
US 104.21.82.174:443 marshal-zhukov.com tcp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 174.82.21.104.in-addr.arpa udp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/3672-0-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

memory/3672-1-0x0000000074240000-0x00000000744DA000-memory.dmp

memory/3672-2-0x00007FFFE3270000-0x00007FFFE3468000-memory.dmp

memory/3672-3-0x0000000074253000-0x0000000074254000-memory.dmp

memory/3672-5-0x0000000074240000-0x00000000744DA000-memory.dmp

memory/3672-8-0x0000000074240000-0x00000000744DA000-memory.dmp

memory/3672-6-0x0000000074240000-0x00000000744DA000-memory.dmp

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

MD5 649215a7c140fa697740693cf915d088
SHA1 035ccb917c7be1ba40ccdad606ca3c67d127251e
SHA256 297bcec264323cd1d6de6286cfa69a572e92552df5a3347856f8bcce8d3e9eb1
SHA512 ec123a7f9af0926956d41bc002546a18b7b8b776fd11332f351eac828ac7ec02497f76351f2f5c026075746156583100287e09010269257dcd00cf70fa5a003c

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

MD5 efdbe75dfe959d5eaa84334d4825adc2
SHA1 9c7655a1052c2ce0d2e0b9571885e9c898dcb5cf
SHA256 5ef424188b952c5aef34f508b13cf422d4c22e1476c3330ee3b729082f7116ee
SHA512 4b6ce786ba90635d51e82c4dd7dede3394b5c0f19c394ebc835e182f0d8fd8c898a581b388bb23e348cc0744925b8352bfa3e683d193c5355849c89db9eaea35

memory/3672-17-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

memory/3672-16-0x0000000000400000-0x0000000000C88000-memory.dmp

memory/3672-18-0x0000000074253000-0x0000000074254000-memory.dmp

memory/3672-19-0x0000000074240000-0x00000000744DA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\4eac24ea

MD5 d91c2efc799e035e2bf4f9d9afa668d1
SHA1 5f14510428f898ba34c1d944e4987ab037978775
SHA256 500f905d1cebd26b5b496c1a6559960a6c9ae40f99ec9ae241aff754043dc733
SHA512 304ad1f53b4029a26750d512088b85555a98b55f38a894d9f2ad1d6a210bf1e7c97ddafd437bd9723e2ddbd92b083dfd1fe98d3ba17b71ef04a9e8f7b5d2f813

memory/3792-25-0x00007FFFE3270000-0x00007FFFE3468000-memory.dmp

memory/3792-26-0x0000000074240000-0x00000000744DA000-memory.dmp

memory/3824-28-0x00007FFFE3270000-0x00007FFFE3468000-memory.dmp

memory/3824-29-0x0000000000F40000-0x0000000000FA0000-memory.dmp

memory/3824-30-0x0000000000F40000-0x0000000000FA0000-memory.dmp

memory/3824-31-0x0000000000F40000-0x0000000000FA0000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

92s

Max time network

161s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\libvlc.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\libvlc.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 105.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/3200-0-0x00007FFEF3E90000-0x00007FFEF3EC4000-memory.dmp

memory/3200-1-0x00007FFEE4DC0000-0x00007FFEE5076000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

96s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\libvlccore.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\libvlccore.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/1516-0-0x00007FFE9D520000-0x00007FFE9D7D6000-memory.dmp

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

98s

Max time network

145s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\audio_output\libwasapi_plugin.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\audio_output\libwasapi_plugin.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
NL 20.86.201.138:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

149s

Max time network

161s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\audio_output\libdirectsound_plugin.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\audio_output\libdirectsound_plugin.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.36.55:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

93s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\codec\libavcodec_plugin.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\codec\libavcodec_plugin.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.105.99.58:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

98s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\codec\libd3d11va_plugin.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\codec\libd3d11va_plugin.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 70.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

96s

Max time network

158s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libdirect3d11_plugin.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libdirect3d11_plugin.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
NL 20.103.156.88:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 66.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

149s

Max time network

169s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libvmem_plugin.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libvmem_plugin.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 95.16.208.104.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

96s

Max time network

149s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libdirect3d9_plugin.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libdirect3d9_plugin.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
IE 20.223.36.55:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 100.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 99.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

95s

Max time network

150s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libdrawable_plugin.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\video_output\libdrawable_plugin.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:41

Platform

win10ltsc2021-20241023-en

Max time kernel

348s

Max time network

359s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\readyfile.zip"

Signatures

Lumma Stealer, LummaC

stealer lumma

Lumma family

lumma

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\StubPath = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\6.0.1308.1016\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --wow-install-target-path=\"C:\\Program Files (x86)\\UCBrowser\"" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Localized Name = "UC Browser" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\IsInstalled = "1" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\Version = "43,0,0,0" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9} C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}\ = "UC Browser" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Stops running service(s)

evasion execution

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\chrmstp.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
N/A N/A C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
File opened for modification C:\Windows\System32\devmgmt.msc C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 548 set thread context of 1672 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3840 set thread context of 2400 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 1668 set thread context of 4916 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 1848 set thread context of 1048 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\youku.com.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\ucsvc.log C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\zh-cn\start.dat C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Languages\settings.xml C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\bing.com.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\en-in\share.dat C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\id\share.dat C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\pt-br\start.dat C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\new_tab_search\baidu.com.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\google.com.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\chrome.7z C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\7z.dll C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\chrome_watcher.dll C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Update\0\remote\0_beta_chk.xml1.size C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\RtlLib_xp.dll C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\sogou.com.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\taobao.com.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\UCService.exe C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\molt_tool.exe C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Extensions\zh-CN\external_extensions.json C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Locales\es-419.pak C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Locales\es.pak C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\Share\task.ini C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\chrome_elf.dll C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCWiFi\Locales\es.pak C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\new_tab_search\taobao.com.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Update\UpdateState.xml C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Locales\id.pak C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\RtlIhvOid.dll C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\ucsvc.log C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Update\jobs\count.ini C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\78BC.tmp C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\IpLib.dll C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\libeay32.dll C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\VisualElements\Logo.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\baidu.com.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\etao.com.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\id\start.dat C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\natives_blob.bin C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCWiFi\Locales\pt-BR.pak C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\new_tab_search\etao.com.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\6B6D.tmp C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\id\config.dat C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCWiFi\Locales\ru.pak C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\searchbar\tmall.com.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\start.dat C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\UCService.exe C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\Share\install_stats.log C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\Configs\es-419\start.dat C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCWiFi\resources.pak C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\extension\taohuoyuan.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\VERSION C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\Share\target_locale C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\debug.log C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\config_updater.dll C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCAgent.exe C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\Share\icons\login_view\qq.png C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
File created C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\scoped_dir_948_31014\custom.dat C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File opened for modification C:\Program Files (x86)\UCBrowser\Application\Share\ConfigTemp\config_updater.log C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Program Files (x86)\UCBrowser\Temp\source4624_6782\Chrome-bin\6.0.1308.1016\UCWiFi.exe C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\c_magneticstripereader.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_display.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontinuousbackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsopenfilebackup.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsreplication.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsencryption.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_firmware.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscompression.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Tasks\UCBrowserUpdater.job C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Windows\INF\c_fsquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsactivitymonitor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\Tasks\UCBrowserUpdater.job C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Windows\INF\c_swcomponent.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscopyprotection.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_camera.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssecurityenhancer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\xusb22.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystemrecovery.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_cashdrawer.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rawsilo.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_receiptprinter.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_processor.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_smrvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_apo.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fshsm.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_media.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_monitor.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Tasks\UCBrowserUpdaterCore.job C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Windows\INF\c_sslaccel.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_barcodescanner.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscontentscreener.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_diskdrive.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_scmvolume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\miradisp.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_extension.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\ts_generic.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsantivirus.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fscfsmetadataserver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_computeaccelerator.PNF C:\Windows\system32\mmc.exe N/A
File opened for modification C:\Windows\Tasks\UCBrowserUpdaterCore.job C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Windows\INF\c_linedisplay.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_netdriver.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\digitalmediadevice.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsinfrastructure.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsvirtualization.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fsundelete.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\Tasks\UCBrowserUpdaterCore.job C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
File created C:\Windows\INF\remoteposdrv.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_mcx.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_scmdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_volume.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_ucm.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_proximity.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\oposdrv.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\wsdprint.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\dc1-controller.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_smrdisk.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\c_fssystem.PNF C:\Windows\system32\mmc.exe N/A
File created C:\Windows\INF\rdcameradriver.PNF C:\Windows\system32\mmc.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\choice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\SearchIndexer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\chrmstp.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\choice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\SearchIndexer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\choice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\choice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\SearchIndexer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\SearchIndexer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\choice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\choice.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 C:\Windows\system32\mmc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\mmc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\mmc.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\Application\ApplicationName = "UC Browser" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.MHT\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\shell\open\command C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT\shell C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.MHT C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.crx\OpenWithProgids\UCHTML.AssocFile.CRX C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTML C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.MHT\DefaultIcon C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.CRX\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.webp C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\Application\ApplicationDescription = "UC Browser is a fast, secure browser using dual rending engine (Trident and WebKit), optimized in speed and security, to provide superb browsing experience. " C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.XHT\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.XHT\shell\open C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.XHTML\shell\open C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\shell\open C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.HTM\DefaultIcon C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\shell\open C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTML\shell\open C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.MHT\shell C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\Application\ApplicationCompany = "UCWeb Inc." C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTML\shell C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTM\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML\CLSID C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\Application\ApplicationIcon = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,0" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.HTM\shell\open\command C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTM\shell\open\command C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTM\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHTML\shell\open C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xhtml C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.HTML\shell\open C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTM\shell C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.XHTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTM\DefaultIcon C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT\shell\open C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\DefaultIcon C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,1" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.HTM\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.HTML\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.XHT\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell\open C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.CRX\shell\open\command C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.CRX\DefaultIcon C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,3" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.SHTM\DefaultIcon C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.mht\OpenWithProgids C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.MHT C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.CRX\shell\open C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\DefaultIcon\ = "C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe,1" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML\Application\AppUserModelId = "UCBrowser" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML.AssocFile.XHT\shell\open\command C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.WEBP\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTML\DefaultIcon C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\UCHTML\shell\open\command C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\UCHTML.AssocFile.HTM\shell\open\command\ = "\"C:\\Program Files (x86)\\UCBrowser\\Application\\UCBrowser.exe\" -- \"%1\"" C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xht C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.crx C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\UCHTML.AssocFile.SHTM\shell\open C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\choice.exe N/A
N/A N/A C:\Windows\SysWOW64\choice.exe N/A
N/A N/A C:\Windows\SysWOW64\choice.exe N/A
N/A N/A C:\Windows\SysWOW64\choice.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\mmc.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: 33 N/A C:\Windows\system32\mmc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\mmc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\UCBrowser\Application\UCService.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 548 wrote to memory of 4512 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 548 wrote to memory of 4512 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 548 wrote to memory of 4512 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 4512 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4512 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4512 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4512 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4512 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4512 wrote to memory of 1612 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4512 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4512 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 4512 wrote to memory of 1944 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 1088 wrote to memory of 4396 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 1088 wrote to memory of 4396 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 1088 wrote to memory of 4396 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 548 wrote to memory of 1672 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 548 wrote to memory of 1672 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 548 wrote to memory of 1672 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3060 wrote to memory of 2384 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 3060 wrote to memory of 2384 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 3060 wrote to memory of 2384 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 1088 wrote to memory of 3320 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 1088 wrote to memory of 3320 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 1088 wrote to memory of 3320 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 548 wrote to memory of 1672 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3060 wrote to memory of 3880 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3060 wrote to memory of 3880 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3060 wrote to memory of 3880 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 1672 wrote to memory of 3516 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe
PID 1672 wrote to memory of 3516 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe
PID 1672 wrote to memory of 3516 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe
PID 1672 wrote to memory of 3516 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe
PID 3840 wrote to memory of 3876 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 3840 wrote to memory of 3876 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 3840 wrote to memory of 3876 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 3876 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 3876 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 3876 wrote to memory of 1844 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 3876 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 3876 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 3876 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 3840 wrote to memory of 2400 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3840 wrote to memory of 2400 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3840 wrote to memory of 2400 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3876 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 3876 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 3876 wrote to memory of 1464 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 1672 wrote to memory of 3516 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe
PID 1668 wrote to memory of 3884 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 1668 wrote to memory of 3884 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 1668 wrote to memory of 3884 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 3840 wrote to memory of 2400 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 3876 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 3876 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 3876 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe
PID 1668 wrote to memory of 4916 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 1668 wrote to memory of 4916 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 1668 wrote to memory of 4916 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Windows\SysWOW64\choice.exe
PID 1848 wrote to memory of 1560 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 1848 wrote to memory of 1560 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 1848 wrote to memory of 1560 N/A C:\Users\Admin\Desktop\✱SatUp\Setup.exe C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe
PID 2400 wrote to memory of 2096 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe
PID 2400 wrote to memory of 2096 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe
PID 2400 wrote to memory of 2096 N/A C:\Windows\SysWOW64\choice.exe C:\Windows\SysWOW64\SearchIndexer.exe

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\readyfile.zip"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\mmc.exe

"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"

C:\Users\Admin\Desktop\✱SatUp\Setup.exe

"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAj7dQNK6LtoLWDco0X9hF1kXqV2z9WP44X7a4gYIXSG/I+iQ6IhGt6IpY9xKAOifpjlS7Xap9BCcY23D1Sep0Z7OvDsyup091JeHH47GgLDdyrQnsEWge/zTMmcSj7X1texUH/BU7QLr5wajUO+Py9G1utI9OsgT3PmG+5H2PP3B+4XQJx50ZozIeHG2yiKxMo0COh9NSMYjmFMCKrxPFGubu3yIPnXVFquWXGe2Y3tC9pD8lJAMo131M5elQlxvUetX2QyNFJIT0N5M

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAgTdTOH8Ls4YgjckIOthD7uDqbWVJ2mAzg7Rww1vW3X1GOjnJ7ZG8+3dLpKj96Uul5ECQVplpaNuUzx0LCSofR0ZvVv8HZj8X4vQpkDbj3owyvnXQMv1q11TPNvoC7Q1sUIHaxhX6uCo1FBXHJ3SMdOW7mm13o7n/VOGT7QQMWCBFtjCBzg0vZSTf7mu83tgIZUOwa20RbsQbFcqDSMfFyBssHTLf2jQb+mMR6O6Y1VT+pH/UvtRwewtfsWDZhgK0WkEifBQHoTKqk9BIxziA7H9/Qqf1/qI0DLUfvWhl8Q=

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkzi1m+EKzBuSgqeslt3Y59zv6n53VQ+NiSpLC9ASVnLeMPMdcC/RZNzSsq1XMrjdG0waaDL1+7XAbI9mLfxoaZehItaNODHWRXSWRWy3tSDXnpDkj+fjbNJeenT92n9SbQQ5xwiLODivccFV6NVh0vx4IajaHPdL6sxpeSWbJ3xm1VwdwABbBnaFYclzkQlJImkjuVH7yCEgvBs85TrTC+DxyTMGJwHN/EPigiK8WfAoiIYElK/PSa3vCmY8tR/mbvfqdQjmUjOsnXE

C:\Users\Admin\Desktop\✱SatUp\Setup.exe

"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Windows\SysWOW64\choice.exe

C:\Windows\SysWOW64\choice.exe

C:\Users\Admin\Desktop\✱SatUp\Setup.exe

"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Windows\SysWOW64\choice.exe

C:\Windows\SysWOW64\choice.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\choice.exe

C:\Windows\SysWOW64\choice.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Users\Admin\Desktop\✱SatUp\Setup.exe

"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkP9KIK/DuJ7QxdAgWmhx/kd6Q3T4oMw8U96WnZ83YF/E2p6oPkmPzIOwyTaYigPhheSfVaKFKhMRg175Q+pER4WvHuyh/3lhETnZ34IwID9OHQ3UJpAc2wqUm+CQzWVdSjUPzCVTcr7KGZrYCXPO7FzegKd4eiLDCSmU8EmPH3BK4VQJ6tUHtxjWBnmbGLhUjdCSr/q6A4TOfNaGtjP9Ks3O1xIV9Xdpjx2RPfEI2siaNAMdAMs221g009V2lwv0WNXGYwA9EojU1eo

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAnb9OoByDtx5EBcyg4+hK/2n6VHXXYm26aRxHSAn281xwGS9qPAlWcgXjvS8S2WyzWXC1RxHRS0FsVz6RbSojSWJvev04/getomwwDtPz67ufjljOuEVbXJ5XCWdszQdzRqHU5QBStqFnjAhC9GSPQHSLm3rrK75LiGmQeVwMQCxdtjiF5YUz+UBX+8d9zskd5FOhZ8u5e3H5vf0MMufj9R0MOx/mchaWgNswaxmI+k5DtFrhDlxb7fvnmta1hja+bkEeegO/kYziK8HqGii959JvX513Zpujzh0QDA5CUI=

C:\Windows\SysWOW64\choice.exe

C:\Windows\SysWOW64\choice.exe

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAn4Jz3x6Akt9GOOZh/+JceWX8bvftt8rH75eUQQILX0GJ7nmscViYtRpj+n0gOA1qrlaB3JpoD9yo6HsPyfJWc7O3LPC+gEE0ldzBohGWA4BSvy5DAXMQCKT1rxAj4VBrewkS/iUKU9NJ/ruPm83GR01wuBpery00rl6HKv2/O2h+8Xgh16Y5zqIjPBASgqnzg16DBONFKWdWJfhiLzf+BOby1AwftGQIOt6GXk2K4Gudtim8NA43BM1P0jvQryXQes3QRxNqJu1kB/x

C:\Users\Admin\Desktop\✱SatUp\Setup.exe

"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAkYSoYGCG2V4QPrLgG+X1fsH3x/V6sTd7FY5z3VoCaVyBIcQpepPXM0ResPfcKohiAkQK0zhZ3lVW+KqGmdxyRYOBCOq4rCqv1+ipHd2/vr3GpptXv1vRnkLabKJLyl5YQzQY8T8vBGMD3e0fX+1nUclQJyvsiPiHXHhStZ2bM3Re1XAV+bx6e8w5QIXWuRjYH3EyKnVfxM+cGBfKRwrYLd7h8hUlqzuSXM/U4IG0ZVcJgKqnthP+oQt7G56AlRHwyNds8bE3kg4dqN0g1ybYGcTkqFXyRbS/Xl3OelQCNnqOd+qosnL8VlyIWwqFtcChjEEygiZA2TOJKNW60EafQBvA4QnzNaeem70XGNLquGnIIje/qFI5/4wJ0+GbkYh

C:\Windows\SysWOW64\choice.exe

C:\Windows\SysWOW64\choice.exe

C:\Users\Admin\Desktop\✱SatUp\Setup.exe

"C:\Users\Admin\Desktop\✱SatUp\Setup.exe"

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\choice.exe

C:\Windows\SysWOW64\choice.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Windows\SysWOW64\SearchIndexer.exe

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe

"C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe" --d="C:\Program Files (x86)\UCBrowser" --wow-as-default-browser=false --wow-join-user-expericence-plan=false --enable-logging --verbose-logging --v=2 --log-file="C:\Users\Admin\AppData\Local\Temp\inst.log" /s

C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe

"C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe" --sync=http://www.uc123.com/guide/install_blacklist.php?ver=6.0.1308.1016&bid=35151&pid=4601&mid=1a5c5dc8b30f5483455c27bbd36a87eb&midex=1d046889ed4d2ae943510f679df2e1b8v000000249d49d6f

C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\CHROME.PACKED.7Z" --d="C:\Program Files (x86)\UCBrowser" --wow-as-default-browser=false --wow-join-user-expericence-plan=false --enable-logging --verbose-logging --v=2 --log-file="C:\Users\Admin\AppData\Local\Temp\inst.log" /s --system-level --wow-bid=35151 --wow-pid=4601 --wow-auth-url=http://www.uc123.com/guide/install_blacklist.php?ver=6.0.1308.1016&bid=35151&pid=4601 --wow-customized-theme="Share\customized_theme.crx" --install --wow-install-target-path="C:\Program Files (x86)\UCBrowser" --wow-make-chrome-default=false --wow-participate-eip=false --installerdata="C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1124\wow_installer.prefs"

C:\Windows\SysWOW64\sc.exe

sc.exe stop UCBrowserSvc

C:\Windows\SysWOW64\sc.exe

sc.exe delete UCBrowserSvc

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="UC浏览器" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall delete rule name="迅雷云加速开放平台" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe"

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="UC浏览器" description="UC浏览器" dir=in program="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" action=allow

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="迅雷云加速开放平台" description="迅雷云加速开放平台" dir=in program="C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe" action=allow

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --install --start

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

"C:\Program Files (x86)\UCBrowser\Application\UCService.exe"

C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe

"C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAn5R/B962h7eGLt0YvoZrD+QQdUZsoesBr5m3h8IDTGFJ5yhOcOKAyNpJwjFgFAHVLmKdYBp2PSHo7knqCcJ8SbOHNva+omZCVf788VGCEijSgz/sgWkbyOTPktDjyWlCezEL1yU8fbyJyIXZ28nkys10poDevQXX7my/xT2fD3x+0WQd16g4mmItA2VSnqJRA1qcoWNrNL0WM8e47w/RG+bqyyNfvtgQ+cS6Jg3faOteaLDrozq2GxsS7dQQmPYTLotakFbvivl85ETOL8hKhyZOSFqx/YNA0yGhhc5KMKoGPDUYRAL

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

"C:\Program Files (x86)\UCBrowser\Application\UCService.exe" --as-current-user --run="\"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe\" --wow-enable-user-experience=false --wow-make-chrome-default=false"

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-enable-user-experience=false --wow-make-chrome-default=false

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater /AddTask

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SpdyEnableDependencies/Enable/StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.0.369893011\447528975" /prefetch:1

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.1.1793040896\577445914" --lang=en-US --no-sandbox /prefetch:8

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/SpdyEnableDependencies/Enable/StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.2.2145424282\477535159" /prefetch:1

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.3.1570626021\1327413791" /prefetch:1

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.4.933816584\1791673414" /prefetch:1

C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\chrmstp.exe

"C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser" --force-configure-user-settings

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --wow-warm-up --silent-launch --wow-auto-close

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --lang=en-US --wow-warm-up --wow-silent-launch-child-process

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" /addtask --type=wow-config-updater

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.5.537052634\1302400405" --lang=en-US --ignored=" --type=renderer " /prefetch:8

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.6.1583695217\1606980859" --lang=en-US --ignored=" --type=renderer " /prefetch:8

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.7.1205344473\663375871" --lang=en-US --utility-allowed-dir="C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805" --ignored=" --type=renderer " /prefetch:8

C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe

"C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe" --normal-stats1=https://i18nmmstat.ucweb.com/lv=1.0&encrypt_data=bTkwAjZ+3p+yjzheUJaW4gq/UD8g55kZlQAWhmb9BJ8o2bmFwVApNb2rraPBRrJF0CLTVOmYuYBRk6YHq/Z1KOeR4SaOpMvacmSPic9ugUWWNmSjukITsi3LJaO7zRHD7zkdCUygh1zMOAhyX+ut51/dNysFaDYDoldV32EVPZR2LB3xe5Xwd5al5OlAyQ8VekyVRB28HoXle4h0IGTEY9y7rG87F4SNRkruw8/DUhjnH9etms9o4Hn6N7m66qCQxrgpU6gk6QpPV0h2iS9x8uOIL0jInG1Pwb9zmO6IiJpEDUf8t7FGIfCYDZNRfQKmKvj/Hk18isbhFIM9FZztMx+GwFY3xzOv5LKB

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=wow-updater -CEnumUpdateMode:UpdateMode_AliImTimer

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -cenumupdatemode:updatemode_aliimtimer --type=wow-config-updater

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.8.1351239208\1749826390" --lang=en-US --ignored=" --type=renderer " /prefetch:8

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=utility --channel="4204.9.491867213\1626980658" --lang=en-US --ignored=" --type=renderer " /prefetch:8

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=ppapi-broker --channel="4204.10.1769792489\196744152" --lang=en-US --device-scale-factor=1 /prefetch:4

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.11.104166010\1333932649" /prefetch:1

C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe

"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" --type=renderer --disable-direct-write --enable-features=use-new-media-cache<use-new-media-cache --lang=en-US --force-fieldtrials=AutofillClassifier/Enabled/AutofillFieldMetadata/Enabled/AutofillProfileOrderByFrecency/EnabledLimitTo3/AutomaticTabDiscarding/Enabled_Once_5/*BrowserBlacklist/Enabled/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Disabled/ChromeDashboard/Enabled/ChromotingQUIC/Enabled/*DataReductionProxyConfigService/Enabled/EnableGoogleCachedCopyTextExperiment/Button/EnableSessionCrashedBubbleUI/Enabled/*ExtensionActionRedesign/Enabled/*ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/*IconNTP/Default/InstanceID/Enabled/IntelligentSessionRestore/Enabled/LocalNTPSuggestionsService/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*NewProfileManagement/Enabled/OfferUploadCreditCards/Enabled/*PageRevisitInstrumentation/Enabled/*PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*QUIC/Enabled/RefreshTokenDeviceId/Enabled/RenderingPipelineThrottling/Enabled/ReportCertificateErrors/ShowAndPossiblySend/SRTPromptFieldTrial/On/SafeBrowsingReportPhishingErrorLink/Enabled/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/UpdateTime15m/*SchedulerExpensiveTaskBlocking/Enabled/SdchPersistence/Enabled/*SettingsEnforcement/enforce_always_with_extensions_and_dse/*SpdyEnableDependencies/Enable/*StrictSecureCookies/Enabled/SyncHttpContentCompression/Enabled/TabSyncByRecency/Enabled/*TriggeredResetFieldTrial/On/VarationsServiceControl/Interval_30min/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/WebRTC-PeerConnectionDTLS1.2/Enabled/use-new-media-cache/Enabled/ --wow-extension-center-url=https://chrome.google.com/webstore/category/extensions --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --wow-user-agent=UBrowser/6.0.1308.1016 --channel="4204.12.18004746\1915555139" /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 70.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
NL 20.86.201.138:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 51.140.244.186:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 i18nmmstat.ucweb.com udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 8.8.8.8:53 104.208.201.84.in-addr.arpa udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 8.8.8.8:53 styleclinic-beautyicon.shop udp
US 104.21.63.234:443 styleclinic-beautyicon.shop tcp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 worddosofrm.shop udp
US 8.8.8.8:53 234.63.21.104.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 172.67.212.246:443 worddosofrm.shop tcp
US 8.8.8.8:53 www.uc123.com udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
FR 47.246.50.181:80 www.uc123.com tcp
US 8.8.8.8:53 umpackpc.ucweb.com udp
US 8.8.8.8:53 181.50.246.47.in-addr.arpa udp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
US 8.8.8.8:53 mutterissuen.shop udp
US 8.8.8.8:53 umcdnpc.ucweb.com udp
US 8.8.8.8:53 246.212.67.172.in-addr.arpa udp
US 8.8.8.8:53 224.50.181.163.in-addr.arpa udp
GB 2.19.117.34:80 umcdnpc.ucweb.com tcp
US 8.8.8.8:53 34.117.19.2.in-addr.arpa udp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
GB 2.19.117.34:80 umcdnpc.ucweb.com tcp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
GB 2.19.117.34:80 umcdnpc.ucweb.com tcp
US 104.21.11.225:443 mutterissuen.shop tcp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
GB 2.19.117.34:80 umcdnpc.ucweb.com tcp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
US 8.8.8.8:53 standartedby.shop udp
US 172.67.220.135:443 standartedby.shop tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
GB 2.19.117.34:80 umcdnpc.ucweb.com tcp
US 8.8.8.8:53 nightybinybz.shop udp
US 172.67.219.152:443 nightybinybz.shop tcp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
GB 2.19.117.34:80 umcdnpc.ucweb.com tcp
US 8.8.8.8:53 225.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 135.220.67.172.in-addr.arpa udp
US 8.8.8.8:53 152.219.67.172.in-addr.arpa udp
US 8.8.8.8:53 conceszustyb.shop udp
US 104.21.17.229:443 conceszustyb.shop tcp
US 8.8.8.8:53 bakedstusteeb.shop udp
US 172.67.218.30:443 bakedstusteeb.shop tcp
US 8.8.8.8:53 229.17.21.104.in-addr.arpa udp
US 8.8.8.8:53 respectabosiz.shop udp
US 104.21.4.29:443 respectabosiz.shop tcp
US 8.8.8.8:53 moutheventushz.shop udp
US 172.67.157.139:443 moutheventushz.shop tcp
US 8.8.8.8:53 29.4.21.104.in-addr.arpa udp
US 8.8.8.8:53 30.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 marshal-zhukov.com udp
US 172.67.160.80:443 marshal-zhukov.com tcp
US 8.8.8.8:53 139.157.67.172.in-addr.arpa udp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 80.160.67.172.in-addr.arpa udp
FR 47.246.50.181:80 www.uc123.com tcp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
US 8.8.8.8:53 umcdnpc.ucweb.com udp
GB 2.19.117.20:80 umcdnpc.ucweb.com tcp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
GB 2.19.117.20:80 umcdnpc.ucweb.com tcp
US 8.8.8.8:53 20.117.19.2.in-addr.arpa udp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
GB 2.19.117.20:80 umcdnpc.ucweb.com tcp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
GB 2.19.117.20:80 umcdnpc.ucweb.com tcp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
GB 2.19.117.20:80 umcdnpc.ucweb.com tcp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
GB 2.19.117.20:80 umcdnpc.ucweb.com tcp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
GB 2.19.117.20:80 umcdnpc.ucweb.com tcp
IT 163.181.50.224:80 umpackpc.ucweb.com tcp
GB 2.19.117.20:80 umcdnpc.ucweb.com tcp
US 8.8.8.8:53 wow.ucweb.com udp
RU 104.166.182.20:80 wow.ucweb.com tcp
US 8.8.8.8:53 20.182.166.104.in-addr.arpa udp
RU 104.166.182.20:80 wow.ucweb.com tcp
US 104.21.63.234:443 styleclinic-beautyicon.shop tcp
US 172.67.212.246:443 worddosofrm.shop tcp
US 104.21.11.225:443 mutterissuen.shop tcp
US 172.67.220.135:443 standartedby.shop tcp
US 172.67.219.152:443 nightybinybz.shop tcp
US 104.21.17.229:443 conceszustyb.shop tcp
US 172.67.218.30:443 bakedstusteeb.shop tcp
US 104.21.4.29:443 respectabosiz.shop tcp
US 172.67.157.139:443 moutheventushz.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
US 104.21.63.234:443 styleclinic-beautyicon.shop tcp
US 172.67.212.246:443 worddosofrm.shop tcp
US 104.21.11.225:443 mutterissuen.shop tcp
US 172.67.220.135:443 standartedby.shop tcp
US 172.67.219.152:443 nightybinybz.shop tcp
US 104.21.17.229:443 conceszustyb.shop tcp
US 172.67.218.30:443 bakedstusteeb.shop tcp
US 104.21.4.29:443 respectabosiz.shop tcp
US 172.67.157.139:443 moutheventushz.shop tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 ucip.uc.cn udp
US 172.67.160.80:443 marshal-zhukov.com tcp
CN 219.133.46.154:80 ucip.uc.cn tcp
US 8.8.8.8:53 www.uc123.com udp
FR 47.246.50.179:80 www.uc123.com tcp
US 8.8.8.8:53 179.50.246.47.in-addr.arpa udp
US 104.21.63.234:443 styleclinic-beautyicon.shop tcp
US 172.67.212.246:443 worddosofrm.shop tcp
US 104.21.11.225:443 mutterissuen.shop tcp
US 172.67.220.135:443 standartedby.shop tcp
US 172.67.219.152:443 nightybinybz.shop tcp
US 104.21.17.229:443 conceszustyb.shop tcp
US 172.67.218.30:443 bakedstusteeb.shop tcp
US 104.21.4.29:443 respectabosiz.shop tcp
US 172.67.157.139:443 moutheventushz.shop tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.123.95.227:443 steamcommunity.com tcp
US 172.67.160.80:443 marshal-zhukov.com tcp
US 8.8.8.8:53 227.95.123.104.in-addr.arpa udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 8.8.8.8:53 www.google.com udp
N/A 224.0.0.251:5353 udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 8.8.8.8:53 wow.uc.cn udp
US 8.8.8.8:53 mmstat1.taobao.com udp
US 8.8.8.8:53 image.uc.cn udp
US 8.8.8.8:53 gj.track.uc.cn udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 8.8.8.8:53 ip.taobao.com udp
FR 47.246.50.179:80 wow.uc.cn tcp
US 8.8.8.8:53 browser.taobao.com udp
NL 47.246.48.225:80 image.uc.cn tcp
CN 59.82.122.130:80 browser.taobao.com tcp
US 157.185.189.158:9080 gj.track.uc.cn tcp
FR 47.246.50.179:80 wow.uc.cn tcp
US 157.185.189.158:9080 gj.track.uc.cn tcp
CN 59.82.122.130:80 browser.taobao.com tcp
US 47.246.137.66:443 mmstat1.taobao.com tcp
CN 59.82.120.242:80 ip.taobao.com tcp
CN 59.82.120.242:80 ip.taobao.com tcp
CN 59.82.120.242:80 ip.taobao.com tcp
US 8.8.8.8:53 pc.ucweb.com udp
US 157.185.188.1:80 pc.ucweb.com tcp
US 157.185.188.1:80 pc.ucweb.com tcp
US 157.185.188.1:80 pc.ucweb.com tcp
US 8.8.8.8:53 225.48.246.47.in-addr.arpa udp
US 8.8.8.8:53 66.137.246.47.in-addr.arpa udp
US 8.8.8.8:53 1.188.185.157.in-addr.arpa udp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 uc.ucweb.com udp
US 168.235.205.6:80 uc.ucweb.com tcp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 168.235.205.6:80 uc.ucweb.com tcp
US 8.8.8.8:53 pcus.ucweb.com udp
CN 219.133.46.241:443 pcus.ucweb.com tcp
CN 219.133.46.241:443 pcus.ucweb.com tcp
US 8.8.8.8:53 6.205.235.168.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com tcp
GB 172.217.16.227:443 ssl.gstatic.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
CN 59.82.122.130:80 browser.taobao.com tcp
US 8.8.8.8:53 extensions.uc.cn udp
US 157.185.189.158:9080 gj.track.uc.cn tcp
CN 59.82.120.242:80 ip.taobao.com tcp
US 157.185.189.158:9080 gj.track.uc.cn tcp
CN 203.119.169.41:80 extensions.uc.cn tcp
CN 59.82.120.242:80 ip.taobao.com tcp
CN 203.119.169.41:80 extensions.uc.cn tcp
US 8.8.8.8:53 wow.ucweb.com udp
RU 104.166.182.27:80 wow.ucweb.com tcp
US 8.8.8.8:53 27.182.166.104.in-addr.arpa udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
CN 219.133.46.241:443 pcus.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
US 157.185.189.158:9080 gj.track.uc.cn tcp
RU 104.166.182.27:80 wow.ucweb.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
CN 59.82.122.130:80 browser.taobao.com tcp
US 157.185.189.158:9080 gj.track.uc.cn tcp
FR 47.246.50.179:80 wow.uc.cn tcp
CN 59.82.122.130:80 browser.taobao.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.46:443 www.youtube.com tcp
US 8.8.8.8:53 track.uc.cn udp
CN 123.182.51.94:443 track.uc.cn tcp
CN 123.182.51.94:443 track.uc.cn tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 8.8.8.8:53 uma-browser.taobao.com udp
US 8.8.8.8:53 wow-upgrade.uc.cn udp
CN 39.108.40.9:443 wow-upgrade.uc.cn tcp
CN 59.82.121.179:443 uma-browser.taobao.com tcp
CN 59.82.121.179:443 uma-browser.taobao.com tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
CN 39.108.40.9:443 wow-upgrade.uc.cn tcp
US 8.8.8.8:53 down.up1.uc.cn udp
US 8.8.8.8:53 g.tbcdn.cn udp
GB 168.235.193.88:80 down.up1.uc.cn tcp
FR 47.246.50.176:80 g.tbcdn.cn tcp
FR 47.246.50.176:80 g.tbcdn.cn tcp
CN 203.119.169.41:80 extensions.uc.cn tcp
US 8.8.8.8:53 tce.alicdn.com udp
CN 203.119.169.41:80 extensions.uc.cn tcp
FR 47.246.50.175:443 tce.alicdn.com tcp
FR 47.246.50.175:443 tce.alicdn.com tcp
FR 47.246.50.175:443 tce.alicdn.com tcp
FR 47.246.50.175:443 tce.alicdn.com tcp
CN 106.8.130.149:443 track.uc.cn tcp
US 8.8.8.8:53 175.50.246.47.in-addr.arpa udp
US 8.8.8.8:53 176.50.246.47.in-addr.arpa udp
US 8.8.8.8:53 88.193.235.168.in-addr.arpa udp
CN 106.8.130.149:443 track.uc.cn tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 157.185.189.158:9080 gj.track.uc.cn tcp
GB 142.250.179.228:443 www.google.com tcp
US 157.185.189.158:9080 gj.track.uc.cn tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 r1---sn-aigl6ner.gvt1.com udp
GB 173.194.183.134:443 r1---sn-aigl6ner.gvt1.com tcp
GB 173.194.183.134:443 r1---sn-aigl6ner.gvt1.com tcp
GB 173.194.183.134:443 r1---sn-aigl6ner.gvt1.com tcp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 134.183.194.173.in-addr.arpa udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
CN 59.82.122.130:80 browser.taobao.com tcp
CN 59.82.122.130:80 browser.taobao.com tcp
CN 123.182.50.159:443 track.uc.cn tcp
CN 123.182.50.159:443 track.uc.cn tcp
CN 123.182.51.94:443 track.uc.cn tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
CN 203.119.169.41:80 extensions.uc.cn tcp
CN 203.119.169.41:80 extensions.uc.cn tcp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp
CN 106.8.130.78:443 track.uc.cn tcp
CN 106.8.130.78:443 track.uc.cn tcp
CN 106.8.130.149:443 track.uc.cn tcp
US 8.8.8.8:53 safebrowsing.google.com udp
GB 142.250.200.46:443 safebrowsing.google.com tcp
US 8.8.8.8:53 alt2-safebrowsing.google.com udp
FR 172.217.18.46:443 alt2-safebrowsing.google.com tcp
US 8.8.8.8:53 46.18.217.172.in-addr.arpa udp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 8.8.8.8:53 browser.taobao.com udp
CN 59.82.121.179:80 browser.taobao.com tcp
CN 59.82.121.179:80 browser.taobao.com tcp
CN 123.182.51.196:443 track.uc.cn tcp
CN 123.182.51.196:443 track.uc.cn tcp
CN 123.182.50.159:443 track.uc.cn tcp
CN 59.82.121.179:443 browser.taobao.com tcp
CN 59.82.121.179:443 browser.taobao.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 168.235.203.193:443 i18nmmstat.ucweb.com tcp
US 8.8.8.8:53 extensions.uc.cn udp
CN 203.119.169.41:80 extensions.uc.cn tcp
CN 203.119.169.41:80 extensions.uc.cn tcp

Files

C:\Users\Admin\Desktop\✱SatUp\Setup.exe

MD5 b43b96e4483dce09976dc250f87ecf1a
SHA1 4290076db1e87a46b73e8391186025f1f5b492bb
SHA256 5eaf95ad5163607ea220e439f13e58ae1bd9b408d94e06d5d721e8daca911c12
SHA512 383b723d2d547f775a661bf6990e834b0233849822c7cbc3f0aaf0f276b1c05b0f7bde754dae3da133f7a8aae669b31547889495e5370a6617c09a2a3b61c438

C:\Users\Admin\Desktop\✱SatUp\pdfium.dll

MD5 8057f67de20331fb5dad3fd9486b01c3
SHA1 067e470192707b8f5eaa757bf4b121c94d505795
SHA256 fcbc591306dc6e4840de82372886428dd2260af4f9b7fe8494510aa1a80761eb
SHA512 68dedc7e5ba8fa16f18ded8ef811a41ecd9441639181b0a6e0854db96c7c0e35abe088c8409f226a42f3beb85139fbf67cd9de1c02325701a7482ac7fb6bd372

C:\Users\Admin\Desktop\✱SatUp\wmhhsfn

MD5 1dcb5f7d98dfde582cc231c480eba329
SHA1 dc41a04034450908423f4ac8f73cf6389f6dd084
SHA256 c89abb0b00fd5a442b8a147027d3881b348974bf38298f05f0debaebca7fc16e
SHA512 f2482f55ea6601bfe5fa0530fd3bbf2231c1d8e3355fada10bb57cba1ffd1bc8b43618e491d55bd317b6b0a74377b96da411961f53f7f4b28a35cbbca9c193fe

C:\Users\Admin\Desktop\✱SatUp\yughafo

MD5 52a7086c19ce28806ac2d68e63f87398
SHA1 81a522f4cc6bfd65a4501f5616727393d8ad9962
SHA256 6ed145c01f07a8aff4f6c293e899e5ff7a140648dd8a9e5f24a08710c7b0bad8
SHA512 1c4976dabd1a1582a35765d9f447ef2b51d9800469bdde1bdc4441d451e3f4a1dcbbaf4099b04078c4d9a682a92b61fe9f5f99c6509fb32069d125cc6a59f348

memory/548-93-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/548-94-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

memory/548-96-0x0000000073DC0000-0x000000007405A000-memory.dmp

C:\Users\Admin\AppData\Roaming\EHC\XOZATNXRMJJO\uc-browser-6-12909-1603.exe

MD5 649215a7c140fa697740693cf915d088
SHA1 035ccb917c7be1ba40ccdad606ca3c67d127251e
SHA256 297bcec264323cd1d6de6286cfa69a572e92552df5a3347856f8bcce8d3e9eb1
SHA512 ec123a7f9af0926956d41bc002546a18b7b8b776fd11332f351eac828ac7ec02497f76351f2f5c026075746156583100287e09010269257dcd00cf70fa5a003c

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\stats_uploader.exe

MD5 efdbe75dfe959d5eaa84334d4825adc2
SHA1 9c7655a1052c2ce0d2e0b9571885e9c898dcb5cf
SHA256 5ef424188b952c5aef34f508b13cf422d4c22e1476c3330ee3b729082f7116ee
SHA512 4b6ce786ba90635d51e82c4dd7dede3394b5c0f19c394ebc835e182f0d8fd8c898a581b388bb23e348cc0744925b8352bfa3e683d193c5355849c89db9eaea35

memory/548-107-0x0000000000400000-0x0000000000C88000-memory.dmp

memory/1088-111-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/1088-112-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

memory/1088-113-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/548-115-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/3060-119-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/3060-120-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

memory/3060-121-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/1088-123-0x0000000000400000-0x0000000000C88000-memory.dmp

memory/1088-124-0x0000000073DC0000-0x000000007405A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ddf82cec

MD5 4e8e6e2af7f5c70bf6ff0cd82784fbca
SHA1 632a5a4d307e91a72b77bbb77b2e58717cc51775
SHA256 a96b785d905ef12bc03967475ad3491b31057650f2e7548f45c8821127ceb323
SHA512 5ab3da6e5c45aa629b4cda69c16ba649395dea2a3163a47db409348ad21db3986e4dc85178929456c43e4833943e2c0d84fd04f54e88ef037294d5d6e4afb9c8

memory/3012-130-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

memory/3012-131-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

memory/3012-129-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

memory/3012-137-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

memory/3012-135-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

memory/3012-141-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

memory/3012-140-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

memory/3012-139-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

memory/3012-138-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

memory/3012-136-0x0000013EA1FC0000-0x0000013EA1FC1000-memory.dmp

memory/3060-142-0x0000000000400000-0x0000000000C88000-memory.dmp

memory/1672-143-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

memory/3060-148-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/1672-150-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/3840-154-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/3840-155-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

memory/3840-157-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/3516-167-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

memory/3516-168-0x0000000000D30000-0x0000000000D90000-memory.dmp

memory/3840-169-0x0000000000400000-0x0000000000C88000-memory.dmp

memory/3840-170-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/3516-171-0x0000000000D30000-0x0000000000D90000-memory.dmp

memory/1668-179-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/1668-180-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

memory/1668-181-0x0000000073DC0000-0x000000007405A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\ddd7c80c

MD5 f9be84174b1f71a12a44d320b964dbe9
SHA1 cdfdad4941b7c1e85e5c802b32ed3e9528583260
SHA256 2ae58a81d684d33e56a90389e77eeade37c2a8c456e9b7236005bd07691a2278
SHA512 1478c6e534798ca6d60353706f126a3744768f359c49245c6b2536d35db029b742e266f5745000a7eef1c8f6607b892339cbe287fb828380623fbb8f99dd5160

memory/3516-187-0x0000000000D30000-0x0000000000D90000-memory.dmp

memory/2400-188-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

memory/1668-190-0x0000000000400000-0x0000000000C88000-memory.dmp

memory/1668-191-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/1848-196-0x0000000073DC0000-0x000000007405A000-memory.dmp

memory/1848-197-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

memory/1848-199-0x0000000073DC0000-0x000000007405A000-memory.dmp

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\download.log

MD5 3fd9ef588b8be66f28cad0e29ce9ea35
SHA1 a2b2aad6b18ca8bf421a71c30191be12fe297cd2
SHA256 2b14d0a82d373dfce90322deb0723aaac227e391ae3dccfac64ea38fc30fb096
SHA512 32ce644254106cc306b1248666e57350dcca5db040d9ff9c4a735f626b7e69db655b541dc3ead3e22d7990c69aeb8886134162fc30d56320b696ae1bc656269d

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer_url_config

MD5 632fbb87464786d29f33b9246d675f06
SHA1 2309a93ab04ce1f0e07c1db09ad5dbdf6281a349
SHA256 32e01091480eddd9e3f235ed407547c9f2c5883aeaa2b05b4b59e23526d4633e
SHA512 a91c5723b0d00545da93d3c7e8ecc1ba8713dffee96edc653ae24256b947383c5e2574034bd611d544370b40c90e25b7cf61c362e77daa199f3b87379fba523b

memory/1848-209-0x0000000000400000-0x0000000000C88000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\67dc1b01

MD5 67434cac886d37cda4ca9940d2bfdad3
SHA1 59bb1570f257c265c1aef57921a3752b87076371
SHA256 e33a1dd217d1d5e9aa852c6b93b2780b5e0201e094839a3233d00e44473d7b45
SHA512 70f6e8dbfc9d6ac3c3d7fc2c6eec93e278c5fbeb86545678434a5f650b135725e29e51abcf6b803317a7767d0ed6a52e156a99c766ff2e28a350b80449cfc0ba

memory/2096-214-0x00007FFA208D0000-0x00007FFA20AC8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\c57e0a2d

MD5 694227b44a89f01f7cae622235589da5
SHA1 d306aba72d68def5b3f57b2cf2851147b7b5b1af
SHA256 4a1479b9bb02ec1d756d8bd5913a96f36936ddd6b660a095a212a3da0502d8a5
SHA512 6037ad5e82f7ff2ff626e8ae5a451972d904a7f76997f7ec9ccf638eb97b232213c844e8d0a2f7c6ba91b2cad50eb5bd0d84cf2c0449383219fe554849d818f8

C:\Users\Admin\AppData\Local\UCBrowser\Online_Downloader\installer.exe

MD5 fbec985463163b7b33229f524758c6ef
SHA1 ad93610ce37ed0eb56d1c8411a154dcecec4b459
SHA256 d540a4aaee8eb9dbdaf9dd7c613b8a2ab1b0f3de8f44392d3db5d1095bc427dc
SHA512 6bf604a11952c834a70b07977e28ff5563808b807ba1177c766e287d80dd3a586769134e0247ec9dc16d3f7ef0379f37a70c366b2848d00173eeccc0e6a3489a

C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1251\stats_uploader.exe

MD5 432c1d62f0ca83d9905b797aa6ef044b
SHA1 287dd42f0d85d30286b7b59584d27a0f1d4103de
SHA256 22611504b994873d238e11a93c5bbdbf186eda64f67182dc721100896913d958
SHA512 a0f8258f867089bb5a2e913c2d809a078a3ece11d15fbf5c17b52b9470eb0b11250421280cc7178848fbc5a72ef925a5a24fdae98ac6f3cf7b045cad8eec745d

C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\setup.exe

MD5 ab1284ff7cf39cb1763d75d895b99c96
SHA1 c633d323cb72d262adafb7ea8a947ae421f985eb
SHA256 18198db8b533a4f4df8f1a8aa5360c40c7a7b31bc1ecde743e0e797786e55b11
SHA512 32a75e4d313fceff9c83896972d5c4deb1a0ad6bddc9db0ccb9bcc8b3b173aeae14820e242a89600eb0c45ecc84909aaf3e85420062ceb15a1ca7af94641505e

C:\Users\Admin\AppData\Local\Temp\inst.log

MD5 81738dd3fd05b54caf84d3a93ab3a15d
SHA1 6dbcbf5e7d89b9555084be6dd39ec8d99289184b
SHA256 319828faac8773cf7416c40f27dce079dc2c0dcb39f5c5d89db405c82d62e014
SHA512 7c9824b1665f0ab0137b7435c2a3316d229578943d60429e17ecfebec53a57f4bead57e4dbcd64b6cc670fe0cf406fc3f7f738172fc082e64b8777f1564065ff

C:\Users\Admin\AppData\Local\Temp\scoped_dir856_1124\wow_installer.prefs

MD5 f1732baa1efdab3eefb3d95554ce38a7
SHA1 6744f85ebfb4730fea1e503e6145fc4fc16546bc
SHA256 78ecf2c9c0bf1c64ea6eecc655a4e5cf8921f5bf9464b062a6da73905d6e4550
SHA512 c710201b5b833e6976a0931aa00a620c519875a3ac58a690d9904479a074a096fd72481ea654fbe1229f098a88a6717c59db4ac8cfb00c7454bdd35bd2a0ecbd

C:\Users\Admin\AppData\Local\Temp\CR_13E03.tmp\CHROME.PACKED.7Z

MD5 1feca07c05340ec8d52a1f6a0ec69cef
SHA1 f97809278d61b0c506c3961f26323e3c7ac5121f
SHA256 e92992043669325b3607c8a3ec685b1a6c40c91e1c6416cc1d2e0101d236b977
SHA512 2cd1ec470f23068ef154cde993c3aaa12034ce666cddf5c40bdf9456835b10ff1eb1661a796107a6117723c6344a13cac59de36aec4d4493f1aacad959756416

C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Configs\start.dat

MD5 dda2e6b34e62461aacab3317b8f8751d
SHA1 28892a09922fe011e95fd8450a1dd9d56da5df7c
SHA256 8e8026bff3c3cf40c63529860174e04e9a0cd66e7fae658d56d254b3820bd03d
SHA512 0deabd7acf8cce8dc8c353b4824dad263795b38f0862ab2f8564836a00870e6f31407304038bcb816e5316c83ef126a7f8faafca5b18ec08c778febd8dea6bce

C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Configs\share.dat

MD5 e373911dbf6d089af21a759b35e30505
SHA1 eaee63f64e55565f0c7ad528184849d01d5b90d7
SHA256 e04fbfd74992c29d27018543961c0d0568e5ea1cff8aa3bdbae6bf489814dce8
SHA512 ca623a9aaadf05be4852d91fb87ce1d57410629e9cc67f0f40a649f91075b25dec9900d8fbe7223b753af7bf0343c55ae95f24823a471aa1c3a9158458806770

C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\Configs\config.dat

MD5 ee387ebe6a87ba7e7681d22214d1c4d6
SHA1 3d998a1cf0fcc230b4cab7f052e875b6da2b5742
SHA256 1f61cbd1d1cea6453a9b77d81995a9f2fdd529ba640dacf41dde308b2162657e
SHA512 ed13be1778944b5f7ec5d1f71cf0b46e5f6a98f4dc154007cda3c04f12e4a2f38cee8f7e946be7ee5bde58ca3491bdd852ec02096cd3ec7a62666a314f83d3a8

C:\Program Files (x86)\UCBrowser\Application\UCService.exe

MD5 76df26d9c21bae4902c3a63c85a64888
SHA1 7684cfa29ce48d13d86e9107ec09acf47584cb3f
SHA256 7d97175cfc19ea346d13103fd49a16d3d180f12e669ec8c51ff2bb5bfd60ed0b
SHA512 54fafc770d8c69527d84dde3f690900dfdd3eba53362a3d9c2e08ed05e8fd6962edee14fed0dcbeb1a0637900b4f2da544a763c92dd1689d21255c304882ed79

C:\Program Files (x86)\UCBrowser\Application\ucsvc.log

MD5 685a6aff96476d64aee438f547b9dcf5
SHA1 9e460e1e77fac6db3902415984cd959e466374a7
SHA256 1ea4d62e2e85064a7c90f13d16bf941dad81a41a5a4c2758443d2ab2757531d0
SHA512 0f7d5e8d7d1b005b23f8bc52896cdea1e946f40d66a1c6d925808da1f95f8b5c3055424a183914a8daa3b7d3a08daba6d5048020f177c3b4db8d76f0b5613446

C:\Program Files (x86)\UCBrowser\Application\Share\target_locale

MD5 cce16c45e622d9ceae4b626c9353ecec
SHA1 5a7bd4149d0d34d3ec86181cdab1cb8dd3f441d7
SHA256 5c49f88dafe66e0ecdca8f682ae0b38c38ccd3ad464e3358e899beca88c18560
SHA512 49bece6ba2cf39624a2947d9660b44c0c0f3f6970e6671b02f2050fb954cef700b3bad782c00b7e3fd196ae541f0d6c684fd0f77704bd9c9d68d35b94e89a755

C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\stats_uploader.exe

MD5 43b42c720ca4ae32b5cf7f6effa35ae1
SHA1 62a38eca99a75f8e8f4b92533475af04c5a2b9f0
SHA256 f5bfa49feb01e326c2110b60cbe9c798d83cbb627928dd86c3d971daabe6aa3d
SHA512 5a79177d367f5796caddc16cbe6aab52ccf248ba4e10de54b9852dba26c2edfd02aab4d2cebd0b0c1d91cbf889912222e8303aa916475b49d6513110cbb8fcb8

C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\facebook.ico

MD5 29caceeded110cf5cdc6b2837f34f703
SHA1 c5d0fe9def646afd04a4b0f4c5a39a881e4c3624
SHA256 c735760b739f5ff8e29c023856d03c78def35ac47914e480c885acf7b18aa973
SHA512 191cfc8dce601577cb4a574693b7709912bf2ed6cd891b31981f27ec2aacef0ce72459d213d132ee53a46c5d76510639260365b001fdfe1186719e99873a857d

C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\qq.png

MD5 c6c6cdf8179fd3360e2dd60dc8b3b0ec
SHA1 850caf5e4114fcfe18f57e5d82cb83f9ed6485b1
SHA256 4e5358357544531a5deb98b8170ce86dddc62d820632fd6341fdc5e2fa7a4176
SHA512 08d5ae337ca47e44a8126aff0bc47f3382e131fa34261619097afe5adbda92a7e8d4f77b324b8aa20fd91fed323d2ffeed3be80212bd1912f2e5d7e91439bfdd

C:\Program Files (x86)\UCBrowser\Application\Share\icons\login_view\alipay.png

MD5 de2786e2dc5852dccde9cc1eee3b7d00
SHA1 1fecc23e53be721e3e2bd2d6e8d60936102ecbbb
SHA256 b2693209b430c72a74e34c732a14ddd99a5efae9c70ab7b367d72a39ca44e9f4
SHA512 268e764e457bcd97bc0ea8283394cfabc5ce28792a0ca13ae4d882bbf5893be5d2d3468e17d36d453bcc3d17b0260fa39635a16168698011170340c7805f91a2

C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\taohuoyuan.png

MD5 b86e13d5cc74c8a352e288b3afce040b
SHA1 e1a7fdeaa600d019600822906944aa41b8fd60c9
SHA256 bba66079d2e41c1494887ae112487719af586f445e8997a6157126b2242111e2
SHA512 97d3452c1fd7fff2d23324ab328171026954fe37bdf5d53b6e6acbe0982308f290e5300c393b39b9f22658ed51e982933844a7504b85d75a522b06b5ec4932e9

C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\renren.png

MD5 d542cd4d121465265415876a13c8e6e5
SHA1 e049a1e6202a7e174ff742bfb2a25f0f729edf8f
SHA256 0fc53be0beff5dbc4a762c19f983ebd0a0bba8239cd052c3990793de457ccb24
SHA512 fcfe6b77aba31a8ea729383653081ff5f8285ad644079e908f4e137db57bc635989332b682f26ddfaa04dcb9d95694a2e40cc4ac47ccad4aafb0f14a42fd329e

C:\Program Files (x86)\UCBrowser\Application\Share\icons\extension\noads.png

MD5 d8168d458a998ba7ff997e5ba43c76db
SHA1 930f783e525a44cf695ed2fdc0c56e331d6862b8
SHA256 a35575fd03c30814af7bc6b259f7f51dd75a2c780c6f0ed6602abc55afd2130e
SHA512 f74387986dc60a40961420129fb051d37ce7d75a8ec4f02159e53bf2828f25aeab562ee72537abdd32ab19fd25e3df26f9f89a2334c62d23815e44af31c3ccb3

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\uc123.png

MD5 b3d961de8896d4d6e8159d6b6a6e7729
SHA1 f8d468a11da8e9f136fa54c043f5de5ebcdd62ff
SHA256 b864bd7ceddfa3c715c4befd29631bf2f6c55eed4fd5d3428eb27404af4b5129
SHA512 b441debbfe22afdc63e2ab2c0c9066c9ac5013381337d0c6c396da36be07eac906551157297965557484ef23460929c1033ea338ec06b3cadf929f0ec61bcd43

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\taobao.png

MD5 0870184d9d62fc6ea09f661ce759a680
SHA1 7a3be4d085398b2fea068a55892518f5092b84dd
SHA256 ef63a5515e3b3d09a9977b78304d0e45d76da3614f230c233441b34c62f00a05
SHA512 124a9157c8b447794f4745edb752091ac809e4d39fdb34b65c06c72c08c4be3a157c0741785881c93a139368b92990f7a445e3ad75c80d84ffcf5843a35481fa

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\pp_helper.png

MD5 4cc9b59697f7564731e8c506264f3bde
SHA1 cb9d1f897620da72c4cd3cf3a5f4712f509ab5ee
SHA256 feaa5ce8f86ee0cd34821b48cf76e330a620bb4045290891a0c8edb42054db8a
SHA512 5480d0c7c815e95500790d6a33a32058a75f3369d2ab80be0fafad78d7767ea6d41ded7d405e5ff6473c5d84bf24beabc81f5b3e59b644adb04fdc95ee48bae3

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\baidu.png

MD5 d390c92daf6ec52215544827f405a79f
SHA1 077cca8c1d73bf05c1f4001893642f4ea28ed454
SHA256 611e5b35b3f35e6e8084ca7f71f9d22f141ee8a60f62e00ab15be721a3852cf7
SHA512 0af5aa486487510ee280cc99b9547214df43e32bbacb6c933bf9d10fef72afc5c4a23fcb2e3db83231ba934a174fc535529ee88cd6ad3474691a2b779211f3ad

C:\Program Files (x86)\UCBrowser\Application\Share\icons\bookmarks\amazon.png

MD5 9fa7deb1ec538c30eff038daed4814dd
SHA1 71a3bc8a736c93812b06f66fb7b2e522d18d6b1f
SHA256 6e8bfc1ba4adabafb14c021a16d865253110dea7933658aabda0403d1f729cbb
SHA512 669c115ca531a94e522aa9f8f81422f6b5c16d51fad41d073c38f50ca6a50d0d5e6c2f1d9115aa06c68f4345bc3c273f558cf665681c10f113374e5a34dcd0c7

C:\Program Files (x86)\UCBrowser\Application\Share\custom.dat

MD5 6ef3f6e140431c5bdb55ed2ea2f6ec5c
SHA1 7d1e19d98bfeeac07990ccf5759d8aff7b7a724e
SHA256 f011e03aea934adeab09bb24d0d1a2f9cfb4d1cf2a51a04e94180f179a219e8a
SHA512 f94e424f29a919371882ad35bb7b28717ad506aa705d3ae55db14987fdb542b8eaf4d01b37481fd4af0a6b08edd69813fef9f09ef8d25f4c9d38a43d57f17bf3

C:\Program Files (x86)\UCBrowser\Application\Share\icons\desktop\tmall_points.ico

MD5 f980ee0aee951b86db85137ec027e491
SHA1 5ce8ca7db87622ec9bf14adb8e55a31f098fbe37
SHA256 1a430c23e1f9f79cb88ef4d532a70dde6aff7dfd03adeae9461b559a7641b8e9
SHA512 5b275e299c9bf250a5c3479fb1cf370a648e81dce74833256cfd0bc3c30db557edb363caafb1ff3d3a56995a78c920e2be6c1587177677908c1557e271784f52

C:\Users\Admin\AppData\Local\Temp\etilqs_mgKQ9OnkI6kkylh

MD5 8caa7a63d5bc62d0bf59d13979dccdf0
SHA1 620d889e587f94c3d2a0a85be65a5a6949ae9e44
SHA256 b336b52d09eb1820a9e292b26d51514cee5f64450785266b2a1b200501227a08
SHA512 f0274abf50814d8626348aaf61b0c8a61d63f794dc528e44d62d7634cb02919c9e1f8555a354e39a57ce9693c1783292dfb5925a0e5d74b2e24d200f3bea83b7

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Extension Rules\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Extension State\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Preferences~RFe5ab0a4.TMP

MD5 33ed14f93928d35a97d57226fc1e081b
SHA1 45ee9ab56a526c0ae450fe1e657333afb72c5553
SHA256 59bf13a635169f5048faab3c6b5373a702ade59bd3b0ef27c06c441b0ec18907
SHA512 b4310fa59135a423291ea355b7a187b4e5d6c5f8ccc3bb55f23314d311b5c0e0f65c6bdfc8acee17fbb9075514dd4e20696a8b842dd21efd91f356a87ab97c51

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\B09A.tmp

MD5 928d5307cf725c33b23ce48ad87b1a49
SHA1 1b4952495c8590a682d3277d1b141066d1d09e01
SHA256 6a7ff2c8987a47745910b9e4429ed9fe5a036aaf0fdf0ed7869bd8570afabd6e
SHA512 b5fb5b378c86f1cd191517221a0e65d51c017d90c2feed9701eb8b1e2d4dac2353062dcbc7298d1d9224005f99ce58c7171d5d17e03163bf8bc16753be780b91

C:\Program Files (x86)\UCBrowser\Application\Share\task.ini

MD5 53e0c922ce631022c07db5045bdf8a63
SHA1 baab41405d97bb1081c60e6a65cadd222713f11a
SHA256 01c2c1331fa4d99f47f1a03406d2cb4ee5708c9b726f8d01de0474f6aaba60f1
SHA512 8558f532fe84798ff824865a8f7b3501b36d92bf6486fec381d9439905bef45ff31e70715f1d4496553a107dfad551555244776616811c70d9364d6383978798

C:\Program Files (x86)\UCBrowser\Application\Share\task.ini

MD5 31c6c2ed57a8e0dbe04b0ca40d58cc2a
SHA1 d7e087431a0a129ccec8a4ca2d501a8dc2c8314e
SHA256 d2716bc430c6eb73e0a4cd3df48de19d4980823ff7ed6b1b3e85969eb26bb67a
SHA512 d24d831b4e89130510dd67970f8b3af9127d68ef363b2440c0641347dac8e0290436b8e521c041a06dc421587b0b00a004b54b5153fe3edb65785300ab9d909e

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\D7BC.tmp

MD5 1eda594f620319abe6b2abb14fbd1879
SHA1 075caee8f910386c5d97033ce493fd5ff033382a
SHA256 8135a068e646221b9b6611171f7b28348aa3e2277b49d7682c10d7958306504f
SHA512 245f9d5026bf6054a225804dd036c3f68bdd8b819b9ac5d07abc358f37721a032573490f8e930e23e97c8f1e94bd605bd9a221570828a1d3752a844a9e11bf78

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Local State~RFe5ad7b4.TMP

MD5 646f018f0b22ca48bb885e0f4d6cfe6f
SHA1 ea7f80241f6ebe00e7cef6aaacaa172e9123b895
SHA256 a93093f2670b1b0452647af9a65e751b7eeaf79681f4ad5558358c8f28673c06
SHA512 30f8df76bd4bf443c08c071126f287a6b6c66579c4d9619aba26a46050e2caeb4372cc7a7235b9b6bec8212557a72170a85e419c47f0866332ede712f887510c

C:\Users\Admin\AppData\Local\Temp\SafeBrowsingDataBase.wow

MD5 aa9d2979b6ba1783650fe5685ff6554f
SHA1 998bd488eeb1c5a662da2cd9e249f57714143b57
SHA256 f8b2333fe6b7af853ac9692ecc18c054ab2d299d579812bd259c14acfedc910a
SHA512 eb00fecaa6d35de31af30a184a2c3baaa754c8bbf8034e32e0d81b013e46ef23aad4773e5248bc46920cd0bd6945519ccdd9c940327f92d725515974cb4fdb2e

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\price-recommend.css

MD5 9097da8bbbe336e6ce2d3a7ef27dc691
SHA1 d9d5e7facb1f5e4def47bb1c894d9a8658a36661
SHA256 0431cb9d385971fe33aa99cde1b609ec516a439b6f71d1302122b07c4b0d5ca3
SHA512 2944c74b0aed554ae1818262dc551e5a88b980b5b32fe861564e5065a6c972adddc914d47237983bf14419cbacacf582bbff5c6a77b2728d00f122b9ba8abc09

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\video-download.css

MD5 0881a8916609980018797697238e8a56
SHA1 8f2bf6ab2a066045f19826e503c9923c14787c12
SHA256 76043af9b7b432e40cd38de23ddfe72c7795273b5fb2701b9bfe70fd9992783f
SHA512 f834fcab638cf529c211a1aed6278a851a3c130d84de6574568612870d51f939bfa9588fa535d0ffb36cf6ee29ab2a1306f6c396266b2297d34ba901f21b753c

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\seller-assist-temp.css

MD5 a309c463a580bdd670ea6789d0939713
SHA1 472c5ddb448d0c2d093c2606eb10dc0ebdf0a5bd
SHA256 3b5aa92ecf98d4fd3769abfbf5ebba8e849029c1b53fc791f2d70eeb1ac38fcd
SHA512 29de18c99e86dd8264fe636cb0d45857b1c5b83402b1344c3bad88edbc3783cfd99019562a200ff99f90d6f835d246eb8ec7a5257587039df97f40d412e49cc4

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\retailerMode-icon.css

MD5 eecd027dd4b571dab0df03d7153bb206
SHA1 aa44781e6e82175fe303c2a23add73e5e3eb0b9b
SHA256 01bd3b2a364e4dde0caa57a6d2137ad27b41547e243159652064a07b12565ce2
SHA512 712d3b0678c25a3c13b6b657534e2671e9ae21b7bb391f734375502f76693a92eb90f5504776769ea647e4e2a592368a456537bdd100d4ba43bec3d8f622272b

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\retailer-window.css

MD5 6604d1a60773dbf1afcdd641ef182ef9
SHA1 22e8cbdb116ee8afd9631b861be13d182307f75f
SHA256 90a0923c7bc28b3af718a4b688cb41cf694b7c72e2d1df7105c693beaf1f8fbe
SHA512 138ddf85a8e54496c6d633826f70a597d2e685bd6e08423bfc444fb34d8ff790d92607cdad2477197bb8038999fb35bf771972217aa082fd5f52ed67807bb9d1

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\style\i18n-ebusiness-amazon.css

MD5 28581f5cc2e94f968e9cce043d488ace
SHA1 0534efe8e56ce57c4b14240140269a307747995a
SHA256 044db6a5a520a93afb18491fe59db78dcf9cae2f6e22cf5f5088d83fb4b3f097
SHA512 32a3aa867a2b83440b77712b883f8c46d6b4d3ad2b909372104781203f48cce178d58fe785893fb0932baa78eed806866c832c3d053d0b1dc65ec51deb4f628c

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\_locales\en\messages.json

MD5 665e0ddff92e16e35bcca24fe48149ce
SHA1 bfe508c7a7d226caca9a095b00a029a5fa8d58ce
SHA256 39dba0c62ca7f75df600b4fa7528d3e2ef7938b8bda7ecb5a42e25fa2fc4a520
SHA512 d7f0e381700c98511fa9114ddcb33ef630ef7009a8fd87fb8dcceb85f641a510d1f4511abcf52738faed7bb24b5a2ee637b368311dfdc2114c5602c932d3f51a

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\lib\Flip-fps.js

MD5 8c486b651fe04ce3d00e4765103d4c94
SHA1 01e7bdb67c1d4eb6cac81178735ce84f9586878d
SHA256 7ac9c402a2b2d61354050055cf67f8122e418fb0c29abd1e7c0f6727e0b54f9c
SHA512 c90edfe6b4ff6bc2c2ef5218b68ee14c17dc48c586e2b3204ee44384ea4327046c1b5f0bb6d1f7d378bd1b9d48551c5e687362375195f6c35b8317b8f3ba97b2

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\image-gallery.js

MD5 ec202908fc0babdd067cfddc766a557b
SHA1 3e6916303508d79539693a166e1fcfbb7f1252d6
SHA256 4642602ea0dde84c108a91fc09e0ec6fd01fa3b27ea904b1426744ea955124e2
SHA512 420c6556e5037e3672f94e75abdac417c6fe36339b989f055d1b5b67b17fbca84f8c3a8ed57d87ab44ddc29eb8bd380f74bfa80505ae54af675a4d7a1cef0e38

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\video-download-youtube.js

MD5 4a7e8c7784f1442f6b18f14d2688af9b
SHA1 2e951a0bff80f43a2f1b4c78abb79a2c560df239
SHA256 b56a5036d12e6a3743ef70151f68262d11e936ea667f528f6e45d2829c8642db
SHA512 47499d780127265280b47efca0b3a23c846640c8b78bcf90a1ac95a2f7acc94d87cbdf2ac2a94013208a866beea26212056d97523b7811910cb764cbe9c5de15

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\seller-assist.js

MD5 16394d1858a118e0096115f278ecc034
SHA1 91bad49932bab5b948cc91a703771350df7da65e
SHA256 38d8eb1f1bd1c3bfc85a9df9a6405e93485dd6a1b3b341980f0e3770fe8bb826
SHA512 352c4f60862f0c3737ff29dbee85d51f65867824658716705444e7c086ad2a1eeed69ae5e81522d64070d0b88c3a1ac6dbfafc6c31a76fb2911da90d67ee0aba

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\retailer-window.js

MD5 211646f8d3ad85a9132d9f8bf0fa02a5
SHA1 eba961da53df32d86fc46cc65964767cf85bcf5a
SHA256 b3f14984de69d19775c6fc94d1b8398ff681b77658fc044837a859ee6095de04
SHA512 4fc456a55292bf54f2b5471c0add63086d0fd998142e96dd5d46f6eaa795d4ba45a1e412da1eead904e46dbea3cede92c8f4ddbf241d68f23305650dece7720d

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\retailer-install-QN.js

MD5 560f427408659375b96a8a177ddba729
SHA1 806052ea6c6a54937255e1d038482d1068faa33b
SHA256 2edf427c524679a45dcd1f9fc9de71a5406c438029a7b5590fc076eb0c8dbc5d
SHA512 33a9b5d3f1e40ba2d799abba221aaecbeab628723e47dc4598e35c7481db17ed8f3fe988348a567235e686c4bb17128657d78c1015ac82f00893d4015560445c

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\retailer-auto-complete.js

MD5 192b060dec4f383455b9c95a495f1a1a
SHA1 625b991953ff6ed2ea5192659760f7d4b858f54c
SHA256 1807b4c272e88590d272e52903d902f518d1b3f2af0342ef43cec3b9f45ec565
SHA512 99e5e0e3a2d2fdc26674108ab4b24abdb66f4838bc40a3a4e3efb22442ebacc5182e392c478c2bee6526dd13af3e64484879578f9b88885b8498f46823cbe8b4

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\price-recommend.js

MD5 293c065d74f23d63a2cf569c18156444
SHA1 7000cfdf2c45497f6f1977fd4bb3fa5d226672dd
SHA256 b268e2e13128f26e2a74c14d68e42ba2fd21a49add71ae42d9c79787963ac37b
SHA512 abaacbf848fc69b9d99afa093b5f4a1ebdcbb76b27e97cc756384f6ddf564247d42a977ca4fe426597b3996b3dcbef8e373a2b72d3195797e21624805dec3a20

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\i18n-ebusiness-amazon.js

MD5 c63906cd61bca7f06b805d6efe7034d8
SHA1 8f9923f28cf2871fbc7739df3a797be66292fb46
SHA256 735bc0c83289bdea77b614c9cd4093df3fce850402f4597c60e068da27df1841
SHA512 80120bd9965795c00dbb8a333c517d1d9243ac8d83fe5f3cf87d09f4b0cfb1bf2d261500675151fa662ad544376786aee83e9c1f2ba7395142182e4e73423f31

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\video-download.js

MD5 a87a7af79016978654e25f3555ebf8f7
SHA1 57e5c3b45344f7c3f887043c031d1c675a76dede
SHA256 cc81c94617c61044ad114bca63db0054165159ac992979907a73583a57487ce9
SHA512 51ea0fee40c41c2294c05b59efadc8f8ab91444f7544c4583de1943fd161860a731c23a8c7c38d9b0d263b288de66739fa50c11f871f4b6da0f7fef2ae154e43

C:\Users\Admin\AppData\Local\Temp\scoped_dir_4204_20805\CRX_INSTALL\injection\video-toolbar.js

MD5 bcedeab88530d3d01d05c987287e3594
SHA1 430f75d9272cf0334f89e21a92c1a2ded43afa07
SHA256 a33baec85cb90db0432074d4a014f939e08c26d9f6ddf883fd8cbaa54369bbfe
SHA512 17f4f4b04bb7b2d5a84cc3078d28eb3e1ba78773dc33dc08f567c7fca5c35f53327143ea1f6a69e0f4c19ab1e89f5e070a316f81a7e7572be77c12bbe1fa5b69

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

MD5 136b3d76d6235c4e966eb2d6209af2d5
SHA1 f77294d6ca3759679938e94a80f002cbcc07a47b
SHA256 6c717ed8c688193d13f381247cb485eebaff7a441f1b717c5039abca3c6d2b3e
SHA512 5c2d3395575764b8dde9cdb2b63c4134ae2792d7c81787cd6671f4a35debb4d75b06cfb025b58fcb703268c346349f6ca7335a52c13c57e552d345c37bdc4542

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

MD5 31da309d76b45965430b32fba1416dd6
SHA1 3f979d7517e12f46ef7ef768932cdbfe67a1145f
SHA256 86055f05319488ec16f6b45fd78ced1475ea89e342bb8461ca258ba470956de9
SHA512 ea32115bdab4eb6d1af4ecc5265f6982f4f23a2d6d949a4bdd7360cdd4a6cb3615273e0786d7380bac243253974c2c327fc2dc0af16df4ab4391ade8b73dae1d

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\TransportSecurity~RFe5b58bb.TMP

MD5 0d285bb29df4b88a944573b649c98e6c
SHA1 e323ebe13a06bfee1e3880ab798639a8fac70db7
SHA256 dda757a43e8f0e7de2a3cd29932e2e47af1108c8fb56e1eae8705449b38f19cf
SHA512 61f0815a07467f977d470976af02f5e4f037f71bedf3b9c9d19f9f012a66dd3b363c454746d2b91db80a4839edc0e358e7999c37387cdaeeaefb64f240b5d2bd

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\58C8.tmp

MD5 aafc31bdfeedf1fb002daeaf9062ba94
SHA1 87e820d7805d1a9c9960039593bd7495d5e6bb9a
SHA256 d53bbf92b346c10a76d6f6739f4d4c04882ac34a83c1bb2a6e59ec6f1c42f2a0
SHA512 6ac6d83c801f3756ebfdff11e2f7aab7e29b6b84115a14aa4f3b148e97c25e1f55fee172f65a25fcfc49aa96bfeb0423715a4fcb536e80d74becf904caf11acf

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\89EB.tmp

MD5 4de14f78f1d5ff3f3cc36370b26dc17e
SHA1 ceb6323da4f11efccfbe59a8d504856bdc13c8db
SHA256 c86ae547d592ee699189c9571f1d87427a2df2d48ba01fc2367bbc0eaa79aaa2
SHA512 946aa2feb65dcaa9d0e391c220cd893e08dd90ae1e0a9ea2877a073434809929b9e9fde4b10f8711545ff6f0df274741168cb9dfd8630d7356fb9c192bb4371c

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\A1E9.tmp

MD5 23ab63724a7a42a77b67c74a2ee4602d
SHA1 be03b0c4832d6bab93b0655998c2af8a14bc497f
SHA256 2906ccea44b4e713656304c837f92fc708fba4bafb5a79780987cb9b8e83688f
SHA512 2f9a287f76c6b1bcd794e8e59a4bd1e50b562011edc0d2734605551f0b371c8667415bc716825584843955e27eb2e0f0af62ff1e84196e0dbdbac5d336be84a4

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\AB7F.tmp

MD5 cc5f2f0f099f656586332f32ab8df38b
SHA1 6356617ddbdb4e6d6071b92436f948e393d47b3e
SHA256 531c4f1d3f79f7bfc0140681301c12a69d43e7568c9d6bea0de673e4d460acf4
SHA512 f1269a512a7db4f2a4c08dae5b9bbba9504c3f795fae3c96330a908aff157628871404de15a868f543d009656325607be1b6bc62ef14ac5b153a978922f437f0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

MD5 77c62ad22ca3e4b619cd43a2daa8e46c
SHA1 f24a22eed3b8eda9206ce81c4d27c2a6661f29d1
SHA256 56347ea1f956e33d65cdb8ce487f99355eb77bed32852667c33d3fcb0d7e891c
SHA512 8993df312c2bf24d63e43fd15c850548c63378317c3efeba3609257820170eb73c53d00fa90a45250dd407eb970dda655023afae94dae27a1b747baf7d63244b

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\E3A8.tmp

MD5 83f91395b3fff51f12d44add5132f189
SHA1 f3353817c2e6fe6ec334840c5358c98db880f148
SHA256 a7dbc8421ddba717f609d4c5dfd5e8c9b40dc87ef6b1a25c8a5a50187f22e872
SHA512 30c61b69aa043f7fee2599df1af7c134d0bbaaadce7d3a05f1bad5b00a23239437f36da301a39558bdea658eae05c2e707b3450fc61bc36092b301917a17524c

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\Preferences

MD5 55e15ac07dfacd7b56f04bdd0e42d300
SHA1 336ebca758cb05ff72fd767d4b93078193f25cae
SHA256 61a92fb885dd07227afb5c907b073092793c630e51891744e7e6936946cce00d
SHA512 720383c0e379ba701af194e1fef759ef59619b1a8e956dfe66f0e3ec67a2b2ca4433488ef3abaeb3c2ed47e061e7c0732fbcfc946cc7e694bab8b82afa4f5b7d

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

MD5 6277885d3afbff9478b5ac4507ed8c44
SHA1 a113dd03aea3ddbd2ceff0c220152dbd137ce0fb
SHA256 7eb1e744dd1b09283a3643b2f601c8c16fb7f392747c61757410bb07a73b522a
SHA512 9db215d255e1cfd92582237ac7838cf03e72beb9711cdbaa395b1c6136421485c5995b5108f21a48de11f11e372c014de2a7a4838b4507d174a96eecd09bd949

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Safe Browsing Extension Blacklist

MD5 989cab5415e22e78cabf01730b41b211
SHA1 d8cf7e68568250714632ba03fb7c9a2b93b8a5d5
SHA256 c26a95db49b8202d48b495d29f6e07a462cacb6422e4d7aa2a02be3be6a657e8
SHA512 1925f961d30b9e6da9e0c653b79e878e61009a2aa44573286ecee5b3c56ca8558995db8abca4e7b58d7542b21f856479c71f65e9726367faee08bb6f98a4a224

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a02f79565c3d1e58.customDestinations-ms

MD5 5c4cc292f58f746bed3e0adeae8ee64a
SHA1 bf0581c5a180fba96dd1c26adfd51170f38517ad
SHA256 e5cce7f38fcf60173712a6d44258422d1a2f8c79c8b34759b2d7af76d276a7c5
SHA512 509199fb0090b75520fb595eef54e59360062a09fa6bb5437f981f1ff13d94835888f28f55d50a97670b71885fd8a0795d1d40f7931e4e017d2fb54448299471

C:\Users\Admin\AppData\Local\UCBrowser\User Data_i18n\Default\CEB6.tmp

MD5 ea9530fa97fe6651894ea343022c6586
SHA1 a91832be098649f707eb8f5ce6c31beaa05f743e
SHA256 14e0178cf703fa3dbd016019ae7a6f6718f6debb96c348591591260c9ad7b56b
SHA512 adcea8146db2ad2f05cd69aa334f56f987b8b96e2af3467201517278f57ca763d91c76b2c0931c293dd57dae998b7a37e97f51c87ff0cf90f3aa3121e8b83e94

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

150s

Max time network

159s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\pdfium.dll,#1

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4888 wrote to memory of 2024 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4888 wrote to memory of 2024 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4888 wrote to memory of 2024 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\pdfium.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\pdfium.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2024 -ip 2024

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 588

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2024 -ip 2024

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 804

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
NL 20.103.156.88:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 106.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

149s

Max time network

158s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\access\libfilesystem_plugin.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\access\libfilesystem_plugin.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-07 22:33

Reported

2024-11-07 22:37

Platform

win10ltsc2021-20241023-en

Max time kernel

94s

Max time network

147s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\access\libimem_plugin.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\✱SatUp\plugins\access\libimem_plugin.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp

Files

N/A