8e36f365aa367d174901b6add2966f4cfac58039a4c6724b3dd07c57b001c8d0

Analysis

max time kernel
108s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-03-2023 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iobituninstaller.exe
Size

25.9MB
MD5

777651fb67b8163c2e9aa22afab66024
SHA1

40f07eb7df50d2cd30232600a3bf852ba8ff7ccf
SHA256

8e36f365aa367d174901b6add2966f4cfac58039a4c6724b3dd07c57b001c8d0
SHA512

743b7742ef12657001d8383fc3898ca9fbba2c58a06105293ca86590934c52b11fa5ca63f4d8a0b13bb6aaf3680f6d8a556eb900672351524c3e25feff8b491d
SSDEEP

393216:8jmh3HbzBd6CswobDSfUZfxu5Z7nM4a12ZlZGHBmzgsgigtuSHDzNTkTVq2AHG:GmhXbziCcSfUZfxYMcxgiuDzwh

Score

7^/10

adware discovery persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

IObitUninstaler.exeiobituninstaller.tmpiobituninstaller.tmpiush.exeSetup.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	IObitUninstaler.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	iobituninstaller.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	iobituninstaller.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	iush.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Setup.exe

Executes dropped EXE 15 IoCs

Processes:

iobituninstaller.tmpSetup.exeiobituninstaller.tmpiushrun.exeiush.exeIUService.exeICONPIN64.exeDSPut.exeCrRestore.exeUninstallPromote.exeIObitUninstaler.exeUninstallMonitor.exeiush.exeAUpdate.exeAutoUpdate.exe

pid	process
2180	iobituninstaller.tmp
3476	Setup.exe
2912	iobituninstaller.tmp
4128	iushrun.exe
112	iush.exe
1836	IUService.exe
4380	ICONPIN64.exe
4904	DSPut.exe
2848	CrRestore.exe
4828	UninstallPromote.exe
3912	IObitUninstaler.exe
4856	UninstallMonitor.exe
4088	iush.exe
1148	AUpdate.exe
1344	AutoUpdate.exe

Loads dropped DLL 64 IoCs

Processes:

iushrun.exeiush.exeIUService.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeDSPut.exeExplorer.EXECrRestore.exeUninstallPromote.exeIObitUninstaler.exeUninstallMonitor.exeiush.exe

pid	process
4128	iushrun.exe
4128	iushrun.exe
4128	iushrun.exe
112	iush.exe
112	iush.exe
112	iush.exe
112	iush.exe
1836	IUService.exe
1836	IUService.exe
1836	IUService.exe
1836	IUService.exe
1836	IUService.exe
2172	regsvr32.exe
4648	regsvr32.exe
4156	regsvr32.exe
4156	regsvr32.exe
4996	regsvr32.exe
112	iush.exe
112	iush.exe
112	iush.exe
4904	DSPut.exe
4904	DSPut.exe
4904	DSPut.exe
4904	DSPut.exe
4904	DSPut.exe
3212	Explorer.EXE
2848	CrRestore.exe
2848	CrRestore.exe
2848	CrRestore.exe
2848	CrRestore.exe
2848	CrRestore.exe
2848	CrRestore.exe
4828	UninstallPromote.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
3912	IObitUninstaler.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4088	iush.exe
4088	iush.exe
4088	iush.exe
4088	iush.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe

Modifies system executable filetype association 2 TTPs 5 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

Processes:

regsvr32.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObitUninstaller\ = "{836AB26C-2DE4-41D3-AC24-4C6C2699B960}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObitUninstaller\ = "{836AB26C-2DE4-41D3-AC24-4C6C2699B960}"	regsvr32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 11 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32\ = "C:\\PROGRA~2\\IObit\\IOBITU~1\\UNINST~1.DLL"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Uninstaller\\IUMenuRight.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Uninstaller\\UninstallExplorer.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Uninstaller\\IUMenuRight.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

IObitUninstaler.exe

description	ioc	process
File opened (read-only)	\??\H:	IObitUninstaler.exe
File opened (read-only)	\??\O:	IObitUninstaler.exe
File opened (read-only)	\??\R:	IObitUninstaler.exe
File opened (read-only)	\??\V:	IObitUninstaler.exe
File opened (read-only)	\??\Z:	IObitUninstaler.exe
File opened (read-only)	\??\B:	IObitUninstaler.exe
File opened (read-only)	\??\G:	IObitUninstaler.exe
File opened (read-only)	\??\I:	IObitUninstaler.exe
File opened (read-only)	\??\L:	IObitUninstaler.exe
File opened (read-only)	\??\M:	IObitUninstaler.exe
File opened (read-only)	\??\N:	IObitUninstaler.exe
File opened (read-only)	\??\Q:	IObitUninstaler.exe
File opened (read-only)	\??\S:	IObitUninstaler.exe
File opened (read-only)	\??\A:	IObitUninstaler.exe
File opened (read-only)	\??\F:	IObitUninstaler.exe
File opened (read-only)	\??\Y:	IObitUninstaler.exe
File opened (read-only)	\??\P:	IObitUninstaler.exe
File opened (read-only)	\??\T:	IObitUninstaler.exe
File opened (read-only)	\??\X:	IObitUninstaler.exe
File opened (read-only)	\??\J:	IObitUninstaler.exe
File opened (read-only)	\??\K:	IObitUninstaler.exe
File opened (read-only)	\??\W:	IObitUninstaler.exe
File opened (read-only)	\??\E:	IObitUninstaler.exe
File opened (read-only)	\??\U:	IObitUninstaler.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\NewTime = "2023-03-03 17:54:34:533"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ = "ExplorerWnd Helper"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}\NoInternetExplorer = "1"	regsvr32.exe

Drops file in Program Files directory 64 IoCs

Processes:

iobituninstaller.tmpAutoUpdate.exeCrRestore.exeiush.exeIObitUninstaler.exe

description	ioc	process
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-UQT6N.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-N53KV.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Database\is-TL026.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Database\is-1R9A4.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_x86\is-PI5PK.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win7_ia64\is-T148L.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Update\Temp\	AutoUpdate.exe
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-J2FUU.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-DS2HC.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\History\is-M72VL.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.dat	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\update\appver-ac.ini	AutoUpdate.exe
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-2THE1.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Language\is-8BFVH.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win7_x86\is-SD5UO.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Update\	AutoUpdate.exe
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-34PT1.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-V3VI9.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_ia64\is-OJIJH.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_x86\IURegistryFilter.sys	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.dat	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-U58SD.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Language\is-4CL1K.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_x86\IUProcessFilter.sys	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win7_amd64\is-DMBDE.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Update\Temp\UninstallRote11.zlb	AutoUpdate.exe
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Database\is-4A4LK.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win7_x86\is-LH79P.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-UU5K3.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-8GAMS.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Language\is-PHP8D.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Language\is-PEA7I.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Database\is-CHH7E.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Database\is-D074R.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-F0IC7.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_x86\IUFileFilter.sys	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_x86\IUForceDelete.sys	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_x86\is-3MKFM.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Backup\	CrRestore.exe
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\update\update.ini.tmp	AutoUpdate.exe
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-SRB4J.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-FTCGG.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Language\is-8LE01.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_ia64\IUForceDelete.sys	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win7_ia64\IUFileFilter.sys	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win7_x86\is-HU4KA.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Update\Temp\Database\usoft.dbd	AutoUpdate.exe
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Language\is-JNDSV.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win7_ia64\is-6692M.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Update\Update.ini	iush.exe
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-FU42D.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Language\is-EP1ON.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_amd64\IUFileFilter.sys	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Backup\IObitUninstaler.exe	CrRestore.exe
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\History\is-B3FII.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_amd64\IUForceDelete.sys	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\History\English.ini	IObitUninstaler.exe
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-976D0.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\is-UI3Q1.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\History\is-DDPCN.tmp	iobituninstaller.tmp
File created	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win10_amd64\is-J3KFH.tmp	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win7_ia64\IUProcessFilter.sys	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win7_x86\IUForceDelete.sys	iobituninstaller.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Uninstaller\Drivers\win7_x86\IUProcessFilter.sys	iobituninstaller.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 5 IoCs

installer

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\is-M2VTN.tmp\iush.exe	nsis_installer_2
C:\Users\Admin\AppData\Local\Temp\is-M2VTN.tmp\Installer\iushrun.exe	nsis_installer_2
C:\Users\Admin\AppData\Local\Temp\is-M2VTN.tmp\Installer\iushrun.exe	nsis_installer_2
C:\Program Files (x86)\IObit\IObit Uninstaller\iush.exe	nsis_installer_2
C:\Program Files (x86)\IObit\IObit Uninstaller\iush.exe	nsis_installer_2

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exeiush.exeregsvr32.exeExplorer.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DAF0374A-11AB-4E4E-B141-663E77D63E4C}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DAF0374A-11AB-4E4E-B141-663E77D63E4C}\1.0\ = "PfShellExtension 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UninstallExplorer.ExplorerBtn	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command\ = "\"C:\\Program Files (x86)\\IObit\\IObit Uninstaller\\IObitUninstaler.exe\" control_statistics"	iush.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObitUninstaller\ = "{836AB26C-2DE4-41D3-AC24-4C6C2699B960}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObitUninstaller\ = "{836AB26C-2DE4-41D3-AC24-4C6C2699B960}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObitUninstaller\ = "{836AB26C-2DE4-41D3-AC24-4C6C2699B960}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DAF0374A-11AB-4E4E-B141-663E77D63E4C}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\IObit\\IObit Uninstaller"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UninstallExplorer.ExplorerBtn\ = "ExplorerWnd Helper"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open	iush.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObitUninstaller\ = "{836AB26C-2DE4-41D3-AC24-4C6C2699B960}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Uninstaller\\IUMenuRight.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32\ = "C:\\PROGRA~2\\IObit\\IOBITU~1\\UNINST~1.DLL"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ProgID\ = "UninstallExplorer.ExplorerBtn"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\ShellFolder\Attributes = "48"	iush.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Explorer.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PfShellExtension.DLL\AppID = "{59A55EF0-525F-4276-AB62-8F7E5F230399}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{59A55EF0-525F-4276-AB62-8F7E5F230399}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IObitUninstaller\ = "{836AB26C-2DE4-41D3-AC24-4C6C2699B960}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Uninstaller\\UninstallExplorer.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{59A55EF0-525F-4276-AB62-8F7E5F230399}\ = "PfShellExtension"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DAF0374A-11AB-4E4E-B141-663E77D63E4C}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	iush.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	iush.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\ = "IObitUninstaller Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DAF0374A-11AB-4E4E-B141-663E77D63E4C}\1.0\0\win64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UninstallExplorer.ExplorerBtn\Clsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DAF0374A-11AB-4E4E-B141-663E77D63E4C}\1.0\0	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	Explorer.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Uninstaller\\IUMenuRight.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObitUninstaller\ = "{836AB26C-2DE4-41D3-AC24-4C6C2699B960}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\ = "IObit Uninstaller"	iush.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\Shell\Open\command	iush.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PfShellExtension.DLL\AppID = "{59A55EF0-525F-4276-AB62-8F7E5F230399}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}	iush.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Explorer.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObitUninstaller\ = "{836AB26C-2DE4-41D3-AC24-4C6C2699B960}"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\{305CA226-D286-468e-B848-2B2E8E697B74} 2 = "8"	iush.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\DefaultIcon	iush.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8DE189EC-C9C8-4D31-9F18-E0B7407019A9}\ShellFolder	iush.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObitUninstaller	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IObitUninstaller\ = "{836AB26C-2DE4-41D3-AC24-4C6C2699B960}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{836AB26C-2DE4-41D3-AC24-4C6C2699B960}\ = "IObitUninstaller Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DAF0374A-11AB-4E4E-B141-663E77D63E4C}\1.0\HELPDIR	regsvr32.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

IObitUninstaler.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	IObitUninstaler.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	IObitUninstaler.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	IObitUninstaler.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	IObitUninstaler.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c000000010000000400000000080000040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	IObitUninstaler.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Setup.exeiushrun.exeiush.exeIUService.exeDSPut.exeCrRestore.exeiobituninstaller.tmpUninstallPromote.exeIObitUninstaler.exeUninstallMonitor.exeiush.exe

pid	process
3476	Setup.exe
3476	Setup.exe
3476	Setup.exe
3476	Setup.exe
4128	iushrun.exe
4128	iushrun.exe
4128	iushrun.exe
4128	iushrun.exe
4128	iushrun.exe
4128	iushrun.exe
4128	iushrun.exe
4128	iushrun.exe
112	iush.exe
112	iush.exe
112	iush.exe
112	iush.exe
1836	IUService.exe
1836	IUService.exe
4904	DSPut.exe
4904	DSPut.exe
112	iush.exe
112	iush.exe
2848	CrRestore.exe
2848	CrRestore.exe
2848	CrRestore.exe
2848	CrRestore.exe
1836	IUService.exe
1836	IUService.exe
2912	iobituninstaller.tmp
2912	iobituninstaller.tmp
4828	UninstallPromote.exe
4828	UninstallPromote.exe
4828	UninstallPromote.exe
4828	UninstallPromote.exe
4828	UninstallPromote.exe
4828	UninstallPromote.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4088	iush.exe
4088	iush.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4088	iush.exe
4088	iush.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe
3912	IObitUninstaler.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Explorer.EXE

pid process

3212 Explorer.EXE
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

664

pid	process
3212	Explorer.EXE

pid	process
664

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Explorer.EXEUninstallMonitor.exe

description	pid	process
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeDebugPrivilege	4856	UninstallMonitor.exe
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE
Token: SeCreatePagefilePrivilege	3212	Explorer.EXE
Token: SeShutdownPrivilege	3212	Explorer.EXE

Suspicious use of FindShellTrayWindow 13 IoCs

Processes:

Setup.exeiushrun.exeiobituninstaller.tmpiush.exeExplorer.EXECrRestore.exeIObitUninstaler.exeUninstallMonitor.exeiush.exeAutoUpdate.exe

pid	process
3476	Setup.exe
3476	Setup.exe
4128	iushrun.exe
2912	iobituninstaller.tmp
112	iush.exe
3212	Explorer.EXE
2848	CrRestore.exe
3912	IObitUninstaler.exe
4856	UninstallMonitor.exe
4856	UninstallMonitor.exe
4088	iush.exe
1344	AutoUpdate.exe
1344	AutoUpdate.exe

Suspicious use of SendNotifyMessage 1 IoCs

Processes:

AutoUpdate.exe

pid process

1344 AutoUpdate.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

iush.exeDSPut.exeICONPIN64.exe

pid process

112 iush.exe
4904 DSPut.exe
4380 ICONPIN64.exe

pid	process
1344	AutoUpdate.exe

pid	process
112	iush.exe
4904	DSPut.exe
4380	ICONPIN64.exe

Suspicious use of WriteProcessMemory 60 IoCs

Processes:

iobituninstaller.exeiobituninstaller.tmpSetup.exeiobituninstaller.exeiobituninstaller.tmpiush.exeregsvr32.exeregsvr32.exeICONPIN64.exeIObitUninstaler.exeregsvr32.exe

description	pid	process	target process
PID 2144 wrote to memory of 2180	2144	iobituninstaller.exe	iobituninstaller.tmp
PID 2144 wrote to memory of 2180	2144	iobituninstaller.exe	iobituninstaller.tmp
PID 2144 wrote to memory of 2180	2144	iobituninstaller.exe	iobituninstaller.tmp
PID 2180 wrote to memory of 3476	2180	iobituninstaller.tmp	Setup.exe
PID 2180 wrote to memory of 3476	2180	iobituninstaller.tmp	Setup.exe
PID 2180 wrote to memory of 3476	2180	iobituninstaller.tmp	Setup.exe
PID 3476 wrote to memory of 764	3476	Setup.exe	iobituninstaller.exe
PID 3476 wrote to memory of 764	3476	Setup.exe	iobituninstaller.exe
PID 3476 wrote to memory of 764	3476	Setup.exe	iobituninstaller.exe
PID 764 wrote to memory of 2912	764	iobituninstaller.exe	iobituninstaller.tmp
PID 764 wrote to memory of 2912	764	iobituninstaller.exe	iobituninstaller.tmp
PID 764 wrote to memory of 2912	764	iobituninstaller.exe	iobituninstaller.tmp
PID 2912 wrote to memory of 4128	2912	iobituninstaller.tmp	iushrun.exe
PID 2912 wrote to memory of 4128	2912	iobituninstaller.tmp	iushrun.exe
PID 2912 wrote to memory of 4128	2912	iobituninstaller.tmp	iushrun.exe
PID 2912 wrote to memory of 112	2912	iobituninstaller.tmp	iush.exe
PID 2912 wrote to memory of 112	2912	iobituninstaller.tmp	iush.exe
PID 2912 wrote to memory of 112	2912	iobituninstaller.tmp	iush.exe
PID 112 wrote to memory of 2172	112	iush.exe	regsvr32.exe
PID 112 wrote to memory of 2172	112	iush.exe	regsvr32.exe
PID 112 wrote to memory of 2172	112	iush.exe	regsvr32.exe
PID 112 wrote to memory of 4648	112	iush.exe	regsvr32.exe
PID 112 wrote to memory of 4648	112	iush.exe	regsvr32.exe
PID 112 wrote to memory of 4648	112	iush.exe	regsvr32.exe
PID 2172 wrote to memory of 4996	2172	regsvr32.exe	regsvr32.exe
PID 2172 wrote to memory of 4996	2172	regsvr32.exe	regsvr32.exe
PID 4648 wrote to memory of 4156	4648	regsvr32.exe	regsvr32.exe
PID 4648 wrote to memory of 4156	4648	regsvr32.exe	regsvr32.exe
PID 112 wrote to memory of 4380	112	iush.exe	ICONPIN64.exe
PID 112 wrote to memory of 4380	112	iush.exe	ICONPIN64.exe
PID 112 wrote to memory of 4904	112	iush.exe	DSPut.exe
PID 112 wrote to memory of 4904	112	iush.exe	DSPut.exe
PID 112 wrote to memory of 4904	112	iush.exe	DSPut.exe
PID 4380 wrote to memory of 3212	4380	ICONPIN64.exe	Explorer.EXE
PID 2912 wrote to memory of 2848	2912	iobituninstaller.tmp	CrRestore.exe
PID 2912 wrote to memory of 2848	2912	iobituninstaller.tmp	CrRestore.exe
PID 2912 wrote to memory of 2848	2912	iobituninstaller.tmp	CrRestore.exe
PID 2912 wrote to memory of 4828	2912	iobituninstaller.tmp	UninstallPromote.exe
PID 2912 wrote to memory of 4828	2912	iobituninstaller.tmp	UninstallPromote.exe
PID 2912 wrote to memory of 4828	2912	iobituninstaller.tmp	UninstallPromote.exe
PID 3476 wrote to memory of 3912	3476	Setup.exe	IObitUninstaler.exe
PID 3476 wrote to memory of 3912	3476	Setup.exe	IObitUninstaler.exe
PID 3476 wrote to memory of 3912	3476	Setup.exe	IObitUninstaler.exe
PID 3912 wrote to memory of 4856	3912	IObitUninstaler.exe	UninstallMonitor.exe
PID 3912 wrote to memory of 4856	3912	IObitUninstaler.exe	UninstallMonitor.exe
PID 3912 wrote to memory of 4856	3912	IObitUninstaler.exe	UninstallMonitor.exe
PID 3476 wrote to memory of 4088	3476	Setup.exe	iush.exe
PID 3476 wrote to memory of 4088	3476	Setup.exe	iush.exe
PID 3476 wrote to memory of 4088	3476	Setup.exe	iush.exe
PID 3912 wrote to memory of 5032	3912	IObitUninstaler.exe	regsvr32.exe
PID 3912 wrote to memory of 5032	3912	IObitUninstaler.exe	regsvr32.exe
PID 3912 wrote to memory of 5032	3912	IObitUninstaler.exe	regsvr32.exe
PID 5032 wrote to memory of 408	5032	regsvr32.exe	regsvr32.exe
PID 5032 wrote to memory of 408	5032	regsvr32.exe	regsvr32.exe
PID 3912 wrote to memory of 1148	3912	IObitUninstaler.exe	AUpdate.exe
PID 3912 wrote to memory of 1148	3912	IObitUninstaler.exe	AUpdate.exe
PID 3912 wrote to memory of 1148	3912	IObitUninstaler.exe	AUpdate.exe
PID 3912 wrote to memory of 1344	3912	IObitUninstaler.exe	AutoUpdate.exe
PID 3912 wrote to memory of 1344	3912	IObitUninstaler.exe	AutoUpdate.exe
PID 3912 wrote to memory of 1344	3912	IObitUninstaler.exe	AutoUpdate.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3212

C:\Users\Admin\AppData\Local\Temp\iobituninstaller.exe
"C:\Users\Admin\AppData\Local\Temp\iobituninstaller.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:2144

C:\Users\Admin\AppData\Local\Temp\is-9NNI8.tmp\iobituninstaller.tmp
"C:\Users\Admin\AppData\Local\Temp\is-9NNI8.tmp\iobituninstaller.tmp" /SL5="$C004A,26554143,139264,C:\Users\Admin\AppData\Local\Temp\iobituninstaller.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2180

C:\Users\Admin\AppData\Local\Temp\is-0KVGR.tmp\Installer\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-0KVGR.tmp\Installer\Setup.exe" /setup "C:\Users\Admin\AppData\Local\Temp\iobituninstaller.exe" "" "/Ver=12.3.0.9"
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3476

C:\Users\Admin\AppData\Local\Temp\iobituninstaller.exe
"C:\Users\Admin\AppData\Local\Temp\iobituninstaller.exe" /verysilent /NORESTART /DIR="C:\Program Files (x86)\IObit\IObit Uninstaller\" /TASKS="desktopicon, " /do /dt ""
5⤵
- Suspicious use of WriteProcessMemory
PID:764

C:\Users\Admin\AppData\Local\Temp\is-LCJ8D.tmp\iobituninstaller.tmp
"C:\Users\Admin\AppData\Local\Temp\is-LCJ8D.tmp\iobituninstaller.tmp" /SL5="$7005E,26554143,139264,C:\Users\Admin\AppData\Local\Temp\iobituninstaller.exe" /verysilent /NORESTART /DIR="C:\Program Files (x86)\IObit\IObit Uninstaller\" /TASKS="desktopicon, " /do /dt ""
6⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2912

C:\Users\Admin\AppData\Local\Temp\is-M2VTN.tmp\Installer\iushrun.exe
"C:\Users\Admin\AppData\Local\Temp\is-M2VTN.tmp\Installer\iushrun.exe" /ii "C:\Program Files (x86)\IObit\IObit Uninstaller"
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4128

C:\Program Files (x86)\IObit\IObit Uninstaller\iush.exe
"C:\Program Files (x86)\IObit\IObit Uninstaller\iush.exe" /if "C:\Program Files (x86)\IObit\IObit Uninstaller" /dt /insur=
7⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:112

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll"
8⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2172

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll"
9⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies registry class
PID:4996

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll"
8⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4648

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll"
9⤵
- Loads dropped DLL
- Registers COM server for autorun
- Installs/modifies Browser Helper Object
- Modifies registry class
PID:4156

C:\Program Files (x86)\IObit\IObit Uninstaller\TaskbarPin\ICONPIN64.exe
"C:\Program Files (x86)\IObit\IObit Uninstaller\TaskbarPin\ICONPIN64.exe" Pin "C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe"
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4380

C:\Program Files (x86)\IObit\IObit Uninstaller\DSPut.exe
"C:\Program Files (x86)\IObit\IObit Uninstaller\DSPut.exe" /Now /update /W3sidmVyc2lvbiI6IjAuMC4wLjAiLCJzaG93IjowLCJjbGljayI6MCwibGFzdCI6MH1d
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4904

C:\Program Files (x86)\IObit\IObit Uninstaller\CrRestore.exe
"C:\Program Files (x86)\IObit\IObit Uninstaller\CrRestore.exe" /Backup
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:2848

C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote.exe
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote.exe" /INSTALL un12
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4828

C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
"C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" /setup
5⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3912

C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
"C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe" /Set
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4856

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll"
6⤵
- Suspicious use of WriteProcessMemory
PID:5032

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll"
7⤵
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies registry class
PID:408

C:\Program Files (x86)\IObit\IObit Uninstaller\AUpdate.exe
"C:\Program Files (x86)\IObit\IObit Uninstaller\AUpdate.exe" /a un12 /p iobit /v 12.3.0.9 /t 1 /d 7 /un /user
6⤵
- Executes dropped EXE
PID:1148

C:\Program Files (x86)\IObit\IObit Uninstaller\AutoUpdate.exe
"C:\Program Files (x86)\IObit\IObit Uninstaller\AutoUpdate.exe" /Nomal
6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1344

C:\Program Files (x86)\IObit\IObit Uninstaller\iush.exe
"C:\Program Files (x86)\IObit\IObit Uninstaller\iush.exe" /tmpDir="C:\Users\Admin\AppData\Local\Temp\is-0KVGR.tmp\"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4088

C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
"C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1836

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\IObit\IObit Uninstaller\CrRestore.exe
Filesize
1.0MB

MD5
b36135b0836dd61fc18102b2699b9465

SHA1
f9e48a659981956207f35c92be8e910ca806bbc4

SHA256
07fb2cd4620a2e399f2e6ea53de5c287fb40e02c4a848a6059785d467bb2e097

SHA512
956f2de321313acca1c90660118749c49d928ce35cf1983b5e47305a7a6e0dbc8272868d6e9f911f6506d36a2f93cda91f03676710305692331527deab6ffd34

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\DSPut.exe
Filesize
450KB

MD5
ed38b7101f2fdb4573475c38e9e8c4ea

SHA1
5cc006addc98fda2838fdfe4a3505dfbb542c7ec

SHA256
40c7cc30408610946a394a227a563b7912e73f5f433c3b40e77d6ffbd4331f8e

SHA512
344afe867e662daf66310b112acef8c13c6cde9657ae3b8d0f072eefc8938fb1f8b59fd2e9d6687b66a7f5f0aba604a6210f9d13df84ab9dd25f58f48b1704cb

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\DSPut.exe
Filesize
450KB

MD5
ed38b7101f2fdb4573475c38e9e8c4ea

SHA1
5cc006addc98fda2838fdfe4a3505dfbb542c7ec

SHA256
40c7cc30408610946a394a227a563b7912e73f5f433c3b40e77d6ffbd4331f8e

SHA512
344afe867e662daf66310b112acef8c13c6cde9657ae3b8d0f072eefc8938fb1f8b59fd2e9d6687b66a7f5f0aba604a6210f9d13df84ab9dd25f58f48b1704cb

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Filesize
9.0MB

MD5
9efa2c5cbfe979e6791664ded277864f

SHA1
0850f334d03c4703fa3647bab1a40b9ec1a34b6f

SHA256
457013d910cdc7873509f2dd8a48ceef48f73e95d7cdd965ac4c3bf9094f3518

SHA512
026eb17fb44620932096e01c15670c1c3c99b97bea2421f39cb2e2b6b99bde9ffc6cff54860e56f0a742ae931ea41df41fb949509df0a4f339afff93e5a69a56

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Filesize
9.0MB

MD5
9efa2c5cbfe979e6791664ded277864f

SHA1
0850f334d03c4703fa3647bab1a40b9ec1a34b6f

SHA256
457013d910cdc7873509f2dd8a48ceef48f73e95d7cdd965ac4c3bf9094f3518

SHA512
026eb17fb44620932096e01c15670c1c3c99b97bea2421f39cb2e2b6b99bde9ffc6cff54860e56f0a742ae931ea41df41fb949509df0a4f339afff93e5a69a56

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
Filesize
279KB

MD5
1ebc697e2208dfdd334614ec68748bdc

SHA1
675651d163ade43e999ee717af0bafe30bc87794

SHA256
aaa6f093939a529d35006bd0ac85c3dfd08afd3b9d962bd89c7aca9fbdc0dc1b

SHA512
d0b49ea29b0ee68ffe10354c9af41a398152c2028c4c074c86fdf9aadf3b0d71c4abcf9019e23b89f544f0e3a09584865549407457d442a1e4df58dd2a0c5c9b

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
Filesize
279KB

MD5
1ebc697e2208dfdd334614ec68748bdc

SHA1
675651d163ade43e999ee717af0bafe30bc87794

SHA256
aaa6f093939a529d35006bd0ac85c3dfd08afd3b9d962bd89c7aca9fbdc0dc1b

SHA512
d0b49ea29b0ee68ffe10354c9af41a398152c2028c4c074c86fdf9aadf3b0d71c4abcf9019e23b89f544f0e3a09584865549407457d442a1e4df58dd2a0c5c9b

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
Filesize
279KB

MD5
1ebc697e2208dfdd334614ec68748bdc

SHA1
675651d163ade43e999ee717af0bafe30bc87794

SHA256
aaa6f093939a529d35006bd0ac85c3dfd08afd3b9d962bd89c7aca9fbdc0dc1b

SHA512
d0b49ea29b0ee68ffe10354c9af41a398152c2028c4c074c86fdf9aadf3b0d71c4abcf9019e23b89f544f0e3a09584865549407457d442a1e4df58dd2a0c5c9b

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll
Filesize
279KB

MD5
1ebc697e2208dfdd334614ec68748bdc

SHA1
675651d163ade43e999ee717af0bafe30bc87794

SHA256
aaa6f093939a529d35006bd0ac85c3dfd08afd3b9d962bd89c7aca9fbdc0dc1b

SHA512
d0b49ea29b0ee68ffe10354c9af41a398152c2028c4c074c86fdf9aadf3b0d71c4abcf9019e23b89f544f0e3a09584865549407457d442a1e4df58dd2a0c5c9b

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
Filesize
163KB

MD5
d14256b80b0d05980a6a16ed1a88c183

SHA1
6e7c4a3ec4210b9e98975faaf812bc2a9f16e58d

SHA256
e4fbb7dff7cd225802a38f2a79071e18f772788f0f6b0642e88276c51fe6216b

SHA512
43654762ae4326ba7f6a46732426dd049b16df66a0ec41880c46f83984693561b4b0cc83fa8d25212437fb3bb0fcbac56ef3aa7a4b4088002dbd312748afbbc6

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
Filesize
163KB

MD5
d14256b80b0d05980a6a16ed1a88c183

SHA1
6e7c4a3ec4210b9e98975faaf812bc2a9f16e58d

SHA256
e4fbb7dff7cd225802a38f2a79071e18f772788f0f6b0642e88276c51fe6216b

SHA512
43654762ae4326ba7f6a46732426dd049b16df66a0ec41880c46f83984693561b4b0cc83fa8d25212437fb3bb0fcbac56ef3aa7a4b4088002dbd312748afbbc6

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
Filesize
1.8MB

MD5
2423af45638cccfd934bd903e6ffd38a

SHA1
c7b04774ee368d3f697c58fa5932c5106fba9580

SHA256
4b47b481d2bb327e784413d803d902cdd0758e202f2f494fcce4332037c54fd8

SHA512
b94a03681e8c59aadf1ce27b0fe616cdf46394462c431d334e7b9cd7be5a7d9dc20a275451b3db40a9e311707c9635dea16a81d6f7982358027766003582141c

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
Filesize
1.8MB

MD5
2423af45638cccfd934bd903e6ffd38a

SHA1
c7b04774ee368d3f697c58fa5932c5106fba9580

SHA256
4b47b481d2bb327e784413d803d902cdd0758e202f2f494fcce4332037c54fd8

SHA512
b94a03681e8c59aadf1ce27b0fe616cdf46394462c431d334e7b9cd7be5a7d9dc20a275451b3db40a9e311707c9635dea16a81d6f7982358027766003582141c

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
Filesize
1.8MB

MD5
2423af45638cccfd934bd903e6ffd38a

SHA1
c7b04774ee368d3f697c58fa5932c5106fba9580

SHA256
4b47b481d2bb327e784413d803d902cdd0758e202f2f494fcce4332037c54fd8

SHA512
b94a03681e8c59aadf1ce27b0fe616cdf46394462c431d334e7b9cd7be5a7d9dc20a275451b3db40a9e311707c9635dea16a81d6f7982358027766003582141c

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\RegisterCom.dll
Filesize
1000KB

MD5
802cd64f6ea985824b2ff10130147640

SHA1
998ee7a9587e780e84f5a43a6e8f02c100cd43ca

SHA256
87672dd803468ddc2561ecacb5cb9b3384fec231f6694d02efa8cdc9ff867223

SHA512
a68a09112ee7a17c332008bf65d13fa5b6cf458d59d9c927f16bf2ab9705cf58285d53c116658b2644318d246771deb23ce544f719a7b3605801d3c4365bbcdc

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\RegisterCom.dll
Filesize
1000KB

MD5
802cd64f6ea985824b2ff10130147640

SHA1
998ee7a9587e780e84f5a43a6e8f02c100cd43ca

SHA256
87672dd803468ddc2561ecacb5cb9b3384fec231f6694d02efa8cdc9ff867223

SHA512
a68a09112ee7a17c332008bf65d13fa5b6cf458d59d9c927f16bf2ab9705cf58285d53c116658b2644318d246771deb23ce544f719a7b3605801d3c4365bbcdc

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\RegisterCom.dll
Filesize
1000KB

MD5
802cd64f6ea985824b2ff10130147640

SHA1
998ee7a9587e780e84f5a43a6e8f02c100cd43ca

SHA256
87672dd803468ddc2561ecacb5cb9b3384fec231f6694d02efa8cdc9ff867223

SHA512
a68a09112ee7a17c332008bf65d13fa5b6cf458d59d9c927f16bf2ab9705cf58285d53c116658b2644318d246771deb23ce544f719a7b3605801d3c4365bbcdc

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\TaskbarPin\ICONPIN64.exe
Filesize
29KB

MD5
4242689df51da391224d434ff64b9463

SHA1
829846f31806ce712bcd312f151226ecbfa97333

SHA256
f0ab6493568e2e7469b3f6e82c798de786317e978b455eca6548dfb3beb87782

SHA512
5f11b3126d20d0a9e7d33c6ee7a0efade88e4549e07a9deeb8ca5d9fc985a8dfb98c4f97c17eba8b91d4e70eb814b263e69de93a4a8af7dd44f3ce1e98711a05

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\TaskbarPin\ICONPIN64.exe
Filesize
29KB

MD5
4242689df51da391224d434ff64b9463

SHA1
829846f31806ce712bcd312f151226ecbfa97333

SHA256
f0ab6493568e2e7469b3f6e82c798de786317e978b455eca6548dfb3beb87782

SHA512
5f11b3126d20d0a9e7d33c6ee7a0efade88e4549e07a9deeb8ca5d9fc985a8dfb98c4f97c17eba8b91d4e70eb814b263e69de93a4a8af7dd44f3ce1e98711a05

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
Filesize
2.4MB

MD5
05066aff4c5cedacbd35dae7b9ae7f62

SHA1
2335db652b28109dfb80b74e067974cd87a768b7

SHA256
050e79882e2c4fde169c8595baaf7cf24bb8ae3cdb6f8c65ced1a9670e762414

SHA512
da2ff93f25390f4f5e34e19b11ea3f1604cdfcf18f28b470dcd2d4849d1c209c5934f2a7f2c614bdd213afdcf8967a727d80035652ced9964b0562ef704b2a33

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
Filesize
2.4MB

MD5
05066aff4c5cedacbd35dae7b9ae7f62

SHA1
2335db652b28109dfb80b74e067974cd87a768b7

SHA256
050e79882e2c4fde169c8595baaf7cf24bb8ae3cdb6f8c65ced1a9670e762414

SHA512
da2ff93f25390f4f5e34e19b11ea3f1604cdfcf18f28b470dcd2d4849d1c209c5934f2a7f2c614bdd213afdcf8967a727d80035652ced9964b0562ef704b2a33

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
Filesize
2.4MB

MD5
05066aff4c5cedacbd35dae7b9ae7f62

SHA1
2335db652b28109dfb80b74e067974cd87a768b7

SHA256
050e79882e2c4fde169c8595baaf7cf24bb8ae3cdb6f8c65ced1a9670e762414

SHA512
da2ff93f25390f4f5e34e19b11ea3f1604cdfcf18f28b470dcd2d4849d1c209c5934f2a7f2c614bdd213afdcf8967a727d80035652ced9964b0562ef704b2a33

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
Filesize
2.4MB

MD5
05066aff4c5cedacbd35dae7b9ae7f62

SHA1
2335db652b28109dfb80b74e067974cd87a768b7

SHA256
050e79882e2c4fde169c8595baaf7cf24bb8ae3cdb6f8c65ced1a9670e762414

SHA512
da2ff93f25390f4f5e34e19b11ea3f1604cdfcf18f28b470dcd2d4849d1c209c5934f2a7f2c614bdd213afdcf8967a727d80035652ced9964b0562ef704b2a33

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote.exe
Filesize
3.7MB

MD5
dc346f0543d10d0d201598a085ff68ee

SHA1
a297c32445a1e87e81641f6055621c10c584479a

SHA256
69cb33f342a778ec542567822db72cbf872177b86eaea268adc90e69748baa8e

SHA512
9f154847aee267d652d8b3a6d048ea7f52407c12adb8ee1ac91a07c0ce3217abac4f74ff756b2eda9fd39ff782d5202f4e0a6d37c0939daacba0c2965388bbf6

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\is-976D0.tmp
Filesize
1.2MB

MD5
04ed91f797aab3675201f21dd84de8e1

SHA1
88489c2853c5983b01b1eeb0a307a444e7cb405a

SHA256
8b4d460ddb8e8420cbffe2a7d60a11cff6a3e4762208f8b56f7af83fd5ec1fc6

SHA512
5926502702d26abd4959ba2c7a704c8b11aa077682c8807fce181364a1691624137f7a0a48d58166d400bf5bb948c2b8e916a8826520869582540e424ea2d80b

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\is-B5QCJ.tmp
Filesize
355KB

MD5
12b13db0565a0af61ffd9cef26add254

SHA1
2f30e6c42e96631abe43fbd81cbc71a21a822b4f

SHA256
410e57cba652d22094adbbcaed127367155aaab37cb89ab2e4443c33b3da73f9

SHA512
0cf13e52ef875fe04821d9a35db44f209c9ab91af65e9e4f8f4c8a5e3219170f6d5d7569d4eb7f358030ff3b34f64f9f31075660063a0c5c4ac9e759f155e0a0

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\is-VBGKN.tmp
Filesize
1.7MB

MD5
8d0618e4b9e598ce22d1561357850e8a

SHA1
f28a567669ddcac344230d13032f5f21775a9206

SHA256
105d76c2e3cdc43b60e73316186024e09962913ebd638701aa1b110931204e50

SHA512
288b12b7fd3f05ca82fd89739c8353b601e37b9119dcc4c25df124aa9cb1442f35782cec9f25ef8b2e41ecef1eef329d3e71335eac309bbf7357d2d0389ba2e1

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\iush.exe
Filesize
5.1MB

MD5
ffc5d2a25105740bbfe1309e3093fec1

SHA1
29117ef35406b3c9620ab2d1d0ac54907d3f2b44

SHA256
3418a6b01d1ec08562b7efa0c9ceab0928fbf08e139e4daf75d40b5ecffdebe1

SHA512
39f19008552f42d5105427ac7d25a0d8beffa21d36d1f9d6b6668db3b654ded201391e5d561c07ba8d707279abcfda246c615eb24017c4cbb1424af434c53a09

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\iush.exe
Filesize
5.1MB

MD5
ffc5d2a25105740bbfe1309e3093fec1

SHA1
29117ef35406b3c9620ab2d1d0ac54907d3f2b44

SHA256
3418a6b01d1ec08562b7efa0c9ceab0928fbf08e139e4daf75d40b5ecffdebe1

SHA512
39f19008552f42d5105427ac7d25a0d8beffa21d36d1f9d6b6668db3b654ded201391e5d561c07ba8d707279abcfda246c615eb24017c4cbb1424af434c53a09

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\lang.dat
Filesize
64B

MD5
57e662a5837b148d81299227db5466fc

SHA1
2b97cf3c51dbedc7332cc197eadd8a471bf0b537

SHA256
8fafe1313c12256581c7698302d8eab1d2a21739ee57adeb850260d0df22503c

SHA512
3028a8125b144a221872de60d33352b0720711019e04688f99670b8f6180647020f38b8be60a7b14d06e3fd9ab0210bd8e2deac5759702d66336b3852eda1593

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\libcrypto-1_1.dll
Filesize
1.7MB

MD5
8d0618e4b9e598ce22d1561357850e8a

SHA1
f28a567669ddcac344230d13032f5f21775a9206

SHA256
105d76c2e3cdc43b60e73316186024e09962913ebd638701aa1b110931204e50

SHA512
288b12b7fd3f05ca82fd89739c8353b601e37b9119dcc4c25df124aa9cb1442f35782cec9f25ef8b2e41ecef1eef329d3e71335eac309bbf7357d2d0389ba2e1

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\libcrypto-1_1.dll
Filesize
1.7MB

MD5
8d0618e4b9e598ce22d1561357850e8a

SHA1
f28a567669ddcac344230d13032f5f21775a9206

SHA256
105d76c2e3cdc43b60e73316186024e09962913ebd638701aa1b110931204e50

SHA512
288b12b7fd3f05ca82fd89739c8353b601e37b9119dcc4c25df124aa9cb1442f35782cec9f25ef8b2e41ecef1eef329d3e71335eac309bbf7357d2d0389ba2e1

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\libssl-1_1.dll
Filesize
355KB

MD5
12b13db0565a0af61ffd9cef26add254

SHA1
2f30e6c42e96631abe43fbd81cbc71a21a822b4f

SHA256
410e57cba652d22094adbbcaed127367155aaab37cb89ab2e4443c33b3da73f9

SHA512
0cf13e52ef875fe04821d9a35db44f209c9ab91af65e9e4f8f4c8a5e3219170f6d5d7569d4eb7f358030ff3b34f64f9f31075660063a0c5c4ac9e759f155e0a0

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\libssl-1_1.dll
Filesize
355KB

MD5
12b13db0565a0af61ffd9cef26add254

SHA1
2f30e6c42e96631abe43fbd81cbc71a21a822b4f

SHA256
410e57cba652d22094adbbcaed127367155aaab37cb89ab2e4443c33b3da73f9

SHA512
0cf13e52ef875fe04821d9a35db44f209c9ab91af65e9e4f8f4c8a5e3219170f6d5d7569d4eb7f358030ff3b34f64f9f31075660063a0c5c4ac9e759f155e0a0

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
Filesize
205KB

MD5
0470b3205faf06b0b807629c7462ea90

SHA1
b0b309ba97caca555c1c1edf90b7c777d0ee4deb

SHA256
50e8481906f27e92bb80f4b7139f90949b960b1b2898dd0f6875147f44d8ad20

SHA512
7aa09d6eca8fa7add3c9b81ba6196d3e2665ab93dffda3ac26a24e3b3745d8d1afb340ac41822979845701ed54459637ab2206c5597a2413a2af1d37f7c62f32

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
Filesize
58KB

MD5
61d323161f2cbc187e6a36a12a0734fa

SHA1
6f3b54a3860ed8cf5746516c86c4c75fcfc1e0ae

SHA256
fbb9b4f1944b82701c7c06971a24cfed09d6e7f4a0f1684eba49800e3396fe3a

SHA512
0f1f8e8fef47791e0e6a62b2b91aec7d014c98b0b576940d99a4a7f714747120927b96cc70fb7b25cfd43276db059b1a9e4b73b0d51c29b63eb8a40ee2afb63b

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
Filesize
431KB

MD5
8be2193312995c8a442e71dab101c021

SHA1
6cc4722f740724b62b29082c8d17ee7dcf5491a8

SHA256
774afb7dfb8bd192838890b1b522b3f05b3762d6db3f412df7a4f51ee6eb052b

SHA512
9900d52a06bfeb93970e15667e048e35f50debbf3b03f1d318ef0939877be870d507c98831b7a78b1f6ec69127552d1cba64cb33d1452514a87cf756f056796f

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
Filesize
205KB

MD5
0470b3205faf06b0b807629c7462ea90

SHA1
b0b309ba97caca555c1c1edf90b7c777d0ee4deb

SHA256
50e8481906f27e92bb80f4b7139f90949b960b1b2898dd0f6875147f44d8ad20

SHA512
7aa09d6eca8fa7add3c9b81ba6196d3e2665ab93dffda3ac26a24e3b3745d8d1afb340ac41822979845701ed54459637ab2206c5597a2413a2af1d37f7c62f32

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\madbasic_.bpl
Filesize
205KB

MD5
0470b3205faf06b0b807629c7462ea90

SHA1
b0b309ba97caca555c1c1edf90b7c777d0ee4deb

SHA256
50e8481906f27e92bb80f4b7139f90949b960b1b2898dd0f6875147f44d8ad20

SHA512
7aa09d6eca8fa7add3c9b81ba6196d3e2665ab93dffda3ac26a24e3b3745d8d1afb340ac41822979845701ed54459637ab2206c5597a2413a2af1d37f7c62f32

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
Filesize
58KB

MD5
61d323161f2cbc187e6a36a12a0734fa

SHA1
6f3b54a3860ed8cf5746516c86c4c75fcfc1e0ae

SHA256
fbb9b4f1944b82701c7c06971a24cfed09d6e7f4a0f1684eba49800e3396fe3a

SHA512
0f1f8e8fef47791e0e6a62b2b91aec7d014c98b0b576940d99a4a7f714747120927b96cc70fb7b25cfd43276db059b1a9e4b73b0d51c29b63eb8a40ee2afb63b

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\maddisAsm_.bpl
Filesize
58KB

MD5
61d323161f2cbc187e6a36a12a0734fa

SHA1
6f3b54a3860ed8cf5746516c86c4c75fcfc1e0ae

SHA256
fbb9b4f1944b82701c7c06971a24cfed09d6e7f4a0f1684eba49800e3396fe3a

SHA512
0f1f8e8fef47791e0e6a62b2b91aec7d014c98b0b576940d99a4a7f714747120927b96cc70fb7b25cfd43276db059b1a9e4b73b0d51c29b63eb8a40ee2afb63b

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\madexcept_.bpl
Filesize
431KB

MD5
8be2193312995c8a442e71dab101c021

SHA1
6cc4722f740724b62b29082c8d17ee7dcf5491a8

SHA256
774afb7dfb8bd192838890b1b522b3f05b3762d6db3f412df7a4f51ee6eb052b

SHA512
9900d52a06bfeb93970e15667e048e35f50debbf3b03f1d318ef0939877be870d507c98831b7a78b1f6ec69127552d1cba64cb33d1452514a87cf756f056796f

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\madexcept_.bpl
Filesize
431KB

MD5
8be2193312995c8a442e71dab101c021

SHA1
6cc4722f740724b62b29082c8d17ee7dcf5491a8

SHA256
774afb7dfb8bd192838890b1b522b3f05b3762d6db3f412df7a4f51ee6eb052b

SHA512
9900d52a06bfeb93970e15667e048e35f50debbf3b03f1d318ef0939877be870d507c98831b7a78b1f6ec69127552d1cba64cb33d1452514a87cf756f056796f

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\rtl120.bpl
Filesize
1.1MB

MD5
83ac415bcad54682d56dfee0066000e2

SHA1
916e00f9cfebe0bc1296d5b9e84b86d80548e800

SHA256
91ade0cbd518fd898f61b53d27f89c4ab64bc3dba22483a4b9b78d5826a333e4

SHA512
ca90a6026cb8265f23d7feb45b5caded216e87d72c4f2cc579e44c29ef7a213efbb54435551c0d1e44fe9979d54cbee91b1150eddb701ce89dec1555ec017703

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\rtl120.bpl
Filesize
1.1MB

MD5
83ac415bcad54682d56dfee0066000e2

SHA1
916e00f9cfebe0bc1296d5b9e84b86d80548e800

SHA256
91ade0cbd518fd898f61b53d27f89c4ab64bc3dba22483a4b9b78d5826a333e4

SHA512
ca90a6026cb8265f23d7feb45b5caded216e87d72c4f2cc579e44c29ef7a213efbb54435551c0d1e44fe9979d54cbee91b1150eddb701ce89dec1555ec017703

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\rtl120.bpl
Filesize
1.1MB

MD5
83ac415bcad54682d56dfee0066000e2

SHA1
916e00f9cfebe0bc1296d5b9e84b86d80548e800

SHA256
91ade0cbd518fd898f61b53d27f89c4ab64bc3dba22483a4b9b78d5826a333e4

SHA512
ca90a6026cb8265f23d7feb45b5caded216e87d72c4f2cc579e44c29ef7a213efbb54435551c0d1e44fe9979d54cbee91b1150eddb701ce89dec1555ec017703

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
Filesize
677KB

MD5
b3d2c44cb44f323210dd99c701daf877

SHA1
3dde51bdb4addbfb14162dc51fc84b10335ce0ac

SHA256
19f3bfcbaed4d727209df368909afdde92ef1e12587d3ebf3a2c233eceb93ce2

SHA512
5eae44c8758e664d36179c682abf8c1e3adf4c88013f51e86df08114ac90cd0fde89b838019e19ec73f9b0c35b108c423053ecb2bf36324651865fbef9d6d904

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
Filesize
677KB

MD5
b3d2c44cb44f323210dd99c701daf877

SHA1
3dde51bdb4addbfb14162dc51fc84b10335ce0ac

SHA256
19f3bfcbaed4d727209df368909afdde92ef1e12587d3ebf3a2c233eceb93ce2

SHA512
5eae44c8758e664d36179c682abf8c1e3adf4c88013f51e86df08114ac90cd0fde89b838019e19ec73f9b0c35b108c423053ecb2bf36324651865fbef9d6d904

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\update\update.ini
Filesize
27KB

MD5
f7e3a2c4b2008ef08fb4212101939804

SHA1
e4cdcabb9cce9d1c76892f841f241dd681689c2f

SHA256
c9db24f56df080e2ed0401a3b6a94f299fa2b3a0420f49d52bf6334ccb19e4e4

SHA512
1d8651bec5997673bd956b7768723861266de72cfeb129f132cd64205cf72fae33b6054de672567e9b2fddf2bb39f37025052d67f533987398844987b1869543

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\update\update.ini
Filesize
26KB

MD5
f8e36912356d778acf9bdffef7f890da

SHA1
4558169d5ba0869de4fc411f1df65ad7f6b825fa

SHA256
dfdc032fcfcdd3eefe7486bf97718ed7fc7dd303f13ee1a800b50c41184af5fa

SHA512
5a0dc8056a19def4f174f76515d46eb3d895d90fa3fdbf64b4f14288c448ab856e4dffda5a8e76451e3cb9f38725d8e2a4d98145cfcd33bd8deeef3da4985dc6

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\vcl120.bpl
Filesize
1.9MB

MD5
9cef56e9868e96afabb1fcd8758931b8

SHA1
8e99aa4839e6e29a4213ca0309c6ea02a46442f7

SHA256
28fdac79c3e1656e4c60de4b6bc6dca390ef5b86f58d75e1f352bc964a4efdcb

SHA512
b296b74c637d7db8bc82d98e794c8f27afba5e061d06c6bcbbd806eee511dcd2414a7d8505af0b4d71c96dada57126c38f83f13552079fec3c2e4aa1a647074f

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\vcl120.bpl
Filesize
1.9MB

MD5
9cef56e9868e96afabb1fcd8758931b8

SHA1
8e99aa4839e6e29a4213ca0309c6ea02a46442f7

SHA256
28fdac79c3e1656e4c60de4b6bc6dca390ef5b86f58d75e1f352bc964a4efdcb

SHA512
b296b74c637d7db8bc82d98e794c8f27afba5e061d06c6bcbbd806eee511dcd2414a7d8505af0b4d71c96dada57126c38f83f13552079fec3c2e4aa1a647074f

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\vcl120.bpl
Filesize
1.9MB

MD5
9cef56e9868e96afabb1fcd8758931b8

SHA1
8e99aa4839e6e29a4213ca0309c6ea02a46442f7

SHA256
28fdac79c3e1656e4c60de4b6bc6dca390ef5b86f58d75e1f352bc964a4efdcb

SHA512
b296b74c637d7db8bc82d98e794c8f27afba5e061d06c6bcbbd806eee511dcd2414a7d8505af0b4d71c96dada57126c38f83f13552079fec3c2e4aa1a647074f

Download Submit
C:\Program Files (x86)\IObit\IObit Uninstaller\winid.dat
Filesize
689B

MD5
5da07430ccf1b2259a7732ed04cda31b

SHA1
69489b6ffc6daced009d6dc96c0b94536fd2b0cf

SHA256
c3c76cfeb42ab6f40c6cf3d04a9fdc9314c8950e7414ebbef7b7a1a02f7baf23

SHA512
5bc4ad6a6c21a4522d686795dfc8167e97fd46888e527ab181ef5d75cbe4c43b3e7c1e2d4311816523476137ef054967f945dbe06ccde4b5283d550193bff0f3

Download Submit
C:\ProgramData\IObit\IObit Uninstaller\IUService.ini
Filesize
158B

MD5
0b2dc4841a57244e1b4c28e69d6a9a25

SHA1
d3bafe1bebb605a6695f35134d087a7eadcd120c

SHA256
99d222b81469cd545ab36b694fe83d4a90fb5f33f70ffbb44bf5ae68c3ff651c

SHA512
d981c5a9480040d8472cd9128f70c3c314307f0a1186bb1c228d58e141734ee66d7f26a7ff182d3cfddc88f6531d37aead7c05526725fb111e81c0b659dc8a87

Download Submit
C:\ProgramData\IObit\IObitRtt\IURtt.ept
Filesize
332B

MD5
0d74d00972047d949d2dc376e154932b

SHA1
9562d78da71acd5d58558dcb40b8c41dcf926822

SHA256
9fa78f81ac503b2872de5718b614ec5f9273aec75c5ff8c538d7ab441ddad821

SHA512
597ef68e3125e6c34a032272b46b38cbfe42c39f1c6f77d5aa2738482e614688a4cc1ef25f447178b0f8885f1bc8d91937a7cc8722d032d9428c4a5a23b8b1a7

Download Submit
C:\ProgramData\IObit\Install.ini
Filesize
96B

MD5
4e20a723b13532d12443d7b1f21feaa0

SHA1
de1d86e00f9765056153d068d7f5c61bda6d7b58

SHA256
3226b0f68e18ff135002006f49f8f22c17831d4747d12bba63f73ddcaee57f99

SHA512
6111a466ce05106d6cc5749e6ec8f476130201455f97a7794b6e2932b153349891c1be79d4eaa82ec671615bd48b7061c69aa6a0c2ee64a24cbed6f0a14635f1

Download Submit
C:\ProgramData\IObit\iobitpromotion.ini
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\ProgramData\IObit\iobitpromotion.ini
Filesize
96B

MD5
f43eaf9651456859c92ab622c1bbd964

SHA1
a68430aceb91a501f9656c499a94a412caa35a2f

SHA256
2d9b04597ad0e81abecb9e861c25ecdec37a9d8b4790b129bc398885adb79a8a

SHA512
cc3fbe5f2d2c69963ae4e7ccfe17d585f7ff19a7727cca74b8e186a9bca06bea7f29c84a625814ee8ae0b78cb962f7b621bdece52381c89b01ba5bec343845c0

Download Submit
C:\ProgramData\IObit\iobitpromotion.ini
Filesize
142B

MD5
c664bbae8717352f30d93d7cd96d7c12

SHA1
8e78cd7abbec189c408bc2b5b2c5adcde05de764

SHA256
7e4e1b5cffdddbb697dff0a2284c0d7909068107f29d21e1c56b16adbddd2f07

SHA512
80d7d9ade8c8a99252ab402693730ca637f707e1270bc324ce914f94c541a5aa94a9ba97db2016ac7ae2b0ac312beef30cd59d35ceff491496cbe4f62472d869

Download Submit
C:\ProgramData\ProductData\StatCache.db
Filesize
267B

MD5
85c503a2cbcbfd77153066872a4b705c

SHA1
c70f1e00b69d48e275dc1c4fcbb09c8632c5c348

SHA256
5d342b340bb1b0d773724a9205467ef05f87583de326d8a7a934b7c509ae7fbf

SHA512
8dd63a58bb9f867367f8dff95ceaf8be70c646dcfdad0f582313561425c20682f6ed31f722cfb210c8a3fdcbe17899e392b25c8156ca1ed837d63c289a2f49a8

Download Submit
C:\ProgramData\ProductData\StatCache.db
Filesize
291B

MD5
7561cc628ec4dac9c6396b6cc1bd7f9b

SHA1
a210c22e478155cb72299e81a5419f36d5bd69fd

SHA256
6e3b18c0c1f449a013ea724c0f887b0c0835a53cd266e920ff20efb02b32d5fa

SHA512
db6224eefc0395244ba5b6a901e36e4cc239964b87aefe67894b009bfaf0fea590e2bb63a07619c89f13dc942c23324cbbaf499df1010aef317bf75afcef61f2

Download Submit
C:\Users\Admin\AppData\LocalLow\IObit\AUpdate.ini
Filesize
65B

MD5
ef8b081bc97cc0d58778a4cc90e1f853

SHA1
1eea1307ba59761094dc01ffed0af4514080c42e

SHA256
0672c9e2c4a8022451a2adae8979895e1546a1e8b249c8cea535aab197989257

SHA512
d05d5ab25459efb61679ffe79b24fab2da66301d1155a1a50a5f7e9f31351e71c30a3393bb322cc613df8c43e1739d3f4cb28c663312fc1dd7ce026c5315a5ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempMain.ini
Filesize
70B

MD5
98543f5d16bc219711c3563959e79a55

SHA1
f53e8345f25c0fb9e260659d2eb329dd8acc551e

SHA256
b98a5f3777ba43e100e7d5597be2b4963382efe24249475408cd8fe5f3b43aa6

SHA512
800d6f4ae69e5123ccae499e955a0fc63e2f545c55044ab23f5ee3bdaa50d2454d398e00ccdbd734390f817e3b056bbe6cd3a41bb36f9f459f7de6fdb982f913

Download Submit
C:\Users\Admin\AppData\Local\Temp\filectl.dll
Filesize
63KB

MD5
ac33819578af85cefcfd73cbd99821f4

SHA1
1499393c24ee2a50aa92a21fd8d88c86552321d3

SHA256
63ed2a1c8f49336a005428fb59c3304cb69c073d60e497e83e81ad7ef23f9f37

SHA512
4e15a2ccf3f21fb1900ffb956b2a2356ce975a21ff1efea9784f8efc4c34b2308ae86b8d5c8759f177a8b79d116511c758b8df171e6efc2b9479cf64a76dd7da

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0KVGR.tmp\Installer\Setup.exe
Filesize
5.8MB

MD5
107de13a3f9c57cca020a690ccfa83bf

SHA1
4300c3e64ee76743bcf2e8263f20b69a47128e54

SHA256
ca54b53fd78e2f121abd39d738152f315d667556d82b2fcf3f83691896fa126e

SHA512
32d5fa3ed17f4d20987d6fd0da711c36e098258ab4a4ff17bd832f540ce30c32380e397d60ba8922044440dac45029424cd6e821061c48d052af96004896d28e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0KVGR.tmp\Installer\Setup.exe
Filesize
5.8MB

MD5
107de13a3f9c57cca020a690ccfa83bf

SHA1
4300c3e64ee76743bcf2e8263f20b69a47128e54

SHA256
ca54b53fd78e2f121abd39d738152f315d667556d82b2fcf3f83691896fa126e

SHA512
32d5fa3ed17f4d20987d6fd0da711c36e098258ab4a4ff17bd832f540ce30c32380e397d60ba8922044440dac45029424cd6e821061c48d052af96004896d28e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-0KVGR.tmp\Setup.exe
Filesize
5.8MB

MD5
107de13a3f9c57cca020a690ccfa83bf

SHA1
4300c3e64ee76743bcf2e8263f20b69a47128e54

SHA256
ca54b53fd78e2f121abd39d738152f315d667556d82b2fcf3f83691896fa126e

SHA512
32d5fa3ed17f4d20987d6fd0da711c36e098258ab4a4ff17bd832f540ce30c32380e397d60ba8922044440dac45029424cd6e821061c48d052af96004896d28e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9NNI8.tmp\iobituninstaller.tmp
Filesize
1.2MB

MD5
04ed91f797aab3675201f21dd84de8e1

SHA1
88489c2853c5983b01b1eeb0a307a444e7cb405a

SHA256
8b4d460ddb8e8420cbffe2a7d60a11cff6a3e4762208f8b56f7af83fd5ec1fc6

SHA512
5926502702d26abd4959ba2c7a704c8b11aa077682c8807fce181364a1691624137f7a0a48d58166d400bf5bb948c2b8e916a8826520869582540e424ea2d80b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LCJ8D.tmp\iobituninstaller.tmp
Filesize
1.2MB

MD5
04ed91f797aab3675201f21dd84de8e1

SHA1
88489c2853c5983b01b1eeb0a307a444e7cb405a

SHA256
8b4d460ddb8e8420cbffe2a7d60a11cff6a3e4762208f8b56f7af83fd5ec1fc6

SHA512
5926502702d26abd4959ba2c7a704c8b11aa077682c8807fce181364a1691624137f7a0a48d58166d400bf5bb948c2b8e916a8826520869582540e424ea2d80b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LCJ8D.tmp\iobituninstaller.tmp
Filesize
1.2MB

MD5
04ed91f797aab3675201f21dd84de8e1

SHA1
88489c2853c5983b01b1eeb0a307a444e7cb405a

SHA256
8b4d460ddb8e8420cbffe2a7d60a11cff6a3e4762208f8b56f7af83fd5ec1fc6

SHA512
5926502702d26abd4959ba2c7a704c8b11aa077682c8807fce181364a1691624137f7a0a48d58166d400bf5bb948c2b8e916a8826520869582540e424ea2d80b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-M2VTN.tmp\Installer\iushrun.exe
Filesize
5.1MB

MD5
ffc5d2a25105740bbfe1309e3093fec1

SHA1
29117ef35406b3c9620ab2d1d0ac54907d3f2b44

SHA256
3418a6b01d1ec08562b7efa0c9ceab0928fbf08e139e4daf75d40b5ecffdebe1

SHA512
39f19008552f42d5105427ac7d25a0d8beffa21d36d1f9d6b6668db3b654ded201391e5d561c07ba8d707279abcfda246c615eb24017c4cbb1424af434c53a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-M2VTN.tmp\Installer\iushrun.exe
Filesize
5.1MB

MD5
ffc5d2a25105740bbfe1309e3093fec1

SHA1
29117ef35406b3c9620ab2d1d0ac54907d3f2b44

SHA256
3418a6b01d1ec08562b7efa0c9ceab0928fbf08e139e4daf75d40b5ecffdebe1

SHA512
39f19008552f42d5105427ac7d25a0d8beffa21d36d1f9d6b6668db3b654ded201391e5d561c07ba8d707279abcfda246c615eb24017c4cbb1424af434c53a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-M2VTN.tmp\iush.exe
Filesize
5.1MB

MD5
ffc5d2a25105740bbfe1309e3093fec1

SHA1
29117ef35406b3c9620ab2d1d0ac54907d3f2b44

SHA256
3418a6b01d1ec08562b7efa0c9ceab0928fbf08e139e4daf75d40b5ecffdebe1

SHA512
39f19008552f42d5105427ac7d25a0d8beffa21d36d1f9d6b6668db3b654ded201391e5d561c07ba8d707279abcfda246c615eb24017c4cbb1424af434c53a09

Download Submit
C:\Users\Admin\AppData\Local\Temp\rgfpctl.dll
Filesize
524KB

MD5
8e5e15bf48ea6e53cff7bffa4d76ecaf

SHA1
fe44a1c730687c4ac52d7f28c5232df64d629a8c

SHA256
addd846ee0dfca4a2b8ca2b2b5f72294568a8016d67ce5769d108fd6dc9e905a

SHA512
d5b2223d5f9e8d6a0de20e979bd0c78910f9b3810dad1e620cb1d151aebe4c64bce88211693dc6b56c37f4bbafebbe928f32f8ee0d679b87c5008026d723f823

Download Submit
C:\Users\Admin\AppData\Local\Temp\rgfpctl.dll
Filesize
524KB

MD5
8e5e15bf48ea6e53cff7bffa4d76ecaf

SHA1
fe44a1c730687c4ac52d7f28c5232df64d629a8c

SHA256
addd846ee0dfca4a2b8ca2b2b5f72294568a8016d67ce5769d108fd6dc9e905a

SHA512
d5b2223d5f9e8d6a0de20e979bd0c78910f9b3810dad1e620cb1d151aebe4c64bce88211693dc6b56c37f4bbafebbe928f32f8ee0d679b87c5008026d723f823

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\IObit Uninstaller\Autolog\2023-03-03.dbg
Filesize
6KB

MD5
76a0137097df1f342087ad931a0c5fa7

SHA1
d8bc87eba9bfed73b1475bc8970c521300273238

SHA256
73fdff667d858609d9e39d80cccd767ecf4ba0a2ea18cd1e4e2b319fb27c3f5a

SHA512
4448dbf329e55340c7af0c641b921f69e35c94d852a67388648efd21e4f806ecc7f5bcfffad3c0841c2d39461334fa533beb4e62e8bfb6ebf9a38a7f7e37402f

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\IObit Uninstaller\Log\2023-03-03.dbg
Filesize
6KB

MD5
5746728bf520b1ecac6503bed7a7cc33

SHA1
22a53c47582fc3104505291bb9906d8412cbb56d

SHA256
ca4a991a4a3b0fb79ab1ef1fbf9164a075614bd79cf08a134ad02d72590ee1b6

SHA512
97839ed0c23f10b3863373b96b1a54db2d0aadb6cd9bc7b7680310ac06e5cbad36312daf76fb87fb14fbf09ef1b48aae6e572be567a378da7cf6130412c787d1

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\IObit Uninstaller\Main.ini
Filesize
186B

MD5
bd312646580fd1cdf1a4f89a6f0b2781

SHA1
045634f2f4ffb3848a1078c08ef38244aeeb28e9

SHA256
14e44b0dcc23b223d0ef31ae8a03e278a8c971889cd074dfb406534ba6a0a1cf

SHA512
b0b953803c750988a657c2148fc0ab4d3590bd1abb075ebeb7a584ce367d097a503f033fdc943c3f4daa0d80ca3779ec2a090c7ae7b3d7418462658dd1c5956b

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\IObit Uninstaller\Main.ini
Filesize
186B

MD5
bd312646580fd1cdf1a4f89a6f0b2781

SHA1
045634f2f4ffb3848a1078c08ef38244aeeb28e9

SHA256
14e44b0dcc23b223d0ef31ae8a03e278a8c971889cd074dfb406534ba6a0a1cf

SHA512
b0b953803c750988a657c2148fc0ab4d3590bd1abb075ebeb7a584ce367d097a503f033fdc943c3f4daa0d80ca3779ec2a090c7ae7b3d7418462658dd1c5956b

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\IObit Uninstaller\Main.ini
Filesize
242B

MD5
fb386fc8c1472b30871c1b7d8cf5f9f4

SHA1
1c2e0d066030c3292afc61312d86d10ee5506c7b

SHA256
73f14a70927c6bd4639d34b9fde6887c2467dadd817a7ab59f9d0f62d94258fd

SHA512
4537cf949cc0783d74ca75c753d6d1d39b5841092462b718f3a292a4f37df47021e90752f945b25f5f66ba8e8ca3b1bb41ad0016510b72af6964d7e235748133

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\IObit Uninstaller\Main.ini
Filesize
510B

MD5
f1533921bc53e3f607264677b1b4cf63

SHA1
73f12096dd465c0257fb139f422ccff01bf4ee2e

SHA256
468db81ef54521eb4d2b7f9eaf1072e30303652d70baa20983c87666c2a30d5c

SHA512
7380d302dad21e18f4bab96b850329b2ee15fd33feff3949aa1b774fed00cb47f9fc5e385a184817e8feeabffbc2d3113fe943234ee16680bb0eb3dbaa95120e

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\IObit Uninstaller\Main.ini
Filesize
510B

MD5
f1533921bc53e3f607264677b1b4cf63

SHA1
73f12096dd465c0257fb139f422ccff01bf4ee2e

SHA256
468db81ef54521eb4d2b7f9eaf1072e30303652d70baa20983c87666c2a30d5c

SHA512
7380d302dad21e18f4bab96b850329b2ee15fd33feff3949aa1b774fed00cb47f9fc5e385a184817e8feeabffbc2d3113fe943234ee16680bb0eb3dbaa95120e

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\IObit Uninstaller\Main.ini
Filesize
584B

MD5
6714d719bc8ff010fa02661744771836

SHA1
aa508782ff106309c19c36adf081b66df9507a1c

SHA256
b8214f03c3950c746015a9076d5f58deb6d1c878c18b503f42e5e2ad19017263

SHA512
73ab29dd78404ff2134fc485736ff0caf06fa50ca07b778de95af1b0e8415d648f87ccb307b350e9769444a6a0d92460b59d2fa6959bb6bf49590b6d3f334564

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\IObit Uninstaller\Main.ini
Filesize
668B

MD5
b35dfdd9796432a6e8bc6738bcc591e2

SHA1
2ff1f5b9dd1dfb2fc7004136bcfd1708de4110bd

SHA256
78f9b4985000141d6bff4211698fd5ff4394425e8f3feb03da6b2d7da05df1f9

SHA512
4f5e741f9dd2b2d490476f43a6e69e290ba5a7af7c0ff30a8e62a84e312833f87ac98d3078dc16502ff85f014b5a3c5971484ac68cfa5c6d14cc57c9ba124c7e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\IObit Uninstall Tool.lnk
Filesize
1KB

MD5
6a1f401b3a945cc2c745cbdc7eb75a5f

SHA1
9617d448f2afe216fd8e5b79adbc9c78116916d5

SHA256
4c5db4379fc3d8a8348e6cd53f193702df10abb939bba5bd152385726af90b3b

SHA512
b4d835c97baee7d181c95550e548254f8b00d6d9ac357245ad3574d5487de812d4ea83602c041474c6d702f6ec341fe891dc82a72ee371b053f05b57d8a9c3c7

Download Submit
memory/112-587-0x0000000004440000-0x0000000004617000-memory.dmp

Filesize
1.8MB

Download
memory/112-581-0x0000000003FC0000-0x0000000003FC1000-memory.dmp

Filesize
4KB

Download
memory/112-681-0x0000000003FE0000-0x00000000040E0000-memory.dmp

Filesize
1024KB

Download
memory/112-679-0x0000000000400000-0x000000000096B000-memory.dmp

Filesize
5.4MB

Download
memory/112-614-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/112-580-0x0000000003FE0000-0x00000000040E0000-memory.dmp

Filesize
1024KB

Download
memory/112-682-0x0000000004440000-0x0000000004617000-memory.dmp

Filesize
1.8MB

Download
memory/764-736-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/764-612-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/764-205-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1148-1005-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/1344-1032-0x0000000005950000-0x0000000005951000-memory.dmp

Filesize
4KB

Download
memory/1344-1017-0x0000000003D20000-0x0000000003D21000-memory.dmp

Filesize
4KB

Download
memory/1344-1018-0x0000000005900000-0x0000000005901000-memory.dmp

Filesize
4KB

Download
memory/1344-1020-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/1344-1031-0x0000000003D70000-0x0000000003D80000-memory.dmp

Filesize
64KB

Download
memory/1344-1019-0x0000000005A50000-0x0000000005A51000-memory.dmp

Filesize
4KB

Download
memory/1836-737-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1836-739-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/1836-742-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/1836-738-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/1836-619-0x0000000002790000-0x0000000002791000-memory.dmp

Filesize
4KB

Download
memory/1836-620-0x00000000027B0000-0x00000000027B1000-memory.dmp

Filesize
4KB

Download
memory/1836-741-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/1836-621-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/1836-740-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/2144-133-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2144-165-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2180-163-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/2180-139-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/2848-697-0x0000000000400000-0x0000000000545000-memory.dmp

Filesize
1.3MB

Download
memory/2848-703-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/2848-705-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/2848-704-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/2848-698-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/2848-699-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/2848-700-0x0000000050310000-0x0000000050349000-memory.dmp

Filesize
228KB

Download
memory/2848-701-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/2912-735-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/2912-613-0x0000000000400000-0x0000000000532000-memory.dmp

Filesize
1.2MB

Download
memory/2912-212-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/3212-746-0x0000000002AE0000-0x0000000002AE5000-memory.dmp

Filesize
20KB

Download
memory/3212-672-0x0000000002AE0000-0x0000000002AE5000-memory.dmp

Filesize
20KB

Download
memory/3212-683-0x0000000002AE0000-0x0000000002AE5000-memory.dmp

Filesize
20KB

Download
memory/3212-658-0x0000000002AE0000-0x0000000002AE5000-memory.dmp

Filesize
20KB

Download
memory/3476-166-0x00000000041E0000-0x00000000041E1000-memory.dmp

Filesize
4KB

Download
memory/3476-211-0x0000000009800000-0x0000000009801000-memory.dmp

Filesize
4KB

Download
memory/3476-193-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/3476-770-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/3476-195-0x0000000004330000-0x0000000004340000-memory.dmp

Filesize
64KB

Download
memory/3476-201-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/3476-168-0x0000000004310000-0x0000000004311000-memory.dmp

Filesize
4KB

Download
memory/3476-194-0x00000000041E0000-0x00000000041E1000-memory.dmp

Filesize
4KB

Download
memory/3476-743-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/3476-230-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/3476-169-0x0000000004330000-0x0000000004340000-memory.dmp

Filesize
64KB

Download
memory/3476-755-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/3476-167-0x0000000004300000-0x0000000004301000-memory.dmp

Filesize
4KB

Download
memory/3476-200-0x0000000004320000-0x0000000004321000-memory.dmp

Filesize
4KB

Download
memory/3476-610-0x0000000000400000-0x0000000000A23000-memory.dmp

Filesize
6.1MB

Download
memory/3912-848-0x0000000006210000-0x0000000006211000-memory.dmp

Filesize
4KB

Download
memory/3912-941-0x0000000005B90000-0x0000000005BA0000-memory.dmp

Filesize
64KB

Download
memory/3912-1004-0x000000000B4C0000-0x000000000B4C1000-memory.dmp

Filesize
4KB

Download
memory/3912-1003-0x000000000D9D0000-0x000000000D9D1000-memory.dmp

Filesize
4KB

Download
memory/3912-952-0x0000000005B90000-0x0000000005BA0000-memory.dmp

Filesize
64KB

Download
memory/3912-758-0x00000000064A0000-0x0000000006677000-memory.dmp

Filesize
1.8MB

Download
memory/3912-940-0x000000000B4B0000-0x000000000B4B1000-memory.dmp

Filesize
4KB

Download
memory/3912-939-0x0000000002D80000-0x0000000002D81000-memory.dmp

Filesize
4KB

Download
memory/3912-938-0x0000000005EF0000-0x0000000005EF1000-memory.dmp

Filesize
4KB

Download
memory/3912-932-0x000000000D910000-0x000000000D911000-memory.dmp

Filesize
4KB

Download
memory/3912-841-0x0000000006280000-0x0000000006281000-memory.dmp

Filesize
4KB

Download
memory/3912-935-0x0000000007B30000-0x0000000007B31000-memory.dmp

Filesize
4KB

Download
memory/3912-843-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/3912-844-0x0000000005F10000-0x0000000005F11000-memory.dmp

Filesize
4KB

Download
memory/3912-930-0x000000000ADB0000-0x000000000ADB1000-memory.dmp

Filesize
4KB

Download
memory/3912-846-0x00000000060C0000-0x00000000060C1000-memory.dmp

Filesize
4KB

Download
memory/3912-757-0x0000000005CB0000-0x0000000005DB0000-memory.dmp

Filesize
1024KB

Download
memory/3912-849-0x0000000006270000-0x0000000006271000-memory.dmp

Filesize
4KB

Download
memory/3912-850-0x0000000006220000-0x0000000006221000-memory.dmp

Filesize
4KB

Download
memory/3912-909-0x000000000DE80000-0x000000000DECB000-memory.dmp

Filesize
300KB

Download
memory/3912-861-0x00000000062B0000-0x00000000062B1000-memory.dmp

Filesize
4KB

Download
memory/3912-851-0x0000000007C00000-0x0000000007C01000-memory.dmp

Filesize
4KB

Download
memory/3912-872-0x0000000007C10000-0x0000000007C11000-memory.dmp

Filesize
4KB

Download
memory/3912-858-0x0000000006290000-0x0000000006291000-memory.dmp

Filesize
4KB

Download
memory/3912-756-0x0000000001280000-0x00000000014C2000-memory.dmp

Filesize
2.3MB

Download
memory/3912-860-0x00000000062A0000-0x00000000062A1000-memory.dmp

Filesize
4KB

Download
memory/4088-931-0x0000000000400000-0x000000000096B000-memory.dmp

Filesize
5.4MB

Download
memory/4088-775-0x00000000040B0000-0x00000000041B0000-memory.dmp

Filesize
1024KB

Download
memory/4088-831-0x0000000004510000-0x00000000046E7000-memory.dmp

Filesize
1.8MB

Download
memory/4088-840-0x0000000000C90000-0x0000000000C91000-memory.dmp

Filesize
4KB

Download
memory/4128-247-0x0000000004070000-0x0000000004071000-memory.dmp

Filesize
4KB

Download
memory/4128-251-0x0000000000400000-0x000000000096B000-memory.dmp

Filesize
5.4MB

Download
memory/4128-241-0x00000000041B0000-0x000000000423A000-memory.dmp

Filesize
552KB

Download
memory/4128-231-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/4156-608-0x0000000002340000-0x00000000025A8000-memory.dmp

Filesize
2.4MB

Download
memory/4828-731-0x0000000000A90000-0x0000000000E86000-memory.dmp

Filesize
4.0MB

Download
memory/4828-732-0x0000000001360000-0x0000000001361000-memory.dmp

Filesize
4KB

Download
memory/4828-747-0x0000000001360000-0x0000000001361000-memory.dmp

Filesize
4KB

Download
memory/4856-910-0x0000000004910000-0x0000000004911000-memory.dmp

Filesize
4KB

Download
memory/4856-857-0x0000000004070000-0x0000000004071000-memory.dmp

Filesize
4KB

Download
memory/4856-854-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/4856-826-0x00000000047E0000-0x00000000047E1000-memory.dmp

Filesize
4KB

Download
memory/4856-824-0x0000000004310000-0x0000000004311000-memory.dmp

Filesize
4KB

Download
memory/4856-769-0x0000000004360000-0x0000000004460000-memory.dmp

Filesize
1024KB

Download
memory/4856-876-0x00000000048B0000-0x00000000048B1000-memory.dmp

Filesize
4KB

Download
memory/4856-888-0x0000000004900000-0x0000000004901000-memory.dmp

Filesize
4KB

Download
memory/4856-830-0x0000000004930000-0x0000000004931000-memory.dmp

Filesize
4KB

Download
memory/4856-842-0x00000000049B0000-0x00000000049B1000-memory.dmp

Filesize
4KB

Download
memory/4856-772-0x0000000004D30000-0x0000000004F07000-memory.dmp

Filesize
1.8MB

Download
memory/4856-761-0x0000000000C10000-0x0000000000CA0000-memory.dmp

Filesize
576KB

Download
memory/4856-929-0x0000000007080000-0x0000000007081000-memory.dmp

Filesize
4KB

Download
memory/4856-874-0x0000000004A00000-0x0000000004A01000-memory.dmp

Filesize
4KB

Download
memory/4856-856-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4904-676-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/4904-678-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/4904-680-0x0000000050120000-0x000000005030D000-memory.dmp

Filesize
1.9MB

Download
memory/4904-677-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/4904-674-0x0000000050000000-0x0000000050116000-memory.dmp

Filesize
1.1MB

Download
memory/4904-673-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download