Malware Analysis Report

2025-01-18 21:26

Sample ID 240323-y8wsyaca57
Target iobit_malware_fighter_setup.exe
SHA256 fa26ce0bf6d40278d5a1ad78681df5a38313d0dcff7276c45f3093650fae3026
Tags
adware discovery evasion persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

fa26ce0bf6d40278d5a1ad78681df5a38313d0dcff7276c45f3093650fae3026

Threat Level: Likely malicious

The file iobit_malware_fighter_setup.exe was found to be: Likely malicious.

Malicious Activity Summary

adware discovery evasion persistence spyware stealer

Drops file in Drivers directory

Stops running service(s)

Reads user/profile data of web browsers

Downloads MZ/PE file

Installs/modifies Browser Helper Object

Looks up external IP address via web service

Adds Run key to start application

Checks computer location settings

Executes dropped EXE

Modifies system executable filetype association

Drops file in Program Files directory

Registers COM server for autorun

Checks installed software on the system

Launches sc.exe

Loads dropped DLL

Program crash

Enumerates physical storage devices

NSIS installer

Modifies registry class

Modifies system certificate store

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Kills process with taskkill

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-23 20:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-23 20:27

Reported

2024-03-23 20:32

Platform

win7-20240221-en

Max time kernel

7s

Max time network

3s

Command Line

"C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe"

Signatures

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2044 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp
PID 2044 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp
PID 2044 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp
PID 2044 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp
PID 2044 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp
PID 2044 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp
PID 2044 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp
PID 2492 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe
PID 2492 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe
PID 2492 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe
PID 2492 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe
PID 2492 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe
PID 2492 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe
PID 2492 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe

Processes

C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe

"C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp" /SL5="$4010A,61676072,137216,C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe" "C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe" /FileVersion 10.3.0.1077

Network

N/A

Files

memory/2044-0-0x0000000000400000-0x000000000042C000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp

MD5 9a185744b1d2436d885ee867912be9bf
SHA1 4eea6027e24e05b5979a583fd731313f1f81c5f6
SHA256 00d79f76d339fba1865227e4f19b662774f911faf857e30d1ceb76f034ac6594
SHA512 87f846b47efb0e367eccfbe8c82b8b7f2becdb3dd097682469aa0462c36b66258af79e8f247793cac2d51fda046bae59e290d98fe110b89c39085e0c9777721d

memory/2492-7-0x0000000000250000-0x0000000000251000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe

MD5 28acab421701c4a928055defb553a135
SHA1 34d0d2fe955b5e2ba888f4e47129feaec2fea3b1
SHA256 38ff33f4288b44abab7e362015a21660db2d9063c7c8a24f10da0edb31846dd7
SHA512 36623adab603fd5593cc8822baba2400f462a270634d907a19aea15f21f72d2692b7b2bdecc12a1a4a121347e6aebff10bf6a8594e49c6fb474c942ce503e890

memory/2492-26-0x0000000000400000-0x0000000000530000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe

MD5 e8ce233daf43ea941dd60b7d99046419
SHA1 0915b2527ffd41585475cfccf08dfd00ce26cb89
SHA256 3773dd5727a88717224af37f1014dcc4b9241c7ab2c8143ba99a581db90054e6
SHA512 bdef261847ca45a5e98cb4dfb08ac43b32c58144ef2453c6e243dba470881f409e64003899dc965f38b55e411c2b2aec1c8eb2bf2573d5516b6be52a07b2ac21

memory/2044-29-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2524-30-0x00000000002B0000-0x00000000002B1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-23 20:27

Reported

2024-03-23 20:33

Platform

win10v2004-20240226-en

Max time kernel

295s

Max time network

300s

Command Line

C:\Windows\Explorer.EXE

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\drivers\IMFCameraProtect.sys C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
File opened for modification C:\Windows\system32\drivers\IMFCameraProtect.sys C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A

Stops running service(s)

evasion

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\IObit Malware Fighter = "\"C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMF.exe\" /autostart" C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A

Downloads MZ/PE file

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\NoExplorer = "1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ C:\Windows\SysWOW64\regsvr32.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitLiveUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\iTop VPN\ugin.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFMBRProtect.sys C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-HGMCR.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-FVKA4.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-2MF0K.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-46JQE.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win10_x86\is-FEUQ8.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win7_x86\is-DGBOM.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\is-DKRH7.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\IMFBigUpgrade.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
File created C:\Program Files (x86)\iTop VPN\ProxyService\libexec\is-PA6EL.tmp C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File opened for modification C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.log C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.exe N/A
File created C:\Program Files (x86)\iTop VPN\Language\is-U3T6C.tmp C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\is-5V3PL.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\is-AGN79.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86\imfpffilter.sys C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
File created C:\Program Files (x86)\iTop VPN\is-OF7TR.tmp C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File created C:\Program Files (x86)\iTop VPN\skin\is-3R5S2.tmp C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\is-SAI9F.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-8VIN9.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Database\is-BH6C1.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File opened for modification C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\ C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-NDBLB.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win10_ia64\is-LE5AV.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\ImfHpFileFilter.sys C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
File created C:\Program Files (x86)\iTop VPN\ProxyService\bin\is-70VU5.tmp C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\is-O00D1.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-TNO25.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win7_amd64\is-E4IDA.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\is-0R1TI.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_ia64\IMFDownProtect.sys C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
File created C:\Program Files (x86)\iTop VPN\ProxyService\bin\is-KTJPU.tmp C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\LiveUpdateSrvUpt.log C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitLiveUpdate.exe N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\is-8QG16.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\is-61UP0.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-0M834.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-QTG7N.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win10_amd64\is-8IU1Q.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Language\is-8JR1V.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\ImfObCallback.sys C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\IDRAC.zlb C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
File created C:\Program Files (x86)\iTop VPN\is-1EEHK.tmp C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File created C:\Program Files (x86)\iTop VPN\ProxyService\bin\is-L1A29.tmp C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File created C:\Program Files (x86)\iTop VPN\ProxyService\bin\is-21CPR.tmp C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-05BFG.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win10_x86\is-ELPI1.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\is-Q7C5C.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_x86\ImfHpFileFilter.sys C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-M05FF.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Database\is-3T7L1.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-04F1K.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\is-DU5I7.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\is-P4ODI.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File opened for modification C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.log C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe N/A
File created C:\Program Files (x86)\iTop VPN\is-BHT8S.tmp C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\skin\is-IIUIN.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-4T9AQ.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_x86\imfpffilter.sys C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
File opened for modification C:\Program Files (x86)\IObit\IObit Malware Fighter\Cub.dbd C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
File created C:\Program Files (x86)\iTop VPN\Language\History\is-6FQ4K.tmp C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File opened for modification C:\Program Files (x86)\iTop VPN\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-1VR8U.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win7_ia64\is-IQ87U.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
File created C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\images\is-N4AN1.tmp C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\LocalLang.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitLiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\TaskbarPin\ICONPIN64.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFFeature.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFFeature.exe N/A
N/A N/A C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-EPRTL.tmp\ugin.exe N/A
N/A N/A C:\Program Files (x86)\iTop VPN\ugin.exe N/A
N/A N/A C:\Program Files (x86)\iTop VPN\ugin.exe N/A
N/A N/A C:\Program Files (x86)\iTop VPN\ullc.exe N/A
N/A N/A C:\Program Files (x86)\iTop VPN\iTopVPN.exe N/A
N/A N/A C:\Program Files (x86)\iTop VPN\ugin.exe N/A
N/A N/A C:\Program Files (x86)\iTop VPN\icop64.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitLiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitLiveUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter\ = "{0BB81440-5F42-4480-A5F7-770A6F439FC8}" C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMFShellExt.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A

Enumerates physical storage devices

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation = "PMIL" C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell\CLSID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection\Clsid\ = "{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\ProgID\ = "BlueBirdShellExt.BlueBirdShell.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32\ = "C:\\PROGRA~2\\IObit\\IOBITM~1\\SURFIN~1\\BROWER~1\\ASCPLU~1.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\FLAGS\ = "0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\IObit\\IObit Malware Fighter" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell\CurVer C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1448035D-2AAB-4749-825E-212695AF6E55}\AppID = "8a5f3b39-6e68-4fc5-bbb1-a0dd77d899e9" C:\Program Files (x86)\iTop VPN\iTopVPN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell.1\ = "BlueBirdShell Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter\ = "{0BB81440-5F42-4480-A5F7-770A6F439FC8}" C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IObit Malware Fighter C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection\ = "IObit Surfing Protection" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell\CurVer\ = "BlueBirdShellExt.BlueBirdShell.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\TypeLib\ = "{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1448035D-2AAB-4749-825E-212695AF6E55} C:\Program Files (x86)\iTop VPN\iTopVPN.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell.1\CLSID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell.1\CLSID\ = "{0BB81440-5F42-4480-A5F7-770A6F439FC8}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64\ = "C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMFShellExt.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ = "IBlueBirdShell" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ = "IObit Surfing Protection" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell.1 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\ProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E89137F4-63A0-4E3D-BC26-9E07008F048B} C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IObit Malware Fighter\ = "{0BB81440-5F42-4480-A5F7-770A6F439FC8}" C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell\ = "BlueBirdShell Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\VersionIndependentProgID\ = "BlueBirdShellExt.BlueBirdShell" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ProgID\ = "ASCPlugin_Protection.TASCBrowserProtection" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E89137F4-63A0-4E3D-BC26-9E07008F048B}\TypeDS = "{1CFABE4F-2E1F-4B4F-9FD0-1A990F53C400}" C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\Programmable C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ = "IBlueBirdShell" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\TypeLib\ = "{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1448035D-2AAB-4749-825E-212695AF6E55}\AppKey = "d3ba0718-af73-4b37-8ea9-6e06074451d9" C:\Program Files (x86)\iTop VPN\iTopVPN.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter\ = "{0BB81440-5F42-4480-A5F7-770A6F439FC8}" C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMFShellExt.dll" C:\Windows\system32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 0f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8 C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 1900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d9820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 040000000100000010000000ebf59d290d61f9421f7cc2ba6de315090f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e81900000001000000100000004fca18b530ab2d3765b8830436884be620000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 5c0000000100000004000000000800001900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d98040000000100000010000000ebf59d290d61f9421f7cc2ba6de3150920000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\TaskbarPin\ICONPIN64.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5100 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp
PID 5100 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp
PID 5100 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp
PID 3308 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe
PID 3308 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe
PID 3308 wrote to memory of 2276 N/A C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe
PID 2276 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe
PID 2276 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe
PID 2276 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe
PID 840 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp
PID 840 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp
PID 840 wrote to memory of 1492 N/A C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp
PID 1492 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Windows\SysWOW64\taskkill.exe
PID 1492 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Windows\SysWOW64\taskkill.exe
PID 1492 wrote to memory of 4800 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Windows\SysWOW64\taskkill.exe
PID 1492 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 5032 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe
PID 1492 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe
PID 1492 wrote to memory of 1272 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe
PID 1492 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe
PID 1492 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe
PID 1492 wrote to memory of 1088 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe
PID 1492 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 4944 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 5132 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe
PID 1492 wrote to memory of 5132 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe
PID 1492 wrote to memory of 5132 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe
PID 5132 wrote to memory of 5628 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5132 wrote to memory of 5628 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5132 wrote to memory of 5628 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5132 wrote to memory of 5784 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5132 wrote to memory of 5784 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5132 wrote to memory of 5784 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1492 wrote to memory of 6824 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe
PID 1492 wrote to memory of 6824 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe
PID 1492 wrote to memory of 6824 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe
PID 1492 wrote to memory of 6504 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 6504 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 6504 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 6504 wrote to memory of 6544 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe C:\Windows\SysWOW64\regsvr32.exe
PID 6504 wrote to memory of 6544 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe C:\Windows\SysWOW64\regsvr32.exe
PID 6504 wrote to memory of 6544 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe C:\Windows\SysWOW64\regsvr32.exe
PID 6544 wrote to memory of 6520 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 6544 wrote to memory of 6520 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 1492 wrote to memory of 6232 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 6232 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 6232 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 6316 wrote to memory of 4816 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
PID 6316 wrote to memory of 4816 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
PID 6316 wrote to memory of 4816 N/A C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
PID 1492 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
PID 1492 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe

"C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp" /SL5="$70056,61676072,137216,C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe" "C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe" /FileVersion 10.3.0.1077

C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe

"C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe" /verysilent /Installer /DIR="C:\Program Files (x86)\IObit\IObit Malware Fighter" /TASKS="desktopicon" /insthandle=590354 /NORESTART

C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp" /SL5="$601D4,61676072,137216,C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe" /verysilent /Installer /DIR="C:\Program Files (x86)\IObit\IObit Malware Fighter" /TASKS="desktopicon" /insthandle=590354 /NORESTART

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "BlueBirdInit.exe"

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /kill /updagrade

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /installAC

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /checkaubk /i /f

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe" "C:\Program Files (x86)\IObit\IObit Malware Fighter"

C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe" /init

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /init

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /copyConfig

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe" /CleanOld

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\\BrowerProtect\ASCPlugin_Protection.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\\Adblock\Adblock.dll"

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe" /Install

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /initdriver

C:\Windows\SysWOW64\regsvr32.exe

regsvr32.exe /s "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /installSrv

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe" /OutFlag 0

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /fix_jxjc

C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe" /TurnOn

C:\Program Files (x86)\IObit\IObit Malware Fighter\LocalLang.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\LocalLang.exe"

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /clearDrivertmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.exe" /install imf10

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /combinslog "C:\Users\Admin\AppData\Local\Temp\Setup Log 2024-03-23 #002.txt"

C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitLiveUpdate.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitLiveUpdate.exe" /srvupt

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe" /OutFlag 2

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPUpdate.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPUpdate.exe" /SvrRun

C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe" /SvcCheck

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe" /run

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe" /run

C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe

"C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe"

C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe

"C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5340 -ip 5340

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 1128

C:\Program Files (x86)\IObit\IObit Malware Fighter\TaskbarPin\ICONPIN64.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\TaskbarPin\ICONPIN64.exe" "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe"

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe" "/Config=http://clouddownload.iobit.com/security/db/fw-imfin.upt" /product=IMF10 "iTop VPN Installer Free" "iFun Screen Recorder Installer" "iTop Easy Desktop Installer"

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe"

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /checkaubk /all

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe" /starttips

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /install

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /openlink "https://www.iobit.com/appgoto.php?name=imf&ver=10.3.0.1077&lan=&to=install"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.iobit.com/appgoto.php?name=imf&ver=10.3.0.1077&lan=&to=install&idata=eyJhc2MiOjEwLCJkYiI6MTAsIml1IjoxMCwic2QiOjEwLCJpc3UiOjEwLCJhdSI6MTB9&user=0&insday=1&insur=other

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafe2646f8,0x7ffafe264708,0x7ffafe264718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16752213373569040976,6746664766136536884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16752213373569040976,6746664766136536884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16752213373569040976,6746664766136536884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16752213373569040976,6746664766136536884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16752213373569040976,6746664766136536884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe" /OutFlag 0

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe" /startImfcore /usecache

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFFeature.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFFeature.exe" /u http://stats.iobit.com/active_month.php /a imf10 /p iobit /v 10.3.0.1077 /t 1 /d 7

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe" /starttips

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFFeature.exe

"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFFeature.exe" /imf /user /dayactive

C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe

"C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe" /sp- /verysilent /suppressmsgboxes /NoRestart /insur=imf_inf1 /Dir="C:\Program Files (x86)\iTop VPN\"

C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp" /SL5="$803BE,38305074,141312,C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe" /sp- /verysilent /suppressmsgboxes /NoRestart /insur=imf_inf1 /Dir="C:\Program Files (x86)\iTop VPN\"

C:\Users\Admin\AppData\Local\Temp\is-EPRTL.tmp\ugin.exe

"C:\Users\Admin\AppData\Local\Temp\is-EPRTL.tmp\ugin.exe" /kill

C:\Windows\SysWOW64\taskkill.exe

"taskkill.exe" /f /im "ugin.exe"

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /kill /updagrade

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /InitTop /ver 5.3.0.5106 /install

C:\Program Files (x86)\iTop VPN\ullc.exe

"C:\Program Files (x86)\iTop VPN\ullc.exe"

C:\Program Files (x86)\iTop VPN\iTopVPN.exe

"C:\Program Files (x86)\iTop VPN\iTopVPN.exe" /installinit

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /init /ver 5.3.0.5106 /force /f /inspkg "C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe" /insur "imf_inf1" /PINTOTASKBAR

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c sc stop windivert

C:\Windows\SysWOW64\sc.exe

sc stop windivert

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c sc stop windivert

C:\Windows\SysWOW64\sc.exe

sc stop windivert

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c sc delete windivert

C:\Windows\SysWOW64\sc.exe

sc delete windivert

C:\Program Files (x86)\iTop VPN\icop64.exe

"C:\Program Files (x86)\iTop VPN\icop64.exe" Pin "C:\Program Files (x86)\iTop VPN\iTopVPN.exe"

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /checkwelcome

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /setlan "English"

C:\Program Files (x86)\iTop VPN\unpr.exe

"C:\Program Files (x86)\iTop VPN\unpr.exe" /install itop5

C:\Program Files (x86)\iTop VPN\iTopVPN.exe

"C:\Program Files (x86)\iTop VPN\iTopVPN.exe" /install

C:\Program Files (x86)\iTop VPN\ugin.exe

"C:\Program Files (x86)\iTop VPN\ugin.exe" /combinslog "C:\Users\Admin\AppData\Local\Temp\Setup Log 2024-03-23 #003.txt"

Network

Country Destination Domain Proto
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 208.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 update.iobit.com udp
US 8.8.8.8:53 clouddownload.iobit.com udp
US 152.199.20.140:80 update.iobit.com tcp
US 64.12.16.254:80 clouddownload.iobit.com tcp
US 8.8.8.8:53 140.20.199.152.in-addr.arpa udp
US 8.8.8.8:53 254.16.12.64.in-addr.arpa udp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 195.177.78.104.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 174.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 10.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 104.78.177.227:80 www.microsoft.com tcp
GB 104.78.177.227:80 www.microsoft.com tcp
US 8.8.8.8:53 udp
PL 93.184.221.240:80 tcp
US 8.8.8.8:53 stats.iobit.com udp
US 52.7.250.116:80 stats.iobit.com tcp
US 52.7.250.116:80 stats.iobit.com tcp
US 8.8.8.8:53 116.250.7.52.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 186.178.17.96.in-addr.arpa udp
US 52.7.250.116:80 stats.iobit.com tcp
US 52.7.250.116:80 stats.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 8.8.8.8:53 197.178.17.96.in-addr.arpa udp
US 52.7.250.116:80 stats.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 8.8.8.8:53 24.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 8.8.8.8:53 ascstats.iobit.com udp
US 54.145.130.197:80 ascstats.iobit.com tcp
US 8.8.8.8:53 197.130.145.54.in-addr.arpa udp
US 64.12.16.254:80 clouddownload.iobit.com tcp
US 54.145.130.197:80 ascstats.iobit.com tcp
US 64.12.16.254:80 clouddownload.iobit.com tcp
US 64.12.16.254:80 clouddownload.iobit.com tcp
US 64.12.16.254:80 clouddownload.iobit.com tcp
US 8.8.8.8:53 interface.iobit.com udp
US 8.8.8.8:53 ascstats.iobit.com udp
US 54.208.238.191:80 interface.iobit.com tcp
US 52.202.100.14:80 ascstats.iobit.com tcp
US 8.8.8.8:53 191.238.208.54.in-addr.arpa udp
US 8.8.8.8:53 14.100.202.52.in-addr.arpa udp
US 8.8.8.8:53 download.iobit.com udp
US 8.8.8.8:53 update.filesupdating.com udp
US 152.199.23.214:80 update.filesupdating.com tcp
US 152.199.23.214:80 update.filesupdating.com tcp
US 152.199.23.214:80 update.filesupdating.com tcp
US 152.199.23.214:80 update.filesupdating.com tcp
US 152.199.23.214:80 update.filesupdating.com tcp
US 8.8.8.8:53 214.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.iobit.com udp
US 54.165.202.40:443 www.iobit.com tcp
US 8.8.8.8:53 codes.iobit.com udp
US 54.165.202.40:443 www.iobit.com tcp
US 54.165.202.40:443 www.iobit.com tcp
US 54.165.202.40:443 www.iobit.com tcp
US 54.165.202.40:443 www.iobit.com tcp
US 54.165.202.40:443 www.iobit.com tcp
US 8.8.8.8:53 kit.fontawesome.com udp
US 172.64.147.188:443 kit.fontawesome.com tcp
US 152.199.20.140:443 codes.iobit.com tcp
US 8.8.8.8:53 40.202.165.54.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 65.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 ka-f.fontawesome.com udp
US 172.64.205.20:443 ka-f.fontawesome.com tcp
US 172.64.205.20:443 ka-f.fontawesome.com tcp
US 172.64.205.20:443 ka-f.fontawesome.com tcp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 188.147.64.172.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 20.205.64.172.in-addr.arpa udp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 40.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.27.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.179.196:443 www.google.com tcp
US 8.8.8.8:53 157.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.179.250.142.in-addr.arpa udp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 8.8.8.8:53 www.aws.iobit.com udp
US 52.55.134.231:80 www.aws.iobit.com tcp
US 8.8.8.8:53 stats.iobit.com udp
US 52.70.66.19:80 stats.iobit.com tcp
US 8.8.8.8:53 stats.iobit.com udp
US 54.196.247.31:80 stats.iobit.com tcp
US 54.196.247.31:80 stats.iobit.com tcp
US 54.196.247.31:80 stats.iobit.com tcp
US 54.196.247.31:80 stats.iobit.com tcp
US 8.8.8.8:53 231.134.55.52.in-addr.arpa udp
US 8.8.8.8:53 19.66.70.52.in-addr.arpa udp
US 8.8.8.8:53 31.247.196.54.in-addr.arpa udp
US 52.70.66.19:80 stats.iobit.com tcp
US 54.208.238.191:80 interface.iobit.com tcp
US 8.8.8.8:53 update.itopupdate.com udp
US 152.199.23.214:80 update.itopupdate.com tcp
US 152.199.23.214:80 update.itopupdate.com tcp
US 152.199.23.214:80 update.itopupdate.com tcp
US 152.199.23.214:80 update.itopupdate.com tcp
US 152.199.23.214:80 update.itopupdate.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 8.8.8.8:53 api.itopvpn.com udp
US 76.223.44.67:443 api.itopvpn.com tcp
US 8.8.8.8:53 67.44.223.76.in-addr.arpa udp
US 8.8.8.8:53 update.itopvpn.com udp
US 152.199.23.214:443 update.itopvpn.com tcp
US 8.8.8.8:53 stats.itopvpn.com udp
US 35.170.9.232:443 stats.itopvpn.com tcp
US 8.8.8.8:53 232.9.170.35.in-addr.arpa udp
US 152.199.20.140:80 codes.iobit.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 35.170.9.232:443 stats.itopvpn.com tcp
US 35.170.9.232:443 stats.itopvpn.com tcp
US 35.170.9.232:443 stats.itopvpn.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp

Files

memory/5100-0-0x0000000000400000-0x000000000042C000-memory.dmp

memory/5100-2-0x0000000000400000-0x000000000042C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp

MD5 9a185744b1d2436d885ee867912be9bf
SHA1 4eea6027e24e05b5979a583fd731313f1f81c5f6
SHA256 00d79f76d339fba1865227e4f19b662774f911faf857e30d1ceb76f034ac6594
SHA512 87f846b47efb0e367eccfbe8c82b8b7f2becdb3dd097682469aa0462c36b66258af79e8f247793cac2d51fda046bae59e290d98fe110b89c39085e0c9777721d

memory/3308-6-0x00000000022C0000-0x00000000022C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe

MD5 28acab421701c4a928055defb553a135
SHA1 34d0d2fe955b5e2ba888f4e47129feaec2fea3b1
SHA256 38ff33f4288b44abab7e362015a21660db2d9063c7c8a24f10da0edb31846dd7
SHA512 36623adab603fd5593cc8822baba2400f462a270634d907a19aea15f21f72d2692b7b2bdecc12a1a4a121347e6aebff10bf6a8594e49c6fb474c942ce503e890

memory/3308-27-0x0000000000400000-0x0000000000530000-memory.dmp

memory/5100-30-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2276-31-0x00000000041C0000-0x00000000041C1000-memory.dmp

memory/2276-38-0x0000000004280000-0x0000000004281000-memory.dmp

memory/2276-40-0x00000000042D0000-0x00000000042D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\OFCommon.dll

MD5 b5bc7a472ee02f1890e65fd43a7f5e6c
SHA1 fa662eb99eb7acb316dc19b8d4beaa31ee512bc0
SHA256 bfcd77d86e0d10f2f34e830ca5e9c180d542f88e709c1b636bc762ebfb54df95
SHA512 303878b1509260ec9634d0a13babd40445d335ddbeeab9d13e180176952dd76b9839eaf2931beb95f4bf055f2abec80c50bf18a41938a7a501f654bd1a4ccd48

memory/2276-51-0x0000000006970000-0x0000000006ABA000-memory.dmp

C:\ProgramData\IObit\IObit Malware Fighter\License.log

MD5 0fc288acf7798691816b0c31e4589e8c
SHA1 9e2ed97d90c05681a635682728a34b34d6527b5e
SHA256 04ffea6597c3de7586a5cdf622b09b6601b03e0c64e3323462deab0f5716d183
SHA512 d78254bd583cb1191fe3672e95cc0ce43afeeafd32cf24e62577c72dcb727280250b75b32928ea6dec426f966224144e12e49cda6ea006584e0b3cd93cdcecf1

C:\ProgramData\IObit\IObit Malware Fighter\License.log

MD5 2cb51b3940c377691bd793a6ae792ea5
SHA1 7d653f22147599afb6c6f814d18210b03e190991
SHA256 47ee0064a15cb189bd5968b3a6add3f240fce300eebcab83439d28e2ed26ef6b
SHA512 a175fc00f3fad1678590645f23b7a15e0922a79aae95aac401d9b499326427e27bef1e06874e423c9d3da2a814e1724153697a577ac4496ac7524d3731fe83d5

C:\ProgramData\IObit\IObit Malware Fighter\License.log

MD5 8f4af657ab1760911afde3d3e3b9b3c1
SHA1 0a1721c22d047d31af8ecd0a403c8d4a1c84824c
SHA256 59c7f83ae33b66b7c1e101718ef9a266e22165cdbdc3069947b1b3f723b47b80
SHA512 e4d02be93d8359ec224d808819f2d3e9b509b40cebf7bc7d0f8f35fa2cc19e4caaf427cc7d6febf498c327e40bec0ed57fa479c179abe9a0463c330d7458fe72

C:\ProgramData\IObit\IObit Malware Fighter\License.log

MD5 76ce5082f89e07112651b7192c292c2a
SHA1 4799f9d0f6fef021172714806fb6b754ae19d472
SHA256 b3e66c3b69c7c7167c65a9778041b1361c2ec11fed714efc21ed9c1673e0d301
SHA512 6b9e5258248e7e527202fc395c6e07c99f7068fb88cfede4d468f35ef41822379b2faebd0e080e99b2b089bd25febdc4fe1b146728cfb05162dfe3faa780497b

memory/2276-201-0x0000000006970000-0x0000000006ABA000-memory.dmp

memory/2276-200-0x0000000006430000-0x0000000006431000-memory.dmp

memory/2276-215-0x0000000004320000-0x0000000004330000-memory.dmp

C:\ProgramData\IObit\iobitpromotion.ini

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\appver-ac.ini

MD5 b5776bf57028b8e5848fe7a402a418dc
SHA1 696f3f86d55286da76ec3d3cfea8dc06e066a245
SHA256 b23094a823c9a62e9c6a7b606d0a1cc93616e95c6abeedf7d52a4c429efd1065
SHA512 c660035c5f89ea784f88dd9316523ba2cf7b78a2419061fd579d5757dca3d08392de41cdf69b09890d7de298e1c2200d0f58dbda9436c63d76391414bce277c7

C:\Users\Admin\AppData\Local\Temp\bdfg.45374.8531371991.ini

MD5 89532cd43957a2861e34f019c658ad45
SHA1 e0777238a63b6e988a92effbf968e7ceb2484173
SHA256 f0ad8617775d45fedd555d7aef1b4aa9c9e0468cefb1082d5d7f1fb8857edf34
SHA512 18c052a86d0f5eec76aea1476f50cbd8c55e3707a13168fe6018f74a69390df5e796bc95e16598b93862ba12e8db34c524619ab4e70e498b3509086c9fcab718

memory/2276-243-0x0000000007110000-0x000000000725A000-memory.dmp

C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini

MD5 d7dac1f60226d42b79684ce8fdd2c1cb
SHA1 0174f3131127d34c296eeb08356e72a27eaa7fac
SHA256 e00d69f335e4bd9544be6c9d173d3fe6511ea9b13d5fe2618c60c68d634940d7
SHA512 291d25d286d0290794e13ca0e3d0d1771fc81f1ce9e275d7302a987f72960c97ae50fbcc4b58a1fd6a40089011dbc3400881d4aa94272793a201aa7dad476454

C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\Ext-imf-5377.dat

MD5 147ebd071a82677389e983d39c24f005
SHA1 400d85b1ac82448ff2282bbc4c1ed44ce086b4ca
SHA256 6b2f11edd83035d6e7ab128968962b1468b28e7d968169f457ac6f9108f897ee
SHA512 6f49636c008ee7f361f5b0123e3ff68f956b0bf691e3f40d161927f2bb93cdc42a91cbdbc113c9673edd881952dd0c235ae0108f7493eadafd82c860ae57bd0d

C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini

MD5 942541efc4fab9aca73f650576c816c7
SHA1 c98be67d3bfab257cc0cc06e73c02e5161803ba9
SHA256 a07ea881eb728d803709c33aa13c170fadd73876bbe9fc701ef07735daaec809
SHA512 bb9478f522be247a61256e580e752c7d18e829c163995e6a3a09fdbb48a206d24368e200d96490faaa1ddf2f9fd70706242a59287a5e5d630d5bef9f17fc24f0

memory/2276-404-0x0000000000400000-0x0000000000AF0000-memory.dmp

memory/2276-405-0x00000000041C0000-0x00000000041C1000-memory.dmp

memory/2276-406-0x0000000000400000-0x0000000000AF0000-memory.dmp

memory/2276-407-0x0000000004320000-0x0000000004330000-memory.dmp

memory/2276-408-0x0000000000400000-0x0000000000AF0000-memory.dmp

memory/2276-417-0x0000000007910000-0x0000000007A5A000-memory.dmp

C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini

MD5 a1f084f8d2f1e37f6a6f6df4015375cf
SHA1 cc1757e6753ea7cc95899bcf09baea6011e3a0f6
SHA256 7c6ab0feabc212ddd5dd6a1f2b5a2766a0c8c7be185089f5e000078274f97828
SHA512 bd413e89f5854668e44b018b3b20e7c6226241d040ba5503f620aa5f69912563c6c15ffaee82f2cf65fc96ac911aecf6dada870890711368cb3bd6bc8ed2121b

memory/840-584-0x0000000000400000-0x000000000042C000-memory.dmp

memory/1492-591-0x0000000000700000-0x0000000000701000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-9L7FB.tmp\_isetup\_shfoldr.dll

MD5 92dc6ef532fbb4a5c3201469a5b5eb63
SHA1 3e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA256 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA512 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

C:\ProgramData\IObit\IObit Malware Fighter\Setup.log

MD5 d159701ce4bdae3fdcf517df5689087d
SHA1 76431231156ac74ae7b366db8b747392a6064db6
SHA256 08e3d6bf62ffc0c5c6bc7600c0fcbf308440e6ab54a75e794a4fac8ef5367b06
SHA512 ae9288495b5d959f5f128f194cd6d3bea3dcce06b133e4deb1ff8da5e9aca992c5cd82e6e7db372cc31f086ef1201cfeaee0af1e814009f07f2633816959bb31

memory/2276-645-0x0000000000400000-0x0000000000AF0000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

MD5 4e4592ee4576e444a1ed6131993d2125
SHA1 551daff5b3b3a90b66cc2d5ba7588f935176c0dc
SHA256 20795fb5811bd32b7f2e95f4551d1ca54d37ef710c0c6c56bbb63138662950d9
SHA512 5f1835a09bff62dbd2d1879ce689dc5db263f60fd907d100c5c63fde451916d72e8f79e708daad1687e05a98694e0d95fc153e26bf3dd615232056557c902b07

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

MD5 68145bd1391e72f7c8607eeed3dd6bc1
SHA1 2d0d132e1c92b073a7a18ace010b5b678efb55d9
SHA256 811256cfb0e94e5e266d723d3c85b5b33c8e665fc2ef7c7b3cd4924104aafde9
SHA512 01da725c31beabdb9f4839a46c62aab5f26507d4d2068011daa7d5690297db3cc702ad4d87788d47ac92fa6acb45f2b7448a2614695f044348b2f125835eab3d

memory/412-673-0x0000000003E00000-0x0000000003E01000-memory.dmp

memory/412-683-0x0000000000400000-0x0000000000787000-memory.dmp

memory/5032-743-0x00000000024F0000-0x00000000024F1000-memory.dmp

memory/5032-747-0x0000000000400000-0x0000000000787000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\SPUrlScanner.dll

MD5 9bbbacf7e04d12ded0b46a69ca785ea6
SHA1 1c66160f340ae8869bcdd0df061acf43616e3115
SHA256 39f78b45d8e587bfd83592bfc00bc553535581f7eac2189e796629c3e942e268
SHA512 b02445bd9d9b4f0d4056f241a1fb36d16c414e9afa85c9ffa2fadcde9223c5e3a1b33d363899402d4f418e706f851ec4b290994e3851670a1a12b04880246c3e

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

MD5 83d935288f2467b9ce62393a7a0a1a09
SHA1 5b5ad61499f9b5ea4bc08b070fd5c4785eeb873d
SHA256 6937a4f519d726b1a80d8d4e8535d1da19e7c02351fc3f3e260e1fdee7e22522
SHA512 f7f461e8bb11d869bad2cc85931d30a2a4576e6d58c9c4b146a3ce0dda7c7b439739eaa7aa9528fbe67a26f6c172e791b2fa5e2e9b48676ef809f48765f44649

memory/2536-1552-0x0000000003E00000-0x0000000003E01000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe

MD5 de8fc1a208bd49e4707068e79bd43e5c
SHA1 e48672683d8f8fb8300641537f7829d10cdbbf10
SHA256 5b237c9e781d2c8020c041897a2e1ea8ab7f6fdc6049633131c97d41d1ac9892
SHA512 b1ea936a8ed9c8dabe9d2aff04cd082c00c8bcc7d100d02b8a3a4dc4f837e3028054a8facd5e8d784e6608d36cba81969261a3a13e32ddccc47312f72868c19a

C:\Program Files (x86)\IObit\IObit Malware Fighter\vclx120.bpl

MD5 392fd238a3dd633d6aa97afe2aa61cc7
SHA1 fbf3c1cae3abbeb07453bc6bfe3ec4dcf5127d79
SHA256 43c5c02d955af973da36762c903e2f82cd3f0ab887555c5f20905b2ae7a6c93f
SHA512 0c75ead22654be1e58a58ace057d71925fdf646614cb4b3c78ea3387eca04631bc834f818c5041f0fa129667341cc55a17daceb247bd53cfc8117c47559eb3e7

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFRegister.exe

MD5 1ddf6b8bc20572f6b00787eb657def1e
SHA1 e901caca21abf402882d86f616d48253a2b50c57
SHA256 c9c353925686b34a27ddea595afa920fe2534d4af1b0b945ac66af87fc0e2a51
SHA512 27a4e6f96a02122575fd30487b013bceb15f7f7ade6457c1dcbb27877d6b7a2bd299fcfbaff210034531720370e9bed3859479e588ef88b1cfb80984b13732e3

C:\ProgramData\IObit\IObit Malware Fighter\config.ini

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files (x86)\IObit\IObit Malware Fighter\Database\ARDatabase.db

MD5 f2340eecf2b1d8bc3a3b5ce82203b29f
SHA1 85699132fcc2b1741fed9599e17b268a4ee3d363
SHA256 3487d0bf0da9f51c977848a97ec7f32e276941ee028de698ef576efdd4dfe0e2
SHA512 a79a7ee852f99b6746dd68f940073691f2eae12d743eaebe0278a08b20d18e2380043249a01c9ed7a3cc971a37aee805a082ee251e4ebd4b52e6b60524e4f4c0

\??\c:\program files (x86)\iobit\iobit malware fighter\skin\classic.rcc

MD5 dc083d5b343915411d323df9c1d113d9
SHA1 e891045f5a7867e3e63202cc394a2b2d5e8de592
SHA256 951709067d796fd1c33091139c684a7505b8c3795471c20e51db3070229c6213
SHA512 ec1cb2e40128afa065b3ed21511589d36cba01bc09582abacf473be64158b4f1766c09e3f0c7a4e2649301a628dd4912de039f7a04b659232594a6ac25cdcd01

\??\c:\program files (x86)\iobit\iobit malware fighter\skin\public.rcc

MD5 c4ffb0aac7188bd65a024a9ae07e8cda
SHA1 0b42d2c810bcea0c9c4e5e224f544007d521f60c
SHA256 e06a69cfde49e8476aeda5ab91b7516717f2143115791c6284b70e2ae3766139
SHA512 91a80126c42c112bab569db2eb09bd152fa8ae11f5f39c8b16dd37c588756e685d27a13b1da67efe889a3c383813adbd42a8adeee4c42c43e0de50819fcb3317

C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll

MD5 a96e63bf7e8f561513fe5d7098394d53
SHA1 bea8d765f7821731dae5913fb689e569a7345534
SHA256 98b181eeb8a8281ecbed02c0aca5954848df4960e288207f529f151ec203f681
SHA512 208019c26881737674f260562d7ddfd141bd5146e714d02519f57996ea103f36ac24da35b53683d69316eb33c5e91eb6729bc1dd3b108e00c4cc555ab9fe6837

memory/1492-1658-0x0000000000400000-0x0000000000530000-memory.dmp

memory/840-1582-0x0000000000400000-0x000000000042C000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\datastate.dll

MD5 7555301cba4259cbab3571714ad69993
SHA1 da4a4450be5e2f658e12e42f561d421554c09ccb
SHA256 9a1431e86eb187a1104ea1f2da44bfad4bad7daf1ea40a6843571a74e0ccf4ab
SHA512 141cb369ee7040fa4de0f749fd2a89b9933cfe164a40af395431ea72d9362bbb4900649b9ddd6c1899b33ec3bb1289d7f3d16f35d12efe59e365c5e2fa0e0ba3

C:\Program Files (x86)\IObit\IObit Malware Fighter\vcl120.bpl

MD5 ae87f8ba2f5f2c2bd8b0a462520ecc27
SHA1 c21a290b490386d42a79082523b40e4e4ccc7ff2
SHA256 26972b3354c43cc84b9de68e7efaf6996d2a0c64f820cc3d43f3e3974c60c1b5
SHA512 31884902b6ce523a44101fe7360f59d4045a00aeea0197767693378a1f60207b34469bd539927eda59a674a186c451491d6490af91a27d89afec80688774f2c2

C:\Program Files (x86)\IObit\IObit Malware Fighter\rtl120.bpl

MD5 70bd0aa6735978e576c5ff68cf8644f9
SHA1 a9b9751e0cd3b2d1b32856fe96e51fd83d9a2414
SHA256 1ba0938282b250909ee57790f793ded4d7849bc110d9a3b32a1cba1a333664b1
SHA512 d371d675087e79095fa3303bec76488571309df23d22681326e43abc8a718b346c9b6aa2e8da2f0f0a382843698a1cc5710bbffdd6c4fce0fafc3b6ca474f32e

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe

MD5 35d72fbf9e77180fb33bbca78086807e
SHA1 e6a61f35a26d298ce8300876111f39afdbe9ba57
SHA256 f777ae7b0ee53e6d5120ab6a28fb199e8031a8fbc9e65c1505f0c4ec23ebcbd6
SHA512 7ab99864d83c27e6a814247184893b055c1bc8d1be262d01568a94a23344846d525b224707761dea7b379368c362b89e49f9df8c76c4d8f03aaa2769dbe0246c

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe

MD5 4bdec918a9a49c2f9f10f24d6b7fd118
SHA1 466384701dcdd288e2b0b528af2d35344cbf14b1
SHA256 a62858efece34e1141c5bc993c7d7d162e7e94512a84f2f4379791fc79baeaed
SHA512 61ee62558c59fc40fe3e2aaf13887c8327c0c00c9b08cb64ba06686a0311034289920b371133586975bbbd6c9acee483c86c1d92468cdcc097caa7b4991412bb

C:\ProgramData\IObit\IObit Malware Fighter\config.ini

MD5 432eac5f70785097578da32c44042ff5
SHA1 acbcd1e704b697e401614b52ecdf8ce74a8fb6b1
SHA256 708fca3f281fef2ccf539991f14d1faeb3ca6f18023120963a7a84e0287bcf27
SHA512 01919d986394fba7569c890ac1de111accdc066705e4aa4b3fc8ba4bd4ff2a649a4e9ebce64fcaa9e4ebc4ff1f3d4e26bb4f4fc92e97d210b149a2c24ed36b87

memory/1088-1844-0x0000000003D60000-0x0000000003D61000-memory.dmp

memory/1272-2092-0x0000000002110000-0x0000000002111000-memory.dmp

C:\ProgramData\IObit\IObit Malware Fighter\config.ini

MD5 658571cdd7a9819c1a28c92841462eb2
SHA1 b3100f0cded489fe8e857260422fe547b73c15c8
SHA256 be01fb65844c4cdf73557b19110af07a2d3816b7ce866e5b6b900583d9b9bf26
SHA512 f113a4de55b310bb724a645205b4b873e8b43f38fe3b43e5cf866552de0fa4b1074f1323cf2a83a0010845a99fdc575f567f9e87d3c9ffa2a01ffcbac8ac31c3

memory/1088-2224-0x0000000000400000-0x000000000063D000-memory.dmp

memory/1088-2225-0x0000000050000000-0x0000000050117000-memory.dmp

memory/1088-2229-0x0000000050120000-0x000000005030E000-memory.dmp

memory/1088-2235-0x0000000050310000-0x0000000050349000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

MD5 cb3eb02134372e72c08c17936a4d7b88
SHA1 2966d219d56f22798f3c744da8c0c64504512396
SHA256 a890af897692f5ee63aeb07f339c6ff35ede7dcc6afefc3e840e4f14e6059f59
SHA512 a51969ed158bf5602fea5e9f8dc938c45cd9fed3727c4445d6d2831cf8b065400096d9057f9a3bb3c9ce4bd89b534dc09d54585dc48cc19c7f3dc4bceb50609c

C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe

MD5 309e2cf310a2ff8dac84b59696b8f1fd
SHA1 7e246266d9b7c9412bb18ba8ea7c9c53303df00a
SHA256 ec20888a72cf7a9141ae4942d768f0486f0ee2e00fb39f823cc30c840d2e0a2c
SHA512 8d929770bcf2d4e3302332d18f0513a7c464bd39d18c3005bc7b37220aefd2c6aeb5682af1c928fd7a14926528fabadfe63b0f505299fba988c9bd8587916a7d

memory/4944-2250-0x0000000000400000-0x0000000000787000-memory.dmp

C:\ProgramData\IObit\IObit Malware Fighter\init.log

MD5 a53c981d4807ca74a3548b42ba728445
SHA1 6ef541855fafa404769cf4d258683b90ece119ee
SHA256 6fe4c3ddb2177b33968f3d0064459ed6788d56d5f108551b778ddccb3d9dd7c9
SHA512 55df49237ed17a0da6c2db37af66e448424d64c50e8cad03577778fa562b25aa3d3caa77a0d1222aa8f9dce9d876cc6b822c6d1a4e800ed7f835215b86856861

memory/4944-2249-0x0000000000880000-0x0000000000881000-memory.dmp

memory/1272-2265-0x0000000000400000-0x0000000000462000-memory.dmp

memory/1272-2270-0x0000000050000000-0x0000000050117000-memory.dmp

memory/1272-2273-0x0000000050120000-0x000000005030E000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.msg

MD5 5f38274fc51ec35b61e925153e26ef1c
SHA1 6ebc957cc000873b9b88e32c271fc1c63a5c22e5
SHA256 946195c199c2f798ed0ab3dc8ae4511be30ad70e5fb994d677beee0ae249dec8
SHA512 1f99244af85ef4d175426a38c5181bf0205f9dfc0deb4fc1136f43cc115a50076b32e449132891d8c20daa7ae8b146e33eb3418e2c146a106939977fb77be149

C:\Program Files (x86)\IObit\IObit Malware Fighter\bdquar.dll

MD5 8d59c96d18d3f75470ce4dd0599aa582
SHA1 42d9ae00b2ee51c8856d00d666bc7f381d11ab89
SHA256 a2c7069fdac0516fb5abbeaf9e3559145890a7785908004324bbb09429a4c3f6
SHA512 883d2c101dd2402239a2a983b4aaba58c1952db54accf1003630b3a330088ec876f84e4691d09b2b36c43dc03ecdbe165eb790871856ba76dbfa05d7afea6391

C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe

MD5 fa99fdae81366ec3ac4a7c6caac805b6
SHA1 3387759935ebef913a8351c5a26d5428990cdc86
SHA256 e15d3341578fcd9dbe3f65956008afd178d4cc927d0bc13febf5abdfd96bb6da
SHA512 6d5a3e84a7e1be2e869317dcfd547681770721f8633728a0c37615f2bc47acf08d90b09feacc3226434348bb38ce213545033c893f3d480d37d1fd687b7c70d9

C:\ProgramData\IObit\IObit Malware Fighter\init.log

MD5 d8f0b771778c0c4358be68cedcfe289b
SHA1 0f2005075a3e673422d31a2c604cd41f55fb9339
SHA256 f0719d54864b4833d4262a787c000e526f44380c77c3da6d9568b836a97fbeba
SHA512 105afbe285b4149ac148da7b1a973d8a6f819b12e7d20082512be969cb46d8565a22a5f63497c3640d4dc89180fb74488f01a96c89b5018febf9ddc205bc0014

C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.dat

MD5 ea9bdef9ad9f717daa6585e620753e85
SHA1 d4883520732df9c7671da488ac7fea1891ed2804
SHA256 3a8c13242dc54e7f8de963175344c75e52ab0db30524cea4c9b2d27d322372dc
SHA512 3da87cc98eaa9a729169442f8f35299ef9db4e1bc823d2ca90c9716456b8927d8137fafd9eb6db6cf37b5b48d6e13155b3ece30357cd241ea23656ddac26da8b

C:\ProgramData\IObit\IObit Malware Fighter\Main.ini

MD5 527c16744847db7e3c7b13e3aad8867a
SHA1 7df8d5d89c57943bc10be73057305a2d12cec8f0
SHA256 9376b87970bc11557a909895e87c168587f5230a15d41432065f31b8e00400dd
SHA512 d5aee2759d1e9c84dc180b8eca91d1c14937ddcaf071db193215537eee6272f7c28085c52ca76d440a90aa846295ee019fdbf2899487ba255d68e13360d2692f

C:\Program Files (x86)\IObit\IObit Malware Fighter\DetectionEx.ini

MD5 38761cc2ff8675d081822406fffecf2c
SHA1 207817d0f418cfbf1c5ffd04e34078dd3ffbe162
SHA256 4a47f1ce0022ea9d6d2384f2baf762703e095f906480e49e99d2a4209fc526a0
SHA512 6ff24a6b31dccf48766d6cd9d6c5ed22fcd2668c160e893ddb03d391e33e42e0f0c35e656e2e27af445644b502cdfda946b633fa29888be1e87180bf48412068

memory/2276-2291-0x0000000000400000-0x0000000000AF0000-memory.dmp

memory/3860-2298-0x0000000000400000-0x0000000000787000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\7z.dll

MD5 87ea820099d43d2b4d4faee5938539d0
SHA1 53980bbe418c1c96d5b7043797e4e46303796506
SHA256 32d4050ee6b5404ad86f3ea9fc1f8b82d360a5da551ad49b91d3db85c8fdcbd7
SHA512 7e34c100f313c32e597f424984bb35e70a551943076a463b0b3e56e79c431ba48a321959cdea14cb9df86fc8621365bf8c56f0780f9cbfd4aecd267daec5f35f

memory/1492-2299-0x0000000000700000-0x0000000000701000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe

MD5 65d2bf51f9de04720dd7166e83c2def4
SHA1 c097635969e503607f4715d2137c0093f6ceda4c
SHA256 03c0f4c61e74b2c3fbed48645bc8d9621fb64823891ee096b71dfd7ada6e10fc
SHA512 485568f2c6860ac797441f3bd4631f29e6065fbaf35122b0e23f2d4070caca69587ddd787a46f2e34d24cca343ec6bca62048fc0e9aa35342c9d2cbdd64dab2a

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPNativeMessage_Edge.exe

MD5 a4c4cb5cd7e4c30d4d7e0dfb58c00a22
SHA1 1cf21920ff7c3f14d9084ae72db87b14de8635e4
SHA256 a711deeca99de5187715b98d942ddc93ced74d426f2e7213bd1237d5fdc31bbd
SHA512 b3f36061b60a31f6620f634e2ed2944f59643de2e08e1186eb61592d1660291f294afd5f2f9974bec504e130904222b2239387958d7dea82fc22f856e89b6781

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe

MD5 a16d157cb8c22533e2906923afb1bc81
SHA1 b621afc70b8ead64cce22ece1300667f28242c14
SHA256 601844e474bffda86fdb65cbef5e4f53b1f27aea3061712d25b80bc34c543123
SHA512 2587b0c0b50346ffdae384a164383f27d6e3a5df4c5c65553d6b040cf8647c271c3cb4e3628169a98f6d9f57210176758cfa9d40d5abad6c08176c852920dbe3

memory/5132-2441-0x0000000003C20000-0x0000000003C21000-memory.dmp

C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini

MD5 7d12d49d4f49520284e13c71ee4e5973
SHA1 98ff74dc599d183608e17f667db3922ef0c65e66
SHA256 214c6155423c8aa516dd524b30607dd1eb2cb63218c569b8fae5b7e63056364e
SHA512 15246cfa69421893e3118cb720e9d0383e7fa38c1af4fda18e677c9bab9f207ad55888b88a8fe34569708d0e335ae86ac61aa71bc68e4717fd1a69d80b859d22

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPInit.log

MD5 1b73665e4a80ccdc96fbace369510118
SHA1 367754fa35d710be5faf631ae50c0e7b02e6f96a
SHA256 9462abaf4c06a4b8f302d308dd8ddaf4450af347be859ee1eb13ad6a665d58ad
SHA512 888456348200caf3c5101499e7549ebe5d59c03556e1b318866397e226b19b91d8deca7e45a19bc6df0e035379a31accd00052f59272e835b76878bd90eeac79

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll

MD5 8ee9e37fa665862520d975685feb5d01
SHA1 1e23c02f6a67dd312e0159e4adc534509788211a
SHA256 175a29b2168cb4becfab3c73f7ad5caa003ef46fbb8ce974ad5c2d93f53a5a88
SHA512 1b6e55f4fb72e64ceaa830078076fc749f4e6e57e35ebb659ba99f3df74f909e3b02980a50016015bb1c7c2eeac6b8c8b5ad2ca003acdcfaad9e2c44bd4a07a8

memory/5628-2453-0x0000000000B60000-0x0000000000BDF000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Database\base_safe_browse_v4_0726

MD5 5f9d9ac9c630b1ab1d82c26d1d668c29
SHA1 a5991e901e0c1a1ccb94d7010e3f8d3f5c92fcb1
SHA256 60517e1e6549162872a3c92f4a90193e45d290fe762c66b84aca90c455e72eb1
SHA512 28330080d076677782be94e11efdc9a0ad482efe2f0fbbb587a5656a0a2c727b51d3b7b1f4d596dfa17852f1bf75ac4fed14dfd0eab2f505b5a2be9b4db243c5

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Database\spupdate_v4.utp

MD5 135eb7f096c67e4fc8fc744700b1a5b4
SHA1 acca567c68c5d2331f2ab97ab80753f9c774772a
SHA256 621564ba6cf12e07ba7acb0a487f1cb1e47b7d23adfbfb2f72a0634b3851618d
SHA512 c7a680920be627ee83c7f303d6ff575e1c5d91e73599f11593781a4399d9117ee2387a9dd37f92d273db1f4aec3e6caa8663f1dc146e99bc266e3be5833b7b39

memory/5132-2554-0x0000000000400000-0x0000000000567000-memory.dmp

memory/6824-2578-0x0000000000400000-0x0000000000567000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_x86\IMFDownProtect.sys

MD5 999351c68aded34ade7f2da8537ae954
SHA1 6a654ba5450854c9ee32f212955a55692ccf2a15
SHA256 304c74a41b079af9806d15e82fd81d67755634d56124545fe9286ce244e5cb07
SHA512 93c24a21e7fee5449a3f77b5ec09956144a03b48d52016242e888b34fd3a4a8a7f255365edb6433af839431e39e409970a368b4df5119358d5408c2d468481bc

C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_ia64\IMFDownProtect.sys

MD5 6e6d1d942bf01de223ac11fd926f567a
SHA1 fab5f1546e5ddd05d0b23c9648ddecf2023c1aff
SHA256 aa7bab1fc32bde08ce7a1aed74488e2278ed0dc3ecb3f413831c27addcd004fb
SHA512 a171654ea8a82229d64fdaed7876c97107d036f1318c1fbe57fc67f9e27fe0f1a39e8769019ad25209356dfd6bb727a654f595e6820c4c986c80040b0a12e3a5

memory/6504-2657-0x0000000003E90000-0x0000000003F96000-memory.dmp

memory/6504-2667-0x0000000000400000-0x0000000000787000-memory.dmp

memory/6504-2658-0x0000000003E00000-0x0000000003E01000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFDownProtect.sys

MD5 fa0c79de2e2766501450021f5a6c88bb
SHA1 d7711f7ba0cda7c952d0aaabc17895cb9ad9126d
SHA256 d1d1fa568414fc0abc65f87e9faa3fd828cae898dd01ff3dd82e7282932ff89d
SHA512 f0101167fb8b6f3f0a9758af27f7ab8a61c6c05d762c8e5248fa1c42ad3ba5cb43de4747cf0d7b158bd9b667fdeda8b566bfaf78e93a49d6e8200375a87e41da

memory/6504-2675-0x0000000003E90000-0x0000000003F96000-memory.dmp

memory/6504-2679-0x0000000003E70000-0x0000000003E71000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPInit.log

MD5 11c627a6e8521380b5bbcda9235ebfd8
SHA1 3e88af93551156824c2c99f743b4131041d23636
SHA256 30da60d8f962a99fb10903f9401340c7a33f4e2fb192698051964c07b2ea320c
SHA512 721a9fbbbb3ccd7c31f34125e4544805ecc5faab919df822757d94d8b1ad725fcf86eb243662175ecc5a7e7414709d26e3a986bb5455b95dd398b0c8907442bc

memory/5628-2469-0x0000000000E60000-0x0000000000E61000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\language\English.lng

MD5 f2837842d7b70f82b3634c8e16162f2c
SHA1 9eb65bed6ed00e5dc6ead1d6bb64d17dbe923e1f
SHA256 482fb4f48bfa81ba9b5de73e043d1b0b6880cf548e41fb1271005ae6d2eacf91
SHA512 1d41c142305b3894a5d0cb39720cf679b35531d6c02c710483cf796ecfc40063d12fd4dd937bf14eeb129e2f57e1274da5ef7b7264aa664e0ecc24415d2dc87d

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Database\ASCPhishList.db

MD5 36852aac53bfd1e3246bcdd4939fa237
SHA1 0f5c03419517865dca1a38e4e8b74a862cc738c4
SHA256 d0659f308f39c8f9832087494f866ac673d636cba002f7bd38d86fed659704b8
SHA512 30eb0058d3f1e1976951d7153722c646de3fa95e72477dd7f55a750c4ab234493fb7657b6043e075eb12c37d6779f10af857feec0610161266368b9c1a7acf70

C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Database\SPSpecialUrl.db

MD5 9b28b37cad2fb18f3d0dcf34a49c8f30
SHA1 5d8856b6580fac2554b99f60f31c61450ed871d5
SHA256 1c5fb0cbfbc4fd3f3b3551f6a78681f3acdc57be8ea0b1cebcb7e3c2504b2780
SHA512 313e522d39b9c1b1d10a065643ff1bd9b8c9d63b7f54481e3dd7dfc1f2f3662b7df82d0d2c46c370ecb820d5e7e332591e5fde3cf24ebebcafcef59a12197cc9

memory/6232-2705-0x00000000027C0000-0x00000000027C1000-memory.dmp

memory/6316-2710-0x0000000000C50000-0x0000000000CDC000-memory.dmp

memory/6316-2718-0x0000000000CE0000-0x0000000000E14000-memory.dmp

memory/6316-2714-0x0000000000E20000-0x0000000000EAA000-memory.dmp

memory/6316-2719-0x0000000000EB0000-0x0000000000F3B000-memory.dmp

memory/6316-2724-0x0000000000F40000-0x0000000000FC8000-memory.dmp

memory/6316-2734-0x0000000001590000-0x0000000001591000-memory.dmp

memory/6232-2738-0x0000000000400000-0x0000000000787000-memory.dmp

memory/6316-2750-0x0000000001570000-0x0000000001571000-memory.dmp

memory/6316-2728-0x0000000001550000-0x0000000001551000-memory.dmp

memory/6316-2762-0x0000000001630000-0x0000000001631000-memory.dmp

memory/6316-2773-0x00000000017F0000-0x00000000017F1000-memory.dmp

memory/6316-2777-0x00000000017D0000-0x00000000017D1000-memory.dmp

memory/4816-2784-0x00000000005F0000-0x00000000005F1000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\LocalLang.exe

MD5 365346a248fa2d004d3cdde08bc522c5
SHA1 38493898d4a5669d75a00489ca25b67f99d9e647
SHA256 d6f09874d9d3d172908a3a19f104453a232c94d44f51f967ddfe7d6a90ef6aa7
SHA512 ad57af38f3f56b96a95acc63f31ed4b210247feaedc2ba3123ed2fce42347c222b995b55e2a47000f1ed6191bf2c07e6d8ad482af222bb9745a93600ac423252

memory/2676-2814-0x00000000026C0000-0x00000000026C1000-memory.dmp

memory/2676-2822-0x0000000000400000-0x0000000000787000-memory.dmp

memory/1756-2810-0x0000000003D50000-0x0000000003D51000-memory.dmp

memory/6316-2829-0x0000000006080000-0x00000000061CA000-memory.dmp

memory/6316-2900-0x0000000005F30000-0x0000000005F31000-memory.dmp

memory/6316-2896-0x0000000008EE0000-0x0000000008FF3000-memory.dmp

memory/6316-2852-0x0000000007680000-0x0000000007786000-memory.dmp

memory/2536-2907-0x0000000000400000-0x0000000000787000-memory.dmp

memory/6316-2906-0x000000000A700000-0x000000000A80A000-memory.dmp

memory/5284-2918-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4848-2931-0x0000000002370000-0x0000000002371000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.exe

MD5 2af527c0fa69e8108bc6cd7e51f02aab
SHA1 441c59fe3322650d76540f1b31c3b2505d0ad0c3
SHA256 67b897e6eddd40ed694a15fc22bbdd821ba6264c69f30d3cb00465af4142e6cd
SHA512 22a367b1aa53bd2070a140ea101b6d821559df669fce1c9f31476420e2bc0f5dddc7d023d90cb9a7ca286dfcb21e4f444b9b2341981a4b937cd719916271c6e4

memory/5772-2955-0x0000000000970000-0x0000000000971000-memory.dmp

memory/5772-2959-0x0000000003E30000-0x0000000003F7A000-memory.dmp

memory/5772-2960-0x00000000025F0000-0x00000000025F1000-memory.dmp

memory/5772-3014-0x0000000005420000-0x0000000005421000-memory.dmp

memory/5772-3015-0x0000000003E30000-0x0000000003F7A000-memory.dmp

memory/1756-3019-0x0000000000400000-0x000000000066C000-memory.dmp

C:\ProgramData\IObit\Install.ini

MD5 85ae1b45e902794a0777a56ecdcdc1b9
SHA1 d420465f9483f0343bd1b20c43e60c32ac849a03
SHA256 da5afd8157e942bffb969537d5932281fa0bb29727c607ea3d347768eec837fa
SHA512 577fecfc22adcfb28e1ad14b0aca470a54aae30af22254f680ca12b0271d0ac8a85834bcdbc330ad833e10f122daed2537353074e178f779b1b680dd036cec67

memory/1756-3121-0x0000000050000000-0x0000000050117000-memory.dmp

C:\Users\Admin\AppData\Roaming\IObit\IObit Malware Fighter\HomepageAdvisor.ini

MD5 14d032d8bb31fc209e570316095492df
SHA1 d24b6112043704f9763cb94924b4ec4e64fd89d9
SHA256 06ea89cfb3de3c8974f2fe1ff6b9c4e86c9b10e6d1354e904825cb291dcd3693
SHA512 add09aa50f42782849a2136caf01cb19ef7d0a4ea8e7e351d452e043059a31264dd36aa08d3b306cef7b2a5d86dbd651b67d1ccab66dc385c50a553a1133160b

memory/1756-3122-0x0000000059800000-0x000000005986E000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.log

MD5 04e46190dbb14f4100bce81e1b6923f8
SHA1 618de7fbf33792e079014fb455e415cbbc57f0bf
SHA256 a0ebf5da69413d69390dc3bdc4fcb197879939581e4ec7e5032cc5461ad79f63
SHA512 3a9dc95eae55b8c7b15739bacc008f1f173940897218eb747178a3a07aa03a9fa6c7f1b3532cf31d24c6eb52ecd9904c5d81c2eefad374031b9757a46bbbc921

memory/1756-3123-0x0000000057000000-0x000000005703F000-memory.dmp

memory/1756-3124-0x0000000057800000-0x0000000057812000-memory.dmp

memory/1756-3125-0x0000000050120000-0x000000005030E000-memory.dmp

memory/5772-3137-0x0000000000400000-0x000000000061D000-memory.dmp

memory/1492-3143-0x0000000000400000-0x0000000000530000-memory.dmp

memory/412-3145-0x0000000002470000-0x0000000002471000-memory.dmp

memory/412-3146-0x0000000000400000-0x0000000000787000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.log

MD5 f17eb3a7aa796978da2c810531f98a53
SHA1 4f298d44b979ab03d467557d76faa1433b19ff53
SHA256 940ae1e93c4a2dd44130c636beaa3ac0eef8eb1353d257d7bff154971cc284af
SHA512 26a3684341b6d08bb426e4818d2967b88e28398ddae7a60e3ebda0f25e72a029c5e72d5021e94248169e960670bafb401ac311d302cb69bbf0f36ced2ab8d095

memory/840-3149-0x0000000000400000-0x000000000042C000-memory.dmp

memory/4848-3150-0x0000000000400000-0x0000000000787000-memory.dmp

memory/5112-3153-0x0000000003D80000-0x0000000003D81000-memory.dmp

memory/5000-3204-0x0000000000630000-0x0000000000631000-memory.dmp

memory/5000-3207-0x0000000000400000-0x000000000049D000-memory.dmp

memory/5112-3214-0x0000000005520000-0x0000000005521000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\Downloader.log

MD5 33f2aebe2ab4646a24866fc566a44ff5
SHA1 a492d12346b6dc0a29aa535a8c31e05a62b8c755
SHA256 addad67d41be8d021b850b709bd9f8644d6d0d820f1571052a66e745330f6f24
SHA512 b126a36f7d5d67567d31a13392398d386dd60f85fb5489ca6d562aa6fee212a4b2410a5e6092fdf3c18ad85e2d00ca83d4fd46b9b2f2dec1c69f5e0886bd6ff9

C:\Users\Admin\AppData\Local\Temp\SV(XYgTczu#vPagN.tmp.dat

MD5 b67bb2d2be23054b491d3c76b3ccb9ea
SHA1 ad6958a9125882cef565d385d9470439be7f3d3e
SHA256 d42f8662eb3b52ece225ab049bf022bba1e1a3dbc19f54624673ecf861bc48e2
SHA512 919a31c9912ac234fa10f3eb1846ff86d03045a227594d086cbc094ad284705e15d3248e1f6927829eef351f60b71187d3099cfa2d40fa07f459d58ca3d9d603

C:\Program Files (x86)\IObit\IObit Malware Fighter\Downloader.log

MD5 a1a7e9ad414a4bfc3e49e1ff943b1600
SHA1 c3e95bd08883bd1e360a45d7baa104e03b51b4a6
SHA256 01113f986ec3076be54d668f7b774d7a78a47671b0103072ad77b0d4dbf352eb
SHA512 cae8a02fbb7269200d90524314ad96320cbcc74c8729e775063d47dc144c5508b6b977ffe3efbf3d8b4e888a170269ddbfaa40060c93c8427b830fb6bc2f8f78

C:\Program Files (x86)\IObit\IObit Malware Fighter\LiveUpdateSrvUpt.log

MD5 fdf9a28674b8569ef1b7a878a6a125e7
SHA1 42788cfcd0f395c77d91a96139b4abc05a97743d
SHA256 185f1901980a0c2fd2a00e9f448738adc839a36cfa1f19bd9e9472acd683fa7d
SHA512 92ac629ee78430cb98c0b369b6fba9710e1f60d6b0817731eeed85f3cd5d0770ab25bee61661102e134363332995014fb26d17aff95b5cd0630840cdccb8a4d5

C:\ProgramData\IObit\IObitLiveUpdate\update.ept

MD5 ad4e179602804f103577107f8f5268a7
SHA1 7c6ca9fc7129f25834ff6a9dc29656971eaaa609
SHA256 71ae6cc20f6918d74d945e2b1f299fb10616cf567c38ec7451a7d9e8b4a32603
SHA512 b50bf8d785b958fc8aff27aca70355cc5119ee6e2fb8321906f0e56c2809c2bccbf998a7e756eefa10c9e9d4436670a9a8c4ebee25ba04c8dc50ff965b27d326

C:\Program Files (x86)\IObit\IObit Malware Fighter\Downloader.log

MD5 7621baebac99ad449dc80ff431877df1
SHA1 14363025e53e6c54061a75cdbf09fc1d0965937d
SHA256 8e7c643a83d49c90ec0c5c2c4e49f672741602009eae6adc7ad54c148df42ed5
SHA512 9411168f6dfc21d3621919524bb431f6373560951a729f602921b6d222c58184a3e489a02b95d4eb315f8d9644305c419841ba3f05944c98f931ea288ea24917

memory/5112-3377-0x0000000003DF0000-0x0000000003DF1000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\Downloader.log

MD5 810ba279974453ebf1ee629da299a093
SHA1 63121d903ff44ef333e0c2ea3f7b186c3c9387eb
SHA256 d32bbea5d391783ce62838ed51a17953265ed052ca449c125dab15806c5ac7ca
SHA512 266d3f666248d6ffe877c5f0d0eee951b7400973699cbee3b4a0ad8f08e5bc67dad7df4647a64c5ac558baba98ebb018429a0959c1c0156e0a620e6ed5f179a8

C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\ASCSpecialUrl.db.dat

MD5 5761525d6cc35bd9aade5cdd631a6100
SHA1 aed3b6285080c8003472006c6149ecf35b11b918
SHA256 348c98bcd10de3355e473e712a71c42ae440a3e11d493e4891cce3f973abf870
SHA512 1c7c2ac9e22b1e9047200be243480a9fd19887652e8a50f6e972b0a369f99b68ee47758994656d8f415795cf6704514bb0d4e3d07c96925239b62206823d046c

C:\Program Files (x86)\IObit\IObit Malware Fighter\system.ini

MD5 c177412ce5d4ff2a78f5e9b7ec7126ea
SHA1 90197c59e12f707b15984b6ae11ed724d0f3a422
SHA256 f9411fd2e4515c3c1ff946dc2593b827917690e31e8b332e3bbcc40c17371a47
SHA512 96a9b9a1d3048ee7cd5a61e4aef88db5338d4a248c831a2330b4664961765c50f4690f02831fa222c2c3d7ecb55b18b770005df358102a5fda294a162cc0a848

C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\SPSpecialUrl.db.dat

MD5 7dd78f53c27df123e0b6dca377514da1
SHA1 a37c05c5789a8e245414bbe4777bb2de2aa1864b
SHA256 c22bd7b19339dd2d1d90765125a41e016093ef7b59fb5b3facb7f4e04d66b840
SHA512 21b7b0a6d3d89bfff9b3e2fd9435aa40a63ee532e12bebf35f072a3bc58aa9b9f128c94d11a19780daa1befb2b9aded5891c37685ed71828ae32aafe5a87f357

C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\ASCSpecialUrl.db

MD5 37042f0b7557d5ca9f52d340fc46d8c4
SHA1 5a1671a93a4e4fe8ef589de2aba5f077ce2559a8
SHA256 2c85d0d3f04ca74c0feb7dd963bd3ce26b1a128da1f29f12475a6e8993533048
SHA512 435ec5b69eecff074b178ba2cfd1b6edc9aa34575324e81e938930547a113b849cc646d5d1b62b5fdef22f78f20782379c180455e8a57036ef97c500b18b7fb0

C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\SPSpecialUrl.db

MD5 950a801022c966b4a48a5715a3168eaa
SHA1 7de6fbf4f8f3966a6008324e8588adf6e025a00e
SHA256 3d2200848731896b51de2fd20959d37786d82fcbe3d4edf1e7eac8b9c41e0fc1
SHA512 1724d66f62eb1cc03f37bfcc2460b829188c46fd7bbe44dce2171ada335fdff8c3884192afd9fb450b6925077a015c0970281880cb9ebd90581d0fd44f147612

memory/5112-3539-0x0000000005EA0000-0x0000000006078000-memory.dmp

memory/6508-3546-0x0000000000400000-0x000000000056D000-memory.dmp

memory/6508-3543-0x0000000003C20000-0x0000000003C21000-memory.dmp

memory/5112-3547-0x0000000000400000-0x000000000070B000-memory.dmp

memory/5112-3548-0x0000000005EA0000-0x0000000006078000-memory.dmp

memory/2276-3551-0x0000000000400000-0x0000000000AF0000-memory.dmp

memory/3916-3782-0x0000000002510000-0x0000000002511000-memory.dmp

memory/3916-3794-0x00000000040D0000-0x00000000040E0000-memory.dmp

C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini

MD5 5e18ec8f6a13d37dc2e63518996a31f3
SHA1 992e65e7446265db882162924ce8991fe88dbb9f
SHA256 3df31dfb3ffb3c28988a15cd96263a1a5eb645f9e75d2e18f4e0cdcfefa7f93b
SHA512 ca5a707a71a5939e675e11a0c1efbd63e903a0c9744898b2dc8285fbdd65bef967ad74a14c847cdd2b2dc6eb0a1a6cd939f6d1f0a906dd425f706eb9fb0f5506

memory/3916-4118-0x0000000008AC0000-0x0000000008AC1000-memory.dmp

C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini

MD5 cb616a534709ba8ef6c8b44d94679de2
SHA1 c7c3603e9d505f68c8f7b2e620bf9fe7b2349ccf
SHA256 8d21b363d7d5d7bb86c1a41971b79070e95d7eed5a66a0e6148e584651df3bd4
SHA512 4d7e9524553cff60994749d8c78eb78bf204e9f2bc6e1ca78ec5243165ba17ee5a63d33a440668d494cd1accd7302d761de065d9717217963bc91cd7d9c407ad

C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.log

MD5 d3ad4ffb4ba31506664dd3fd2b978da4
SHA1 68d7f10603b6f707356382e3b45a3022ea927c4f
SHA256 d3ad3452c75cf3c76be295e9a40aa3adfd35e360e53ca01bc0e262f34ff93cd6
SHA512 edca21e74dc3b0fcf61ad06cb880aecdf6ed420e33e348b7c5991ad0fdb5785f09d64435b93573656a1b081dc876bb06f8aaa695135c11bc792dfcd67a7731d4

memory/3916-4286-0x0000000008D70000-0x0000000008D71000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.log

MD5 4eb752809999f5174b376a0737869ac2
SHA1 bacc22847919cddd9ad26c9bd46600fb022436c1
SHA256 0b46f35bc6451a786da809e0d12d70077f2cd76050ab892f15d607f7cb158ddf
SHA512 a840242d5f1f2760417e781bd99b034368bf5bbbc8a9f0fc4af27d0de0b6d7469e59c9294c4044bb7148ce290c2c68aa938c2cf0473e411db5916b9005ef7eea

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\Update.ini

MD5 42ffcf11a835d3e4a014d3d2b6f5e7d3
SHA1 119f7f74ce42bf84e888e458f008857e1ad0163c
SHA256 a3223fe028f77f68390e76449867ad5d0308f897297af7b4678c359eaf46dab6
SHA512 415a424c561df00dfc001b27b5b2e21154ce67dc2dc26eba90d5710519fd9a790c392e0fcc3eba640be2bb8c8219accbb3847460919eba43b36001d90c701c26

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\UpdateHistory.ini

MD5 368db77aa0af415093fd507e3ece83cc
SHA1 e7e1db53347a225ca9253a64a619eb7de27ceb35
SHA256 b7cea4a8371498b1ca780470f3ad0a1a728be2f984fadea0d5717e7b17253c88
SHA512 e9c1769d4b47face2b091a5120d10f9e162553260f7df374e08e31b4c41caf9c81b668b0bd7164b1b8e3e22149bb4acbdaf8b8784f28fc0e8f10709edbdd86a0

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\giftbox.dll

MD5 dce8eb6ba156d76bd4500a0aad22c35e
SHA1 79557dc278e61cfc43bc81fa04b5990b09d24a73
SHA256 ad405f773dca37ffbb734f11f21031cd4f8c7ac331b3e0895e80b2e45a6835be
SHA512 34f5d7262ad5e6fe99b9b1b8cf6038e6ebfa702c1b5f1d2335d119888de2a45267152670e3545ac9860b69c86a4552079f80662e610d20e4c651b0e602119eb5

memory/3916-4700-0x0000000008E80000-0x0000000008E81000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\PDFAC.zlb

MD5 517d7b8826b11751fdeeff1c1f009071
SHA1 e784c8cf4a9fc009804184e25aa028f1ac9519f2
SHA256 2db076468a82ec01b6b7e35310b5acc943782d892a48c2d0cdf46a675c4024c6
SHA512 ff470d17b53436d00bcdfe09cbc73b845a68bdc46f0b28eac87757229413f6c9de8bbe180890891fcdb4412bd0ddc3cf8ca05b24683c2427b2d7840baa4c5beb

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\PDFAC.zlb.dat

MD5 aa501213b5f7da38407ff7263a004048
SHA1 0a397be292f0f35c3a4a655a4f91b6318bb8f52e
SHA256 81a865a19c40d41ea66e73206ef6f139916935cb03120ee6be06e60ca65b09a1
SHA512 33d4da65ee1012d74cb67a61b4bdc3f3f4dfc104c4dc1b3a2c44ef84e574402a1eb6a880b060dbbea710699d2c2afd4ec7912506b67b55890929e7e16d1926dd

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\IDRAC.zlb

MD5 6d7db7d675eece609f54efc617b0d100
SHA1 141f4ac3aaa0d8ec5a7df6e04b27f392f7951930
SHA256 55cb42d19ba021ba21831c300dd06b7e4522aa7ff3057a8bfc581017c817d3df
SHA512 45352ca1b140a6902c743d8cc192ec8fb7484df1882ffc1b89a95e35a2a35d24f0962739f97ded2fe0806ffc1d474e7438f22ec24efdd9d8651451c5205f769b

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\pub\IOBPPIMF.exe

MD5 a928bf113caf194f07f6f69be87eae19
SHA1 994e18a576244c78fd847b82a0b735b3e3e962e4
SHA256 e10362f3307d2648c276d88358125f6bafbc635f431eb2b6bc7953392633cdf2
SHA512 c1cde78507842afef1cc21286ead18bbe6b73fe30c2c0cb5b632a9f73cd519707ae33d67d45692da4a64a549b8f812fecd92a3d9dcc84c61fa0ac44132181b50

memory/3916-5159-0x0000000002510000-0x0000000002511000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\giftboxext.dll

MD5 69ebe0c35fe85f0578fa322606fee6cc
SHA1 1c05bcff36221367a4ee1b0551bce1048b56e6f4
SHA256 8eea3f0e694e0189597904d0c20e8f12f440853e1bcf797eef93ae5f1fcc8614
SHA512 71342b13d7769e05dce5b1e2171d7eee02d37b2d56719eb58d088e9f8ddbf0ee5c8fdffd374fd164e91f8315dbd1298a630d55bfcc5e492eb62587d4b2b7ff7f

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\giftboxext.dll.dat

MD5 67197d351d25c35f7ff63fa6d0e245a7
SHA1 d843edf2e77e494cdb1cedaa20d4eca3e3900fae
SHA256 b501197093866c9c45062b3240e23498fb44cbcea068adcfc792851bb896eb1e
SHA512 be82e70a95d2307a8e7b33bc5eb1861c0bb2ccae419cddf989335da16d5726a1240afe6f0dc7cf50f04900c7c94ae90d41d418ec12a8f9ed35d8c943a067f40d

memory/3916-5249-0x00000000040D0000-0x00000000040E0000-memory.dmp

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\IMFBigUpgrade.exe

MD5 d7ecd275767ec5f732f340d64279270c
SHA1 e5f465019af6d4363a0062560a2aabe185720b78
SHA256 b5111661c31244336b71c0bb7c30c79b53339e2fb6a7ad1fa2f7237abfa992ef
SHA512 56a00328ef95600b53bdb29ddf799a04578211a31d0b04dad2775cf6a12148219358312a9dd3c8d77334f1971dad7a48fb7ffe09d2c6fc5174a5e45b9c4e659c

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\Temp\idrmini.png

MD5 2a3094b6bea2dd9a1cabcab5e1b5a15a
SHA1 b2793c6ad2f799c4711972230c1e504249ed62cc
SHA256 875156de83f1f48166b19016bdc9892accb4f8a7853f9b77cdeb0bf5df167bb2
SHA512 6d188cea55ffd71b5fbab1df5328967d5cec067a0d8a47f399232a2534aa20889ec26dcceac7d3e5f02e9fd21a518e27529fb83090541a10abc91d28f707c875

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\Temp\idricon.png

MD5 6c8c0cdb328958fd43fa8d643f5f7d01
SHA1 b6b3d1088b3fbea4e8c7839c0bd2be4d5e067e2f
SHA256 3380d88b595422c2c43b8624ba2a49f05e9598bb0d5708053752921154ebf204
SHA512 f812183818f3b3c48b216ff93a63c178b2aeab711b198af0b14cb5b372553057f70849f41a627922746d02511f118f7f4e525e97e6d81c3a158ebdf682fb49dc

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\Temp\pdfmini.png

MD5 c2e61e23614aca63b72dbcf85a88dbc7
SHA1 3a1525ef72e8a273bf74a057eec88f2345cf3f0a
SHA256 8d848735648c29327e545152e7b6eca9e0e7d17a57b5f659941db1dbff9029b8
SHA512 c3b2f7b4d97d0dfad9e0b9e12525845314237d4c357bb5c23d5585475851a7803c8eebfd5c8770a5f0b5a4ff52b2448cbc1a9972a5b8290822b6462a9ae70144

C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\Temp\pdficon.png

MD5 d7c263b0d5d6e2e156c7cb86082d6cbc
SHA1 dd0886fc63f5d6dbb71e6219884fc5a7c6948bf4
SHA256 1c4e9cf03d97a4d8b9d603a0d42508697b634eab7069050a1dae3e2660845a5e
SHA512 9115d2f35130a5fd567a087dc513bf72f3f54bd552da833b6389ddeb256c09ea27bfdcbb2a9f56d97be040d4498bef3a0a6b12326beeff01e4cfda0d7213d184

C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\popconfig.upt

MD5 0a764dc4ef489113d9284575e34334c8
SHA1 29a9b162cec324fd19c2fa998ab0283668f935e8
SHA256 22933a8fda84ba3bab08f0b81861bf6fead661b2a439c6d02c09007ca1a2d99e
SHA512 9bd9e7c4cdbf6cb5bfa3a1fb7c88b036a6fc552924e9584e57558230bb7d039050860a3ea1de6c8211034b8d3206cf2257b374a6a9aa078c3f7fe62831b2bc57

memory/5904-5373-0x0000000000A90000-0x0000000000A91000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade_Downloader\Update\Freeware.ini

MD5 38c3c796cce8c3ee8b681b91d9f3425d
SHA1 46f80d693008adfeebe5aa2efbf824c82cc62bd7
SHA256 abb6244f1cc26b1429e68985dafc8f28e4887c9d1365edca7f520c80f95d6f8b
SHA512 c8ecbe8aaca7e50875c86e0caa940f20e2123e8daae0c081f559ad7b54818ee618559ddd3023a189c0832e46641b03c722af4d465f46ceea19d51767a89bd153

C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade_Downloader\madexcept_.bpl

MD5 aed2a27145cd7a8794ef1c0bd5c3ada8
SHA1 74fb3dfeba50651216fc55f6371027dd0cee3018
SHA256 64c929380edc996bdecbfd78959f25f81259a163080f85793f484e0d8bdc99fc
SHA512 3824f79e447cdf441aacf137e9dd93abadc463d8e9296f1a6c9834d28c23a7e541f0e922831a790a5e5fd24bf941b9f337fda0cc984f0038044a902f5546eda1

memory/5732-5424-0x00000000008C0000-0x00000000008C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade_Downloader\maddisAsm_.bpl

MD5 d7b420736278f0d741daec22883dedd7
SHA1 0c3836c63771da52a82e5ed35c6e9bc4a6af02e9
SHA256 6b0b62cd5ab2ba7071cced2c028ba7faa86ba90ed87e5b81fc116e1bc3056871
SHA512 6ee74c8745dfc8d644ac2d8c9e19fbd53d5876121fb81aea1cac262a53e46b976864b43fd37f0295734b53c38efe933a72798e19dabf97a0ea58e7eba23e5de9

C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade_Downloader\madbasic_.bpl

MD5 e9cc245287b0f8169f90305dc4394380
SHA1 225af87bf23430c8716dcb517f3d5df565a400c3
SHA256 490ab7aa4c70f4af678d39bafe1c48eab6bb7033461b70e6296206c533b872ef
SHA512 d08d67fb4a958d3ddd17a14884338438c02560b6d6fdf2f74b5a6c30ca1164f23ad5afe9bad38588eb588665cc302a1c52f2f09a88747687a8a2c7e78628aabf

memory/5340-5446-0x0000000000990000-0x0000000000991000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.log

MD5 aba4a6232879d6e436c41c35bc1ba78b
SHA1 2773b1a69406318f43e16f097e6975a39f0cd2a9
SHA256 d8be30dcd548cc66c91710177978c9e730adbd152b05122bb309fb58f81fc036
SHA512 16dcd80b9a1a7dc1ee1a95c54c7dd33e29594ab90a12bb0d8328a9e0dc1b1ac6ca1c5baa4ffbba3e3f1b9135173960f2af8419426c6f18292629cd36798c3d3a

memory/5340-5478-0x0000000002B20000-0x0000000002B30000-memory.dmp

memory/5340-5627-0x0000000004330000-0x0000000004331000-memory.dmp

memory/5340-5628-0x0000000004750000-0x000000000489A000-memory.dmp

C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10DownloaderAC.log

MD5 8262e8bed0b014cfe7177e3f179d54bd
SHA1 4066ec2a88fdbce50cd1a2094f0904c6172222bc
SHA256 51ae8bd7ff0a7563d7869f89906d16df166b7a9e019c775ce71b574d68413344
SHA512 543671a10e1b140ed30fabe39a430ef1c58c3ad95563104d27d5b2ca2d3850f8f578892c549b02784a1837a3a788f922827165f2a7912748214d43cb4bcc980d

C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10DownloaderAC.log

MD5 85c4285f604e18388c2a60dd2d2336c3
SHA1 577740ea66f2e489560b96dfa5dbcd112ca420d7
SHA256 45b3d633856b453cc832396fe7b95b8b7f75ca2de696f8f857cb84740f83f4ae
SHA512 fa28d3a47b27bbbc96e4d3c92de9cd16eaffb9c4cd5540a952a3d0f4ef8f94dc78737e14c22890f513f9924ec52241e1c105ab18c4db7869958d5141691f578b

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\IObit Malware Fighter.lnk

MD5 c080384f73b050b43212fdb45dc882a5
SHA1 9848d8e6cabf7c131b23e475064438d448a2c01a
SHA256 b8b0bec1549a232bf2d816d76ceedf7550d5fdc90105a7d1c0aa5120acf1851c
SHA512 b194e3cb4f9b69fa886c9509fef00ca744706796ed5fdbfc2a07638aeb6fe119d3318cd42e30bd9f72fed2c1d92bf932c955f84afa3ec9482839bf24a9ae0d56

C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10DownloaderAC.log

MD5 52392242c9993b6ddfd42fd443c7a6d2
SHA1 f017b053529112cbd62c2985d994de246cc2ddfd
SHA256 58afe255ebeda8822cd49389e44eb60b475ec8deb9136210ef4be39f2ab5f21b
SHA512 0c53cd51ef9dd9a207c187468be7b8aacabc139616329c1a7b8159c1a9bffc833baefc61c0663453c5af47ceae0dc4374f7643f183110c081331868715feee04

C:\Users\Admin\AppData\Roaming\IObit\IObit Malware Fighter\imfnormal.log

MD5 7c22dc5483db56dc2ad0bdc21e77eebf
SHA1 c37992b6c5db6886e1a1b9eceb1d020c2153512c
SHA256 c9b77b6007ef5c4b9163b559cf0df8f620a4ebdd35eb692aff3b0f7932b61626
SHA512 3da7f8bbdb66846bf348965aa119ea042842a2354ac1c22946c07e9009e51808555189729835766c61239353ae5177b0d3591105a7367ea88eece45ca7153e74

C:\ProgramData\ProductData\StatCache.db

MD5 accdd3b35df1a619f8a6dc68bc20cc20
SHA1 2e0835c39e873fd10a8c3b393f55bf30b4e230dc
SHA256 a5b83398f153cca41929817fff801ebce60ea9fc3af565ec10add49f2d227c3b
SHA512 a99ce802aa2bb45a26c3b1f223c13bead29b60d7b1e4860bdca238061b856237a6ef99d64ace531b251a34cbe229e3dce64a90a8999ae2b228667b54b29405be

C:\ProgramData\IObit\IObit Malware Fighter\init.log

MD5 1620b00f41d95b0b9f560a4f59edf7ea
SHA1 edf5862903e05d03abb6747dc7cf319c36820b4a
SHA256 8c1d65075253781baf46cff39db57da33a4dcdd661fb1657e9e8f7036f3a9fcf
SHA512 ec1f9e96693e8e0a18179299a9b572bd7de13b25a1c237878a05e6aeb8b184459d19c553c7538b4d630344645e55a0c9b77e4fd21ed24e32e160568421025286

C:\ProgramData\IObit\IObit Malware Fighter\config.ini

MD5 3afe8b0dcc00f2dcbb907be2f35c5eba
SHA1 a9a1179f3c0381559d339b62f22a697adf474a02
SHA256 6955bb84500522632be524fa54f8ff28ee91c6f4e84bb66a8be0642e16a2a2c0
SHA512 b9ef40e05786c7e683c8d40b4b06f2e7cebeae4532b5e803e7e977f2a1bcc67dba52ed407995fdd7626736f90f7393ee922c62700427a3697a92cc572c4fc94a

C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\cache

MD5 9ca2607b5922baa0723a1967ad366e35
SHA1 4d081af7a33f0739e7e957bc2f809a0cc48ea13f
SHA256 d3cde028221a1067040a0f3a77f45ba54d7d099e81984017f041903e5df75d1c
SHA512 10d6cfef4ae3f78b83ae13be083cc1498b44f83f5c7d908bd635db9f6aee4834e15dface989f92585ed2d00e0bdc56cc89a52461b974dc6239693fe276b9a412

C:\ProgramData\IObit\IObit Malware Fighter\main.ini

MD5 fd161e32f9c81c123a4c38dc79f7308f
SHA1 d426c1d9a96c2c71558c86f4ab0190b1b6978988
SHA256 d25f15a27a6ff33d59f28f611aab6331abd99430ad85cb703cf5676974b48b76
SHA512 fc6ff7f436afaf53de619e89e08ea7c78065e511ff946363a001900f90819eb4eb10a8b9e16826dd6c71ee1a1dac0899cd1914efe7225ea73d63ce1da67fa4da

C:\ProgramData\IObit\IObit Malware Fighter\config.ini

MD5 c33238c3792f086b3f86f21feff0ee89
SHA1 c87a74196f2e4d6ea7de446e42cc0ba0d26723a9
SHA256 1d9f90dfd26af4b33951ab0d2d1cf7f36fc5d6e065c83d70a8bdb1d896306ec8
SHA512 15c10435b37d4ba282ce92cb26379b41444f18e2b6be5880feb9852b44f8d52dfef6083d272be757a44409ae1dacd0aeafc4a9d7d8b0ede3ad93be6c2bc506e7

C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log

MD5 1c3b6ab88cfb2cbcfcbb243ce27886a4
SHA1 61bf2edb8a5e4635a08b185ea47bc0d35b3d9502
SHA256 18180322fd21b89287ca0a4e63221fa087e2bfaf29a1e03515b6d8d8f1c03007
SHA512 1a0cdf75e999d22c1d18e08d2ae8c7eb11ba39abbad0c6eaad4e9bbf8461a4ac30a96dba8d153c336c8619cc3d39fa19111649e41c2c4e8d9f78c8b6f657821b

C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Lang.dat

MD5 1cc6639718a60f89a07182ac09df4168
SHA1 078b772b9f5f54442bf365e737a70e6ca2cce560
SHA256 b9af13e95a3f7eb9c4b8c66e68af2505ce46748ea6c1dae938d961b121183e6e
SHA512 3ba3652afdfecf370a9878a7f5cc73a986ead1e415f0f9867bce0ef077885e2e55d7d9b5ce91220e795b10164a565546ce2aa79c35009b47550d96e9102de707

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1eb86108cb8f5a956fdf48efbd5d06fe
SHA1 7b2b299f753798e4891df2d9cbf30f94b39ef924
SHA256 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512 e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f35bb0615bb9816f562b83304e456294
SHA1 1049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA256 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512 db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 30191c0b42a05c35bab9b6480afdc24e
SHA1 87079f217110c97ffd39a0bf003e6d50d06d254d
SHA256 ab5c6c8441a098a5860624840488370ee17d27e460069225030e2ecb83b3f126
SHA512 01a2a6ba6ec6b45234c94e7a5b4447bb8a17be6fe208a782d8c51f31138cbd4fb31f5cd460fef5b6bb2b62e4c9cf364d9b99aeddb2a80dd699ee9dca81bf28bb

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe

MD5 373a5f937705276fc49941c2c4b717a1
SHA1 f5ca73b7fc1911cd734cd9fafad3fa76f8b06253
SHA256 f38479a5ad18e9844a729fb4ade0c71b4374643e7b4d8820a02e04bd2a0395b2
SHA512 fe44c4cefdabe1d0d9eb8fe374e1f622149ea8188c3e17f5e6d12ea316f6951718a78a20e279f464bf4d990a8194813c47e1952171b85ef9e7a710c4635d955c

C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log

MD5 67e6abc6dc09676d36a1f99f463a1dc5
SHA1 7917c8d81f70999248f44214114f46d5b0e8b259
SHA256 666dcada41891902094386e4ea07bf71ee8536f44158b62ed8820366577375e6
SHA512 0eeb37f07da21adbc823a08af94f5eff304178bd0c86ce5401fc879902c24561732b5ba5683e241829e077011e61942e3e762ac6777e74074cbb047a20960b57

C:\ProgramData\IObit\IObit Malware Fighter\main.ini

MD5 08ddf2a96b1a7b4dd48b2411ee597554
SHA1 23189b5397c4f01b3fc90b3364688ce30bfb197e
SHA256 c82ce37310fb823c0827b45bdf07fe074678eeaabb40da5845a574059e179696
SHA512 558ac35365f7d92be166fb78b5420fe3b913d9dae3220a804ce716296298e288a827a00149aa9c79d7e25886561cc40e92b9f78135909f9307504de3bd5d129a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cc677e382a6f08ccc7bedf8c72e53d60
SHA1 269d8f49cc65a9efd6232d9af2b7ae7b0b3564be
SHA256 3e17324bf256b3aec0064d7da7049bc30234863010be87a5b159d5d4e278dba1
SHA512 d5d002be188f20e532448c99ad1e3fc76ea3f79a48fe6758f352aa40360c3fc651bb82a58a81825712af895270ef08be19b1aa679394b8973874054105273ae9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae13d0cf9998a567432bbeb693578513
SHA1 fadd1012db8cfd0a56b8f8ee8ebe622b9533b7b9
SHA256 90daf1aa68aa81e47acc06a26faa80cb21c333c6c361cf573c9f550119b1779f
SHA512 933e0d6f19cb713b835de2df77bec1403497959ec9f2d7dcaf13810775c4ea2c1e69a9072f413fb52fd88a99d6640a80e8bb9923f878333ed2db72da077f698a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab9b48c4f86478d7b60bb904f300e1ee
SHA1 7eb0153a030b0bfb12f07a976650aa1904ac911b
SHA256 155636209e5daa584d5451abc871a1c890c9d356d120a6d298c493c093f7b9f0
SHA512 5675df51f7e7debe75407171823ec0710bc5969c6ce548e41d509899cb1afb40ca59127338e09b8a6e2f403275f5e8b96ca16c1ffdac3effc2982ba4bde3d14d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 613e857a55225783e9354d1421a7d113
SHA1 7d5e212b55fe9bea77e16e2e4ed9dbf9f08fe4dd
SHA256 02c5469b21ec809477be413176cd551adb4b0032b49b174e031c75922e296111
SHA512 78a9fea888347773093c1d85184a36595cc437e945f89970fa4e3cf164aaf7cab33b7b75f7de8ed552de4ea6a674fae17d9df7dafdf9d0feba7993dd289167e9

C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\IMFCore.log

MD5 f89f1d0d038bf17fdd84526359525cc5
SHA1 13494c7fe58bf4f1025db094cf4405d7003e4d41
SHA256 8562efa40eeffc5eacddd9804e45b50910daf0aa3b6a7311d17658cfa406466e
SHA512 6d0abccb6e3071626c8fd78101c85603169a6192c6187164de3bce97c0be9b2c1c1ddef33f5d5dc0cda61e1ab6ecb5e324df54ba4e165d033cfccc6404b22b74

C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log

MD5 676ea9fa27df70c9dfdb78d4eb28f382
SHA1 3e8646d32c64190753c1eeda585d2ec001b2c6fc
SHA256 e1a4e5d7d8b6cc37a39cbe42163d1f0c26675e69d7fbcf739510a0c09362ae90
SHA512 9a7d7fb549084044f655cc3a4e11150742626e357e3b2253e85f54de5427acd6e095ea266c3e2ae31b4a0c996e10324e69c1f47a72f82c1c9fc15587935c276b

C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\IMFCore.log

MD5 4b324239a1b9018f29f506652b7d02bf
SHA1 0b39ea4f83de622fc7b735cd7ebd12e97e82d703
SHA256 f8848444c7626564ae680f0dd8ee71051ccf8913601593a1d372c7a6b8f22140
SHA512 d9ad87d296e17b75140131e86eb11a3070295778329cd99338c39b3b331b59309ff9cea6fd763f0ff79a31c39ad918bc68dba1e76bab5c744e19308ee74f2b07

C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log

MD5 2a2f953dd50a71cd948f6f1b87ae498d
SHA1 def0f99da6ebc36958a0f0cb9c5cb866dbbe5451
SHA256 c0586e487397c926940ba926d85a3d2550b27bd8aacdc22a9275ea1724d615c8
SHA512 192e6d61a883c331e3ced705ef0e7279a2bc386e81fdc8f5a2d0378e6fdfa8a631105af8137679187aebd3026a75b9d98183358bed2015bd29e838f85bfdb688

C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log

MD5 33c1c874a6504f5275a3d6e2b47b5591
SHA1 c8a8ee7885748418e31f4681781938e3f8e0a147
SHA256 c4fed421fbaf4433ad2e7886c020240ea499a5741da27c229866abfecaca6967
SHA512 78376309cbfaf66aa02ee1400b22468a0edd26361d51e093e3df0d5ce0c11300f04cb6aaeb32b99554ef9fc0a12b478b24ddd71def992fdb7e659d49811fc2f9

C:\ProgramData\ProductData\StatCache.db

MD5 361d19db6edd8025239dc778b0d80103
SHA1 47a63f2a23eda46b586da974fe879c14fc1508a9
SHA256 05b34401a47d340007e3558d7b39b362f74e35e0f11c5d46d05e867e32ec46f8
SHA512 3d5f5e3d61b1eed3da450f6090e322ad7723bee6d5b62229d36d7e9696de2441179f544d82d75e72fcdad348c5dd84f49c839b9dc9e8b7ca1609170c4ba333eb

C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log

MD5 d6c10160feccfd8e66a809fac0bc3d68
SHA1 a98e5beca59d905fda6731b4b2906ffdad003053
SHA256 5a530f4edb6c119f0423a55ecbcaf9a382bdf5ca9b24c6a5a8483bf735cf9e94
SHA512 e23e0912512daf1dc6deeeb81d23d8a951bc78bf134e8f2fa1b98307eb61b9afdbd4af50a98361524995a18e8c8070136e46de086b93c0a2ab9e7668fdc98c18

C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log

MD5 bcac04ade10434d4105cfbf5d6dcc2a7
SHA1 70aee84126354b9fcdf95a153bc0fcb6ab7f890a
SHA256 ed5904c1a973e4c47265dc278330f522e4c45436e569464965a87c529e0b3e27
SHA512 357da8b9d62a679efc38ba36b58b670a4872e63836aa8641ada15fe166c0c4ee5d51ded45bf16fdbfe396c83dd86a2ed394ed97399efdf088fe472f5fdf6a662

C:\ProgramData\IObit\IObitRtt\IMFRtt.ept

MD5 1844b962e419a065320d15c6b06389d2
SHA1 2e98efd5a91a83f011c31714d6ddf6ce55334b07
SHA256 db3315a3f624ce5775b8be56eaf06140b4a74ca149016e756727f89d71d3221c
SHA512 51a0a0c12a9b5253e0dcb1b76f63595cbb3730ff4580db55d5013b2c2b8c69d16165c373e60167faf68353faac8c80deab272c0ae5e0e24431c46313c3639d3d

C:\Users\Admin\AppData\LocalLow\IObit\AUpdate.ini

MD5 0f482c050a24c883fdd87b88622e0904
SHA1 9074f2af741b25c13583ef92d3f0c31edfe30516
SHA256 9c0ef156a5f1827746c216d9371b3ada1c3574b6d5fb5d37b1becccefad310fe
SHA512 1c653b1ec6f65f7b8a871e0ca2ced058ff8c97610e5e97e58d20a44afaf28a7ed9a38d8c4e855dba3a5d2acb9b151c5f8c03a2802340b1b103014cba86660a59

C:\ProgramData\IObit\dnsprotect.ini

MD5 61ac714b024cd9bcc9b78567f5cf8699
SHA1 aaf020969a274ff78b0d56e3a976f7c7d63ddb2f
SHA256 569f73537730a9240d4a5cd127e8b8b79307dc2ead733e77e6e6b73a2ce9adc7
SHA512 7f46d2fe2db6d47dd0baaefc2b41b2716fa589089e9fda52924382a417cfcd1427ab115a882f04d354a6f4e40c55f71cef23abc64267fb46ee9651c81d9e0a58

C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log

MD5 10e664b06ee8a5c1555d71a3074baeba
SHA1 785ba126d1923d04c6171a804ba83685d55d5a15
SHA256 d69034f01a8678ee7a972a3cc1f483ced9d125e8db531f04f1579d2ab582ecb1
SHA512 0a2526b576a73173bf6251a2fb86b0fd9430cd20911dabe7cf13873af9aa62e3abef8fa24226703ead4aa368d529c4b23dd0fcfa104e1acfea04a54fed80a469

C:\ProgramData\IObit\IObit Malware Fighter\main.ini

MD5 6c9b4e2019cbb3d46513743b9f723565
SHA1 096b7ec519dd64c3a4ef980c7d45c3e625b23dea
SHA256 57d53039b70cd5e8e8e0ef25ac03cc6ef7da71eecea02b3dfbe543c314bdca74
SHA512 cafc2e6e7a869a05e56dceb0e6508ee868882ae8dc9c9b1394f9c7b5d86d5face8ab31356b6a18c723ee04ee887f5b8d4a13a1ac1c3916b4811e43323ecbc505

C:\Users\Admin\AppData\LocalLow\IObit\AUpdate.ini

MD5 04faa727ab243e42b305f65190d0be3f
SHA1 844d45f425c7a0042af96b2b54a9e7561a1150c6
SHA256 62848dfae062746191e791aeb111f89c8231d7c34888b18e48eecfe54ecebe77
SHA512 fea97f8516211f11f0e85079cbf88c33f98d6a5b2a87b8e969a0cb508fa633103d77b4ede543d8163295f503a4eb761915dde0ed9b232af742bd3012372d9b16

C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe

MD5 e69bb0f9214fdd368f41bb4d3fb06d76
SHA1 d2d1d321274919db6e1a2ea48c4ed6b664b9bf16
SHA256 6f5011a73146e904d2569b3adc2a3aa29a0c8534109d7f2d9f2afcfb321c9255
SHA512 37c8505b7a2aa09b0a20b2551e3e0b5cefad8bbc4e72e7e5656ecc93887bc9fd206ed1910f3b99c69f52f1e4170d382c029b58e9cd2242877c0b0ce26c54d70b

C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe.dat

MD5 ee075131a77a387c7c08dcb639bf08a4
SHA1 45dd29a7327ea27307aa7a8c13adcf9f91b1770f
SHA256 f99907a3dfd19c8ed19951ce7fcced127287cfa82eac89ad922d1a4d0b4fae8e
SHA512 0b770e3a57722f125d3763f70ee7bb0029a01f85fa3999e91bd4d64e7f5ec239b8b9fb1545a1edbd8608cb648ae89174622faa2c2a7c1df4d0e4c516526f12db

C:\Users\Admin\AppData\Local\Temp\is-EPRTL.tmp\ugin.exe

MD5 36fbe4890f6ba9521092ec299bb04383
SHA1 7f807d8cb7d236cdc163521364b5817650901335
SHA256 f046f2ece8c0f0ae7392153540d981b4605e0074d5426712260d251aec92d9b2
SHA512 2038942ba2d2842c56b521f702778c4ce0b1fafda714c459e7fc3ede527b9a0e85954cad8eb47e899ae4d643c856c5e03fb047e7ea285ca513ce2234a3c7dd32

C:\Program Files (x86)\iTop VPN\unins000.exe

MD5 7f7631a8b8ea62beed1e127167cccb2e
SHA1 6e7bfe06ed5447fdad9ab3ccfe06ea4ba91b8788
SHA256 e6b2acd0738623318f2a5a0af0318b069623fc3455339643da45b67a148c7c96
SHA512 1de0c4ae72fe1017b3d62b5893bd96b63f3a0d1767bbdd130a4d7862cd2eb8bf1d7324e8ea0f10276b17ffe3e8726bfb549c7777998e1d514576642414a14bf6

C:\Program Files (x86)\iTop VPN\iTopVPN.exe

MD5 0188f4d9f67a6586a9e66b5942609745
SHA1 c824274557a94b8d7f14e597f5fc9d810acc0763
SHA256 757a1d7fb5c614a7085faaeb53e6c1c618c1b11a4730a6a5fbc9bd706131000b
SHA512 39cf30929cd2f1e3001a6847d65b39f03ff0c31b59e91b3ef48377ebe04bc81c1a52eb585af5eafbdc546894af9ac2d23365b803ef6053f62806707bc43053ed

C:\Program Files (x86)\iTop VPN\ullc.exe

MD5 dc7cb90b939eedd999cfa2e3a105af7a
SHA1 49eb352320ca2f0b0f909f16679ed8adb5e4d27d
SHA256 f31f026c0d4772ed2e0e66df82b586b37a7472d94cf7b591780310362956cbdc
SHA512 40a25f83db03dfacc70e3ddaaaaf9ded4bd939de9ad0c983ab67519a69b9a9013a6a129a461cf9699f76f3327ff94e7b238bef32d99b0ab7538ee84c925c342f

C:\Users\Admin\AppData\Roaming\iTop VPN\log\iTopNspu.dat

MD5 9d27b51b5a32ed986796190c2265ada5
SHA1 99a6b9476c09e59afb797cde80c494ed180e80c6
SHA256 be5fa038f29943a8de50787249094ed2d0486cdb7a21bec587ff59c6037e5979
SHA512 a04c4986003e06c7d211adba8bc6e4849d2d465867b560b97bd68ef61635da5bfcadc56a626778e6427398b6a7d52a541e8ae7f3ee709e4f3ce9cb2c2178c195

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTop VPN.lnk

MD5 941f14e39b956cc25d149af4325e1c4a
SHA1 5adc583e1f64a545d9e9dcc7d73d296501af836a
SHA256 f3ef433d864f020132927e83763c1efca3e8c7d3b876dea80db55bb69c6cf8ea
SHA512 019c759d59ef00064f43c04b17c1b538e4e5d226561bd9710f96d2777f697f69865dc883b8e4c6ef71e97bc02f0ebcb07b971928ccd717dae05409f2652de81f

C:\ProgramData\iTop VPN\ProductData\itop5Stat3.ini

MD5 03444ac2abbf509195d32aaf39ffd691
SHA1 5f49619c960df498deafb0e491493fa7ce619461
SHA256 b6b72fdaa0c9044a9ff61d3238cbce73b7f08eb00e8605858b95aa21636e8e96
SHA512 f45225ed3e72a8b968a2bd1621a9404caee8c0ffc517aa381a71148e8654815626fa684afaf47993e8397c06cacb7d37c5fc76cd93fc87af6b29eb52ee24ad92

C:\ProgramData\ProductData\StatCache.db

MD5 aa17853d17a0a27d6b878b8d7ad6e3a2
SHA1 43cf849983942413ee2c928cb48b87516fd3d5f0
SHA256 a08c2fb1613ed57b2ce80fd3a429bfac018df810e98a5436a0d73fa7e3e62a05
SHA512 57770ff93592714feff973cca754fbdbe7957b8f5890ec5ffbd0bfb41d7b07c82e05ae5d13933d1bf3247d46b514dba992e45e9557adf8291bd6ad789bb07c59

C:\Program Files (x86)\iTop VPN\unpr.exe

MD5 e93111d3abad69613eb46c3c9ab4660a
SHA1 5ec3d5c853e2ca5d21603567f55e91e516c49144
SHA256 41c45c5a02e0237eea0c2a74f8be2a0827e1fc357430b32f91cfc8fd3ea25a67
SHA512 659dca6eb710e8d9299a0f4e46e43805470112b49f91f26969a448832ec667bb7206cd8e97e38b9b1a29632455919383efd679814307a5cfbb129f0dbce8efe0

C:\ProgramData\iTop VPN\NpGic.itdt

MD5 bf9be956284978820f85a6c7a1235c2f
SHA1 9fe28f6f8e14914dff208f04b125de61b748c790
SHA256 431a5d48d0a0bf66dfe033cee8b10861fdbd618c518fdc925ac63e930817c80e
SHA512 f323d3e68db65dc08054ee5fa3efea987e2aa8e5bfa30130027a2e1ea8ac24273cdfb72df46c2efa7c099437ee133de3c2c7a45a2b6068bebba767d9f24ae208

C:\Users\Admin\AppData\Roaming\iTop VPN\log\iTopNspu.dat

MD5 29fba72546e3aa506b7f94f2f3d9a0bb
SHA1 899b254685299b42889b790eaf777cafb215136e
SHA256 edccb321e95c397195232af9cbef70b8c4358090405a16b8567da138fdcb1da3
SHA512 418cb3a9d236a888854040c6a72d9d570a963724b21496959416927a4f84fa17e6f2dd2c8d8c3e69c56ccbce08d77f30b04c335dd3ec92e76a86b8c9d9b724c9

C:\ProgramData\iTop VPN\NpGic.itdt

MD5 dd8d9bddaef771161380f897b20b4278
SHA1 20df539588cb3eccbb269c9629e78f340c108bc8
SHA256 d06f479b503da96ea84b8b2b5b3e5fea4e302e1a7c66122fd4c182287bd4080e
SHA512 8ea9597ecf3be2ccd61eb6111e5d6564cb1765eefb6b55ddbeeac19670339279ee750190d0f03a574d16dc72f07eef561a1f871b6776bbb40531f12414a9c02d

C:\ProgramData\iTop VPN\ProductData\itop5Stat3.ini

MD5 c7bfe2490e4cf38e9e1a8d9d11b790af
SHA1 44712865d8da4fbde72edce2c0008ad4838fd970
SHA256 c3a1c0c67a6f814966429edf128d44df1cb122ea0fd9032c17cd3be3f045f423
SHA512 02d1df234a0dc260968de682a7323919fdf79d44179e1bb3792e20c0371e4286381de4cd0e67aa220057f3b1c915a483e9f226fdf0d4948c0953d79fd7feb6f1