Analysis Overview
SHA256
fa26ce0bf6d40278d5a1ad78681df5a38313d0dcff7276c45f3093650fae3026
Threat Level: Likely malicious
The file iobit_malware_fighter_setup.exe was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Stops running service(s)
Reads user/profile data of web browsers
Downloads MZ/PE file
Installs/modifies Browser Helper Object
Looks up external IP address via web service
Adds Run key to start application
Checks computer location settings
Executes dropped EXE
Modifies system executable filetype association
Drops file in Program Files directory
Registers COM server for autorun
Checks installed software on the system
Launches sc.exe
Loads dropped DLL
Program crash
Enumerates physical storage devices
NSIS installer
Modifies registry class
Modifies system certificate store
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Kills process with taskkill
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-23 20:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-23 20:27
Reported
2024-03-23 20:32
Platform
win7-20240221-en
Max time kernel
7s
Max time network
3s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp | N/A |
Enumerates physical storage devices
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe
"C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp" /SL5="$4010A,61676072,137216,C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe" "C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe" /FileVersion 10.3.0.1077
Network
Files
memory/2044-0-0x0000000000400000-0x000000000042C000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-VP093.tmp\iobit_malware_fighter_setup.tmp
| MD5 | 9a185744b1d2436d885ee867912be9bf |
| SHA1 | 4eea6027e24e05b5979a583fd731313f1f81c5f6 |
| SHA256 | 00d79f76d339fba1865227e4f19b662774f911faf857e30d1ceb76f034ac6594 |
| SHA512 | 87f846b47efb0e367eccfbe8c82b8b7f2becdb3dd097682469aa0462c36b66258af79e8f247793cac2d51fda046bae59e290d98fe110b89c39085e0c9777721d |
memory/2492-7-0x0000000000250000-0x0000000000251000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe
| MD5 | 28acab421701c4a928055defb553a135 |
| SHA1 | 34d0d2fe955b5e2ba888f4e47129feaec2fea3b1 |
| SHA256 | 38ff33f4288b44abab7e362015a21660db2d9063c7c8a24f10da0edb31846dd7 |
| SHA512 | 36623adab603fd5593cc8822baba2400f462a270634d907a19aea15f21f72d2692b7b2bdecc12a1a4a121347e6aebff10bf6a8594e49c6fb474c942ce503e890 |
memory/2492-26-0x0000000000400000-0x0000000000530000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-KC8H8.tmp\Setup.exe
| MD5 | e8ce233daf43ea941dd60b7d99046419 |
| SHA1 | 0915b2527ffd41585475cfccf08dfd00ce26cb89 |
| SHA256 | 3773dd5727a88717224af37f1014dcc4b9241c7ab2c8143ba99a581db90054e6 |
| SHA512 | bdef261847ca45a5e98cb4dfb08ac43b32c58144ef2453c6e243dba470881f409e64003899dc965f38b55e411c2b2aec1c8eb2bf2573d5516b6be52a07b2ac21 |
memory/2044-29-0x0000000000400000-0x000000000042C000-memory.dmp
memory/2524-30-0x00000000002B0000-0x00000000002B1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-23 20:27
Reported
2024-03-23 20:33
Platform
win10v2004-20240226-en
Max time kernel
295s
Max time network
300s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\IMFCameraProtect.sys | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\IMFCameraProtect.sys | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
Stops running service(s)
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\IObit Malware Fighter = "\"C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMF.exe\" /autostart" | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
Downloads MZ/PE file
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\NoExplorer = "1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitLiveUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\iTop VPN\ugin.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFMBRProtect.sys | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-HGMCR.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-FVKA4.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-2MF0K.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-46JQE.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win10_x86\is-FEUQ8.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win7_x86\is-DGBOM.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\is-DKRH7.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\IMFBigUpgrade.exe | C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe | N/A |
| File created | C:\Program Files (x86)\iTop VPN\ProxyService\libexec\is-PA6EL.tmp | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.log | C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.exe | N/A |
| File created | C:\Program Files (x86)\iTop VPN\Language\is-U3T6C.tmp | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\is-5V3PL.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\is-AGN79.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86\imfpffilter.sys | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| File created | C:\Program Files (x86)\iTop VPN\is-OF7TR.tmp | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File created | C:\Program Files (x86)\iTop VPN\skin\is-3R5S2.tmp | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\is-SAI9F.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-8VIN9.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Database\is-BH6C1.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\ | C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-NDBLB.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win10_ia64\is-LE5AV.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\ImfHpFileFilter.sys | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| File created | C:\Program Files (x86)\iTop VPN\ProxyService\bin\is-70VU5.tmp | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\is-O00D1.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-TNO25.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win7_amd64\is-E4IDA.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\is-0R1TI.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_ia64\IMFDownProtect.sys | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| File created | C:\Program Files (x86)\iTop VPN\ProxyService\bin\is-KTJPU.tmp | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\LiveUpdateSrvUpt.log | C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitLiveUpdate.exe | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\is-8QG16.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\is-61UP0.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-0M834.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-QTG7N.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win10_amd64\is-8IU1Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Language\is-8JR1V.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\ImfObCallback.sys | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\IDRAC.zlb | C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe | N/A |
| File created | C:\Program Files (x86)\iTop VPN\is-1EEHK.tmp | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File created | C:\Program Files (x86)\iTop VPN\ProxyService\bin\is-L1A29.tmp | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File created | C:\Program Files (x86)\iTop VPN\ProxyService\bin\is-21CPR.tmp | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-05BFG.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win10_x86\is-ELPI1.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\is-Q7C5C.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_x86\ImfHpFileFilter.sys | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-M05FF.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Database\is-3T7L1.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-04F1K.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\is-DU5I7.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\is-P4ODI.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.log | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe | N/A |
| File created | C:\Program Files (x86)\iTop VPN\is-BHT8S.tmp | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\skin\is-IIUIN.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\is-4T9AQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_x86\imfpffilter.sys | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\IObit Malware Fighter\Cub.dbd | C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe | N/A |
| File created | C:\Program Files (x86)\iTop VPN\Language\History\is-6FQ4K.tmp | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\iTop VPN\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\db\is-1VR8U.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\nDrivers\win7_ia64\is-IQ87U.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\images\is-N4AN1.tmp | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
Executes dropped EXE
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter\ = "{0BB81440-5F42-4480-A5F7-770A6F439FC8}" | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMFShellExt.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Isolation = "PMIL" | C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection\Clsid\ = "{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\ProgID\ = "BlueBirdShellExt.BlueBirdShell.1" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32\ = "C:\\PROGRA~2\\IObit\\IOBITM~1\\SURFIN~1\\BROWER~1\\ASCPLU~1.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\FLAGS\ = "0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\IObit\\IObit Malware Fighter" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell\CurVer | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\HELPDIR | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1448035D-2AAB-4749-825E-212695AF6E55}\AppID = "8a5f3b39-6e68-4fc5-bbb1-a0dd77d899e9" | C:\Program Files (x86)\iTop VPN\iTopVPN.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell.1\ = "BlueBirdShell Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\IObit Malware Fighter\ = "{0BB81440-5F42-4480-A5F7-770A6F439FC8}" | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IObit Malware Fighter | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection\ = "IObit Surfing Protection" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\FLAGS | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\TypeLib\Version = "1.0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell\CurVer\ = "BlueBirdShellExt.BlueBirdShell.1" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\TypeLib\ = "{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1448035D-2AAB-4749-825E-212695AF6E55} | C:\Program Files (x86)\iTop VPN\iTopVPN.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell.1\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell.1\CLSID\ = "{0BB81440-5F42-4480-A5F7-770A6F439FC8}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0\0\win64\ = "C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMFShellExt.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ = "IBlueBirdShell" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ = "IObit Surfing Protection" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell.1 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}\1.0 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E89137F4-63A0-4E3D-BC26-9E07008F048B} | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IObit Malware Fighter\ = "{0BB81440-5F42-4480-A5F7-770A6F439FC8}" | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\IObit Malware Fighter | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\BlueBirdShellExt.BlueBirdShell\ = "BlueBirdShell Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\VersionIndependentProgID\ = "BlueBirdShellExt.BlueBirdShell" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ProgID\ = "ASCPlugin_Protection.TASCBrowserProtection" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E89137F4-63A0-4E3D-BC26-9E07008F048B}\TypeDS = "{1CFABE4F-2E1F-4B4F-9FD0-1A990F53C400}" | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\ = "IBlueBirdShell" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1BD1040-0103-49C9-805E-FF8B1B7F7EC0}\TypeLib\ = "{ACB9DC96-D7BB-430F-AE6B-97F0DFDEAFCC}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1448035D-2AAB-4749-825E-212695AF6E55}\AppKey = "d3ba0718-af73-4b37-8ea9-6e06074451d9" | C:\Program Files (x86)\iTop VPN\iTopVPN.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\IObit Malware Fighter\ = "{0BB81440-5F42-4480-A5F7-770A6F439FC8}" | C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BB81440-5F42-4480-A5F7-770A6F439FC8}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMFShellExt.dll" | C:\Windows\system32\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 0f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8 | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 1900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d9820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 040000000100000010000000ebf59d290d61f9421f7cc2ba6de315090f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e81900000001000000100000004fca18b530ab2d3765b8830436884be620000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 5c0000000100000004000000000800001900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d98040000000100000010000000ebf59d290d61f9421f7cc2ba6de3150920000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe
"C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp" /SL5="$70056,61676072,137216,C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe" "C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe" /FileVersion 10.3.0.1077
C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe
"C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe" /verysilent /Installer /DIR="C:\Program Files (x86)\IObit\IObit Malware Fighter" /TASKS="desktopicon" /insthandle=590354 /NORESTART
C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-P6TKU.tmp\iobit_malware_fighter_setup.tmp" /SL5="$601D4,61676072,137216,C:\Users\Admin\AppData\Local\Temp\iobit_malware_fighter_setup.exe" /verysilent /Installer /DIR="C:\Program Files (x86)\IObit\IObit Malware Fighter" /TASKS="desktopicon" /insthandle=590354 /NORESTART
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /f /im "BlueBirdInit.exe"
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /kill /updagrade
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /installAC
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /checkaubk /i /f
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe" "C:\Program Files (x86)\IObit\IObit Malware Fighter"
C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe" /init
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /init
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /copyConfig
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe" /CleanOld
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\\BrowerProtect\ASCPlugin_Protection.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\\Adblock\Adblock.dll"
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe" /Install
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /initdriver
C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll"
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /installSrv
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe" /OutFlag 0
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /fix_jxjc
C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BrowserProtect.exe" /TurnOn
C:\Program Files (x86)\IObit\IObit Malware Fighter\LocalLang.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\LocalLang.exe"
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /clearDrivertmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.exe" /install imf10
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /combinslog "C:\Users\Admin\AppData\Local\Temp\Setup Log 2024-03-23 #002.txt"
C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitLiveUpdate.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IObitLiveUpdate.exe" /srvupt
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe" /OutFlag 2
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPUpdate.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPUpdate.exe" /SvrRun
C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe" /SvcCheck
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe" /run
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFBigUpgrade.exe" /run
C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe
"C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe"
C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe
"C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5340 -ip 5340
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 1128
C:\Program Files (x86)\IObit\IObit Malware Fighter\TaskbarPin\ICONPIN64.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\TaskbarPin\ICONPIN64.exe" "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe"
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_ActionCenterDownloader.exe" "/Config=http://clouddownload.iobit.com/security/db/fw-imfin.upt" /product=IMF10 "iTop VPN Installer Free" "iFun Screen Recorder Installer" "iTop Easy Desktop Installer"
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe"
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /checkaubk /all
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe" /starttips
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /install
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe" /openlink "https://www.iobit.com/appgoto.php?name=imf&ver=10.3.0.1077&lan=&to=install"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.iobit.com/appgoto.php?name=imf&ver=10.3.0.1077&lan=&to=install&idata=eyJhc2MiOjEwLCJkYiI6MTAsIml1IjoxMCwic2QiOjEwLCJpc3UiOjEwLCJhdSI6MTB9&user=0&insday=1&insur=other
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafe2646f8,0x7ffafe264708,0x7ffafe264718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16752213373569040976,6746664766136536884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16752213373569040976,6746664766136536884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,16752213373569040976,6746664766136536884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16752213373569040976,6746664766136536884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,16752213373569040976,6746664766136536884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe" /OutFlag 0
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe" /startImfcore /usecache
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFFeature.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFFeature.exe" /u http://stats.iobit.com/active_month.php /a imf10 /p iobit /v 10.3.0.1077 /t 1 /d 7
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe" /starttips
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFFeature.exe
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFFeature.exe" /imf /user /dayactive
C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe
"C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe" /sp- /verysilent /suppressmsgboxes /NoRestart /insur=imf_inf1 /Dir="C:\Program Files (x86)\iTop VPN\"
C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-CMNJS.tmp\iTopSetup.tmp" /SL5="$803BE,38305074,141312,C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe" /sp- /verysilent /suppressmsgboxes /NoRestart /insur=imf_inf1 /Dir="C:\Program Files (x86)\iTop VPN\"
C:\Users\Admin\AppData\Local\Temp\is-EPRTL.tmp\ugin.exe
"C:\Users\Admin\AppData\Local\Temp\is-EPRTL.tmp\ugin.exe" /kill
C:\Windows\SysWOW64\taskkill.exe
"taskkill.exe" /f /im "ugin.exe"
C:\Program Files (x86)\iTop VPN\ugin.exe
"C:\Program Files (x86)\iTop VPN\ugin.exe" /kill /updagrade
C:\Program Files (x86)\iTop VPN\ugin.exe
"C:\Program Files (x86)\iTop VPN\ugin.exe" /InitTop /ver 5.3.0.5106 /install
C:\Program Files (x86)\iTop VPN\ullc.exe
"C:\Program Files (x86)\iTop VPN\ullc.exe"
C:\Program Files (x86)\iTop VPN\iTopVPN.exe
"C:\Program Files (x86)\iTop VPN\iTopVPN.exe" /installinit
C:\Program Files (x86)\iTop VPN\ugin.exe
"C:\Program Files (x86)\iTop VPN\ugin.exe" /init /ver 5.3.0.5106 /force /f /inspkg "C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe" /insur "imf_inf1" /PINTOTASKBAR
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c sc stop windivert
C:\Windows\SysWOW64\sc.exe
sc stop windivert
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c sc stop windivert
C:\Windows\SysWOW64\sc.exe
sc stop windivert
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c sc delete windivert
C:\Windows\SysWOW64\sc.exe
sc delete windivert
C:\Program Files (x86)\iTop VPN\icop64.exe
"C:\Program Files (x86)\iTop VPN\icop64.exe" Pin "C:\Program Files (x86)\iTop VPN\iTopVPN.exe"
C:\Program Files (x86)\iTop VPN\ugin.exe
"C:\Program Files (x86)\iTop VPN\ugin.exe" /checkwelcome
C:\Program Files (x86)\iTop VPN\ugin.exe
"C:\Program Files (x86)\iTop VPN\ugin.exe" /setlan "English"
C:\Program Files (x86)\iTop VPN\unpr.exe
"C:\Program Files (x86)\iTop VPN\unpr.exe" /install itop5
C:\Program Files (x86)\iTop VPN\iTopVPN.exe
"C:\Program Files (x86)\iTop VPN\iTopVPN.exe" /install
C:\Program Files (x86)\iTop VPN\ugin.exe
"C:\Program Files (x86)\iTop VPN\ugin.exe" /combinslog "C:\Users\Admin\AppData\Local\Temp\Setup Log 2024-03-23 #003.txt"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.iobit.com | udp |
| US | 8.8.8.8:53 | clouddownload.iobit.com | udp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 64.12.16.254:80 | clouddownload.iobit.com | tcp |
| US | 8.8.8.8:53 | 140.20.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.16.12.64.in-addr.arpa | udp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.177.78.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 104.78.177.227:80 | www.microsoft.com | tcp |
| GB | 104.78.177.227:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | udp | |
| PL | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | stats.iobit.com | udp |
| US | 52.7.250.116:80 | stats.iobit.com | tcp |
| US | 52.7.250.116:80 | stats.iobit.com | tcp |
| US | 8.8.8.8:53 | 116.250.7.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.178.17.96.in-addr.arpa | udp |
| US | 52.7.250.116:80 | stats.iobit.com | tcp |
| US | 52.7.250.116:80 | stats.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 8.8.8.8:53 | 197.178.17.96.in-addr.arpa | udp |
| US | 52.7.250.116:80 | stats.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 8.8.8.8:53 | 24.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 8.8.8.8:53 | ascstats.iobit.com | udp |
| US | 54.145.130.197:80 | ascstats.iobit.com | tcp |
| US | 8.8.8.8:53 | 197.130.145.54.in-addr.arpa | udp |
| US | 64.12.16.254:80 | clouddownload.iobit.com | tcp |
| US | 54.145.130.197:80 | ascstats.iobit.com | tcp |
| US | 64.12.16.254:80 | clouddownload.iobit.com | tcp |
| US | 64.12.16.254:80 | clouddownload.iobit.com | tcp |
| US | 64.12.16.254:80 | clouddownload.iobit.com | tcp |
| US | 8.8.8.8:53 | interface.iobit.com | udp |
| US | 8.8.8.8:53 | ascstats.iobit.com | udp |
| US | 54.208.238.191:80 | interface.iobit.com | tcp |
| US | 52.202.100.14:80 | ascstats.iobit.com | tcp |
| US | 8.8.8.8:53 | 191.238.208.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.100.202.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.iobit.com | udp |
| US | 8.8.8.8:53 | update.filesupdating.com | udp |
| US | 152.199.23.214:80 | update.filesupdating.com | tcp |
| US | 152.199.23.214:80 | update.filesupdating.com | tcp |
| US | 152.199.23.214:80 | update.filesupdating.com | tcp |
| US | 152.199.23.214:80 | update.filesupdating.com | tcp |
| US | 152.199.23.214:80 | update.filesupdating.com | tcp |
| US | 8.8.8.8:53 | 214.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.iobit.com | udp |
| US | 54.165.202.40:443 | www.iobit.com | tcp |
| US | 8.8.8.8:53 | codes.iobit.com | udp |
| US | 54.165.202.40:443 | www.iobit.com | tcp |
| US | 54.165.202.40:443 | www.iobit.com | tcp |
| US | 54.165.202.40:443 | www.iobit.com | tcp |
| US | 54.165.202.40:443 | www.iobit.com | tcp |
| US | 54.165.202.40:443 | www.iobit.com | tcp |
| US | 8.8.8.8:53 | kit.fontawesome.com | udp |
| US | 172.64.147.188:443 | kit.fontawesome.com | tcp |
| US | 152.199.20.140:443 | codes.iobit.com | tcp |
| US | 8.8.8.8:53 | 40.202.165.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ka-f.fontawesome.com | udp |
| US | 172.64.205.20:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.205.20:443 | ka-f.fontawesome.com | tcp |
| US | 172.64.205.20:443 | ka-f.fontawesome.com | tcp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.205.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | 40.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.27.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 157.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 8.8.8.8:53 | www.aws.iobit.com | udp |
| US | 52.55.134.231:80 | www.aws.iobit.com | tcp |
| US | 8.8.8.8:53 | stats.iobit.com | udp |
| US | 52.70.66.19:80 | stats.iobit.com | tcp |
| US | 8.8.8.8:53 | stats.iobit.com | udp |
| US | 54.196.247.31:80 | stats.iobit.com | tcp |
| US | 54.196.247.31:80 | stats.iobit.com | tcp |
| US | 54.196.247.31:80 | stats.iobit.com | tcp |
| US | 54.196.247.31:80 | stats.iobit.com | tcp |
| US | 8.8.8.8:53 | 231.134.55.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.66.70.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.247.196.54.in-addr.arpa | udp |
| US | 52.70.66.19:80 | stats.iobit.com | tcp |
| US | 54.208.238.191:80 | interface.iobit.com | tcp |
| US | 8.8.8.8:53 | update.itopupdate.com | udp |
| US | 152.199.23.214:80 | update.itopupdate.com | tcp |
| US | 152.199.23.214:80 | update.itopupdate.com | tcp |
| US | 152.199.23.214:80 | update.itopupdate.com | tcp |
| US | 152.199.23.214:80 | update.itopupdate.com | tcp |
| US | 152.199.23.214:80 | update.itopupdate.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 8.8.8.8:53 | api.itopvpn.com | udp |
| US | 76.223.44.67:443 | api.itopvpn.com | tcp |
| US | 8.8.8.8:53 | 67.44.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.itopvpn.com | udp |
| US | 152.199.23.214:443 | update.itopvpn.com | tcp |
| US | 8.8.8.8:53 | stats.itopvpn.com | udp |
| US | 35.170.9.232:443 | stats.itopvpn.com | tcp |
| US | 8.8.8.8:53 | 232.9.170.35.in-addr.arpa | udp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 35.170.9.232:443 | stats.itopvpn.com | tcp |
| US | 35.170.9.232:443 | stats.itopvpn.com | tcp |
| US | 35.170.9.232:443 | stats.itopvpn.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
Files
memory/5100-0-0x0000000000400000-0x000000000042C000-memory.dmp
memory/5100-2-0x0000000000400000-0x000000000042C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-IDLII.tmp\iobit_malware_fighter_setup.tmp
| MD5 | 9a185744b1d2436d885ee867912be9bf |
| SHA1 | 4eea6027e24e05b5979a583fd731313f1f81c5f6 |
| SHA256 | 00d79f76d339fba1865227e4f19b662774f911faf857e30d1ceb76f034ac6594 |
| SHA512 | 87f846b47efb0e367eccfbe8c82b8b7f2becdb3dd097682469aa0462c36b66258af79e8f247793cac2d51fda046bae59e290d98fe110b89c39085e0c9777721d |
memory/3308-6-0x00000000022C0000-0x00000000022C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Setup.exe
| MD5 | 28acab421701c4a928055defb553a135 |
| SHA1 | 34d0d2fe955b5e2ba888f4e47129feaec2fea3b1 |
| SHA256 | 38ff33f4288b44abab7e362015a21660db2d9063c7c8a24f10da0edb31846dd7 |
| SHA512 | 36623adab603fd5593cc8822baba2400f462a270634d907a19aea15f21f72d2692b7b2bdecc12a1a4a121347e6aebff10bf6a8594e49c6fb474c942ce503e890 |
memory/3308-27-0x0000000000400000-0x0000000000530000-memory.dmp
memory/5100-30-0x0000000000400000-0x000000000042C000-memory.dmp
memory/2276-31-0x00000000041C0000-0x00000000041C1000-memory.dmp
memory/2276-38-0x0000000004280000-0x0000000004281000-memory.dmp
memory/2276-40-0x00000000042D0000-0x00000000042D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\OFCommon.dll
| MD5 | b5bc7a472ee02f1890e65fd43a7f5e6c |
| SHA1 | fa662eb99eb7acb316dc19b8d4beaa31ee512bc0 |
| SHA256 | bfcd77d86e0d10f2f34e830ca5e9c180d542f88e709c1b636bc762ebfb54df95 |
| SHA512 | 303878b1509260ec9634d0a13babd40445d335ddbeeab9d13e180176952dd76b9839eaf2931beb95f4bf055f2abec80c50bf18a41938a7a501f654bd1a4ccd48 |
memory/2276-51-0x0000000006970000-0x0000000006ABA000-memory.dmp
C:\ProgramData\IObit\IObit Malware Fighter\License.log
| MD5 | 0fc288acf7798691816b0c31e4589e8c |
| SHA1 | 9e2ed97d90c05681a635682728a34b34d6527b5e |
| SHA256 | 04ffea6597c3de7586a5cdf622b09b6601b03e0c64e3323462deab0f5716d183 |
| SHA512 | d78254bd583cb1191fe3672e95cc0ce43afeeafd32cf24e62577c72dcb727280250b75b32928ea6dec426f966224144e12e49cda6ea006584e0b3cd93cdcecf1 |
C:\ProgramData\IObit\IObit Malware Fighter\License.log
| MD5 | 2cb51b3940c377691bd793a6ae792ea5 |
| SHA1 | 7d653f22147599afb6c6f814d18210b03e190991 |
| SHA256 | 47ee0064a15cb189bd5968b3a6add3f240fce300eebcab83439d28e2ed26ef6b |
| SHA512 | a175fc00f3fad1678590645f23b7a15e0922a79aae95aac401d9b499326427e27bef1e06874e423c9d3da2a814e1724153697a577ac4496ac7524d3731fe83d5 |
C:\ProgramData\IObit\IObit Malware Fighter\License.log
| MD5 | 8f4af657ab1760911afde3d3e3b9b3c1 |
| SHA1 | 0a1721c22d047d31af8ecd0a403c8d4a1c84824c |
| SHA256 | 59c7f83ae33b66b7c1e101718ef9a266e22165cdbdc3069947b1b3f723b47b80 |
| SHA512 | e4d02be93d8359ec224d808819f2d3e9b509b40cebf7bc7d0f8f35fa2cc19e4caaf427cc7d6febf498c327e40bec0ed57fa479c179abe9a0463c330d7458fe72 |
C:\ProgramData\IObit\IObit Malware Fighter\License.log
| MD5 | 76ce5082f89e07112651b7192c292c2a |
| SHA1 | 4799f9d0f6fef021172714806fb6b754ae19d472 |
| SHA256 | b3e66c3b69c7c7167c65a9778041b1361c2ec11fed714efc21ed9c1673e0d301 |
| SHA512 | 6b9e5258248e7e527202fc395c6e07c99f7068fb88cfede4d468f35ef41822379b2faebd0e080e99b2b089bd25febdc4fe1b146728cfb05162dfe3faa780497b |
memory/2276-201-0x0000000006970000-0x0000000006ABA000-memory.dmp
memory/2276-200-0x0000000006430000-0x0000000006431000-memory.dmp
memory/2276-215-0x0000000004320000-0x0000000004330000-memory.dmp
C:\ProgramData\IObit\iobitpromotion.ini
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Temp\appver-ac.ini
| MD5 | b5776bf57028b8e5848fe7a402a418dc |
| SHA1 | 696f3f86d55286da76ec3d3cfea8dc06e066a245 |
| SHA256 | b23094a823c9a62e9c6a7b606d0a1cc93616e95c6abeedf7d52a4c429efd1065 |
| SHA512 | c660035c5f89ea784f88dd9316523ba2cf7b78a2419061fd579d5757dca3d08392de41cdf69b09890d7de298e1c2200d0f58dbda9436c63d76391414bce277c7 |
C:\Users\Admin\AppData\Local\Temp\bdfg.45374.8531371991.ini
| MD5 | 89532cd43957a2861e34f019c658ad45 |
| SHA1 | e0777238a63b6e988a92effbf968e7ceb2484173 |
| SHA256 | f0ad8617775d45fedd555d7aef1b4aa9c9e0468cefb1082d5d7f1fb8857edf34 |
| SHA512 | 18c052a86d0f5eec76aea1476f50cbd8c55e3707a13168fe6018f74a69390df5e796bc95e16598b93862ba12e8db34c524619ab4e70e498b3509086c9fcab718 |
memory/2276-243-0x0000000007110000-0x000000000725A000-memory.dmp
C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini
| MD5 | d7dac1f60226d42b79684ce8fdd2c1cb |
| SHA1 | 0174f3131127d34c296eeb08356e72a27eaa7fac |
| SHA256 | e00d69f335e4bd9544be6c9d173d3fe6511ea9b13d5fe2618c60c68d634940d7 |
| SHA512 | 291d25d286d0290794e13ca0e3d0d1771fc81f1ce9e275d7302a987f72960c97ae50fbcc4b58a1fd6a40089011dbc3400881d4aa94272793a201aa7dad476454 |
C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\Ext-imf-5377.dat
| MD5 | 147ebd071a82677389e983d39c24f005 |
| SHA1 | 400d85b1ac82448ff2282bbc4c1ed44ce086b4ca |
| SHA256 | 6b2f11edd83035d6e7ab128968962b1468b28e7d968169f457ac6f9108f897ee |
| SHA512 | 6f49636c008ee7f361f5b0123e3ff68f956b0bf691e3f40d161927f2bb93cdc42a91cbdbc113c9673edd881952dd0c235ae0108f7493eadafd82c860ae57bd0d |
C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini
| MD5 | 942541efc4fab9aca73f650576c816c7 |
| SHA1 | c98be67d3bfab257cc0cc06e73c02e5161803ba9 |
| SHA256 | a07ea881eb728d803709c33aa13c170fadd73876bbe9fc701ef07735daaec809 |
| SHA512 | bb9478f522be247a61256e580e752c7d18e829c163995e6a3a09fdbb48a206d24368e200d96490faaa1ddf2f9fd70706242a59287a5e5d630d5bef9f17fc24f0 |
memory/2276-404-0x0000000000400000-0x0000000000AF0000-memory.dmp
memory/2276-405-0x00000000041C0000-0x00000000041C1000-memory.dmp
memory/2276-406-0x0000000000400000-0x0000000000AF0000-memory.dmp
memory/2276-407-0x0000000004320000-0x0000000004330000-memory.dmp
memory/2276-408-0x0000000000400000-0x0000000000AF0000-memory.dmp
memory/2276-417-0x0000000007910000-0x0000000007A5A000-memory.dmp
C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini
| MD5 | a1f084f8d2f1e37f6a6f6df4015375cf |
| SHA1 | cc1757e6753ea7cc95899bcf09baea6011e3a0f6 |
| SHA256 | 7c6ab0feabc212ddd5dd6a1f2b5a2766a0c8c7be185089f5e000078274f97828 |
| SHA512 | bd413e89f5854668e44b018b3b20e7c6226241d040ba5503f620aa5f69912563c6c15ffaee82f2cf65fc96ac911aecf6dada870890711368cb3bd6bc8ed2121b |
memory/840-584-0x0000000000400000-0x000000000042C000-memory.dmp
memory/1492-591-0x0000000000700000-0x0000000000701000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-9L7FB.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\ProgramData\IObit\IObit Malware Fighter\Setup.log
| MD5 | d159701ce4bdae3fdcf517df5689087d |
| SHA1 | 76431231156ac74ae7b366db8b747392a6064db6 |
| SHA256 | 08e3d6bf62ffc0c5c6bc7600c0fcbf308440e6ab54a75e794a4fac8ef5367b06 |
| SHA512 | ae9288495b5d959f5f128f194cd6d3bea3dcce06b133e4deb1ff8da5e9aca992c5cd82e6e7db372cc31f086ef1201cfeaee0af1e814009f07f2633816959bb31 |
memory/2276-645-0x0000000000400000-0x0000000000AF0000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
| MD5 | 4e4592ee4576e444a1ed6131993d2125 |
| SHA1 | 551daff5b3b3a90b66cc2d5ba7588f935176c0dc |
| SHA256 | 20795fb5811bd32b7f2e95f4551d1ca54d37ef710c0c6c56bbb63138662950d9 |
| SHA512 | 5f1835a09bff62dbd2d1879ce689dc5db263f60fd907d100c5c63fde451916d72e8f79e708daad1687e05a98694e0d95fc153e26bf3dd615232056557c902b07 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
| MD5 | 68145bd1391e72f7c8607eeed3dd6bc1 |
| SHA1 | 2d0d132e1c92b073a7a18ace010b5b678efb55d9 |
| SHA256 | 811256cfb0e94e5e266d723d3c85b5b33c8e665fc2ef7c7b3cd4924104aafde9 |
| SHA512 | 01da725c31beabdb9f4839a46c62aab5f26507d4d2068011daa7d5690297db3cc702ad4d87788d47ac92fa6acb45f2b7448a2614695f044348b2f125835eab3d |
memory/412-673-0x0000000003E00000-0x0000000003E01000-memory.dmp
memory/412-683-0x0000000000400000-0x0000000000787000-memory.dmp
memory/5032-743-0x00000000024F0000-0x00000000024F1000-memory.dmp
memory/5032-747-0x0000000000400000-0x0000000000787000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\SPUrlScanner.dll
| MD5 | 9bbbacf7e04d12ded0b46a69ca785ea6 |
| SHA1 | 1c66160f340ae8869bcdd0df061acf43616e3115 |
| SHA256 | 39f78b45d8e587bfd83592bfc00bc553535581f7eac2189e796629c3e942e268 |
| SHA512 | b02445bd9d9b4f0d4056f241a1fb36d16c414e9afa85c9ffa2fadcde9223c5e3a1b33d363899402d4f418e706f851ec4b290994e3851670a1a12b04880246c3e |
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
| MD5 | 83d935288f2467b9ce62393a7a0a1a09 |
| SHA1 | 5b5ad61499f9b5ea4bc08b070fd5c4785eeb873d |
| SHA256 | 6937a4f519d726b1a80d8d4e8535d1da19e7c02351fc3f3e260e1fdee7e22522 |
| SHA512 | f7f461e8bb11d869bad2cc85931d30a2a4576e6d58c9c4b146a3ce0dda7c7b439739eaa7aa9528fbe67a26f6c172e791b2fa5e2e9b48676ef809f48765f44649 |
memory/2536-1552-0x0000000003E00000-0x0000000003E01000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\Ransomware.exe
| MD5 | de8fc1a208bd49e4707068e79bd43e5c |
| SHA1 | e48672683d8f8fb8300641537f7829d10cdbbf10 |
| SHA256 | 5b237c9e781d2c8020c041897a2e1ea8ab7f6fdc6049633131c97d41d1ac9892 |
| SHA512 | b1ea936a8ed9c8dabe9d2aff04cd082c00c8bcc7d100d02b8a3a4dc4f837e3028054a8facd5e8d784e6608d36cba81969261a3a13e32ddccc47312f72868c19a |
C:\Program Files (x86)\IObit\IObit Malware Fighter\vclx120.bpl
| MD5 | 392fd238a3dd633d6aa97afe2aa61cc7 |
| SHA1 | fbf3c1cae3abbeb07453bc6bfe3ec4dcf5127d79 |
| SHA256 | 43c5c02d955af973da36762c903e2f82cd3f0ab887555c5f20905b2ae7a6c93f |
| SHA512 | 0c75ead22654be1e58a58ace057d71925fdf646614cb4b3c78ea3387eca04631bc834f818c5041f0fa129667341cc55a17daceb247bd53cfc8117c47559eb3e7 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFRegister.exe
| MD5 | 1ddf6b8bc20572f6b00787eb657def1e |
| SHA1 | e901caca21abf402882d86f616d48253a2b50c57 |
| SHA256 | c9c353925686b34a27ddea595afa920fe2534d4af1b0b945ac66af87fc0e2a51 |
| SHA512 | 27a4e6f96a02122575fd30487b013bceb15f7f7ade6457c1dcbb27877d6b7a2bd299fcfbaff210034531720370e9bed3859479e588ef88b1cfb80984b13732e3 |
C:\ProgramData\IObit\IObit Malware Fighter\config.ini
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Database\ARDatabase.db
| MD5 | f2340eecf2b1d8bc3a3b5ce82203b29f |
| SHA1 | 85699132fcc2b1741fed9599e17b268a4ee3d363 |
| SHA256 | 3487d0bf0da9f51c977848a97ec7f32e276941ee028de698ef576efdd4dfe0e2 |
| SHA512 | a79a7ee852f99b6746dd68f940073691f2eae12d743eaebe0278a08b20d18e2380043249a01c9ed7a3cc971a37aee805a082ee251e4ebd4b52e6b60524e4f4c0 |
\??\c:\program files (x86)\iobit\iobit malware fighter\skin\classic.rcc
| MD5 | dc083d5b343915411d323df9c1d113d9 |
| SHA1 | e891045f5a7867e3e63202cc394a2b2d5e8de592 |
| SHA256 | 951709067d796fd1c33091139c684a7505b8c3795471c20e51db3070229c6213 |
| SHA512 | ec1cb2e40128afa065b3ed21511589d36cba01bc09582abacf473be64158b4f1766c09e3f0c7a4e2649301a628dd4912de039f7a04b659232594a6ac25cdcd01 |
\??\c:\program files (x86)\iobit\iobit malware fighter\skin\public.rcc
| MD5 | c4ffb0aac7188bd65a024a9ae07e8cda |
| SHA1 | 0b42d2c810bcea0c9c4e5e224f544007d521f60c |
| SHA256 | e06a69cfde49e8476aeda5ab91b7516717f2143115791c6284b70e2ae3766139 |
| SHA512 | 91a80126c42c112bab569db2eb09bd152fa8ae11f5f39c8b16dd37c588756e685d27a13b1da67efe889a3c383813adbd42a8adeee4c42c43e0de50819fcb3317 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
| MD5 | a96e63bf7e8f561513fe5d7098394d53 |
| SHA1 | bea8d765f7821731dae5913fb689e569a7345534 |
| SHA256 | 98b181eeb8a8281ecbed02c0aca5954848df4960e288207f529f151ec203f681 |
| SHA512 | 208019c26881737674f260562d7ddfd141bd5146e714d02519f57996ea103f36ac24da35b53683d69316eb33c5e91eb6729bc1dd3b108e00c4cc555ab9fe6837 |
memory/1492-1658-0x0000000000400000-0x0000000000530000-memory.dmp
memory/840-1582-0x0000000000400000-0x000000000042C000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\datastate.dll
| MD5 | 7555301cba4259cbab3571714ad69993 |
| SHA1 | da4a4450be5e2f658e12e42f561d421554c09ccb |
| SHA256 | 9a1431e86eb187a1104ea1f2da44bfad4bad7daf1ea40a6843571a74e0ccf4ab |
| SHA512 | 141cb369ee7040fa4de0f749fd2a89b9933cfe164a40af395431ea72d9362bbb4900649b9ddd6c1899b33ec3bb1289d7f3d16f35d12efe59e365c5e2fa0e0ba3 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\vcl120.bpl
| MD5 | ae87f8ba2f5f2c2bd8b0a462520ecc27 |
| SHA1 | c21a290b490386d42a79082523b40e4e4ccc7ff2 |
| SHA256 | 26972b3354c43cc84b9de68e7efaf6996d2a0c64f820cc3d43f3e3974c60c1b5 |
| SHA512 | 31884902b6ce523a44101fe7360f59d4045a00aeea0197767693378a1f60207b34469bd539927eda59a674a186c451491d6490af91a27d89afec80688774f2c2 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\rtl120.bpl
| MD5 | 70bd0aa6735978e576c5ff68cf8644f9 |
| SHA1 | a9b9751e0cd3b2d1b32856fe96e51fd83d9a2414 |
| SHA256 | 1ba0938282b250909ee57790f793ded4d7849bc110d9a3b32a1cba1a333664b1 |
| SHA512 | d371d675087e79095fa3303bec76488571309df23d22681326e43abc8a718b346c9b6aa2e8da2f0f0a382843698a1cc5710bbffdd6c4fce0fafc3b6ca474f32e |
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF_DownConfig.exe
| MD5 | 35d72fbf9e77180fb33bbca78086807e |
| SHA1 | e6a61f35a26d298ce8300876111f39afdbe9ba57 |
| SHA256 | f777ae7b0ee53e6d5120ab6a28fb199e8031a8fbc9e65c1505f0c4ec23ebcbd6 |
| SHA512 | 7ab99864d83c27e6a814247184893b055c1bc8d1be262d01568a94a23344846d525b224707761dea7b379368c362b89e49f9df8c76c4d8f03aaa2769dbe0246c |
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
| MD5 | 4bdec918a9a49c2f9f10f24d6b7fd118 |
| SHA1 | 466384701dcdd288e2b0b528af2d35344cbf14b1 |
| SHA256 | a62858efece34e1141c5bc993c7d7d162e7e94512a84f2f4379791fc79baeaed |
| SHA512 | 61ee62558c59fc40fe3e2aaf13887c8327c0c00c9b08cb64ba06686a0311034289920b371133586975bbbd6c9acee483c86c1d92468cdcc097caa7b4991412bb |
C:\ProgramData\IObit\IObit Malware Fighter\config.ini
| MD5 | 432eac5f70785097578da32c44042ff5 |
| SHA1 | acbcd1e704b697e401614b52ecdf8ce74a8fb6b1 |
| SHA256 | 708fca3f281fef2ccf539991f14d1faeb3ca6f18023120963a7a84e0287bcf27 |
| SHA512 | 01919d986394fba7569c890ac1de111accdc066705e4aa4b3fc8ba4bd4ff2a649a4e9ebce64fcaa9e4ebc4ff1f3d4e26bb4f4fc92e97d210b149a2c24ed36b87 |
memory/1088-1844-0x0000000003D60000-0x0000000003D61000-memory.dmp
memory/1272-2092-0x0000000002110000-0x0000000002111000-memory.dmp
C:\ProgramData\IObit\IObit Malware Fighter\config.ini
| MD5 | 658571cdd7a9819c1a28c92841462eb2 |
| SHA1 | b3100f0cded489fe8e857260422fe547b73c15c8 |
| SHA256 | be01fb65844c4cdf73557b19110af07a2d3816b7ce866e5b6b900583d9b9bf26 |
| SHA512 | f113a4de55b310bb724a645205b4b873e8b43f38fe3b43e5cf866552de0fa4b1074f1323cf2a83a0010845a99fdc575f567f9e87d3c9ffa2a01ffcbac8ac31c3 |
memory/1088-2224-0x0000000000400000-0x000000000063D000-memory.dmp
memory/1088-2225-0x0000000050000000-0x0000000050117000-memory.dmp
memory/1088-2229-0x0000000050120000-0x000000005030E000-memory.dmp
memory/1088-2235-0x0000000050310000-0x0000000050349000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
| MD5 | cb3eb02134372e72c08c17936a4d7b88 |
| SHA1 | 2966d219d56f22798f3c744da8c0c64504512396 |
| SHA256 | a890af897692f5ee63aeb07f339c6ff35ede7dcc6afefc3e840e4f14e6059f59 |
| SHA512 | a51969ed158bf5602fea5e9f8dc938c45cd9fed3727c4445d6d2831cf8b065400096d9057f9a3bb3c9ce4bd89b534dc09d54585dc48cc19c7f3dc4bceb50609c |
C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.exe
| MD5 | 309e2cf310a2ff8dac84b59696b8f1fd |
| SHA1 | 7e246266d9b7c9412bb18ba8ea7c9c53303df00a |
| SHA256 | ec20888a72cf7a9141ae4942d768f0486f0ee2e00fb39f823cc30c840d2e0a2c |
| SHA512 | 8d929770bcf2d4e3302332d18f0513a7c464bd39d18c3005bc7b37220aefd2c6aeb5682af1c928fd7a14926528fabadfe63b0f505299fba988c9bd8587916a7d |
memory/4944-2250-0x0000000000400000-0x0000000000787000-memory.dmp
C:\ProgramData\IObit\IObit Malware Fighter\init.log
| MD5 | a53c981d4807ca74a3548b42ba728445 |
| SHA1 | 6ef541855fafa404769cf4d258683b90ece119ee |
| SHA256 | 6fe4c3ddb2177b33968f3d0064459ed6788d56d5f108551b778ddccb3d9dd7c9 |
| SHA512 | 55df49237ed17a0da6c2db37af66e448424d64c50e8cad03577778fa562b25aa3d3caa77a0d1222aa8f9dce9d876cc6b822c6d1a4e800ed7f835215b86856861 |
memory/4944-2249-0x0000000000880000-0x0000000000881000-memory.dmp
memory/1272-2265-0x0000000000400000-0x0000000000462000-memory.dmp
memory/1272-2270-0x0000000050000000-0x0000000050117000-memory.dmp
memory/1272-2273-0x0000000050120000-0x000000005030E000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.msg
| MD5 | 5f38274fc51ec35b61e925153e26ef1c |
| SHA1 | 6ebc957cc000873b9b88e32c271fc1c63a5c22e5 |
| SHA256 | 946195c199c2f798ed0ab3dc8ae4511be30ad70e5fb994d677beee0ae249dec8 |
| SHA512 | 1f99244af85ef4d175426a38c5181bf0205f9dfc0deb4fc1136f43cc115a50076b32e449132891d8c20daa7ae8b146e33eb3418e2c146a106939977fb77be149 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\bdquar.dll
| MD5 | 8d59c96d18d3f75470ce4dd0599aa582 |
| SHA1 | 42d9ae00b2ee51c8856d00d666bc7f381d11ab89 |
| SHA256 | a2c7069fdac0516fb5abbeaf9e3559145890a7785908004324bbb09429a4c3f6 |
| SHA512 | 883d2c101dd2402239a2a983b4aaba58c1952db54accf1003630b3a330088ec876f84e4691d09b2b36c43dc03ecdbe165eb790871856ba76dbfa05d7afea6391 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
| MD5 | fa99fdae81366ec3ac4a7c6caac805b6 |
| SHA1 | 3387759935ebef913a8351c5a26d5428990cdc86 |
| SHA256 | e15d3341578fcd9dbe3f65956008afd178d4cc927d0bc13febf5abdfd96bb6da |
| SHA512 | 6d5a3e84a7e1be2e869317dcfd547681770721f8633728a0c37615f2bc47acf08d90b09feacc3226434348bb38ce213545033c893f3d480d37d1fd687b7c70d9 |
C:\ProgramData\IObit\IObit Malware Fighter\init.log
| MD5 | d8f0b771778c0c4358be68cedcfe289b |
| SHA1 | 0f2005075a3e673422d31a2c604cd41f55fb9339 |
| SHA256 | f0719d54864b4833d4262a787c000e526f44380c77c3da6d9568b836a97fbeba |
| SHA512 | 105afbe285b4149ac148da7b1a973d8a6f819b12e7d20082512be969cb46d8565a22a5f63497c3640d4dc89180fb74488f01a96c89b5018febf9ddc205bc0014 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.dat
| MD5 | ea9bdef9ad9f717daa6585e620753e85 |
| SHA1 | d4883520732df9c7671da488ac7fea1891ed2804 |
| SHA256 | 3a8c13242dc54e7f8de963175344c75e52ab0db30524cea4c9b2d27d322372dc |
| SHA512 | 3da87cc98eaa9a729169442f8f35299ef9db4e1bc823d2ca90c9716456b8927d8137fafd9eb6db6cf37b5b48d6e13155b3ece30357cd241ea23656ddac26da8b |
C:\ProgramData\IObit\IObit Malware Fighter\Main.ini
| MD5 | 527c16744847db7e3c7b13e3aad8867a |
| SHA1 | 7df8d5d89c57943bc10be73057305a2d12cec8f0 |
| SHA256 | 9376b87970bc11557a909895e87c168587f5230a15d41432065f31b8e00400dd |
| SHA512 | d5aee2759d1e9c84dc180b8eca91d1c14937ddcaf071db193215537eee6272f7c28085c52ca76d440a90aa846295ee019fdbf2899487ba255d68e13360d2692f |
C:\Program Files (x86)\IObit\IObit Malware Fighter\DetectionEx.ini
| MD5 | 38761cc2ff8675d081822406fffecf2c |
| SHA1 | 207817d0f418cfbf1c5ffd04e34078dd3ffbe162 |
| SHA256 | 4a47f1ce0022ea9d6d2384f2baf762703e095f906480e49e99d2a4209fc526a0 |
| SHA512 | 6ff24a6b31dccf48766d6cd9d6c5ed22fcd2668c160e893ddb03d391e33e42e0f0c35e656e2e27af445644b502cdfda946b633fa29888be1e87180bf48412068 |
memory/2276-2291-0x0000000000400000-0x0000000000AF0000-memory.dmp
memory/3860-2298-0x0000000000400000-0x0000000000787000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\7z.dll
| MD5 | 87ea820099d43d2b4d4faee5938539d0 |
| SHA1 | 53980bbe418c1c96d5b7043797e4e46303796506 |
| SHA256 | 32d4050ee6b5404ad86f3ea9fc1f8b82d360a5da551ad49b91d3db85c8fdcbd7 |
| SHA512 | 7e34c100f313c32e597f424984bb35e70a551943076a463b0b3e56e79c431ba48a321959cdea14cb9df86fc8621365bf8c56f0780f9cbfd4aecd267daec5f35f |
memory/1492-2299-0x0000000000700000-0x0000000000701000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFCore.exe
| MD5 | 65d2bf51f9de04720dd7166e83c2def4 |
| SHA1 | c097635969e503607f4715d2137c0093f6ceda4c |
| SHA256 | 03c0f4c61e74b2c3fbed48645bc8d9621fb64823891ee096b71dfd7ada6e10fc |
| SHA512 | 485568f2c6860ac797441f3bd4631f29e6065fbaf35122b0e23f2d4070caca69587ddd787a46f2e34d24cca343ec6bca62048fc0e9aa35342c9d2cbdd64dab2a |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPNativeMessage_Edge.exe
| MD5 | a4c4cb5cd7e4c30d4d7e0dfb58c00a22 |
| SHA1 | 1cf21920ff7c3f14d9084ae72db87b14de8635e4 |
| SHA256 | a711deeca99de5187715b98d942ddc93ced74d426f2e7213bd1237d5fdc31bbd |
| SHA512 | b3f36061b60a31f6620f634e2ed2944f59643de2e08e1186eb61592d1660291f294afd5f2f9974bec504e130904222b2239387958d7dea82fc22f856e89b6781 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\PluginInstall.exe
| MD5 | a16d157cb8c22533e2906923afb1bc81 |
| SHA1 | b621afc70b8ead64cce22ece1300667f28242c14 |
| SHA256 | 601844e474bffda86fdb65cbef5e4f53b1f27aea3061712d25b80bc34c543123 |
| SHA512 | 2587b0c0b50346ffdae384a164383f27d6e3a5df4c5c65553d6b040cf8647c271c3cb4e3628169a98f6d9f57210176758cfa9d40d5abad6c08176c852920dbe3 |
memory/5132-2441-0x0000000003C20000-0x0000000003C21000-memory.dmp
C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini
| MD5 | 7d12d49d4f49520284e13c71ee4e5973 |
| SHA1 | 98ff74dc599d183608e17f667db3922ef0c65e66 |
| SHA256 | 214c6155423c8aa516dd524b30607dd1eb2cb63218c569b8fae5b7e63056364e |
| SHA512 | 15246cfa69421893e3118cb720e9d0383e7fa38c1af4fda18e677c9bab9f207ad55888b88a8fe34569708d0e335ae86ac61aa71bc68e4717fd1a69d80b859d22 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPInit.log
| MD5 | 1b73665e4a80ccdc96fbace369510118 |
| SHA1 | 367754fa35d710be5faf631ae50c0e7b02e6f96a |
| SHA256 | 9462abaf4c06a4b8f302d308dd8ddaf4450af347be859ee1eb13ad6a665d58ad |
| SHA512 | 888456348200caf3c5101499e7549ebe5d59c03556e1b318866397e226b19b91d8deca7e45a19bc6df0e035379a31accd00052f59272e835b76878bd90eeac79 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
| MD5 | 8ee9e37fa665862520d975685feb5d01 |
| SHA1 | 1e23c02f6a67dd312e0159e4adc534509788211a |
| SHA256 | 175a29b2168cb4becfab3c73f7ad5caa003ef46fbb8ce974ad5c2d93f53a5a88 |
| SHA512 | 1b6e55f4fb72e64ceaa830078076fc749f4e6e57e35ebb659ba99f3df74f909e3b02980a50016015bb1c7c2eeac6b8c8b5ad2ca003acdcfaad9e2c44bd4a07a8 |
memory/5628-2453-0x0000000000B60000-0x0000000000BDF000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Database\base_safe_browse_v4_0726
| MD5 | 5f9d9ac9c630b1ab1d82c26d1d668c29 |
| SHA1 | a5991e901e0c1a1ccb94d7010e3f8d3f5c92fcb1 |
| SHA256 | 60517e1e6549162872a3c92f4a90193e45d290fe762c66b84aca90c455e72eb1 |
| SHA512 | 28330080d076677782be94e11efdc9a0ad482efe2f0fbbb587a5656a0a2c727b51d3b7b1f4d596dfa17852f1bf75ac4fed14dfd0eab2f505b5a2be9b4db243c5 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Database\spupdate_v4.utp
| MD5 | 135eb7f096c67e4fc8fc744700b1a5b4 |
| SHA1 | acca567c68c5d2331f2ab97ab80753f9c774772a |
| SHA256 | 621564ba6cf12e07ba7acb0a487f1cb1e47b7d23adfbfb2f72a0634b3851618d |
| SHA512 | c7a680920be627ee83c7f303d6ff575e1c5d91e73599f11593781a4399d9117ee2387a9dd37f92d273db1f4aec3e6caa8663f1dc146e99bc266e3be5833b7b39 |
memory/5132-2554-0x0000000000400000-0x0000000000567000-memory.dmp
memory/6824-2578-0x0000000000400000-0x0000000000567000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_x86\IMFDownProtect.sys
| MD5 | 999351c68aded34ade7f2da8537ae954 |
| SHA1 | 6a654ba5450854c9ee32f212955a55692ccf2a15 |
| SHA256 | 304c74a41b079af9806d15e82fd81d67755634d56124545fe9286ce244e5cb07 |
| SHA512 | 93c24a21e7fee5449a3f77b5ec09956144a03b48d52016242e888b34fd3a4a8a7f255365edb6433af839431e39e409970a368b4df5119358d5408c2d468481bc |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_ia64\IMFDownProtect.sys
| MD5 | 6e6d1d942bf01de223ac11fd926f567a |
| SHA1 | fab5f1546e5ddd05d0b23c9648ddecf2023c1aff |
| SHA256 | aa7bab1fc32bde08ce7a1aed74488e2278ed0dc3ecb3f413831c27addcd004fb |
| SHA512 | a171654ea8a82229d64fdaed7876c97107d036f1318c1fbe57fc67f9e27fe0f1a39e8769019ad25209356dfd6bb727a654f595e6820c4c986c80040b0a12e3a5 |
memory/6504-2657-0x0000000003E90000-0x0000000003F96000-memory.dmp
memory/6504-2667-0x0000000000400000-0x0000000000787000-memory.dmp
memory/6504-2658-0x0000000003E00000-0x0000000003E01000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win10_amd64\IMFDownProtect.sys
| MD5 | fa0c79de2e2766501450021f5a6c88bb |
| SHA1 | d7711f7ba0cda7c952d0aaabc17895cb9ad9126d |
| SHA256 | d1d1fa568414fc0abc65f87e9faa3fd828cae898dd01ff3dd82e7282932ff89d |
| SHA512 | f0101167fb8b6f3f0a9758af27f7ab8a61c6c05d762c8e5248fa1c42ad3ba5cb43de4747cf0d7b158bd9b667fdeda8b566bfaf78e93a49d6e8200375a87e41da |
memory/6504-2675-0x0000000003E90000-0x0000000003F96000-memory.dmp
memory/6504-2679-0x0000000003E70000-0x0000000003E71000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\SPInit.log
| MD5 | 11c627a6e8521380b5bbcda9235ebfd8 |
| SHA1 | 3e88af93551156824c2c99f743b4131041d23636 |
| SHA256 | 30da60d8f962a99fb10903f9401340c7a33f4e2fb192698051964c07b2ea320c |
| SHA512 | 721a9fbbbb3ccd7c31f34125e4544805ecc5faab919df822757d94d8b1ad725fcf86eb243662175ecc5a7e7414709d26e3a986bb5455b95dd398b0c8907442bc |
memory/5628-2469-0x0000000000E60000-0x0000000000E61000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\language\English.lng
| MD5 | f2837842d7b70f82b3634c8e16162f2c |
| SHA1 | 9eb65bed6ed00e5dc6ead1d6bb64d17dbe923e1f |
| SHA256 | 482fb4f48bfa81ba9b5de73e043d1b0b6880cf548e41fb1271005ae6d2eacf91 |
| SHA512 | 1d41c142305b3894a5d0cb39720cf679b35531d6c02c710483cf796ecfc40063d12fd4dd937bf14eeb129e2f57e1274da5ef7b7264aa664e0ecc24415d2dc87d |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Database\ASCPhishList.db
| MD5 | 36852aac53bfd1e3246bcdd4939fa237 |
| SHA1 | 0f5c03419517865dca1a38e4e8b74a862cc738c4 |
| SHA256 | d0659f308f39c8f9832087494f866ac673d636cba002f7bd38d86fed659704b8 |
| SHA512 | 30eb0058d3f1e1976951d7153722c646de3fa95e72477dd7f55a750c4ab234493fb7657b6043e075eb12c37d6779f10af857feec0610161266368b9c1a7acf70 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Database\SPSpecialUrl.db
| MD5 | 9b28b37cad2fb18f3d0dcf34a49c8f30 |
| SHA1 | 5d8856b6580fac2554b99f60f31c61450ed871d5 |
| SHA256 | 1c5fb0cbfbc4fd3f3b3551f6a78681f3acdc57be8ea0b1cebcb7e3c2504b2780 |
| SHA512 | 313e522d39b9c1b1d10a065643ff1bd9b8c9d63b7f54481e3dd7dfc1f2f3662b7df82d0d2c46c370ecb820d5e7e332591e5fde3cf24ebebcafcef59a12197cc9 |
memory/6232-2705-0x00000000027C0000-0x00000000027C1000-memory.dmp
memory/6316-2710-0x0000000000C50000-0x0000000000CDC000-memory.dmp
memory/6316-2718-0x0000000000CE0000-0x0000000000E14000-memory.dmp
memory/6316-2714-0x0000000000E20000-0x0000000000EAA000-memory.dmp
memory/6316-2719-0x0000000000EB0000-0x0000000000F3B000-memory.dmp
memory/6316-2724-0x0000000000F40000-0x0000000000FC8000-memory.dmp
memory/6316-2734-0x0000000001590000-0x0000000001591000-memory.dmp
memory/6232-2738-0x0000000000400000-0x0000000000787000-memory.dmp
memory/6316-2750-0x0000000001570000-0x0000000001571000-memory.dmp
memory/6316-2728-0x0000000001550000-0x0000000001551000-memory.dmp
memory/6316-2762-0x0000000001630000-0x0000000001631000-memory.dmp
memory/6316-2773-0x00000000017F0000-0x00000000017F1000-memory.dmp
memory/6316-2777-0x00000000017D0000-0x00000000017D1000-memory.dmp
memory/4816-2784-0x00000000005F0000-0x00000000005F1000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\LocalLang.exe
| MD5 | 365346a248fa2d004d3cdde08bc522c5 |
| SHA1 | 38493898d4a5669d75a00489ca25b67f99d9e647 |
| SHA256 | d6f09874d9d3d172908a3a19f104453a232c94d44f51f967ddfe7d6a90ef6aa7 |
| SHA512 | ad57af38f3f56b96a95acc63f31ed4b210247feaedc2ba3123ed2fce42347c222b995b55e2a47000f1ed6191bf2c07e6d8ad482af222bb9745a93600ac423252 |
memory/2676-2814-0x00000000026C0000-0x00000000026C1000-memory.dmp
memory/2676-2822-0x0000000000400000-0x0000000000787000-memory.dmp
memory/1756-2810-0x0000000003D50000-0x0000000003D51000-memory.dmp
memory/6316-2829-0x0000000006080000-0x00000000061CA000-memory.dmp
memory/6316-2900-0x0000000005F30000-0x0000000005F31000-memory.dmp
memory/6316-2896-0x0000000008EE0000-0x0000000008FF3000-memory.dmp
memory/6316-2852-0x0000000007680000-0x0000000007786000-memory.dmp
memory/2536-2907-0x0000000000400000-0x0000000000787000-memory.dmp
memory/6316-2906-0x000000000A700000-0x000000000A80A000-memory.dmp
memory/5284-2918-0x0000000000400000-0x000000000043F000-memory.dmp
memory/4848-2931-0x0000000002370000-0x0000000002371000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.exe
| MD5 | 2af527c0fa69e8108bc6cd7e51f02aab |
| SHA1 | 441c59fe3322650d76540f1b31c3b2505d0ad0c3 |
| SHA256 | 67b897e6eddd40ed694a15fc22bbdd821ba6264c69f30d3cb00465af4142e6cd |
| SHA512 | 22a367b1aa53bd2070a140ea101b6d821559df669fce1c9f31476420e2bc0f5dddc7d023d90cb9a7ca286dfcb21e4f444b9b2341981a4b937cd719916271c6e4 |
memory/5772-2955-0x0000000000970000-0x0000000000971000-memory.dmp
memory/5772-2959-0x0000000003E30000-0x0000000003F7A000-memory.dmp
memory/5772-2960-0x00000000025F0000-0x00000000025F1000-memory.dmp
memory/5772-3014-0x0000000005420000-0x0000000005421000-memory.dmp
memory/5772-3015-0x0000000003E30000-0x0000000003F7A000-memory.dmp
memory/1756-3019-0x0000000000400000-0x000000000066C000-memory.dmp
C:\ProgramData\IObit\Install.ini
| MD5 | 85ae1b45e902794a0777a56ecdcdc1b9 |
| SHA1 | d420465f9483f0343bd1b20c43e60c32ac849a03 |
| SHA256 | da5afd8157e942bffb969537d5932281fa0bb29727c607ea3d347768eec837fa |
| SHA512 | 577fecfc22adcfb28e1ad14b0aca470a54aae30af22254f680ca12b0271d0ac8a85834bcdbc330ad833e10f122daed2537353074e178f779b1b680dd036cec67 |
memory/1756-3121-0x0000000050000000-0x0000000050117000-memory.dmp
C:\Users\Admin\AppData\Roaming\IObit\IObit Malware Fighter\HomepageAdvisor.ini
| MD5 | 14d032d8bb31fc209e570316095492df |
| SHA1 | d24b6112043704f9763cb94924b4ec4e64fd89d9 |
| SHA256 | 06ea89cfb3de3c8974f2fe1ff6b9c4e86c9b10e6d1354e904825cb291dcd3693 |
| SHA512 | add09aa50f42782849a2136caf01cb19ef7d0a4ea8e7e351d452e043059a31264dd36aa08d3b306cef7b2a5d86dbd651b67d1ccab66dc385c50a553a1133160b |
memory/1756-3122-0x0000000059800000-0x000000005986E000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\UninstallPromote.log
| MD5 | 04e46190dbb14f4100bce81e1b6923f8 |
| SHA1 | 618de7fbf33792e079014fb455e415cbbc57f0bf |
| SHA256 | a0ebf5da69413d69390dc3bdc4fcb197879939581e4ec7e5032cc5461ad79f63 |
| SHA512 | 3a9dc95eae55b8c7b15739bacc008f1f173940897218eb747178a3a07aa03a9fa6c7f1b3532cf31d24c6eb52ecd9904c5d81c2eefad374031b9757a46bbbc921 |
memory/1756-3123-0x0000000057000000-0x000000005703F000-memory.dmp
memory/1756-3124-0x0000000057800000-0x0000000057812000-memory.dmp
memory/1756-3125-0x0000000050120000-0x000000005030E000-memory.dmp
memory/5772-3137-0x0000000000400000-0x000000000061D000-memory.dmp
memory/1492-3143-0x0000000000400000-0x0000000000530000-memory.dmp
memory/412-3145-0x0000000002470000-0x0000000002471000-memory.dmp
memory/412-3146-0x0000000000400000-0x0000000000787000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.log
| MD5 | f17eb3a7aa796978da2c810531f98a53 |
| SHA1 | 4f298d44b979ab03d467557d76faa1433b19ff53 |
| SHA256 | 940ae1e93c4a2dd44130c636beaa3ac0eef8eb1353d257d7bff154971cc284af |
| SHA512 | 26a3684341b6d08bb426e4818d2967b88e28398ddae7a60e3ebda0f25e72a029c5e72d5021e94248169e960670bafb401ac311d302cb69bbf0f36ced2ab8d095 |
memory/840-3149-0x0000000000400000-0x000000000042C000-memory.dmp
memory/4848-3150-0x0000000000400000-0x0000000000787000-memory.dmp
memory/5112-3153-0x0000000003D80000-0x0000000003D81000-memory.dmp
memory/5000-3204-0x0000000000630000-0x0000000000631000-memory.dmp
memory/5000-3207-0x0000000000400000-0x000000000049D000-memory.dmp
memory/5112-3214-0x0000000005520000-0x0000000005521000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\Downloader.log
| MD5 | 33f2aebe2ab4646a24866fc566a44ff5 |
| SHA1 | a492d12346b6dc0a29aa535a8c31e05a62b8c755 |
| SHA256 | addad67d41be8d021b850b709bd9f8644d6d0d820f1571052a66e745330f6f24 |
| SHA512 | b126a36f7d5d67567d31a13392398d386dd60f85fb5489ca6d562aa6fee212a4b2410a5e6092fdf3c18ad85e2d00ca83d4fd46b9b2f2dec1c69f5e0886bd6ff9 |
C:\Users\Admin\AppData\Local\Temp\SV(XYgTczu#vPagN.tmp.dat
| MD5 | b67bb2d2be23054b491d3c76b3ccb9ea |
| SHA1 | ad6958a9125882cef565d385d9470439be7f3d3e |
| SHA256 | d42f8662eb3b52ece225ab049bf022bba1e1a3dbc19f54624673ecf861bc48e2 |
| SHA512 | 919a31c9912ac234fa10f3eb1846ff86d03045a227594d086cbc094ad284705e15d3248e1f6927829eef351f60b71187d3099cfa2d40fa07f459d58ca3d9d603 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Downloader.log
| MD5 | a1a7e9ad414a4bfc3e49e1ff943b1600 |
| SHA1 | c3e95bd08883bd1e360a45d7baa104e03b51b4a6 |
| SHA256 | 01113f986ec3076be54d668f7b774d7a78a47671b0103072ad77b0d4dbf352eb |
| SHA512 | cae8a02fbb7269200d90524314ad96320cbcc74c8729e775063d47dc144c5508b6b977ffe3efbf3d8b4e888a170269ddbfaa40060c93c8427b830fb6bc2f8f78 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\LiveUpdateSrvUpt.log
| MD5 | fdf9a28674b8569ef1b7a878a6a125e7 |
| SHA1 | 42788cfcd0f395c77d91a96139b4abc05a97743d |
| SHA256 | 185f1901980a0c2fd2a00e9f448738adc839a36cfa1f19bd9e9472acd683fa7d |
| SHA512 | 92ac629ee78430cb98c0b369b6fba9710e1f60d6b0817731eeed85f3cd5d0770ab25bee61661102e134363332995014fb26d17aff95b5cd0630840cdccb8a4d5 |
C:\ProgramData\IObit\IObitLiveUpdate\update.ept
| MD5 | ad4e179602804f103577107f8f5268a7 |
| SHA1 | 7c6ca9fc7129f25834ff6a9dc29656971eaaa609 |
| SHA256 | 71ae6cc20f6918d74d945e2b1f299fb10616cf567c38ec7451a7d9e8b4a32603 |
| SHA512 | b50bf8d785b958fc8aff27aca70355cc5119ee6e2fb8321906f0e56c2809c2bccbf998a7e756eefa10c9e9d4436670a9a8c4ebee25ba04c8dc50ff965b27d326 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Downloader.log
| MD5 | 7621baebac99ad449dc80ff431877df1 |
| SHA1 | 14363025e53e6c54061a75cdbf09fc1d0965937d |
| SHA256 | 8e7c643a83d49c90ec0c5c2c4e49f672741602009eae6adc7ad54c148df42ed5 |
| SHA512 | 9411168f6dfc21d3621919524bb431f6373560951a729f602921b6d222c58184a3e489a02b95d4eb315f8d9644305c419841ba3f05944c98f931ea288ea24917 |
memory/5112-3377-0x0000000003DF0000-0x0000000003DF1000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\Downloader.log
| MD5 | 810ba279974453ebf1ee629da299a093 |
| SHA1 | 63121d903ff44ef333e0c2ea3f7b186c3c9387eb |
| SHA256 | d32bbea5d391783ce62838ed51a17953265ed052ca449c125dab15806c5ac7ca |
| SHA512 | 266d3f666248d6ffe877c5f0d0eee951b7400973699cbee3b4a0ad8f08e5bc67dad7df4647a64c5ac558baba98ebb018429a0959c1c0156e0a620e6ed5f179a8 |
C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\ASCSpecialUrl.db.dat
| MD5 | 5761525d6cc35bd9aade5cdd631a6100 |
| SHA1 | aed3b6285080c8003472006c6149ecf35b11b918 |
| SHA256 | 348c98bcd10de3355e473e712a71c42ae440a3e11d493e4891cce3f973abf870 |
| SHA512 | 1c7c2ac9e22b1e9047200be243480a9fd19887652e8a50f6e972b0a369f99b68ee47758994656d8f415795cf6704514bb0d4e3d07c96925239b62206823d046c |
C:\Program Files (x86)\IObit\IObit Malware Fighter\system.ini
| MD5 | c177412ce5d4ff2a78f5e9b7ec7126ea |
| SHA1 | 90197c59e12f707b15984b6ae11ed724d0f3a422 |
| SHA256 | f9411fd2e4515c3c1ff946dc2593b827917690e31e8b332e3bbcc40c17371a47 |
| SHA512 | 96a9b9a1d3048ee7cd5a61e4aef88db5338d4a248c831a2330b4664961765c50f4690f02831fa222c2c3d7ecb55b18b770005df358102a5fda294a162cc0a848 |
C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\SPSpecialUrl.db.dat
| MD5 | 7dd78f53c27df123e0b6dca377514da1 |
| SHA1 | a37c05c5789a8e245414bbe4777bb2de2aa1864b |
| SHA256 | c22bd7b19339dd2d1d90765125a41e016093ef7b59fb5b3facb7f4e04d66b840 |
| SHA512 | 21b7b0a6d3d89bfff9b3e2fd9435aa40a63ee532e12bebf35f072a3bc58aa9b9f128c94d11a19780daa1befb2b9aded5891c37685ed71828ae32aafe5a87f357 |
C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\ASCSpecialUrl.db
| MD5 | 37042f0b7557d5ca9f52d340fc46d8c4 |
| SHA1 | 5a1671a93a4e4fe8ef589de2aba5f077ce2559a8 |
| SHA256 | 2c85d0d3f04ca74c0feb7dd963bd3ce26b1a128da1f29f12475a6e8993533048 |
| SHA512 | 435ec5b69eecff074b178ba2cfd1b6edc9aa34575324e81e938930547a113b849cc646d5d1b62b5fdef22f78f20782379c180455e8a57036ef97c500b18b7fb0 |
C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\SPSpecialUrl.db
| MD5 | 950a801022c966b4a48a5715a3168eaa |
| SHA1 | 7de6fbf4f8f3966a6008324e8588adf6e025a00e |
| SHA256 | 3d2200848731896b51de2fd20959d37786d82fcbe3d4edf1e7eac8b9c41e0fc1 |
| SHA512 | 1724d66f62eb1cc03f37bfcc2460b829188c46fd7bbe44dce2171ada335fdff8c3884192afd9fb450b6925077a015c0970281880cb9ebd90581d0fd44f147612 |
memory/5112-3539-0x0000000005EA0000-0x0000000006078000-memory.dmp
memory/6508-3546-0x0000000000400000-0x000000000056D000-memory.dmp
memory/6508-3543-0x0000000003C20000-0x0000000003C21000-memory.dmp
memory/5112-3547-0x0000000000400000-0x000000000070B000-memory.dmp
memory/5112-3548-0x0000000005EA0000-0x0000000006078000-memory.dmp
memory/2276-3551-0x0000000000400000-0x0000000000AF0000-memory.dmp
memory/3916-3782-0x0000000002510000-0x0000000002511000-memory.dmp
memory/3916-3794-0x00000000040D0000-0x00000000040E0000-memory.dmp
C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini
| MD5 | 5e18ec8f6a13d37dc2e63518996a31f3 |
| SHA1 | 992e65e7446265db882162924ce8991fe88dbb9f |
| SHA256 | 3df31dfb3ffb3c28988a15cd96263a1a5eb645f9e75d2e18f4e0cdcfefa7f93b |
| SHA512 | ca5a707a71a5939e675e11a0c1efbd63e903a0c9744898b2dc8285fbdd65bef967ad74a14c847cdd2b2dc6eb0a1a6cd939f6d1f0a906dd425f706eb9fb0f5506 |
memory/3916-4118-0x0000000008AC0000-0x0000000008AC1000-memory.dmp
C:\Program Files (x86)\Common Files\IObit\IObit Malware Fighter\License.ini
| MD5 | cb616a534709ba8ef6c8b44d94679de2 |
| SHA1 | c7c3603e9d505f68c8f7b2e620bf9fe7b2349ccf |
| SHA256 | 8d21b363d7d5d7bb86c1a41971b79070e95d7eed5a66a0e6148e584651df3bd4 |
| SHA512 | 4d7e9524553cff60994749d8c78eb78bf204e9f2bc6e1ca78ec5243165ba17ee5a63d33a440668d494cd1accd7302d761de065d9717217963bc91cd7d9c407ad |
C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.log
| MD5 | d3ad4ffb4ba31506664dd3fd2b978da4 |
| SHA1 | 68d7f10603b6f707356382e3b45a3022ea927c4f |
| SHA256 | d3ad3452c75cf3c76be295e9a40aa3adfd35e360e53ca01bc0e262f34ff93cd6 |
| SHA512 | edca21e74dc3b0fcf61ad06cb880aecdf6ed420e33e348b7c5991ad0fdb5785f09d64435b93573656a1b081dc876bb06f8aaa695135c11bc792dfcd67a7731d4 |
memory/3916-4286-0x0000000008D70000-0x0000000008D71000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\AutoUpdate.log
| MD5 | 4eb752809999f5174b376a0737869ac2 |
| SHA1 | bacc22847919cddd9ad26c9bd46600fb022436c1 |
| SHA256 | 0b46f35bc6451a786da809e0d12d70077f2cd76050ab892f15d607f7cb158ddf |
| SHA512 | a840242d5f1f2760417e781bd99b034368bf5bbbc8a9f0fc4af27d0de0b6d7469e59c9294c4044bb7148ce290c2c68aa938c2cf0473e411db5916b9005ef7eea |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\Update.ini
| MD5 | 42ffcf11a835d3e4a014d3d2b6f5e7d3 |
| SHA1 | 119f7f74ce42bf84e888e458f008857e1ad0163c |
| SHA256 | a3223fe028f77f68390e76449867ad5d0308f897297af7b4678c359eaf46dab6 |
| SHA512 | 415a424c561df00dfc001b27b5b2e21154ce67dc2dc26eba90d5710519fd9a790c392e0fcc3eba640be2bb8c8219accbb3847460919eba43b36001d90c701c26 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\UpdateHistory.ini
| MD5 | 368db77aa0af415093fd507e3ece83cc |
| SHA1 | e7e1db53347a225ca9253a64a619eb7de27ceb35 |
| SHA256 | b7cea4a8371498b1ca780470f3ad0a1a728be2f984fadea0d5717e7b17253c88 |
| SHA512 | e9c1769d4b47face2b091a5120d10f9e162553260f7df374e08e31b4c41caf9c81b668b0bd7164b1b8e3e22149bb4acbdaf8b8784f28fc0e8f10709edbdd86a0 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\giftbox.dll
| MD5 | dce8eb6ba156d76bd4500a0aad22c35e |
| SHA1 | 79557dc278e61cfc43bc81fa04b5990b09d24a73 |
| SHA256 | ad405f773dca37ffbb734f11f21031cd4f8c7ac331b3e0895e80b2e45a6835be |
| SHA512 | 34f5d7262ad5e6fe99b9b1b8cf6038e6ebfa702c1b5f1d2335d119888de2a45267152670e3545ac9860b69c86a4552079f80662e610d20e4c651b0e602119eb5 |
memory/3916-4700-0x0000000008E80000-0x0000000008E81000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\PDFAC.zlb
| MD5 | 517d7b8826b11751fdeeff1c1f009071 |
| SHA1 | e784c8cf4a9fc009804184e25aa028f1ac9519f2 |
| SHA256 | 2db076468a82ec01b6b7e35310b5acc943782d892a48c2d0cdf46a675c4024c6 |
| SHA512 | ff470d17b53436d00bcdfe09cbc73b845a68bdc46f0b28eac87757229413f6c9de8bbe180890891fcdb4412bd0ddc3cf8ca05b24683c2427b2d7840baa4c5beb |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\PDFAC.zlb.dat
| MD5 | aa501213b5f7da38407ff7263a004048 |
| SHA1 | 0a397be292f0f35c3a4a655a4f91b6318bb8f52e |
| SHA256 | 81a865a19c40d41ea66e73206ef6f139916935cb03120ee6be06e60ca65b09a1 |
| SHA512 | 33d4da65ee1012d74cb67a61b4bdc3f3f4dfc104c4dc1b3a2c44ef84e574402a1eb6a880b060dbbea710699d2c2afd4ec7912506b67b55890929e7e16d1926dd |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\IDRAC.zlb
| MD5 | 6d7db7d675eece609f54efc617b0d100 |
| SHA1 | 141f4ac3aaa0d8ec5a7df6e04b27f392f7951930 |
| SHA256 | 55cb42d19ba021ba21831c300dd06b7e4522aa7ff3057a8bfc581017c817d3df |
| SHA512 | 45352ca1b140a6902c743d8cc192ec8fb7484df1882ffc1b89a95e35a2a35d24f0962739f97ded2fe0806ffc1d474e7438f22ec24efdd9d8651451c5205f769b |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\pub\IOBPPIMF.exe
| MD5 | a928bf113caf194f07f6f69be87eae19 |
| SHA1 | 994e18a576244c78fd847b82a0b735b3e3e962e4 |
| SHA256 | e10362f3307d2648c276d88358125f6bafbc635f431eb2b6bc7953392633cdf2 |
| SHA512 | c1cde78507842afef1cc21286ead18bbe6b73fe30c2c0cb5b632a9f73cd519707ae33d67d45692da4a64a549b8f812fecd92a3d9dcc84c61fa0ac44132181b50 |
memory/3916-5159-0x0000000002510000-0x0000000002511000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\giftboxext.dll
| MD5 | 69ebe0c35fe85f0578fa322606fee6cc |
| SHA1 | 1c05bcff36221367a4ee1b0551bce1048b56e6f4 |
| SHA256 | 8eea3f0e694e0189597904d0c20e8f12f440853e1bcf797eef93ae5f1fcc8614 |
| SHA512 | 71342b13d7769e05dce5b1e2171d7eee02d37b2d56719eb58d088e9f8ddbf0ee5c8fdffd374fd164e91f8315dbd1298a630d55bfcc5e492eb62587d4b2b7ff7f |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\giftboxext.dll.dat
| MD5 | 67197d351d25c35f7ff63fa6d0e245a7 |
| SHA1 | d843edf2e77e494cdb1cedaa20d4eca3e3900fae |
| SHA256 | b501197093866c9c45062b3240e23498fb44cbcea068adcfc792851bb896eb1e |
| SHA512 | be82e70a95d2307a8e7b33bc5eb1861c0bb2ccae419cddf989335da16d5726a1240afe6f0dc7cf50f04900c7c94ae90d41d418ec12a8f9ed35d8c943a067f40d |
memory/3916-5249-0x00000000040D0000-0x00000000040E0000-memory.dmp
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\IMFBigUpgrade.exe
| MD5 | d7ecd275767ec5f732f340d64279270c |
| SHA1 | e5f465019af6d4363a0062560a2aabe185720b78 |
| SHA256 | b5111661c31244336b71c0bb7c30c79b53339e2fb6a7ad1fa2f7237abfa992ef |
| SHA512 | 56a00328ef95600b53bdb29ddf799a04578211a31d0b04dad2775cf6a12148219358312a9dd3c8d77334f1971dad7a48fb7ffe09d2c6fc5174a5e45b9c4e659c |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\Temp\idrmini.png
| MD5 | 2a3094b6bea2dd9a1cabcab5e1b5a15a |
| SHA1 | b2793c6ad2f799c4711972230c1e504249ed62cc |
| SHA256 | 875156de83f1f48166b19016bdc9892accb4f8a7853f9b77cdeb0bf5df167bb2 |
| SHA512 | 6d188cea55ffd71b5fbab1df5328967d5cec067a0d8a47f399232a2534aa20889ec26dcceac7d3e5f02e9fd21a518e27529fb83090541a10abc91d28f707c875 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\Temp\idricon.png
| MD5 | 6c8c0cdb328958fd43fa8d643f5f7d01 |
| SHA1 | b6b3d1088b3fbea4e8c7839c0bd2be4d5e067e2f |
| SHA256 | 3380d88b595422c2c43b8624ba2a49f05e9598bb0d5708053752921154ebf204 |
| SHA512 | f812183818f3b3c48b216ff93a63c178b2aeab711b198af0b14cb5b372553057f70849f41a627922746d02511f118f7f4e525e97e6d81c3a158ebdf682fb49dc |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\Temp\pdfmini.png
| MD5 | c2e61e23614aca63b72dbcf85a88dbc7 |
| SHA1 | 3a1525ef72e8a273bf74a057eec88f2345cf3f0a |
| SHA256 | 8d848735648c29327e545152e7b6eca9e0e7d17a57b5f659941db1dbff9029b8 |
| SHA512 | c3b2f7b4d97d0dfad9e0b9e12525845314237d4c357bb5c23d5585475851a7803c8eebfd5c8770a5f0b5a4ff52b2448cbc1a9972a5b8290822b6462a9ae70144 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update\Temp\pdficon.png
| MD5 | d7c263b0d5d6e2e156c7cb86082d6cbc |
| SHA1 | dd0886fc63f5d6dbb71e6219884fc5a7c6948bf4 |
| SHA256 | 1c4e9cf03d97a4d8b9d603a0d42508697b634eab7069050a1dae3e2660845a5e |
| SHA512 | 9115d2f35130a5fd567a087dc513bf72f3f54bd552da833b6389ddeb256c09ea27bfdcbb2a9f56d97be040d4498bef3a0a6b12326beeff01e4cfda0d7213d184 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\popconfig.upt
| MD5 | 0a764dc4ef489113d9284575e34334c8 |
| SHA1 | 29a9b162cec324fd19c2fa998ab0283668f935e8 |
| SHA256 | 22933a8fda84ba3bab08f0b81861bf6fead661b2a439c6d02c09007ca1a2d99e |
| SHA512 | 9bd9e7c4cdbf6cb5bfa3a1fb7c88b036a6fc552924e9584e57558230bb7d039050860a3ea1de6c8211034b8d3206cf2257b374a6a9aa078c3f7fe62831b2bc57 |
memory/5904-5373-0x0000000000A90000-0x0000000000A91000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade_Downloader\Update\Freeware.ini
| MD5 | 38c3c796cce8c3ee8b681b91d9f3425d |
| SHA1 | 46f80d693008adfeebe5aa2efbf824c82cc62bd7 |
| SHA256 | abb6244f1cc26b1429e68985dafc8f28e4887c9d1365edca7f520c80f95d6f8b |
| SHA512 | c8ecbe8aaca7e50875c86e0caa940f20e2123e8daae0c081f559ad7b54818ee618559ddd3023a189c0832e46641b03c722af4d465f46ceea19d51767a89bd153 |
C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade_Downloader\madexcept_.bpl
| MD5 | aed2a27145cd7a8794ef1c0bd5c3ada8 |
| SHA1 | 74fb3dfeba50651216fc55f6371027dd0cee3018 |
| SHA256 | 64c929380edc996bdecbfd78959f25f81259a163080f85793f484e0d8bdc99fc |
| SHA512 | 3824f79e447cdf441aacf137e9dd93abadc463d8e9296f1a6c9834d28c23a7e541f0e922831a790a5e5fd24bf941b9f337fda0cc984f0038044a902f5546eda1 |
memory/5732-5424-0x00000000008C0000-0x00000000008C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade_Downloader\maddisAsm_.bpl
| MD5 | d7b420736278f0d741daec22883dedd7 |
| SHA1 | 0c3836c63771da52a82e5ed35c6e9bc4a6af02e9 |
| SHA256 | 6b0b62cd5ab2ba7071cced2c028ba7faa86ba90ed87e5b81fc116e1bc3056871 |
| SHA512 | 6ee74c8745dfc8d644ac2d8c9e19fbd53d5876121fb81aea1cac262a53e46b976864b43fd37f0295734b53c38efe933a72798e19dabf97a0ea58e7eba23e5de9 |
C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade_Downloader\madbasic_.bpl
| MD5 | e9cc245287b0f8169f90305dc4394380 |
| SHA1 | 225af87bf23430c8716dcb517f3d5df565a400c3 |
| SHA256 | 490ab7aa4c70f4af678d39bafe1c48eab6bb7033461b70e6296206c533b872ef |
| SHA512 | d08d67fb4a958d3ddd17a14884338438c02560b6d6fdf2f74b5a6c30ca1164f23ad5afe9bad38588eb588665cc302a1c52f2f09a88747687a8a2c7e78628aabf |
memory/5340-5446-0x0000000000990000-0x0000000000991000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IMF11_BigUpgrade\IMFBigUpgrade.log
| MD5 | aba4a6232879d6e436c41c35bc1ba78b |
| SHA1 | 2773b1a69406318f43e16f097e6975a39f0cd2a9 |
| SHA256 | d8be30dcd548cc66c91710177978c9e730adbd152b05122bb309fb58f81fc036 |
| SHA512 | 16dcd80b9a1a7dc1ee1a95c54c7dd33e29594ab90a12bb0d8328a9e0dc1b1ac6ca1c5baa4ffbba3e3f1b9135173960f2af8419426c6f18292629cd36798c3d3a |
memory/5340-5478-0x0000000002B20000-0x0000000002B30000-memory.dmp
memory/5340-5627-0x0000000004330000-0x0000000004331000-memory.dmp
memory/5340-5628-0x0000000004750000-0x000000000489A000-memory.dmp
C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10DownloaderAC.log
| MD5 | 8262e8bed0b014cfe7177e3f179d54bd |
| SHA1 | 4066ec2a88fdbce50cd1a2094f0904c6172222bc |
| SHA256 | 51ae8bd7ff0a7563d7869f89906d16df166b7a9e019c775ce71b574d68413344 |
| SHA512 | 543671a10e1b140ed30fabe39a430ef1c58c3ad95563104d27d5b2ca2d3850f8f578892c549b02784a1837a3a788f922827165f2a7912748214d43cb4bcc980d |
C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10DownloaderAC.log
| MD5 | 85c4285f604e18388c2a60dd2d2336c3 |
| SHA1 | 577740ea66f2e489560b96dfa5dbcd112ca420d7 |
| SHA256 | 45b3d633856b453cc832396fe7b95b8b7f75ca2de696f8f857cb84740f83f4ae |
| SHA512 | fa28d3a47b27bbbc96e4d3c92de9cd16eaffb9c4cd5540a952a3d0f4ef8f94dc78737e14c22890f513f9924ec52241e1c105ab18c4db7869958d5141691f578b |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\IObit Malware Fighter.lnk
| MD5 | c080384f73b050b43212fdb45dc882a5 |
| SHA1 | 9848d8e6cabf7c131b23e475064438d448a2c01a |
| SHA256 | b8b0bec1549a232bf2d816d76ceedf7550d5fdc90105a7d1c0aa5120acf1851c |
| SHA512 | b194e3cb4f9b69fa886c9509fef00ca744706796ed5fdbfc2a07638aeb6fe119d3318cd42e30bd9f72fed2c1d92bf932c955f84afa3ec9482839bf24a9ae0d56 |
C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10DownloaderAC.log
| MD5 | 52392242c9993b6ddfd42fd443c7a6d2 |
| SHA1 | f017b053529112cbd62c2985d994de246cc2ddfd |
| SHA256 | 58afe255ebeda8822cd49389e44eb60b475ec8deb9136210ef4be39f2ab5f21b |
| SHA512 | 0c53cd51ef9dd9a207c187468be7b8aacabc139616329c1a7b8159c1a9bffc833baefc61c0663453c5af47ceae0dc4374f7643f183110c081331868715feee04 |
C:\Users\Admin\AppData\Roaming\IObit\IObit Malware Fighter\imfnormal.log
| MD5 | 7c22dc5483db56dc2ad0bdc21e77eebf |
| SHA1 | c37992b6c5db6886e1a1b9eceb1d020c2153512c |
| SHA256 | c9b77b6007ef5c4b9163b559cf0df8f620a4ebdd35eb692aff3b0f7932b61626 |
| SHA512 | 3da7f8bbdb66846bf348965aa119ea042842a2354ac1c22946c07e9009e51808555189729835766c61239353ae5177b0d3591105a7367ea88eece45ca7153e74 |
C:\ProgramData\ProductData\StatCache.db
| MD5 | accdd3b35df1a619f8a6dc68bc20cc20 |
| SHA1 | 2e0835c39e873fd10a8c3b393f55bf30b4e230dc |
| SHA256 | a5b83398f153cca41929817fff801ebce60ea9fc3af565ec10add49f2d227c3b |
| SHA512 | a99ce802aa2bb45a26c3b1f223c13bead29b60d7b1e4860bdca238061b856237a6ef99d64ace531b251a34cbe229e3dce64a90a8999ae2b228667b54b29405be |
C:\ProgramData\IObit\IObit Malware Fighter\init.log
| MD5 | 1620b00f41d95b0b9f560a4f59edf7ea |
| SHA1 | edf5862903e05d03abb6747dc7cf319c36820b4a |
| SHA256 | 8c1d65075253781baf46cff39db57da33a4dcdd661fb1657e9e8f7036f3a9fcf |
| SHA512 | ec1f9e96693e8e0a18179299a9b572bd7de13b25a1c237878a05e6aeb8b184459d19c553c7538b4d630344645e55a0c9b77e4fd21ed24e32e160568421025286 |
C:\ProgramData\IObit\IObit Malware Fighter\config.ini
| MD5 | 3afe8b0dcc00f2dcbb907be2f35c5eba |
| SHA1 | a9a1179f3c0381559d339b62f22a697adf474a02 |
| SHA256 | 6955bb84500522632be524fa54f8ff28ee91c6f4e84bb66a8be0642e16a2a2c0 |
| SHA512 | b9ef40e05786c7e683c8d40b4b06f2e7cebeae4532b5e803e7e977f2a1bcc67dba52ed407995fdd7626736f90f7393ee922c62700427a3697a92cc572c4fc94a |
C:\Program Files (x86)\IObit\IObit Malware Fighter\Language\cache
| MD5 | 9ca2607b5922baa0723a1967ad366e35 |
| SHA1 | 4d081af7a33f0739e7e957bc2f809a0cc48ea13f |
| SHA256 | d3cde028221a1067040a0f3a77f45ba54d7d099e81984017f041903e5df75d1c |
| SHA512 | 10d6cfef4ae3f78b83ae13be083cc1498b44f83f5c7d908bd635db9f6aee4834e15dface989f92585ed2d00e0bdc56cc89a52461b974dc6239693fe276b9a412 |
C:\ProgramData\IObit\IObit Malware Fighter\main.ini
| MD5 | fd161e32f9c81c123a4c38dc79f7308f |
| SHA1 | d426c1d9a96c2c71558c86f4ab0190b1b6978988 |
| SHA256 | d25f15a27a6ff33d59f28f611aab6331abd99430ad85cb703cf5676974b48b76 |
| SHA512 | fc6ff7f436afaf53de619e89e08ea7c78065e511ff946363a001900f90819eb4eb10a8b9e16826dd6c71ee1a1dac0899cd1914efe7225ea73d63ce1da67fa4da |
C:\ProgramData\IObit\IObit Malware Fighter\config.ini
| MD5 | c33238c3792f086b3f86f21feff0ee89 |
| SHA1 | c87a74196f2e4d6ea7de446e42cc0ba0d26723a9 |
| SHA256 | 1d9f90dfd26af4b33951ab0d2d1cf7f36fc5d6e065c83d70a8bdb1d896306ec8 |
| SHA512 | 15c10435b37d4ba282ce92cb26379b41444f18e2b6be5880feb9852b44f8d52dfef6083d272be757a44409ae1dacd0aeafc4a9d7d8b0ede3ad93be6c2bc506e7 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log
| MD5 | 1c3b6ab88cfb2cbcfcbb243ce27886a4 |
| SHA1 | 61bf2edb8a5e4635a08b185ea47bc0d35b3d9502 |
| SHA256 | 18180322fd21b89287ca0a4e63221fa087e2bfaf29a1e03515b6d8d8f1c03007 |
| SHA512 | 1a0cdf75e999d22c1d18e08d2ae8c7eb11ba39abbad0c6eaad4e9bbf8461a4ac30a96dba8d153c336c8619cc3d39fa19111649e41c2c4e8d9f78c8b6f657821b |
C:\Users\Admin\AppData\Local\Temp\is-93G22.tmp\Lang.dat
| MD5 | 1cc6639718a60f89a07182ac09df4168 |
| SHA1 | 078b772b9f5f54442bf365e737a70e6ca2cce560 |
| SHA256 | b9af13e95a3f7eb9c4b8c66e68af2505ce46748ea6c1dae938d961b121183e6e |
| SHA512 | 3ba3652afdfecf370a9878a7f5cc73a986ead1e415f0f9867bce0ef077885e2e55d7d9b5ce91220e795b10164a565546ce2aa79c35009b47550d96e9102de707 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1eb86108cb8f5a956fdf48efbd5d06fe |
| SHA1 | 7b2b299f753798e4891df2d9cbf30f94b39ef924 |
| SHA256 | 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40 |
| SHA512 | e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f35bb0615bb9816f562b83304e456294 |
| SHA1 | 1049e2bd3e1bbb4cea572467d7c4a96648659cb4 |
| SHA256 | 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71 |
| SHA512 | db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 30191c0b42a05c35bab9b6480afdc24e |
| SHA1 | 87079f217110c97ffd39a0bf003e6d50d06d254d |
| SHA256 | ab5c6c8441a098a5860624840488370ee17d27e460069225030e2ecb83b3f126 |
| SHA512 | 01a2a6ba6ec6b45234c94e7a5b4447bb8a17be6fe208a782d8c51f31138cbd4fb31f5cd460fef5b6bb2b62e4c9cf364d9b99aeddb2a80dd699ee9dca81bf28bb |
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe
| MD5 | 373a5f937705276fc49941c2c4b717a1 |
| SHA1 | f5ca73b7fc1911cd734cd9fafad3fa76f8b06253 |
| SHA256 | f38479a5ad18e9844a729fb4ade0c71b4374643e7b4d8820a02e04bd2a0395b2 |
| SHA512 | fe44c4cefdabe1d0d9eb8fe374e1f622149ea8188c3e17f5e6d12ea316f6951718a78a20e279f464bf4d990a8194813c47e1952171b85ef9e7a710c4635d955c |
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log
| MD5 | 67e6abc6dc09676d36a1f99f463a1dc5 |
| SHA1 | 7917c8d81f70999248f44214114f46d5b0e8b259 |
| SHA256 | 666dcada41891902094386e4ea07bf71ee8536f44158b62ed8820366577375e6 |
| SHA512 | 0eeb37f07da21adbc823a08af94f5eff304178bd0c86ce5401fc879902c24561732b5ba5683e241829e077011e61942e3e762ac6777e74074cbb047a20960b57 |
C:\ProgramData\IObit\IObit Malware Fighter\main.ini
| MD5 | 08ddf2a96b1a7b4dd48b2411ee597554 |
| SHA1 | 23189b5397c4f01b3fc90b3364688ce30bfb197e |
| SHA256 | c82ce37310fb823c0827b45bdf07fe074678eeaabb40da5845a574059e179696 |
| SHA512 | 558ac35365f7d92be166fb78b5420fe3b913d9dae3220a804ce716296298e288a827a00149aa9c79d7e25886561cc40e92b9f78135909f9307504de3bd5d129a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc677e382a6f08ccc7bedf8c72e53d60 |
| SHA1 | 269d8f49cc65a9efd6232d9af2b7ae7b0b3564be |
| SHA256 | 3e17324bf256b3aec0064d7da7049bc30234863010be87a5b159d5d4e278dba1 |
| SHA512 | d5d002be188f20e532448c99ad1e3fc76ea3f79a48fe6758f352aa40360c3fc651bb82a58a81825712af895270ef08be19b1aa679394b8973874054105273ae9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ae13d0cf9998a567432bbeb693578513 |
| SHA1 | fadd1012db8cfd0a56b8f8ee8ebe622b9533b7b9 |
| SHA256 | 90daf1aa68aa81e47acc06a26faa80cb21c333c6c361cf573c9f550119b1779f |
| SHA512 | 933e0d6f19cb713b835de2df77bec1403497959ec9f2d7dcaf13810775c4ea2c1e69a9072f413fb52fd88a99d6640a80e8bb9923f878333ed2db72da077f698a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ab9b48c4f86478d7b60bb904f300e1ee |
| SHA1 | 7eb0153a030b0bfb12f07a976650aa1904ac911b |
| SHA256 | 155636209e5daa584d5451abc871a1c890c9d356d120a6d298c493c093f7b9f0 |
| SHA512 | 5675df51f7e7debe75407171823ec0710bc5969c6ce548e41d509899cb1afb40ca59127338e09b8a6e2f403275f5e8b96ca16c1ffdac3effc2982ba4bde3d14d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 613e857a55225783e9354d1421a7d113 |
| SHA1 | 7d5e212b55fe9bea77e16e2e4ed9dbf9f08fe4dd |
| SHA256 | 02c5469b21ec809477be413176cd551adb4b0032b49b174e031c75922e296111 |
| SHA512 | 78a9fea888347773093c1d85184a36595cc437e945f89970fa4e3cf164aaf7cab33b7b75f7de8ed552de4ea6a674fae17d9df7dafdf9d0feba7993dd289167e9 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\IMFCore.log
| MD5 | f89f1d0d038bf17fdd84526359525cc5 |
| SHA1 | 13494c7fe58bf4f1025db094cf4405d7003e4d41 |
| SHA256 | 8562efa40eeffc5eacddd9804e45b50910daf0aa3b6a7311d17658cfa406466e |
| SHA512 | 6d0abccb6e3071626c8fd78101c85603169a6192c6187164de3bce97c0be9b2c1c1ddef33f5d5dc0cda61e1ab6ecb5e324df54ba4e165d033cfccc6404b22b74 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log
| MD5 | 676ea9fa27df70c9dfdb78d4eb28f382 |
| SHA1 | 3e8646d32c64190753c1eeda585d2ec001b2c6fc |
| SHA256 | e1a4e5d7d8b6cc37a39cbe42163d1f0c26675e69d7fbcf739510a0c09362ae90 |
| SHA512 | 9a7d7fb549084044f655cc3a4e11150742626e357e3b2253e85f54de5427acd6e095ea266c3e2ae31b4a0c996e10324e69c1f47a72f82c1c9fc15587935c276b |
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\IMFCore.log
| MD5 | 4b324239a1b9018f29f506652b7d02bf |
| SHA1 | 0b39ea4f83de622fc7b735cd7ebd12e97e82d703 |
| SHA256 | f8848444c7626564ae680f0dd8ee71051ccf8913601593a1d372c7a6b8f22140 |
| SHA512 | d9ad87d296e17b75140131e86eb11a3070295778329cd99338c39b3b331b59309ff9cea6fd763f0ff79a31c39ad918bc68dba1e76bab5c744e19308ee74f2b07 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log
| MD5 | 2a2f953dd50a71cd948f6f1b87ae498d |
| SHA1 | def0f99da6ebc36958a0f0cb9c5cb866dbbe5451 |
| SHA256 | c0586e487397c926940ba926d85a3d2550b27bd8aacdc22a9275ea1724d615c8 |
| SHA512 | 192e6d61a883c331e3ced705ef0e7279a2bc386e81fdc8f5a2d0378e6fdfa8a631105af8137679187aebd3026a75b9d98183358bed2015bd29e838f85bfdb688 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log
| MD5 | 33c1c874a6504f5275a3d6e2b47b5591 |
| SHA1 | c8a8ee7885748418e31f4681781938e3f8e0a147 |
| SHA256 | c4fed421fbaf4433ad2e7886c020240ea499a5741da27c229866abfecaca6967 |
| SHA512 | 78376309cbfaf66aa02ee1400b22468a0edd26361d51e093e3df0d5ce0c11300f04cb6aaeb32b99554ef9fc0a12b478b24ddd71def992fdb7e659d49811fc2f9 |
C:\ProgramData\ProductData\StatCache.db
| MD5 | 361d19db6edd8025239dc778b0d80103 |
| SHA1 | 47a63f2a23eda46b586da974fe879c14fc1508a9 |
| SHA256 | 05b34401a47d340007e3558d7b39b362f74e35e0f11c5d46d05e867e32ec46f8 |
| SHA512 | 3d5f5e3d61b1eed3da450f6090e322ad7723bee6d5b62229d36d7e9696de2441179f544d82d75e72fcdad348c5dd84f49c839b9dc9e8b7ca1609170c4ba333eb |
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log
| MD5 | d6c10160feccfd8e66a809fac0bc3d68 |
| SHA1 | a98e5beca59d905fda6731b4b2906ffdad003053 |
| SHA256 | 5a530f4edb6c119f0423a55ecbcaf9a382bdf5ca9b24c6a5a8483bf735cf9e94 |
| SHA512 | e23e0912512daf1dc6deeeb81d23d8a951bc78bf134e8f2fa1b98307eb61b9afdbd4af50a98361524995a18e8c8070136e46de086b93c0a2ab9e7668fdc98c18 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log
| MD5 | bcac04ade10434d4105cfbf5d6dcc2a7 |
| SHA1 | 70aee84126354b9fcdf95a153bc0fcb6ab7f890a |
| SHA256 | ed5904c1a973e4c47265dc278330f522e4c45436e569464965a87c529e0b3e27 |
| SHA512 | 357da8b9d62a679efc38ba36b58b670a4872e63836aa8641ada15fe166c0c4ee5d51ded45bf16fdbfe396c83dd86a2ed394ed97399efdf088fe472f5fdf6a662 |
C:\ProgramData\IObit\IObitRtt\IMFRtt.ept
| MD5 | 1844b962e419a065320d15c6b06389d2 |
| SHA1 | 2e98efd5a91a83f011c31714d6ddf6ce55334b07 |
| SHA256 | db3315a3f624ce5775b8be56eaf06140b4a74ca149016e756727f89d71d3221c |
| SHA512 | 51a0a0c12a9b5253e0dcb1b76f63595cbb3730ff4580db55d5013b2c2b8c69d16165c373e60167faf68353faac8c80deab272c0ae5e0e24431c46313c3639d3d |
C:\Users\Admin\AppData\LocalLow\IObit\AUpdate.ini
| MD5 | 0f482c050a24c883fdd87b88622e0904 |
| SHA1 | 9074f2af741b25c13583ef92d3f0c31edfe30516 |
| SHA256 | 9c0ef156a5f1827746c216d9371b3ada1c3574b6d5fb5d37b1becccefad310fe |
| SHA512 | 1c653b1ec6f65f7b8a871e0ca2ced058ff8c97610e5e97e58d20a44afaf28a7ed9a38d8c4e855dba3a5d2acb9b151c5f8c03a2802340b1b103014cba86660a59 |
C:\ProgramData\IObit\dnsprotect.ini
| MD5 | 61ac714b024cd9bcc9b78567f5cf8699 |
| SHA1 | aaf020969a274ff78b0d56e3a976f7c7d63ddb2f |
| SHA256 | 569f73537730a9240d4a5cd127e8b8b79307dc2ead733e77e6e6b73a2ce9adc7 |
| SHA512 | 7f46d2fe2db6d47dd0baaefc2b41b2716fa589089e9fda52924382a417cfcd1427ab115a882f04d354a6f4e40c55f71cef23abc64267fb46ee9651c81d9e0a58 |
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\antilog\imfnormal.log
| MD5 | 10e664b06ee8a5c1555d71a3074baeba |
| SHA1 | 785ba126d1923d04c6171a804ba83685d55d5a15 |
| SHA256 | d69034f01a8678ee7a972a3cc1f483ced9d125e8db531f04f1579d2ab582ecb1 |
| SHA512 | 0a2526b576a73173bf6251a2fb86b0fd9430cd20911dabe7cf13873af9aa62e3abef8fa24226703ead4aa368d529c4b23dd0fcfa104e1acfea04a54fed80a469 |
C:\ProgramData\IObit\IObit Malware Fighter\main.ini
| MD5 | 6c9b4e2019cbb3d46513743b9f723565 |
| SHA1 | 096b7ec519dd64c3a4ef980c7d45c3e625b23dea |
| SHA256 | 57d53039b70cd5e8e8e0ef25ac03cc6ef7da71eecea02b3dfbe543c314bdca74 |
| SHA512 | cafc2e6e7a869a05e56dceb0e6508ee868882ae8dc9c9b1394f9c7b5d86d5face8ab31356b6a18c723ee04ee887f5b8d4a13a1ac1c3916b4811e43323ecbc505 |
C:\Users\Admin\AppData\LocalLow\IObit\AUpdate.ini
| MD5 | 04faa727ab243e42b305f65190d0be3f |
| SHA1 | 844d45f425c7a0042af96b2b54a9e7561a1150c6 |
| SHA256 | 62848dfae062746191e791aeb111f89c8231d7c34888b18e48eecfe54ecebe77 |
| SHA512 | fea97f8516211f11f0e85079cbf88c33f98d6a5b2a87b8e969a0cb508fa633103d77b4ede543d8163295f503a4eb761915dde0ed9b232af742bd3012372d9b16 |
C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe
| MD5 | e69bb0f9214fdd368f41bb4d3fb06d76 |
| SHA1 | d2d1d321274919db6e1a2ea48c4ed6b664b9bf16 |
| SHA256 | 6f5011a73146e904d2569b3adc2a3aa29a0c8534109d7f2d9f2afcfb321c9255 |
| SHA512 | 37c8505b7a2aa09b0a20b2551e3e0b5cefad8bbc4e72e7e5656ecc93887bc9fd206ed1910f3b99c69f52f1e4170d382c029b58e9cd2242877c0b0ce26c54d70b |
C:\ProgramData\IObit\IObit Malware Fighter\Downloader\IMF10\iTopSetup.exe.dat
| MD5 | ee075131a77a387c7c08dcb639bf08a4 |
| SHA1 | 45dd29a7327ea27307aa7a8c13adcf9f91b1770f |
| SHA256 | f99907a3dfd19c8ed19951ce7fcced127287cfa82eac89ad922d1a4d0b4fae8e |
| SHA512 | 0b770e3a57722f125d3763f70ee7bb0029a01f85fa3999e91bd4d64e7f5ec239b8b9fb1545a1edbd8608cb648ae89174622faa2c2a7c1df4d0e4c516526f12db |
C:\Users\Admin\AppData\Local\Temp\is-EPRTL.tmp\ugin.exe
| MD5 | 36fbe4890f6ba9521092ec299bb04383 |
| SHA1 | 7f807d8cb7d236cdc163521364b5817650901335 |
| SHA256 | f046f2ece8c0f0ae7392153540d981b4605e0074d5426712260d251aec92d9b2 |
| SHA512 | 2038942ba2d2842c56b521f702778c4ce0b1fafda714c459e7fc3ede527b9a0e85954cad8eb47e899ae4d643c856c5e03fb047e7ea285ca513ce2234a3c7dd32 |
C:\Program Files (x86)\iTop VPN\unins000.exe
| MD5 | 7f7631a8b8ea62beed1e127167cccb2e |
| SHA1 | 6e7bfe06ed5447fdad9ab3ccfe06ea4ba91b8788 |
| SHA256 | e6b2acd0738623318f2a5a0af0318b069623fc3455339643da45b67a148c7c96 |
| SHA512 | 1de0c4ae72fe1017b3d62b5893bd96b63f3a0d1767bbdd130a4d7862cd2eb8bf1d7324e8ea0f10276b17ffe3e8726bfb549c7777998e1d514576642414a14bf6 |
C:\Program Files (x86)\iTop VPN\iTopVPN.exe
| MD5 | 0188f4d9f67a6586a9e66b5942609745 |
| SHA1 | c824274557a94b8d7f14e597f5fc9d810acc0763 |
| SHA256 | 757a1d7fb5c614a7085faaeb53e6c1c618c1b11a4730a6a5fbc9bd706131000b |
| SHA512 | 39cf30929cd2f1e3001a6847d65b39f03ff0c31b59e91b3ef48377ebe04bc81c1a52eb585af5eafbdc546894af9ac2d23365b803ef6053f62806707bc43053ed |
C:\Program Files (x86)\iTop VPN\ullc.exe
| MD5 | dc7cb90b939eedd999cfa2e3a105af7a |
| SHA1 | 49eb352320ca2f0b0f909f16679ed8adb5e4d27d |
| SHA256 | f31f026c0d4772ed2e0e66df82b586b37a7472d94cf7b591780310362956cbdc |
| SHA512 | 40a25f83db03dfacc70e3ddaaaaf9ded4bd939de9ad0c983ab67519a69b9a9013a6a129a461cf9699f76f3327ff94e7b238bef32d99b0ab7538ee84c925c342f |
C:\Users\Admin\AppData\Roaming\iTop VPN\log\iTopNspu.dat
| MD5 | 9d27b51b5a32ed986796190c2265ada5 |
| SHA1 | 99a6b9476c09e59afb797cde80c494ed180e80c6 |
| SHA256 | be5fa038f29943a8de50787249094ed2d0486cdb7a21bec587ff59c6037e5979 |
| SHA512 | a04c4986003e06c7d211adba8bc6e4849d2d465867b560b97bd68ef61635da5bfcadc56a626778e6427398b6a7d52a541e8ae7f3ee709e4f3ce9cb2c2178c195 |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTop VPN.lnk
| MD5 | 941f14e39b956cc25d149af4325e1c4a |
| SHA1 | 5adc583e1f64a545d9e9dcc7d73d296501af836a |
| SHA256 | f3ef433d864f020132927e83763c1efca3e8c7d3b876dea80db55bb69c6cf8ea |
| SHA512 | 019c759d59ef00064f43c04b17c1b538e4e5d226561bd9710f96d2777f697f69865dc883b8e4c6ef71e97bc02f0ebcb07b971928ccd717dae05409f2652de81f |
C:\ProgramData\iTop VPN\ProductData\itop5Stat3.ini
| MD5 | 03444ac2abbf509195d32aaf39ffd691 |
| SHA1 | 5f49619c960df498deafb0e491493fa7ce619461 |
| SHA256 | b6b72fdaa0c9044a9ff61d3238cbce73b7f08eb00e8605858b95aa21636e8e96 |
| SHA512 | f45225ed3e72a8b968a2bd1621a9404caee8c0ffc517aa381a71148e8654815626fa684afaf47993e8397c06cacb7d37c5fc76cd93fc87af6b29eb52ee24ad92 |
C:\ProgramData\ProductData\StatCache.db
| MD5 | aa17853d17a0a27d6b878b8d7ad6e3a2 |
| SHA1 | 43cf849983942413ee2c928cb48b87516fd3d5f0 |
| SHA256 | a08c2fb1613ed57b2ce80fd3a429bfac018df810e98a5436a0d73fa7e3e62a05 |
| SHA512 | 57770ff93592714feff973cca754fbdbe7957b8f5890ec5ffbd0bfb41d7b07c82e05ae5d13933d1bf3247d46b514dba992e45e9557adf8291bd6ad789bb07c59 |
C:\Program Files (x86)\iTop VPN\unpr.exe
| MD5 | e93111d3abad69613eb46c3c9ab4660a |
| SHA1 | 5ec3d5c853e2ca5d21603567f55e91e516c49144 |
| SHA256 | 41c45c5a02e0237eea0c2a74f8be2a0827e1fc357430b32f91cfc8fd3ea25a67 |
| SHA512 | 659dca6eb710e8d9299a0f4e46e43805470112b49f91f26969a448832ec667bb7206cd8e97e38b9b1a29632455919383efd679814307a5cfbb129f0dbce8efe0 |
C:\ProgramData\iTop VPN\NpGic.itdt
| MD5 | bf9be956284978820f85a6c7a1235c2f |
| SHA1 | 9fe28f6f8e14914dff208f04b125de61b748c790 |
| SHA256 | 431a5d48d0a0bf66dfe033cee8b10861fdbd618c518fdc925ac63e930817c80e |
| SHA512 | f323d3e68db65dc08054ee5fa3efea987e2aa8e5bfa30130027a2e1ea8ac24273cdfb72df46c2efa7c099437ee133de3c2c7a45a2b6068bebba767d9f24ae208 |
C:\Users\Admin\AppData\Roaming\iTop VPN\log\iTopNspu.dat
| MD5 | 29fba72546e3aa506b7f94f2f3d9a0bb |
| SHA1 | 899b254685299b42889b790eaf777cafb215136e |
| SHA256 | edccb321e95c397195232af9cbef70b8c4358090405a16b8567da138fdcb1da3 |
| SHA512 | 418cb3a9d236a888854040c6a72d9d570a963724b21496959416927a4f84fa17e6f2dd2c8d8c3e69c56ccbce08d77f30b04c335dd3ec92e76a86b8c9d9b724c9 |
C:\ProgramData\iTop VPN\NpGic.itdt
| MD5 | dd8d9bddaef771161380f897b20b4278 |
| SHA1 | 20df539588cb3eccbb269c9629e78f340c108bc8 |
| SHA256 | d06f479b503da96ea84b8b2b5b3e5fea4e302e1a7c66122fd4c182287bd4080e |
| SHA512 | 8ea9597ecf3be2ccd61eb6111e5d6564cb1765eefb6b55ddbeeac19670339279ee750190d0f03a574d16dc72f07eef561a1f871b6776bbb40531f12414a9c02d |
C:\ProgramData\iTop VPN\ProductData\itop5Stat3.ini
| MD5 | c7bfe2490e4cf38e9e1a8d9d11b790af |
| SHA1 | 44712865d8da4fbde72edce2c0008ad4838fd970 |
| SHA256 | c3a1c0c67a6f814966429edf128d44df1cb122ea0fd9032c17cd3be3f045f423 |
| SHA512 | 02d1df234a0dc260968de682a7323919fdf79d44179e1bb3792e20c0371e4286381de4cd0e67aa220057f3b1c915a483e9f226fdf0d4948c0953d79fd7feb6f1 |