2efdffd1cf3adab21ff760f009d8893d8c4cbcf63b2c3bfcc1139457c9cd430b

Analysis

max time kernel
79s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

unlocker-setup.exe
Size

2.1MB
MD5

646261d89e30c36b938da1d7134691c9
SHA1

b25491854b409f454277586d97d2ead28168e6ec
SHA256

2efdffd1cf3adab21ff760f009d8893d8c4cbcf63b2c3bfcc1139457c9cd430b
SHA512

529160fe12a38d986f0b670d0334acc377490b86dc30e6d03227507b1f28b0d85ed17a4f1351108e516bf1635d5f5d73b10e6cc39fcc87e7e94b486c10fcde82
SSDEEP

49152:3mpEKwG7f0e4qkpPNFXbMXuesDNkferBmyYwfPG:0EKwwfjYFFXNesuoPG

Score

5^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 40 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-27G5T.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\help\is-Q912S.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-1BVCN.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\unins000.dat	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\is-9C041.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-HT1LM.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-S71MO.tmp	unlocker-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Unlocker\unins000.dat	unlocker-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Unlocker\update.ini	IObitUnlocker.exe
File opened for modification	C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\is-2QT9F.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-G193A.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-VEIHA.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\help\img\is-P051J.tmp	unlocker-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.dll	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-LN3B1.tmp	unlocker-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.log	IObitUnlocker.exe
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-FAUG0.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\is-V4PK1.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-K04S9.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-FNTPI.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-QLT6N.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-5V1K7.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\help\img\is-PVCDE.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\is-M48U7.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-07C01.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-OERAR.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-R0JNP.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-9325D.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-EDSBO.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\help\img\is-0SJH8.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\help\img\is-4DVVJ.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\is-74BRD.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.log	IObitUnlocker.exe
File created	C:\Program Files (x86)\IObit\IObit Unlocker\help\img\is-A7TKN.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\is-IMDGG.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\Language\is-F5PUP.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\is-5LHI3.tmp	unlocker-setup.tmp
File created	C:\Program Files (x86)\IObit\IObit Unlocker\unins000.msg	unlocker-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll	unlocker-setup.tmp

Executes dropped EXE 2 IoCs

pid	Process
3884	unlocker-setup.tmp
2372	IObitUnlocker.exe

Loads dropped DLL 4 IoCs

pid	Process
3884	unlocker-setup.tmp
1868	regsvr32.exe
3204	regsvr32.exe
2372	IObitUnlocker.exe

Modifies system executable filetype association 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\UnLockerMenu	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\UnLockerMenu\ = "{410BF280-86EF-4E0F-8279-EC5848546AD3}"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IObitUnlocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unlocker-setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unlocker-setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Modifies registry class 29 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	IObitUnlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PfShellExtension.DLL	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\UnLockerMenu\ = "{410BF280-86EF-4E0F-8279-EC5848546AD3}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UnLockerMenu\ = "{410BF280-86EF-4E0F-8279-EC5848546AD3}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\UnLockerMenu\ = "{410BF280-86EF-4E0F-8279-EC5848546AD3}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\PfShellExtension.DLL\AppID = "{59A55EF0-525F-4276-AB62-8F7E5F230399}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\IObit\\IObit Unlocker"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	IObitUnlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{59A55EF0-525F-4276-AB62-8F7E5F230399}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\IObit Unlocker\\IObitUnlockerExtension.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\UnLockerMenu\ = "{410BF280-86EF-4E0F-8279-EC5848546AD3}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64\ = "C:\\Program Files (x86)\\IObit\\IObit Unlocker\\IObitUnlockerExtension.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{59A55EF0-525F-4276-AB62-8F7E5F230399}\ = "PfShellExtension"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\UnLockerMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\ = "PfShellExtension 1.0 Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}\ = "UnLockerMenu Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\UnLockerMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\UnLockerMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\UnLockerMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0	regsvr32.exe

Modifies system certificate store 2 TTPs 14 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	IObitUnlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	IObitUnlocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	IObitUnlocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	IObitUnlocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 5c0000000100000004000000000800001900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d98040000000100000010000000ebf59d290d61f9421f7cc2ba6de3150920000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442	IObitUnlocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	IObitUnlocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	IObitUnlocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	IObitUnlocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	IObitUnlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8	IObitUnlocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 0f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442	IObitUnlocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 1900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d9820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442	IObitUnlocker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	IObitUnlocker.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 040000000100000010000000ebf59d290d61f9421f7cc2ba6de315090f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e81900000001000000100000004fca18b530ab2d3765b8830436884be620000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442	IObitUnlocker.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3884	unlocker-setup.tmp
3884	unlocker-setup.tmp
2372	IObitUnlocker.exe
2372	IObitUnlocker.exe
2372	IObitUnlocker.exe
2372	IObitUnlocker.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2372	IObitUnlocker.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3884	unlocker-setup.tmp

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 3884	2280	unlocker-setup.exe	87
PID 2280 wrote to memory of 3884	2280	unlocker-setup.exe	87
PID 2280 wrote to memory of 3884	2280	unlocker-setup.exe	87
PID 3884 wrote to memory of 1868	3884	unlocker-setup.tmp	94
PID 3884 wrote to memory of 1868	3884	unlocker-setup.tmp	94
PID 3884 wrote to memory of 1868	3884	unlocker-setup.tmp	94
PID 1868 wrote to memory of 3204	1868	regsvr32.exe	95
PID 1868 wrote to memory of 3204	1868	regsvr32.exe	95
PID 3884 wrote to memory of 2372	3884	unlocker-setup.tmp	99
PID 3884 wrote to memory of 2372	3884	unlocker-setup.tmp	99
PID 3884 wrote to memory of 2372	3884	unlocker-setup.tmp	99

C:\Users\Admin\AppData\Local\Temp\unlocker-setup.exe
"C:\Users\Admin\AppData\Local\Temp\unlocker-setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\is-L6J84.tmp\unlocker-setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-L6J84.tmp\unlocker-setup.tmp" /SL5="$F0048,1689069,139776,C:\Users\Admin\AppData\Local\Temp\unlocker-setup.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3884
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1868
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll"
      4⤵
      Loads dropped DLL
      Modifies system executable filetype association
      Modifies registry class
      PID:3204
- - C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe
    "C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe"
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe

Filesize
2.6MB

MD5
2541290195ffe29716ebbc7aac76d82f

SHA1
d8e22adc26ef1628b826785682830c3d128a0d43

SHA256
eaa9dc1c9dc8620549fee54d81399488292349d2c8767b58b7d0396564fb43e7

SHA512
b6130c658cfeae6b8ed004cbac85c1080f586bb53b9f423ddabaeb4c69ea965f6bca8c1bd577795ef3d67a32a4bf90c515e4d68524c23866588864d215204f91

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlockerExtension.dll

Filesize
108KB

MD5
1ec2724be59f64f05f7107728b51624f

SHA1
a2102270c3cb8db9fdd71f2411ee457aa470e3de

SHA256
01fe66a8aaea0faa04b12127caa3b76ee11be9ed0b1bfcd1eeef71aa5489faaa

SHA512
9179fdeb9d5dbbd245d7333bb048773e855659355aa17ac2d1005ec847d4828a247005e310eeb82bcf90f080ce310dcd88e9a173c348bd512487b3146c50268d

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Arabic.lng

Filesize
6KB

MD5
3b6e5d586108290ec90b7ee8aa09a672

SHA1
f5a48251313a68a0d5fe08136707af425911691a

SHA256
699f38f71da3cff1d7224f3c3701707ba287fcf025ca24e8fbf55a1217145e77

SHA512
121269585ac4e2d9f95d5dc97b216f24f8104455db8bd76f803edc46b45cf37b84565e40280ac2cebf83e41d92cbc83cf0f233875dd59ca1c1f57c931f97e5c3

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\ChineseSimp.lng

Filesize
4KB

MD5
b57e51a5bf610b47005bb03a9357f3ad

SHA1
77f217553c5b33910f4cdc4ae946f7c36c9add38

SHA256
fa24efbe6df04ac3af19e7e444caebb0ec3c71997aa5c648f91ce7c87dda4eb7

SHA512
f9bf1bc24157e78da2b94fb46321bdca06639d74a66470eac93fd62c0e03706403052cb012e458a60784faf4f8032070e69a62e7b5a65275ffb9698d1afe6ea7

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\ChineseTrad.lng

Filesize
4KB

MD5
ded65624ae87dc84494f625596e58c2d

SHA1
6d4e7fc5bdfeac77d9a35a5dab34a8750728b78a

SHA256
d467dd9bc2ca9d4c5633b001615e2d6c127a84f16c7f3e95eb76f4549d69b20c

SHA512
ba979453dccb3d07fb3913d9bc1243330aa8ee4cb857043d281be48e471f28dbf296b564c1d02336b089c0e8e712ba131245cfbb26896a458efc67829ba79bfc

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Czech.lng

Filesize
6KB

MD5
542118a2cc938ac82a922abb171a6df5

SHA1
c3ef3b652555fbc79ba1d794125afe0ee190b8bd

SHA256
ef6b496609073be75cf44941126d4f79920711ec8c4ef2aded9d4b1dbf7c10a8

SHA512
31a9b6dd84e9053d4410678d74b9f2d0dff236eb2c207b6529e5e3a23bae8f8437579508545eb1469c3ef730cf03de8e3dce58e7e0513959334403bc372f1986

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Danish.lng

Filesize
6KB

MD5
4c46432a05ce09bb563f48437a395f70

SHA1
ea7ff52387b973d29a9cd03d62593369fc96b765

SHA256
184f0c95f5d3433c0d5845099fc1da5d7e196ebaad993f2cd49d237cec34d292

SHA512
ca4e5f6e472b32a17a3345bfcadc5eed8861b7d216bcecb02a1d8f03ed62fc10fe0e0a311ff8c73ed7b58b1d5afe0d2175936e956d734a3d16e7af9f6a96eebf

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Dutch.lng

Filesize
7KB

MD5
74fcffdda39abbc429741816b919a841

SHA1
61a1d03f2512771ac0d8ccbf2ef60ced97bc0e47

SHA256
ab2752577faa9ff94e1af58c5819e1c9e95c3d77eb966082bda7b7651886ed3e

SHA512
06b53ad4f95b562fe6ea56e294dc2e9f04f227ac457f3cf71c7986e42a381ad1977c65f628a56a0e71e1eb208ac63165ea7880d70ae1a8a79ea5ff4320e2c014

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\English.lng

Filesize
6KB

MD5
083620520c4fb96da4eb5c102a3ea84e

SHA1
9df10ac766a2879b4c9f3c6f258caf48cda252d8

SHA256
905ff04266f76618e0a369332594b49422ecc23f707e424655a55ca279cb7c62

SHA512
51e294ef9a5a2b9861b0252cfd635b05b46336e9eb2b02477819f56cfbec7d5cc0176557a6389dc48dfcb9bc6f8440be5b8734410dc6d205c2d47f6ac27d128e

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Finnish.lng

Filesize
6KB

MD5
cde455a6ba3c8534a4a5acc8ea0de3a3

SHA1
3cf44c592cb4ce4be9954ef91a571b7a2355e35f

SHA256
0a9c0405f08aa930a2e82fbe2ae80a917423ed379a2b9eeb3b62109f5aca2443

SHA512
bb8d2b8612a351286ce27fd6a58023c9145991b9a34cb5f7e9a2be45a8624aec09dad25700abae973484865ec4316792627047485809ad621f5f533692363f8f

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\French.lng

Filesize
7KB

MD5
f03cdbb8696b0528dc1caedaaeda7119

SHA1
b9a6ecf30641ac5dfb365b1e2de90b03a6e62418

SHA256
166e80f93ac5cf28e1e3bf76483f0843f9d32d829e500cfa982c9d3664cc7074

SHA512
249c7ea6662499042185123145a39ea2f6321e79152bb4b1d0271717ea4328cdcea18fc5bdb863865f33e5aa8b762fc6c47c298a2c3a984b6ecd5537fc1d351e

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\German.lng

Filesize
7KB

MD5
2436b14b3712922f225427425009ba44

SHA1
8f896ffa283a77a6911a150303f12d067aad72eb

SHA256
bc7d3c4f581a3fd12be1e2d59686780bd94d5fc383c65518dd89fb6cad111c98

SHA512
94d346a3de795a4cace50efe46106448a69bc173534b4610e8ab831bbea158556218694bbeb6c93dd2a55e7932b0d49f02bd3410847ab048ac7e90e788f1d79e

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Hungarian.lng

Filesize
7KB

MD5
65f6e74b7c0ca1c64bd9c32bb8531fff

SHA1
6bc2c9205182fd4c5d25cbe2ef5ed7131356525f

SHA256
33ba3481f4dd39aaa847e41ea777e30395a5606373abc511106e67cc51d0617c

SHA512
04ae37bfc41f35b1974fb5f8bbb5e523a0b1e1a1f6ecefcd37238a374567f15c24cbcddb78aed649c7cf3687177ca038c1bc2daa819bf1b0d80c6f4e013b5d7a

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Italian.lng

Filesize
7KB

MD5
71fe34913ae027c56ab88dc718c2eed5

SHA1
2e6023633d311a1ffb151712639b48d59797dee5

SHA256
d57caecfee173e3fd679e4fecdafb8d736f9c009a881bade375486928ca2ca48

SHA512
ea073db529b990be990f87cf1055c00c8ceeb41725c4a32266c9be3e468a27274b3fc0feb94492e6a9db20fbbe8ef059af173415b1eb9c7a0368a4d9d30a1c09

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Japanese.lng

Filesize
5KB

MD5
7ec91418117a44939dc92d65e3359d03

SHA1
81e57bebe8b7d37617e2dddda97575a083776887

SHA256
651f189e637587821dbbfe7ddbef7f2869448ad9fbb1cbe0ec4afc2c81c4672d

SHA512
5ff00ce99dce870ece27120c5470112c6d319f33630217496fb1b48ee425a4165242185341648e5b49059d4b0ea2ad6b851d5411551fde74f3b2d5fb59057d41

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Polish.lng

Filesize
6KB

MD5
05e11996cd6c94dbd0ab0f7f1d2876b0

SHA1
f5da0cc5c96049030e3e2e553c6f6123a1e6bd66

SHA256
d24f9b863e8d0d11b6bfa679b92526f9bd509bfaa96364ea9388fb1ea5123133

SHA512
c69dfe534c8fdefb9dbd4b8d3ab13c9ade884f3c4e6a18f32b8f5dd746214c4c47288c93b0a4baed0c53c5841f9a32b45b1696215978b33e8cbc3e50fdc052ca

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Russian.lng

Filesize
7KB

MD5
f3601cd1c2fecc1b7190cbd724ced684

SHA1
8cf1e731050aee6afcbba0f32c81ed7578f0f41e

SHA256
84bfadabf7893eec7123b5f1ca41394d3a69d237b5f355f3f2ce29f1854888d8

SHA512
06e7c202036d5403e9da27884d04d216bd6b1b92b8d8b0a1caf105722d4668c2727be91fa5c8cacdf91aa838ec7408d5c0354476945e2736ce3437a360b7dd0e

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Spanish.lng

Filesize
7KB

MD5
c353d15b926e335dda7b58d6d31959f6

SHA1
d378fd4b8155592e50fbd04bc64206b1a032718e

SHA256
4c595cf20cb72696f429567f60a3da0ac81e6957b1e056918678da89d7d7d7e5

SHA512
5698b017e29d0fa775e36870b6ae80456978703d280475ebace9738cdaaefb737540a3ea950f85b59cdef3e7e7b4ba95c9be3b084d9e0a4cce23a53d9cd9646c

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Swedish.lng

Filesize
6KB

MD5
3f7cf4d1dfa8ebdcb509001247cf2f91

SHA1
081c53b08e8c817e466c8500b1628d49be196593

SHA256
681ec1fd8c99dddb57935190f39dd7a88da9ca35c9086cea474e2264fc6c0716

SHA512
87240305b6e3a108d0c4a5c9495ffbf828c65c6d8a2f2efdc20cec70fa9b010f5e05fb510dbc85daa4fd01ccd0dfbbc546b361beacab2d2540324306f1ad7665

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\Language\Turkish.lng

Filesize
7KB

MD5
98ad40b352b1500142e3d796a73bd6d1

SHA1
35e830eba30d77d2b2e2d7979d54440cce9cc2d7

SHA256
47d56d71d51c3d4e96439ee7945477735b09f1582d787df180d8fea5ff93abbe

SHA512
6880f85003841389572b0dfac29be3fbe286e83059af5ea98b0e542e7d2577d3acc200e30d5bd0da2b333a3626e8ca2ef27bb150f069e582aa5e66444d6b7741

Download Submit
C:\Program Files (x86)\IObit\IObit Unlocker\SpecialDir.ini

Filesize
303B

MD5
f2d6eff40a0dd85d53c39250242c7e7e

SHA1
1056c8486e2b8fced98740444ae55e951491ec1b

SHA256
7d63c9d8cc5ce2b7786257d1e2f551bdda8b2a434f560d4fed05ed3f10f65700

SHA512
9928d50ea7a8ccdf7373477b6f714f50107ec42df8ec1cbe721aca7df49add83ac404d71059e3125321418470785c3a75f81f3ffcfd6025c122d8cf33c0051b5

Download Submit
C:\ProgramData\IObit\IObit UnLocker\Main.ini

Filesize
26B

MD5
40e41706d00324f625b4079afeda2e28

SHA1
43f3dff89fbdaf711f5c32d11ea036c726b3d4b0

SHA256
63ee4e87cf0edc49c52173a904be985c461784795e3cc8e0cf736d03d58c4740

SHA512
ca17bbca3c6f330d554a810083ae441c0ad823421842596d0309f190759256689f41072097b4235e65a308529b813c911dbda5c1aa8f6c36a603a21de9b89331

Download Submit
C:\ProgramData\IObit\IObit Unlocker\IObitUnlocker.ini

Filesize
127B

MD5
31c59b1f44a7fe642c69f2d55c15ee9f

SHA1
eb26b2164797360d34505c4339d4b38963d887bc

SHA256
869adc1c9541c23440655933252d394d852ea1edf80be0cf16573dfa74d2f903

SHA512
1626d332f919856878a4a81d0b68a3a71a95282aa5e287cff06510d0376104849f8870495947025b1a6d1b09110c902ee1e3bdbf382e024e3036532202a4347d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-21QHC.tmp\IObitUnlocker.dll

Filesize
79KB

MD5
2c6233c8dbc560027ee1427f5413e4b1

SHA1
88b7d4b896539abd11a7ad9376ef62d6a7f42896

SHA256
37d2a1626dc205d60f0bec8746ab256569267e4ef2f8f84dff4d9d792aa3af30

SHA512
cc8b369b27b303dbe1daef20fa4641f0c4c46b7698d893785fa79877b5a4371574b1bb48a71b0b7b5169a5f09a2444d66e773d8bb42760cb27f4d48a286728a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L6J84.tmp\unlocker-setup.tmp

Filesize
1.2MB

MD5
fbb6d0b67050d1ee042db466ba03d174

SHA1
0dcbf75fb11a218825b3921a759f7e34674d38e6

SHA256
ed72dfbdc876c601c6cd5048f71976ea4eae477fe18ddf8e0e02c88a872f60be

SHA512
b3f4f82102bd2758cd3afc5fa5a561a820f6b1e770f85e80de487ec3d44fe4a1acd4d461886b88416d3acc6536c37120aea4de1b9c8d0571851ec60ab863fe14

Download Submit
C:\Users\Public\Desktop\IObit Unlocker.lnk

Filesize
1KB

MD5
bf02b9f8590540454e99ea288bb76d68

SHA1
becaef1cac73b0649fd621941b93508b379edff7

SHA256
a2f573b4c875376377d167ca2cfb63f257e8a3d7c17087fb0733379ae882bdf9

SHA512
639f985d617bac12338c86e796625a170dbab5a3529cc41016449f64b0b2a5ffd080ae75f7d0fb17bac48ae5200303e26e1fc3d0e320965e8d50aff3928cca16

Download Submit
memory/2280-1-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2280-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2280-169-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2280-19-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2372-173-0x0000000000400000-0x00000000006DC000-memory.dmp

Filesize
2.9MB

Download
memory/2372-176-0x0000000000400000-0x00000000006DC000-memory.dmp

Filesize
2.9MB

Download
memory/3884-6-0x0000000000400000-0x0000000000531000-memory.dmp

Filesize
1.2MB

Download
memory/3884-21-0x0000000000400000-0x0000000000531000-memory.dmp

Filesize
1.2MB

Download
memory/3884-168-0x0000000000400000-0x0000000000531000-memory.dmp

Filesize
1.2MB

Download