General Info

URL

http://update.iobit.com/dl/unlocker-setup.exe

Full analysis
https://app.any.run/tasks/17676783-9536-40a8-9b9a-93361cdf408f
Verdict
Malicious activity
Analysis date
7/12/2019, 00:26:10
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
180 seconds
Additional time used
120 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (75.0.3770.100)
  • Google Update Helper (1.3.34.7)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.7.2 (4.7.03062)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 67.0.4 (x86 en-US) (67.0.4)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • Update for Microsoft .NET Framework 4.7.2 (KB4087364) (1)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB4019990
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • IObitUnlocker.exe (PID: 2996)
  • unlocker-setup.exe (PID: 2736)
  • unlocker-setup.exe (PID: 1420)
Loads dropped or rewritten executable
  • IObitUnlocker.exe (PID: 2996)
  • regsvr32.exe (PID: 2232)
Registers / Runs the DLL via REGSVR32.EXE
  • unlocker-setup.tmp (PID: 3852)
Downloads executable files from the Internet
  • chrome.exe (PID: 2616)
Creates files in the program directory
  • IObitUnlocker.exe (PID: 2996)
Creates files in the user directory
  • TaskHelper.exe (PID: 3300)
Reads the Windows organization settings
  • unlocker-setup.tmp (PID: 3852)
Reads Windows owner or organization settings
  • unlocker-setup.tmp (PID: 3852)
Executable content was dropped or overwritten
  • unlocker-setup.exe (PID: 1420)
  • unlocker-setup.exe (PID: 2736)
  • unlocker-setup.tmp (PID: 3852)
  • chrome.exe (PID: 3160)
  • chrome.exe (PID: 2616)
Creates COM task schedule object
  • regsvr32.exe (PID: 2232)
Loads dropped or rewritten executable
  • TaskHelper.exe (PID: 3300)
  • unlocker-setup.tmp (PID: 3852)
Application was dropped or rewritten from another process
  • TaskHelper.exe (PID: 3300)
  • unlocker-setup.tmp (PID: 3824)
  • unlocker-setup.tmp (PID: 3852)
Creates files in the program directory
  • unlocker-setup.tmp (PID: 3852)
Creates a software uninstall entry
  • unlocker-setup.tmp (PID: 3852)
Application launched itself
  • chrome.exe (PID: 3160)
Reads Internet Cache Settings
  • chrome.exe (PID: 3160)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
55
Monitored processes
16
Malicious processes
2
Suspicious processes
2

Behavior graph

+
drop and start start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs unlocker-setup.exe unlocker-setup.tmp no specs chrome.exe no specs unlocker-setup.exe unlocker-setup.tmp taskhelper.exe regsvr32.exe no specs iobitunlocker.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3160
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://update.iobit.com/dl/unlocker-setup.exe
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221225547
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wpc.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\wship6.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\rasadhlp.dll
c:\users\admin\downloads\unlocker-setup.exe
c:\windows\system32\wbem\wmiperfinst.dll
c:\windows\system32\pdh.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\audioses.dll

PID
3624
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=75.0.3770.100 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6fb9a9d0,0x6fb9a9e0,0x6fb9a9ec
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2972
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3156 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_watcher.dll

PID
2304
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1000,6038381470191214923,16123124975077536782,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=3718515875133592707 --mojo-platform-channel-handle=1004 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\75.0.3770.100\swiftshader\libegl.dll

PID
2616
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,6038381470191214923,16123124975077536782,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=13735322898280864272 --mojo-platform-channel-handle=1532 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ntmarta.dll

PID
2544
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,6038381470191214923,16123124975077536782,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=2395842297772471973 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3224
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,6038381470191214923,16123124975077536782,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8210403046723264674 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
784
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,6038381470191214923,16123124975077536782,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1926465275748651392 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1420
CMD
"C:\Users\admin\Downloads\unlocker-setup.exe"
Path
C:\Users\admin\Downloads\unlocker-setup.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
IObit
Description
IObit Unlocker
Version
1.1.2.1
Modules
Image
c:\users\admin\downloads\unlocker-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-81nh1.tmp\unlocker-setup.tmp

PID
3824
CMD
"C:\Users\admin\AppData\Local\Temp\is-81NH1.tmp\unlocker-setup.tmp" /SL5="$60138,1967081,139776,C:\Users\admin\Downloads\unlocker-setup.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-81NH1.tmp\unlocker-setup.tmp
Indicators
No indicators
Parent process
unlocker-setup.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-81nh1.tmp\unlocker-setup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll

PID
4052
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1000,6038381470191214923,16123124975077536782,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7320195105287353665 --mojo-platform-channel-handle=4228 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
75.0.3770.100
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
2736
CMD
"C:\Users\admin\Downloads\unlocker-setup.exe" /SPAWNWND=$801AE /NOTIFYWND=$60138
Path
C:\Users\admin\Downloads\unlocker-setup.exe
Indicators
Parent process
unlocker-setup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
IObit
Description
IObit Unlocker
Version
1.1.2.1
Modules
Image
c:\users\admin\downloads\unlocker-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-5fqnj.tmp\unlocker-setup.tmp

PID
3852
CMD
"C:\Users\admin\AppData\Local\Temp\is-5FQNJ.tmp\unlocker-setup.tmp" /SL5="$701CA,1967081,139776,C:\Users\admin\Downloads\unlocker-setup.exe" /SPAWNWND=$801AE /NOTIFYWND=$60138
Path
C:\Users\admin\AppData\Local\Temp\is-5FQNJ.tmp\unlocker-setup.tmp
Indicators
Parent process
unlocker-setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-5fqnj.tmp\unlocker-setup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\profapi.dll
c:\users\admin\appdata\local\temp\is-7e7a9.tmp\_isetup\_shfoldr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\bcryptprimitives.dll
c:\users\admin\appdata\local\temp\is-7e7a9.tmp\iobitunlocker.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\users\admin\appdata\local\temp\is-7e7a9.tmp\taskhelper.exe
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\iobit\iobit unlocker\unins000.exe
c:\program files\iobit\iobit unlocker\iobitunlocker.exe
c:\windows\system32\regsvr32.exe
c:\windows\system32\netutils.dll

PID
3300
CMD
"C:\Users\admin\AppData\Local\Temp\is-7E7A9.tmp\TaskHelper.exe" /Bookmark
Path
C:\Users\admin\AppData\Local\Temp\is-7E7A9.tmp\TaskHelper.exe
Indicators
Parent process
unlocker-setup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\is-7e7a9.tmp\taskhelper.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\users\admin\appdata\local\temp\is-7e7a9.tmp\sqlite3.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
2232
CMD
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\IObit\IObit Unlocker\IObitUnlockerExtension.dll"
Path
C:\Windows\system32\regsvr32.exe
Indicators
No indicators
Parent process
unlocker-setup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft(C) Register Server
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\program files\iobit\iobit unlocker\iobitunlockerextension.dll

PID
2996
CMD
"C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.exe"
Path
C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.exe
Indicators
Parent process
unlocker-setup.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
IObit
Description
IObitUnlocker
Version
1.4.1.26
Modules
Image
c:\program files\iobit\iobit unlocker\iobitunlocker.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\iobit\iobit unlocker\iobitunlocker.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\psapi.dll

Registry activity

Total events
1322
Read events
1223
Write events
97
Delete events
2

Modification events

PID
Process
Operation
Key
Name
Value
3160
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3160
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13207357588046625
3160
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000078000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307070004000B0016001A001F00F60000000000
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307070004000B0016001A001F00F90000000000
3160
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
1
2972
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3160-13207357586656000
259
2972
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3160-13207357586656000
0
2616
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E
LanguageList
en-US
3852
unlocker-setup.tmp
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
3852
unlocker-setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Owner
0C0F0000C389B0B73738D501
3852
unlocker-setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
SessionHash
DC7F7705EA6F279BDE0343BE4CD326BE71DFC080B21D6A37E92FE6C7D4E81693
3852
unlocker-setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Sequence
1
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl
CrashDumpEnabled
2
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CrashControl
MinidumpDir
%SystemRoot%\Minidump
3852
unlocker-setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFiles0000
C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.exe
3852
unlocker-setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
RegFilesHash
F5AA692C1D021F1EDA700AA7CE34A4B4C7A7645022AC25166BBA592F26D2029A
3852
unlocker-setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3852
unlocker-setup.tmp
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
Inno Setup: Setup Version
5.5.6 (u)
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
Inno Setup: App Path
C:\Program Files\IObit\IObit Unlocker
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
InstallLocation
C:\Program Files\IObit\IObit Unlocker\
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
Inno Setup: Icon Group
IObit Unlocker
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
Inno Setup: User
admin
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
Inno Setup: Selected Tasks
desktopicon
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
Inno Setup: Deselected Tasks
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
Inno Setup: Language
en
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
DisplayName
IObit Unlocker
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
DisplayIcon
C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.exe
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
UninstallString
"C:\Program Files\IObit\IObit Unlocker\unins000.exe"
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
QuietUninstallString
"C:\Program Files\IObit\IObit Unlocker\unins000.exe" /SILENT
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
DisplayVersion
1.1.2.1
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
Publisher
IObit
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
URLInfoAbout
http://www.iobit.com
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
HelpLink
http://www.iobit.com
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
URLUpdateInfo
http://www.iobit.com
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
NoModify
1
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
NoRepair
1
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
InstallDate
20190711
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
MajorVersion
1
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
MinorVersion
1
3852
unlocker-setup.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IObit Unlocker_is1
EstimatedSize
4400
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{59A55EF0-525F-4276-AB62-8F7E5F230399}
PfShellExtension
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\PfShellExtension.DLL
AppID
{59A55EF0-525F-4276-AB62-8F7E5F230399}
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}
UnLockerMenu Class
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}\InprocServer32
C:\Program Files\IObit\IObit Unlocker\IObitUnlockerExtension.dll
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{410BF280-86EF-4E0F-8279-EC5848546AD3}\InprocServer32
ThreadingModel
Apartment
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\UnLockerMenu
{410BF280-86EF-4E0F-8279-EC5848546AD3}
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\UnLockerMenu
{410BF280-86EF-4E0F-8279-EC5848546AD3}
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\UnLockerMenu
{410BF280-86EF-4E0F-8279-EC5848546AD3}
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\UnLockerMenu
{410BF280-86EF-4E0F-8279-EC5848546AD3}
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{410BF280-86EF-4E0F-8279-EC5848546AD3}
UnLockerMenu
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0
PfShellExtension 1.0 Type Library
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\FLAGS
0
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\0\win32
C:\Program Files\IObit\IObit Unlocker\IObitUnlockerExtension.dll
2232
regsvr32.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F844CB30-D8B9-4AA5-8B0D-B2229285B4AE}\1.0\HELPDIR
C:\Program Files\IObit\IObit Unlocker

Files activity

Executable files
16
Suspicious files
20
Text files
107
Unknown types
9

Dropped files

PID
Process
Filename
Type
3160
chrome.exe
C:\Users\admin\Downloads\a9ac745d-7493-4c00-a6b3-29fab79befbb.tmp
executable
MD5: 10722c2105674468419e52a304c9602e
SHA256: e023ce77d951aeb4d8746c39389f37a9b88c9b9e180cb68b40161c9d9e8a1d60
3852
unlocker-setup.tmp
C:\Users\admin\AppData\Local\Temp\is-7E7A9.tmp\RdZone.dll
executable
MD5: 8abf1b20652e3eebde78272eb3222c7d
SHA256: d0a4125c20c55c3cfc3dc6b098d3711f4836e033b00802ee460464232372aed2
3852
unlocker-setup.tmp
C:\Users\admin\AppData\Local\Temp\is-7E7A9.tmp\_isetup\_shfoldr.dll
executable
MD5: 92dc6ef532fbb4a5c3201469a5b5eb63
SHA256: 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
2736
unlocker-setup.exe
C:\Users\admin\AppData\Local\Temp\is-5FQNJ.tmp\unlocker-setup.tmp
executable
MD5: 7c0afb6285df6bbbc405463e4105256c
SHA256: 9598b825e971c591e478897c73d5352826edeaf3c141a43dd3c023853fba4b22
1420
unlocker-setup.exe
C:\Users\admin\AppData\Local\Temp\is-81NH1.tmp\unlocker-setup.tmp
executable
MD5: 7c0afb6285df6bbbc405463e4105256c
SHA256: 9598b825e971c591e478897c73d5352826edeaf3c141a43dd3c023853fba4b22
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\IObitUnlockerExtension.dll
executable
MD5: e2a97cefe22daf31ceba9733e7089bf8
SHA256: 693043f5db8ec3804cab7abec20cfa84c1e96cff7a2d6c80ac1b7562c8b3f626
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys
executable
MD5: d166261f5138ab859f03813992c37687
SHA256: 4bf9723f044eb95f51b777c21c6896006bc9e05c45296acb5abdc0dca22bbc83
2616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000001
executable
MD5: 81ed97f9fad6703413f25e652a4af9df
SHA256: e5c1b479630e958e8f8e07ac42d43dcdb8d5ac639b20ebb1515fc9345f1da801
3852
unlocker-setup.tmp
C:\Users\admin\AppData\Local\Temp\is-7E7A9.tmp\TaskHelper.exe
executable
MD5: b9a8153eb60656b81019cbadcad0e8b9
SHA256: 21b637c646df4f842a1aa05daa916e9d3c7fb7f2fe8c6c31457c826211ae1dd6
3160
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 433753.crdownload
executable
MD5: 515dbc80f731afa2e15761bd5f675542
SHA256: df93c643c900da18e2a971434d5e40d209b7a823fc962cd1243e16492a43a5e5
3852
unlocker-setup.tmp
C:\Users\admin\AppData\Local\Temp\is-7E7A9.tmp\sqlite3.dll
executable
MD5: 98d245d50de803c6ab234b6824e3dddf
SHA256: 3b360cb9538aebe6004b8c4a681b9de97cb35339bf3a17fa11241722e936d4c4
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\unins000.exe
executable
MD5: 7c0afb6285df6bbbc405463e4105256c
SHA256: 9598b825e971c591e478897c73d5352826edeaf3c141a43dd3c023853fba4b22
3852
unlocker-setup.tmp
C:\Users\admin\AppData\Local\Temp\is-7E7A9.tmp\IObitUnlocker.dll
executable
MD5: 69cdc240b3f2ad30b989e2c6cf705383
SHA256: e42526f348de6a97f9746686e8409e396b42ce0c552dfdbe34855455c837b805
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.exe
executable
MD5: c5590280301ee2296466e73e64df1745
SHA256: 9fc3749177398603cedf33ee06b4d135569a4c20112281b71df689f160264dc1
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.dll
executable
MD5: 69cdc240b3f2ad30b989e2c6cf705383
SHA256: e42526f348de6a97f9746686e8409e396b42ce0c552dfdbe34855455c837b805
3160
chrome.exe
C:\Users\admin\Downloads\unlocker-setup.exe
executable
MD5: 81ed97f9fad6703413f25e652a4af9df
SHA256: e5c1b479630e958e8f8e07ac42d43dcdb8d5ac639b20ebb1515fc9345f1da801
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
text
MD5: 15de1029686ef4c4686666246e0e53e0
SHA256: ffd97219be134df6284e5e9a3467a260844c327763ecdb8cd77ea831de2ee13e
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\EULA.rtf
text
MD5: 57280a3302278e97afa8739832c1a3f2
SHA256: c7fa074242fd91f12130fef94fd78904e292ddf7ddcb585c3e46dd4614e76aeb
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\is-S320S.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\img\5.png
image
MD5: 63704dbe558ccedd02ee656d152e6b7e
SHA256: 78698e16dfefb9bfda460f6d2bfec3897efb2dca3a0124010ecd3e05a3e04f5f
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\img\is-F97UJ.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\img\4.png
image
MD5: 843256aa85c5d75f9f5cdf212bbe17ce
SHA256: 01135e3c524fa4cdd5ad338879a2d8642f7ec060d3c0a246307b5aaabc7676d7
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\img\is-JA5GC.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\img\3.png
image
MD5: 7a162a80d133e176a8cb99d259c10dfe
SHA256: d59fdecb4d0b8b3ff62189e320b698743267f2aac3102e27f30cbe2d9e86df48
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\img\is-PBPNJ.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\img\2.png
image
MD5: 5c2583ff61edf897af7c2fcc57d4d044
SHA256: 29c4ed21a88a7f1a4da111cdad7bd7d7be470188f5a772c592ca0e4590f037d9
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\img\is-E4GUS.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\img\1.png
image
MD5: 5ac41955e5503d1b00297348ff6f60e9
SHA256: 3bec7cc3b520ba9e0fb07b014a7d7ef14b7844b22c5d27602f2a4d4db86a60dd
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\help.html
html
MD5: dac512aaf0cb1da2f7158c615afffcc3
SHA256: 1d793560ca1741aec1d971d6a22ecff3f0b95dcafc94de9c2204d3fdadffe18e
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\img\is-UIL96.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\help\is-E8A7T.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Spanish.lng
text
MD5: 1391d62dad900fcb8060b948d034b106
SHA256: ad371c9ad146a1ce04e803e5c78c498bbbc8542560180924a0d37ec3c9dd3a0f
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Swedish.lng
text
MD5: 1b06202d8df8298706a652de8c7d8cc3
SHA256: 464bb10ae14c82d1fe473f3c0ee0def3db17374dbfb24f715e33fb37b30ed58c
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Russian.lng
text
MD5: e067779161b122a1d2fb349d92fe161e
SHA256: 916b2cb84adc2e58ef4d1d9738115995bb74e661ac7141b0efed6b0c541f036b
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Turkish.lng
text
MD5: 68d1dd0a197bf930a3a20369deef310f
SHA256: 47d79f29f1fe1ce9f9d1e52dfe2924a5ada7a788d0d299feb23d984995b24b2a
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-U3LV9.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-IVUK7.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-MKN22.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-VNJBS.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Italian.lng
text
MD5: 06c4e04e189f5e87c2b058575107cf4c
SHA256: c6c708fa868c225de7f0a33d44fd17bca1c8fc67dedbd1dc07c76f3ed953c95d
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Japanese.lng
text
MD5: 7e6a0d1b15510299f48cf32954cf7b77
SHA256: 4a1e56a329eedb8ecfca353b38293b8b7833e79a8b2d56a18b90976b7575383f
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Finnish.lng
text
MD5: cde455a6ba3c8534a4a5acc8ea0de3a3
SHA256: 0a9c0405f08aa930a2e82fbe2ae80a917423ed379a2b9eeb3b62109f5aca2443
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Polish.lng
text
MD5: 0b24c5a9ae45a69e7adeb6e81cbd3b6b
SHA256: dafd9026a3e63e8c2f30ccabf40d70a067301066237d503b0d29e57bc582aa3a
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\German.lng
text
MD5: 018a08efc3b38a1ad05e4b6058277a9f
SHA256: 2747ee94b47e0784ffbbb55ec8262db7f61da2bbadce9a90df56bd6bd593f5b3
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\English.lng
text
MD5: af669e1faf8192512066889a004739a2
SHA256: 87859ed38178e302d76f348e1fea6c12f759aa820da1dc34468cc954fc427ef3
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Hungarian.lng
text
MD5: d65cf0ce58fae575e73e353836f32074
SHA256: 0fd8e08476eaeb0a2808247cd0a7160ae47bc83d72c5202893045c003660aa71
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-UIMVS.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-OHCO4.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-M6V7E.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-1SFLI.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-C04HK.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-7G1LS.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-M5JRJ.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Danish.lng
text
MD5: 6ff49cad32c9ded8e183728c88bd458c
SHA256: d2046ce01495fb9e66802c40f1b48b5cd6f539fdecea58458b118acbdbc479f6
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Czech.lng
text
MD5: ba1f1c1064f3f5927fc7e592ff49498a
SHA256: ba39c3c77b863b9bea3fa621a6985c5db28769a066603fd3358311e34b887538
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\ChineseTrad.lng
text
MD5: 83ca4e3c883133a238c2ca29aaf09376
SHA256: df2537f47a2997a07c7f9c8e0d97df50226ed7239b936466b5a5ccd7b60ea3c9
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Dutch.lng
text
MD5: 2f61ece574bf128b2021b2f117883da1
SHA256: d2ab007955e4711bb82dcd9fb248472f5ac6ceb2e62a2a03606e7d03d1fe6cd2
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\ChineseSimp.lng
text
MD5: 8e529cec5d97792970a1d4c85bb36413
SHA256: 6d424079fbb49acd4d86e27263e03efa939f57d98feaec8aa30e0a58086b8cb0
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-3OBI6.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-94VGO.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-1Q14O.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-EP2CN.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-C4R30.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\ProgramData\IObit\IObit Unlocker\Main.ini
text
MD5: 40e41706d00324f625b4079afeda2e28
SHA256: 63ee4e87cf0edc49c52173a904be985c461784795e3cc8e0cf736d03d58c4740
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\Arabic.lng
text
MD5: 57cdbcb02e6e4a363a89c7cd77da1cad
SHA256: e46385edf753e9541be010d80ddf58800bb3019b497e18f584056e20b1c8f745
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\Language\is-NB3TG.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\is-QFCFS.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\unins000.dat
dat
MD5: 3ebf5905378686caf1b7137f136f2422
SHA256: 500217f789508f21867dd251d8f8ae86bc5e565271d7c7fcf6aa515b2f8f87e5
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\unins000.msg
binary
MD5: da3a4c3df70e4d987f4f160d695b9668
SHA256: 544c4e02d6298d2a42f766a2e9f7dbd8c74695d3a56937a6b293104e4419029e
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\SpecialDir.ini
text
MD5: f2d6eff40a0dd85d53c39250242c7e7e
SHA256: 7d63c9d8cc5ce2b7786257d1e2f551bdda8b2a434f560d4fed05ed3f10f65700
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\is-4KBD6.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\is-QC3TA.tmp
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\is-M5AS6.tmp
––
MD5:  ––
SHA256:  ––
3300
TaskHelper.exe
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-shm
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\is-L0G6J.tmp
––
MD5:  ––
SHA256:  ––
3300
TaskHelper.exe
C:\Users\admin\Favorites\Download IObit Freeware.url
text
MD5: 1cc05d805c3a8df2cfae8c93767b051c
SHA256: 3666370fad54389c004981175f94584b1a64bc8d108255cac3330de8bad0eb6c
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\is-Q6134.tmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
text
MD5: 76d30dadd3b095d2c90777e994b3d4b4
SHA256: d10a75639460e02379dde5bc09244ac07057fc599500b0c81b33a30720859768
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
2616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State
text
MD5: 58139605eac7465cc2c37cb021e2b730
SHA256: 5cfa7adb36d084545c5d7a0bb34b5a8808a9f2e3eeade9b0e87cd7d0582c04a2
2616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State~RFd20e6.TMP
text
MD5: 58139605eac7465cc2c37cb021e2b730
SHA256: 5cfa7adb36d084545c5d7a0bb34b5a8808a9f2e3eeade9b0e87cd7d0582c04a2
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: b2e84393a867b1b78eb0ad1c2f058681
SHA256: f674f6a684fd617855f5d7d7e68cecf68a3f1bd8c2c085b3c84d5c9fb623de97
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RFd20e6.TMP
text
MD5: b2e84393a867b1b78eb0ad1c2f058681
SHA256: f674f6a684fd617855f5d7d7e68cecf68a3f1bd8c2c085b3c84d5c9fb623de97
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFd20e6.TMP
text
MD5: c72039b369deeaa4b334f22677625c89
SHA256: ee097c000860285c4b850365b9648d39455ebe34b0b9fe93783dc2db53e0a40f
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: c72039b369deeaa4b334f22677625c89
SHA256: ee097c000860285c4b850365b9648d39455ebe34b0b9fe93783dc2db53e0a40f
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
text
MD5: 2a83445c82b8ad7fb9fffdc9860a8fb3
SHA256: 680cd6fd71b1218120092ea39d1ac6a33bb77ba391d98aa771e4b3416906cb06
2616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\eb986c6c-b3b2-4c81-a197-43837884c51f.tmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\b91a23a9-f4e9-4446-b904-cdb96e2a6193.tmp
––
MD5:  ––
SHA256:  ––
2616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
binary
MD5: 599bad45951d59fd6ef7e02181884e35
SHA256: c44788dcb54b33dae2f473d1809dffb89615edd2862e30ce4a305cd866b1c493
2616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies
sqlite
MD5: a66289a6018e08f0c5f4e16af7f5ae9f
SHA256: e1fe686d9aa603b481c2883f213221e9a36e1e0c4190b4ad140baaca7f3067b1
2616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
binary
MD5: e6664bb02f849fe9942f98f05d1184c0
SHA256: 74bc9170dd7e069bf1d4c738cf989274a7ea10b79a3247500a2161d7eb47a42d
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
binary
MD5: 525367d2a680e5f8941f9dca3b541b95
SHA256: 2a083fca0d8a780cd756da1bd8e9d1763cd529598bd25cb23bacbfcc30bcfa8b
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RFd20d7.TMP
text
MD5: b2e84393a867b1b78eb0ad1c2f058681
SHA256: f674f6a684fd617855f5d7d7e68cecf68a3f1bd8c2c085b3c84d5c9fb623de97
3624
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: b59113c2dcd2d346f31a64f231162ada
SHA256: 1d97c69aea85d3b06787458ea47576b192ce5c5db9940e5eaa514ff977ce2dc2
2616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5e8d215e-8928-4f7a-b988-f8cab81d09c2.tmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
text
MD5: 10154ed21e6eb7f14a87fdf654aa3a19
SHA256: 7e4822adf75f0a23bf00b8e029a9dcf00ae464704813619cddb993ba61203148
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
text
MD5: 19e8561f9971fbaa90ab81be605a514e
SHA256: f6796157505736b7017b31e8c027c3793c4d30c879ac0ac1464149ccc5add6fd
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
text
MD5: df2412b52230631f57831931f00702fc
SHA256: 7e1be00ffb056421f4c2e5042dcf4abc22d0e4d8407def7a96b9ce9490ae2c01
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
text
MD5: 4fae23f9ffc219f73e47d46fe42e3638
SHA256: e8ac594ff48be575e170497bc100c1cfdde0d6d3a028f1baa6773eb4473af973
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
text
MD5: 6b2b856e7e9451f333a5b5dd4810b796
SHA256: da575a7e1b996a1932a40f9305e41cd52f49107e67105f01b3d1e63c1d22fc8b
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
text
MD5: 57fce7c27d1714c32bfd65694949ee62
SHA256: 91b1868c1d3c9dd1181ad65864d059c8ee127f673ab10880cb553a9785b253c1
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
binary
MD5: 0686d6159557e1162d04c44240103333
SHA256: 3303d5eed881951b0bb52cf1c6bfa758770034d0120c197f9f7a3520b92a86fb
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000003.log
pgc
MD5: a064498293016b10344a65a36eeba3a9
SHA256: 5230aca562ae39ac6597a98200e730e37a643a39021faf5de7ee7fa07e60148e
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\LOG
text
MD5: 9c8442df6357c82c9fbcbbd6e96f0738
SHA256: 89903530ef1e5f06f9a02018b952c46cc19275aae98729595bd0e1544aa8120a
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000002
binary
MD5: 22bf0e81636b1b45051b138f48b3d148
SHA256: e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\f8641064-e65d-4860-a223-af97b40def96.tmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
sqlite
MD5: 2f83e3fb2f367422d1b85e8254162651
SHA256: 9670f9cffdcc6fd6ed50503e63ea02e5ca36de40df420b6102e66a30db109f0d
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000020
binary
MD5: 506562585675f86ceab6a68bf036a597
SHA256: 2bb80413a9331da8e530be250c3d1e1ae21a38f34a93806200575cee6df9b00b
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
text
MD5: 10c72a87830f27d8c1caba360ceee6e0
SHA256: 1f2b7cdfad33b47029dacc50f0752f4bd34aed55244baaacdf97e4af8e51d30b
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG
text
MD5: 691bc9d1c7e58266b1676c869fc1914d
SHA256: 6e196957aaae2cc7f13c124e8e5a302be2d59bd4ba6ff5501dae9755bb029ea3
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data
sqlite
MD5: 34aeec6b8b7aae3b0ed24ac4acdd1f8e
SHA256: a758007d8fa6a13b2d728a09ce43883150cb18b945eda4bf15224ee7f92bd5de
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
text
MD5: 13953810d7c2907ff85d1fdef8913283
SHA256: d187a97de5e3ed12bdf69550da7a524ab3d714f798d3e7f2056c20136d5376a3
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Current Session
binary
MD5: 7032f2460ea291e41db2883694d9946f
SHA256: 6366aa5f97afdb2bab61202b60a0f133e9f841f829260242fd97f50a35a86dbd
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History
sqlite
MD5: 9442ce2caf756cc8666299d4f03f13fc
SHA256: ee53daf436fce91a6a22b72f0073e6f20d5b47f23fa097640c5ec741a248ffb7
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
binary
MD5: a9851aa4c3c8af2d1bd8834201b2ba51
SHA256: e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\History-journal
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Users\admin\AppData\Local\Temp\is-7E7A9.tmp\Inno_English.lng
text
MD5: b998360a4e1f705466133fb5240fa4f9
SHA256: c136b3136d38d13bcc7e404f4bd0dc9c99265be76a47ca314bed03ec24cc2504
3852
unlocker-setup.tmp
C:\ProgramData\IObit\IObit Unlocker\IObitUnlocker.ini
text
MD5: 9200d9291d817e3c9ce1e6572644ab14
SHA256: 47667438c51af9f44053521070db5dc4767133edf607f6f8253c37f561cd07e6
3852
unlocker-setup.tmp
C:\Users\Public\Desktop\IObit Unlocker.lnk
lnk
MD5: d9d0ee0d87e9cc746b03eb78f8db6cae
SHA256: fa32222834bbe464f2e33473f84c30c2a5ee13e4e5606ec37297fc5621222244
3852
unlocker-setup.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker\IObit Unlocker.lnk
lnk
MD5: 164af45d9d6b11f1cc2a1effc6ea4c17
SHA256: 4f36b276ab87b529d6eb66529f8d5287e40f89d06e06b8127eb77171f7a78788
3852
unlocker-setup.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker\Uninstall IObit Unlocker.lnk
lnk
MD5: dedadcabfdb49e302297c2bd04279bf4
SHA256: dc58499b8ccf03ba5a69e4541fe6d8cddec4c248a7329746cd79542cb646dca3
3852
unlocker-setup.tmp
C:\Users\admin\AppData\Local\Temp\is-7E7A9.tmp\fav.ico
image
MD5: 8717fe31f053f16eca5eae2a66bfad4f
SHA256: 794c827a3e971d4fb060326170c3e33f3beb757f0da5d496007e33d82d6486c3
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 8dbcdd5bc541f04dff7b16885d231d32
SHA256: e79c1ea8fbdbbd74819adbe94b91725dcff179bc7f5e9b6504e40209596a116b
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RFd0aaf.TMP
binary
MD5: 8dbcdd5bc541f04dff7b16885d231d32
SHA256: e79c1ea8fbdbbd74819adbe94b91725dcff179bc7f5e9b6504e40209596a116b
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\a5340786-5323-43ef-9be6-18cccb4b0510.tmp
––
MD5:  ––
SHA256:  ––
2616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RFd08ab.TMP
text
MD5: 9df6df8528c199a1015acb2d65afb100
SHA256: 837766834b66e86ebae7e54702d2421d4c9e165a2d1d4c9a284d3fc2746c5d89
2616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 9df6df8528c199a1015acb2d65afb100
SHA256: 837766834b66e86ebae7e54702d2421d4c9e165a2d1d4c9a284d3fc2746c5d89
2616
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\859967ab-709c-4105-bc7c-585ce9d6f890.tmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: f11cc35035d3d8b81a05734447149c88
SHA256: 4c196f8f7c74303304937576f555516d23449ab978e2963ae5964774f8e8f505
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFd0223.TMP
text
MD5: f11cc35035d3d8b81a05734447149c88
SHA256: 4c196f8f7c74303304937576f555516d23449ab978e2963ae5964774f8e8f505
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\d9e84693-6d0b-4b63-a1f4-7aa9493f4f8e.tmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RFd01a6.TMP
text
MD5: 43737856683649a0db37c3d6f181d205
SHA256: e12049859bb100ee84a31a7ac14fb79ebbdc84faed9e38e7deaab18a7988d451
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 43737856683649a0db37c3d6f181d205
SHA256: e12049859bb100ee84a31a7ac14fb79ebbdc84faed9e38e7deaab18a7988d451
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\9fb6ceeb-3c77-46d8-ac53-90bc03330551.tmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 0734800f96d95dcb345cf9ad84cc5c22
SHA256: 8bce7a728bad8bb1700257b87b5b7a46eca988153abee24c0554568b5fef6e8c
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\91486b7f-0b07-4a7f-8d27-b2e01f59d1ea.tmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\Downloads\unlocker-setup.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2996
IObitUnlocker.exe
C:\ProgramData\IObit\IObit Unlocker\Main.ini
text
MD5: 3074c54960f787791aaefe01bf5b9acf
SHA256: 8e85f88796c9355f750cbbf90ebbfe9758a19acb9b365bc19eb73155841efb62
3160
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 433753.crdownload
––
MD5:  ––
SHA256:  ––
2996
IObitUnlocker.exe
C:\ProgramData\IObit\IObit Unlocker\IObitUnlocker.ini
text
MD5: 9200d9291d817e3c9ce1e6572644ab14
SHA256: 47667438c51af9f44053521070db5dc4767133edf607f6f8253c37f561cd07e6
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old
text
MD5: 97aa7678fb9d338d08c371711b54a104
SHA256: 4657635b66fa68ae1550b7bff4e54016f8874b4df43a004c9a7244c8465c6ca8
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Session
binary
MD5: 92eb31d830454841999ecdb4a714d301
SHA256: 63f01870e03b0329f3ae859435ef5610661a45085390af36275ae7d6808c8ffb
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\fav.ico
image
MD5: 8717fe31f053f16eca5eae2a66bfad4f
SHA256: 794c827a3e971d4fb060326170c3e33f3beb757f0da5d496007e33d82d6486c3
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RFce1da.TMP
text
MD5: 1276f7de036cb69ffbc104fa79f1d060
SHA256: 3044aa641bd2fed097ee25a5ad052d276eea8ec75a807a244102d75af9ac94f1
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RFce18b.TMP
text
MD5: 370df9c4af340d044e2946d87d515fd8
SHA256: f4761a6412fee517fddf04004ddcb13b935994fba8550318534705c979a29343
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
3852
unlocker-setup.tmp
C:\Program Files\IObit\IObit Unlocker\is-TVHKH.tmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT~RFcdfc6.TMP
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
text
MD5: 8f5ae8eeb714b0a457d1548aca34a3ed
SHA256: bc613d16b86c56446f87a03dd2669df65f4d8b26e96587128e086627ca07d577
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
binary
MD5: 891a884b9fa2bff4519f5f56d2a25d62
SHA256: e2610960c3757d1757f206c7b84378efa22d86dcf161a98096a5f0e56e1a367e
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old
text
MD5: 722d616be0caaf9ed585c9aea7f3742c
SHA256: f86c514fa380332be463670b3b334c8feedc2f6cb9b4118ea367729b056de0fb
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
text
MD5: 911b244e4a362b56f2478647d2d61a40
SHA256: 3a5aec1ea537d8841e604d0aa4cd5f9241c805a3d4eb4e372cfb7eeb3678a361
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
text
MD5: 0acecca4cf9ade756da7cc9dcdf02d50
SHA256: 18f910775132b4fee014ea0fab836d857f367e76232fab4ae6a86a92e4c3ebee
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old~RFcdbde.TMP
text
MD5: 454106ccf080f3e3795c229fc73350d4
SHA256: 9974dc611be9e20bdfa7b8d939cb913ad23859dea5f52ebb8d10cead9ab5b4fa
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RFcdbcf.TMP
text
MD5: a874f3e3462932a0c15ed8f780124fc5
SHA256: 01bd196d6a114691ec642082ebf6591765c0168d4098a0cd834869bd11c8b87d
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RFcdbaf.TMP
text
MD5: 3d551b6e929cf62f7aa66091e718704b
SHA256: 1698a1b1bc3e86676392fb8bd4c712438302a5a2220503c08f290ed4b1790404
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
binary
MD5: 0686d6159557e1162d04c44240103333
SHA256: 3303d5eed881951b0bb52cf1c6bfa758770034d0120c197f9f7a3520b92a86fb
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\049f5d12-11a4-465e-aeb9-af872e580e45.tmp
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: a519780ed0a2f4336db4f5651d79c369
SHA256: da5b71bd0075b55757bf757bf5f4d4a1dcbcf0762cda5b31b28680963e068c75
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RFcdb81.TMP
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
––
MD5:  ––
SHA256:  ––
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RFcdb42.TMP
text
MD5: 213ae3da120d7862d60b5763b6c9d466
SHA256: 5736534d6ee654c1bf1a8e79e73330af58f622e8657285330d2c7189a55604f4
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RFcdb42.TMP
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: dc32343f45b01764b6267ad36548102a
SHA256: a250f5ad57d4bd58aae92810d50278e3be2dbf869f126a3a3519691bcdfc2075
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RFcdb52.TMP
text
MD5: c4d6cbb269c626168a5d6d0d8cce6c30
SHA256: b62cdbb758278a0c2e50593357390119441d8de09428eb29027f3dfd1332e348
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: 1a89a1bebe6c843c4ff582e7ed33ca1f
SHA256: 65099ca087b66aa8ca420ab121daad713e1db5a61c5a574d9b1c0df24f012520
3160
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2996
IObitUnlocker.exe
C:\Program Files\IObit\IObit Unlocker\update.ini
text
MD5: 3a9fce73f16c1c908986da2b519ff1ee
SHA256: ab01c39db0bd05b4e42ab23be1fe1836f7c98713128633048877a46f1d3e22a4

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
2
TCP/UDP connections
9
DNS requests
6
Threats
1

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2616 chrome.exe GET 200 93.184.221.133:80 http://update.iobit.com/dl/unlocker-setup.exe US
executable
malicious
2996 IObitUnlocker.exe POST 200 93.184.221.133:80 http://update.iobit.com/infofiles/iobitunlocker.upt US
text
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2616 chrome.exe 216.58.207.35:443 Google Inc. US whitelisted
2616 chrome.exe 93.184.221.133:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2616 chrome.exe 172.217.18.109:443 Google Inc. US unknown
2616 chrome.exe 172.217.16.142:443 Google Inc. US whitelisted
2616 chrome.exe 172.217.16.196:443 Google Inc. US whitelisted
2616 chrome.exe 216.58.208.35:443 Google Inc. US whitelisted
2996 IObitUnlocker.exe 93.184.221.133:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted

DNS requests

Domain IP Reputation
clientservices.googleapis.com 216.58.207.35
whitelisted
update.iobit.com 93.184.221.133
malicious
accounts.google.com 172.217.18.109
shared
sb-ssl.google.com 172.217.16.142
whitelisted
www.google.com 172.217.16.196
whitelisted
ssl.gstatic.com 216.58.208.35
whitelisted

Threats

PID Process Class Message
2616 chrome.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP

Debug output strings

Process Message
IObitUnlocker.exe ParamStr(1):
IObitUnlocker.exe ParamStr(1):
IObitUnlocker.exe ParamStr(1):