990034eea06c068b8384741d36fab9e53c7cf7de10e8531b915f34c1ed0c0885

Resubmissions

13/07/2023, 13:40

230713-qykc6ahg5x 7

13/07/2023, 13:35

230713-qv4mmagh59 7

13/07/2023, 13:31

230713-qsdcnagh49 7

Analysis

max time kernel
152s
max time network
134s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
13/07/2023, 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

advanced-systemcare-setup.exe
Size

48.5MB
MD5

f14d068cfae207f898fb76eaf1367043
SHA1

c3dbda0acaf1e5fd1a493d2dd1cc3da0c017f0bc
SHA256

990034eea06c068b8384741d36fab9e53c7cf7de10e8531b915f34c1ed0c0885
SHA512

544b9fecc1923d12ae027b48383fe4811b3684d7ddd797b2096b10a35fe9a1670d125110f4a2e77222bd6d434681af738cc519be326bfcc551e3fd141a27e663
SSDEEP

786432:yK021ALYXrd2i5u5ySyYTcER34bgeIT10qcbVR5i7ecLrqF1O029nSeJ4z:9IKU0udTdIbgBqbiScLr0h29SNz

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1014134971-2480516131-292343513-1000\Software\Microsoft\Windows\CurrentVersion\Run\Advanced SystemCare = "\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCTray.exe\" /Auto"	ASCInit.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\OptimizeRecord.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\OptFailed.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\config.ini	smBootTimebase.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\IObit Uninstaller\DistrustPlugin.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\delStartups.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\delayEx.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\Ignore.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\IObit Uninstaller\BCleanerdb	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\IObit Uninstaller\DistrustPlugin.ini	smBootTimebase.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\is-T84PK.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\is-GQT1F.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-AGOMM.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-5PL30.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-37MB4.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-V5GN7.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\db\is-1RH2I.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-FGDVC.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-53S6L.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-UPNN8.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-93SOP.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-I7ES6.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-MAQD8.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.log	AutoSweep.exe
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.log	AutoSweep.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-NJK6N.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-DH0M4.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-8HJQM.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\is-TGDE3.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_ia64\is-D5B2C.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\is-FR8C3.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\db\is-6VVA3.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-U69S3.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-LG2VE.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-PJ2A0.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-56JO7.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-NHHD2.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\is-RTN58.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\is-SD7VU.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\db\is-NO3H9.tmp	advanced-systemcare-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\unins000.dat	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Rinside.dat	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-V8MCA.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-PO00F.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\is-8LSOC.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\is-6P5DU.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Update\is-EBO2P.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-OU36F.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\js\is-36JDF.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-EJP13.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-FBVDN.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-LPUU3.tmp	advanced-systemcare-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\LiveUpdateSrvUpt.log	IObitLiveUpdate.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-3BMKV.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\is-UKIVC.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-ST5DE.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-PH4HJ.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_x86\is-GOF6N.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_x86\is-U0ORP.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_x86\is-LJ1HE.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\is-S2LIB.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-583T1.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-LNDPV.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-A5AET.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-GAPAD.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-UN1RS.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-M69SM.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_ia64\is-A0O3C.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\is-INCQ6.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-JF633.tmp	advanced-systemcare-setup.tmp
File opened for modification	C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare\License.ini	ASCInit.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Update\is-QM6VH.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-IE82K.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_ia64\is-0P8IK.tmp	advanced-systemcare-setup.tmp

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.7.03062\DisplayIcon.ico	PPUninstaller.exe
File opened for modification	C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe	PPUninstaller.exe

Executes dropped EXE 25 IoCs

pid	Process
2084	advanced-systemcare-setup.tmp
1188	Setup.exe
2420	advanced-systemcare-setup.tmp
752	ASCUpgrade.exe
1236	ASCUpgrade.exe
1676	LocalLang.exe
2088	ASCInit.exe
2328	PPUninstaller.exe
672	RealTimeProtector.exe
1736	DiskDefrag.exe
944	RealTimeProtector.exe
3308	ASCService.exe
3504	smBootTimebase.exe
3640	smBootTime.exe
3916	UninstallInfo.exe
2192	smBootTime.exe
2032	RealTimeProtector.exe
2116	BrowserCleaner.exe
2760	PrivacyShield.exe
1656	smBootTime.exe
3256	Display.exe
2612	AutoSweep.exe
2512	AutoCare.exe
3076	IObitLiveUpdate.exe
3988	startupInfo.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3624	sc.exe

Loads dropped DLL 64 IoCs

pid	Process
1788	advanced-systemcare-setup.exe
2084	advanced-systemcare-setup.tmp
2084	advanced-systemcare-setup.tmp
2084	advanced-systemcare-setup.tmp
2084	advanced-systemcare-setup.tmp
2084	advanced-systemcare-setup.tmp
1188	Setup.exe
1188	Setup.exe
2784	advanced-systemcare-setup.exe
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2088	ASCInit.exe
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
2088	ASCInit.exe
2088	ASCInit.exe
2088	ASCInit.exe
2088	ASCInit.exe
2088	ASCInit.exe
2420	advanced-systemcare-setup.tmp
672	RealTimeProtector.exe
672	RealTimeProtector.exe
672	RealTimeProtector.exe
672	RealTimeProtector.exe
672	RealTimeProtector.exe
2420	advanced-systemcare-setup.tmp
2420	advanced-systemcare-setup.tmp
1736	DiskDefrag.exe
1736	DiskDefrag.exe
2328	PPUninstaller.exe
2328	PPUninstaller.exe
2328	PPUninstaller.exe
2328	PPUninstaller.exe
2328	PPUninstaller.exe
944	RealTimeProtector.exe
2328	PPUninstaller.exe
944	RealTimeProtector.exe
944	RealTimeProtector.exe
944	RealTimeProtector.exe
944	RealTimeProtector.exe
2328	PPUninstaller.exe
2328	PPUninstaller.exe
2088	ASCInit.exe
2088	ASCInit.exe
2088	ASCInit.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
2328	PPUninstaller.exe
3308	ASCService.exe

Modifies system executable filetype association 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2372	2512	WerFault.exe	61

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	smBootTimebase.exe

Modifies registry class 59 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\TypeLib\ = "{60AD0991-ECD4-49dc-B170-8B7E7C60F51B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\ = "{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ = "CExtMenu Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\ = "CExtMenu Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\ = "CExtMenu Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\CLSID\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CurVer\ = "ASCExtMenu.CExtMenu.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ = "ICExtMenu"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\ = "ASCExtMenu 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\VersionIndependentProgID\ = "ASCExtMenu.CExtMenu"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ProgID\ = "ASCExtMenu.CExtMenu.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CLSID\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ = "ICExtMenu"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\ = "{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1188	Setup.exe
1188	Setup.exe
752	ASCUpgrade.exe
752	ASCUpgrade.exe
752	ASCUpgrade.exe
752	ASCUpgrade.exe
752	ASCUpgrade.exe
1236	ASCUpgrade.exe
1236	ASCUpgrade.exe
672	RealTimeProtector.exe
672	RealTimeProtector.exe
2088	ASCInit.exe
2088	ASCInit.exe
944	RealTimeProtector.exe
944	RealTimeProtector.exe
2328	PPUninstaller.exe
2328	PPUninstaller.exe
2328	PPUninstaller.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3504	smBootTimebase.exe
3504	smBootTimebase.exe
3504	smBootTimebase.exe
3504	smBootTimebase.exe
3308	ASCService.exe
3308	ASCService.exe
3640	smBootTime.exe
3640	smBootTime.exe
3916	UninstallInfo.exe
3916	UninstallInfo.exe
3916	UninstallInfo.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
2192	smBootTime.exe
2192	smBootTime.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
2032	RealTimeProtector.exe
2032	RealTimeProtector.exe
3308	ASCService.exe
3308	ASCService.exe
3308	ASCService.exe
2116	BrowserCleaner.exe
2116	BrowserCleaner.exe
2760	PrivacyShield.exe
2760	PrivacyShield.exe
1656	smBootTime.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
464	Process not Found
464	Process not Found

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	752	ASCUpgrade.exe
Token: 33	3308	ASCService.exe
Token: SeIncBasePriorityPrivilege	3308	ASCService.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
1188	Setup.exe
1188	Setup.exe
1188	Setup.exe
1188	Setup.exe
1188	Setup.exe
1188	Setup.exe
2420	advanced-systemcare-setup.tmp
2328	PPUninstaller.exe
2612	AutoSweep.exe
2612	AutoSweep.exe
2612	AutoSweep.exe
2612	AutoSweep.exe
2612	AutoSweep.exe
2612	AutoSweep.exe

Suspicious use of SendNotifyMessage 11 IoCs

pid	Process
1188	Setup.exe
1188	Setup.exe
1188	Setup.exe
1188	Setup.exe
1188	Setup.exe
2612	AutoSweep.exe
2612	AutoSweep.exe
2612	AutoSweep.exe
2612	AutoSweep.exe
2612	AutoSweep.exe
2612	AutoSweep.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2084	1788	advanced-systemcare-setup.exe	28
PID 1788 wrote to memory of 2084	1788	advanced-systemcare-setup.exe	28
PID 1788 wrote to memory of 2084	1788	advanced-systemcare-setup.exe	28
PID 1788 wrote to memory of 2084	1788	advanced-systemcare-setup.exe	28
PID 1788 wrote to memory of 2084	1788	advanced-systemcare-setup.exe	28
PID 1788 wrote to memory of 2084	1788	advanced-systemcare-setup.exe	28
PID 1788 wrote to memory of 2084	1788	advanced-systemcare-setup.exe	28
PID 2084 wrote to memory of 1188	2084	advanced-systemcare-setup.tmp	31
PID 2084 wrote to memory of 1188	2084	advanced-systemcare-setup.tmp	31
PID 2084 wrote to memory of 1188	2084	advanced-systemcare-setup.tmp	31
PID 2084 wrote to memory of 1188	2084	advanced-systemcare-setup.tmp	31
PID 2084 wrote to memory of 1188	2084	advanced-systemcare-setup.tmp	31
PID 2084 wrote to memory of 1188	2084	advanced-systemcare-setup.tmp	31
PID 2084 wrote to memory of 1188	2084	advanced-systemcare-setup.tmp	31
PID 1188 wrote to memory of 2784	1188	Setup.exe	32
PID 1188 wrote to memory of 2784	1188	Setup.exe	32
PID 1188 wrote to memory of 2784	1188	Setup.exe	32
PID 1188 wrote to memory of 2784	1188	Setup.exe	32
PID 1188 wrote to memory of 2784	1188	Setup.exe	32
PID 1188 wrote to memory of 2784	1188	Setup.exe	32
PID 1188 wrote to memory of 2784	1188	Setup.exe	32
PID 2784 wrote to memory of 2420	2784	advanced-systemcare-setup.exe	33
PID 2784 wrote to memory of 2420	2784	advanced-systemcare-setup.exe	33
PID 2784 wrote to memory of 2420	2784	advanced-systemcare-setup.exe	33
PID 2784 wrote to memory of 2420	2784	advanced-systemcare-setup.exe	33
PID 2784 wrote to memory of 2420	2784	advanced-systemcare-setup.exe	33
PID 2784 wrote to memory of 2420	2784	advanced-systemcare-setup.exe	33
PID 2784 wrote to memory of 2420	2784	advanced-systemcare-setup.exe	33
PID 2420 wrote to memory of 752	2420	advanced-systemcare-setup.tmp	34
PID 2420 wrote to memory of 752	2420	advanced-systemcare-setup.tmp	34
PID 2420 wrote to memory of 752	2420	advanced-systemcare-setup.tmp	34
PID 2420 wrote to memory of 752	2420	advanced-systemcare-setup.tmp	34
PID 2420 wrote to memory of 1236	2420	advanced-systemcare-setup.tmp	35
PID 2420 wrote to memory of 1236	2420	advanced-systemcare-setup.tmp	35
PID 2420 wrote to memory of 1236	2420	advanced-systemcare-setup.tmp	35
PID 2420 wrote to memory of 1236	2420	advanced-systemcare-setup.tmp	35
PID 2420 wrote to memory of 1676	2420	advanced-systemcare-setup.tmp	37
PID 2420 wrote to memory of 1676	2420	advanced-systemcare-setup.tmp	37
PID 2420 wrote to memory of 1676	2420	advanced-systemcare-setup.tmp	37
PID 2420 wrote to memory of 1676	2420	advanced-systemcare-setup.tmp	37
PID 2420 wrote to memory of 2088	2420	advanced-systemcare-setup.tmp	39
PID 2420 wrote to memory of 2088	2420	advanced-systemcare-setup.tmp	39
PID 2420 wrote to memory of 2088	2420	advanced-systemcare-setup.tmp	39
PID 2420 wrote to memory of 2088	2420	advanced-systemcare-setup.tmp	39
PID 2420 wrote to memory of 2328	2420	advanced-systemcare-setup.tmp	40
PID 2420 wrote to memory of 2328	2420	advanced-systemcare-setup.tmp	40
PID 2420 wrote to memory of 2328	2420	advanced-systemcare-setup.tmp	40
PID 2420 wrote to memory of 2328	2420	advanced-systemcare-setup.tmp	40
PID 2420 wrote to memory of 2328	2420	advanced-systemcare-setup.tmp	40
PID 2420 wrote to memory of 2328	2420	advanced-systemcare-setup.tmp	40
PID 2420 wrote to memory of 2328	2420	advanced-systemcare-setup.tmp	40
PID 2420 wrote to memory of 672	2420	advanced-systemcare-setup.tmp	41
PID 2420 wrote to memory of 672	2420	advanced-systemcare-setup.tmp	41
PID 2420 wrote to memory of 672	2420	advanced-systemcare-setup.tmp	41
PID 2420 wrote to memory of 672	2420	advanced-systemcare-setup.tmp	41
PID 2420 wrote to memory of 1736	2420	advanced-systemcare-setup.tmp	42
PID 2420 wrote to memory of 1736	2420	advanced-systemcare-setup.tmp	42
PID 2420 wrote to memory of 1736	2420	advanced-systemcare-setup.tmp	42
PID 2420 wrote to memory of 1736	2420	advanced-systemcare-setup.tmp	42
PID 672 wrote to memory of 944	672	RealTimeProtector.exe	43
PID 672 wrote to memory of 944	672	RealTimeProtector.exe	43
PID 672 wrote to memory of 944	672	RealTimeProtector.exe	43
PID 672 wrote to memory of 944	672	RealTimeProtector.exe	43
PID 3308 wrote to memory of 3504	3308	ASCService.exe	45

C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe
"C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Users\Admin\AppData\Local\Temp\is-TGB0P.tmp\advanced-systemcare-setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-TGB0P.tmp\advanced-systemcare-setup.tmp" /SL5="$80120,50323178,137216,C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Installer\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Installer\Setup.exe" /InnoSetup "C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe
      "C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\is-SCLLO.tmp\advanced-systemcare-setup.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-SCLLO.tmp\advanced-systemcare-setup.tmp" /SL5="$701AC,50323178,137216,C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar
        5⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\ASCUpgrade.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\ASCUpgrade.exe" /upgrade "c:\program files (x86)\iobit\advanced systemcare"
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\ASCUpgrade.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\ASCUpgrade.exe" /CleanDir "C:\Program Files (x86)\IObit\Advanced SystemCare\"
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:1236
      - C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe"
        6⤵
        Executes dropped EXE
        
        PID:1676
      - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe" /install /CreateTaskBar /Installer=true /insur=
        6⤵
        Adds Run key to start application
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:2088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c SC description AdvancedSystemCareService16 "Advanced SystemCare Service"
        7⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\sc.exe
        
        SC description AdvancedSystemCareService16 "Advanced SystemCare Service"
        8⤵
        Launches sc.exe
        
        PID:3624
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe" /install asc16
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3916
        
        C:\Windows\System32\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll"
        7⤵
        Modifies system executable filetype association
        Registers COM server for autorun
        Modifies registry class
        
        PID:4092
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe" /ShowStr=silentWriteCache
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2760
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe" /InitData
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2116
      - C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe" /i
        6⤵
        Drops file in Windows directory
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        
        PID:2328
      - C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /install
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:672
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /Run
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:944
      - C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe" /install
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1736

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe" /boottime
  2⤵
  - Drops file in System32 directory
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /UpdateTaskschd
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:3640
- C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /start
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2192
- C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /RunCurUs
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2032
- C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /1 /41006400760061006E006300650064002000530079007300740065006D004300610072006500 /220043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0049004F006200690074005C0041006400760061006E006300650064002000530079007300740065006D0043006100720065005C0041005300430054007200610079002E00650078006500220020002F004100750074006F00 /48004B00450059005F00430055005200520045004E0054005F0055005300450052005C0053004F004600540057004100520045005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C00430075007200720065006E007400560065007200730069006F006E005C00520075006E005C00
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1656
- C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe" /service
  2⤵
  - Executes dropped EXE
  PID:3256
- C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe" /SvcAutoClean
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2612
- C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe" /autorun /AdvanceScan
  2⤵
  - Executes dropped EXE
  PID:2512
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 436
    3⤵
    - Program crash
    PID:2372
- C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe" /srvupt
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  PID:3076
- - C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe
    "C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe" /auto
    3⤵
    - Executes dropped EXE
    PID:3988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

Filesize
845KB

MD5
d0d95ed48c274ede3ec3d81b644ada3d

SHA1
93981f04409bf7fa5d163f10c7fcbe1c8bc18500

SHA256
cefb7c31d2da85081eb5ff1244c757e283a6d5197a1c7ab56971be678128afab

SHA512
254e84a971e44917dc072023a780eda5be32ab78cf78976bb6ef13f0c5071e4c809397596f28b0022ab4f7b1b873e7f1273571237ece97f3d56989473cc1f361

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

Filesize
845KB

MD5
d0d95ed48c274ede3ec3d81b644ada3d

SHA1
93981f04409bf7fa5d163f10c7fcbe1c8bc18500

SHA256
cefb7c31d2da85081eb5ff1244c757e283a6d5197a1c7ab56971be678128afab

SHA512
254e84a971e44917dc072023a780eda5be32ab78cf78976bb6ef13f0c5071e4c809397596f28b0022ab4f7b1b873e7f1273571237ece97f3d56989473cc1f361

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.log

Filesize
776B

MD5
86530b2bae5654a40326ef71d6270729

SHA1
bc6ef5d10d74bc4fe641821b5accdc392b13906d

SHA256
05c7fb0c4f23b6842c917f5f5846cefb3d4d836f7a32b67aaf5e90984ec7f8b6

SHA512
5f33213e10d7d950451d7f8365ec9cad561451ecd3de1ea3f786ec9f420039891e6751b1522ab832220714da4a41602a10b04c1209c43885dfec3e49837a2b06

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

Filesize
2KB

MD5
27cb39d8ef9a206be170e3874373d420

SHA1
85fbef862d5d9a12d10f9e6c5a2eae83f1f4c95b

SHA256
cc478bdd495ac2a909a6bd720ccfbb217523260f31e28667b89e36ddca886240

SHA512
ad92faff0b22f978f2e898cee6b2b7ebb0a3eaaa0fa9aa97688a962044f24e2a5e158371ca562b476888ff900e9e920e605ca1bd47565b7f71baa7c0caa51c3d

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

Filesize
3KB

MD5
0118e00afda538ad0bfd279b9daa9bd1

SHA1
a2abd63e73ef63e5911de9c6d504dfd98e7487ab

SHA256
0c894678ae2d1805504c82d6b68faec57bd7ca87af24b884e400d98eaef739fc

SHA512
6612374f616be2b719420a5141c0fd4e110d54d22d251979980a60a303ccd11bcbd7337b206541cc3642dadca22fbf7e1082122b58e61770131d027ea67bdcab

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

Filesize
32KB

MD5
f98a4521a2d99476b50fa4aeb71cd15d

SHA1
7a66ee7d7c88c5ff7f9d84277b97bfd66c4b20c6

SHA256
65d20649d14af3e6025765b5d0436c5396edd430bf155cbf8ad0b1483a7671f4

SHA512
b297763f3d9db97ca84c0509af0b6c289ee934327df280ddeae69573a934ad3fe7be7411e1f831a49080e9418b187864b205c31e8ebb1ce0e41d7cfc6efeabc9

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

Filesize
1KB

MD5
a3dd1ade3b4787512987b5db92f66188

SHA1
4cb0606525af85de410f5c1e65f6f15c0c4d2f79

SHA256
18ba617aa9e298930f813806777a40dc6bcede3a6451bb05de0ce48e51e8db38

SHA512
3a2ee7732f27aad40f650512eeca4b740443aef319393181396850819eb1c7cd26a46c29249b6a47d7b00d092753e9bce26c8d6796d4268126d3d018f09aa188

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

Filesize
2KB

MD5
f74ff35b9d6ab1534847bf22b4447e5c

SHA1
1b6042d333ad7a5b5f7f71e8ff03620b4ff97d54

SHA256
d00fffbf9509ffad598898ea75c64785d1e6e0b85705d020b50f91a5b2c90afa

SHA512
afc725b3f12966e3c1a15b7eb9b4fdcfefaa898b39c12c94fe4467de98929b514fc461689bac92e06a70c19e96dd6d5e824d530efca642ea40961814e656819c

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

Filesize
3KB

MD5
ca28c28d20b3d7eae310b22690d3f892

SHA1
b2108e637d2cb538204fc52b58d025cbf05631d5

SHA256
cbf58ff26c67a8cd4a264a2dcb4aa1007f015c77b289aa583248eb47dfc27646

SHA512
12432b8b2544f160d66da1cd8bda8c6e4a2bc639a81803bcaf63e90338ee24b81d4853b73a1772726bbbc467faa777d48bfacf42cc31c7676942425174036ce3

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\HardwareLib.dll

Filesize
188KB

MD5
c534cd2ef9da6d3a50c27dad7a188a04

SHA1
0ec214523183fa2a47e434258fb4320c49cf851d

SHA256
040d71da31dae5b78f3e29149962f79d4cf53cf9a88a6e82d94a3f65cbefb09b

SHA512
b376eeaa837d8ee06b26e06cd31ab22a3ce30c4529cea9040fd876877ade3de8d76e74dc8eee52b7ec6c0880c8fec54b4bcd158f5c3bc676d1f360d09d9cb6e2

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LiveUpdateSrvUpt.log

Filesize
14KB

MD5
0bc897c3b0e214dbdeb9c89e9ef1ae6c

SHA1
bffcb2acdc9ca8455bac1a57818956c1ca4b7c0e

SHA256
7a7f04d70cd5e51dec7e10679291480a00261af9436756f3194b86089cde029e

SHA512
0c7a164208aa750630bafb2d07c65af80cc35f4072f310f0d6cc25ee0ba0cf5c30f8c47e4fffec27cfc89a4173d4ccd2487bdb89973c31d22cc7898284e7f651

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

Filesize
229KB

MD5
bcb3518e3c4f380e7b26ce231997b0a1

SHA1
566fbf7a9272172b01c82d67d5d2345c7bb82577

SHA256
66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5

SHA512
bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

Filesize
229KB

MD5
bcb3518e3c4f380e7b26ce231997b0a1

SHA1
566fbf7a9272172b01c82d67d5d2345c7bb82577

SHA256
66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5

SHA512
bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe

Filesize
1.1MB

MD5
c058768b94f6552aa39061ff214bd065

SHA1
2b38062b78ea134273d676de3430b7031745271a

SHA256
34f09efde3f3e12d148de748757ae6149ba05c3763c167020e59c9dd57e1dfcf

SHA512
9c88c13c987f57b603fe48ff4e19bc951cf48281a57a98a0040f31d3d1d076c7db3550da5177cfd7de7a20eac48e2f7adddaccc4e9d079d6c2db22ca0679325e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe

Filesize
1.1MB

MD5
c058768b94f6552aa39061ff214bd065

SHA1
2b38062b78ea134273d676de3430b7031745271a

SHA256
34f09efde3f3e12d148de748757ae6149ba05c3763c167020e59c9dd57e1dfcf

SHA512
9c88c13c987f57b603fe48ff4e19bc951cf48281a57a98a0040f31d3d1d076c7db3550da5177cfd7de7a20eac48e2f7adddaccc4e9d079d6c2db22ca0679325e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.log

Filesize
45KB

MD5
0accc116ce5fc68d3b654b3cdcc5cb4d

SHA1
ee2ed1fef4c179e11ee1203eca745954f9b8b137

SHA256
6c2610bc05e33b60eb9003102f6a3c68653d62266ab97e28d6a62b4a41fc83e5

SHA512
9c7f31eadb5b4d66ef338817821fb2cb9ddd84d69c7d6d0cd3a74306ced5ff8b48a5a7a2c10ab5dc5a06c22b03fdba8ec6d92a11246b2886eb6bbd91417cf2bc

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

Filesize
1.1MB

MD5
0e7882975ac8dd3a0f8f48734705c192

SHA1
4f617a3149ef53244b8715ac288af44ceee01467

SHA256
3ea20404b5592aeccc3466eacd93c0e3a1ed1294f525668837a6bd20bdd84383

SHA512
2a9193da99027bb3e1778277b913c0be33076f1d6d73fb6fdd7bf66dbdc07547c9007d0a8da6b10256db73a4ed80e7bba0b9861b4eaf6eebc05bf88cc31b53da

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

Filesize
1.1MB

MD5
0e7882975ac8dd3a0f8f48734705c192

SHA1
4f617a3149ef53244b8715ac288af44ceee01467

SHA256
3ea20404b5592aeccc3466eacd93c0e3a1ed1294f525668837a6bd20bdd84383

SHA512
2a9193da99027bb3e1778277b913c0be33076f1d6d73fb6fdd7bf66dbdc07547c9007d0a8da6b10256db73a4ed80e7bba0b9861b4eaf6eebc05bf88cc31b53da

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe

Filesize
1.4MB

MD5
a4c4cb5cd7e4c30d4d7e0dfb58c00a22

SHA1
1cf21920ff7c3f14d9084ae72db87b14de8635e4

SHA256
a711deeca99de5187715b98d942ddc93ced74d426f2e7213bd1237d5fdc31bbd

SHA512
b3f36061b60a31f6620f634e2ed2944f59643de2e08e1186eb61592d1660291f294afd5f2f9974bec504e130904222b2239387958d7dea82fc22f856e89b6781

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\is-DPHK8.tmp

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl

Filesize
212KB

MD5
73bc46c0170de5d72d1e5e0df51ee68f

SHA1
bc92d0c16258b2a42ad9774fa7b6006bc32607ed

SHA256
4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8

SHA512
642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl

Filesize
64KB

MD5
f1d430eacd5aac17c5de78f0de3cf774

SHA1
b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d

SHA256
20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62

SHA512
bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl

Filesize
438KB

MD5
9ff9e6b33bee8e297bbdb47e8ac9b60f

SHA1
b49d037a12c43958ab24b3869359e6ddbe8cc551

SHA256
655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815

SHA512
7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\winid.dat

Filesize
691B

MD5
257e156c11b8b7add49c39f8ca6a3f0f

SHA1
bb187acab93b07564574869fff60696c56d689be

SHA256
a3f9a47f0b48afb31464cbd4bed3338546094757cf7796cc6bec3bd7d2562852

SHA512
28d22fbd87a05d51af442b662befc06ecae1312136475d286cc1b747d255be4705a9ac5102825942a3b9c3d00cf2e9714f47ca25a246e30d3713ecbaa598fa7b

Download Submit
C:\ProgramData\IObit\IObitLiveUpdate\update.ept

Filesize
58KB

MD5
804cb4884fc3d17a6b732aaaaa5c56ce

SHA1
1bfcf5667ea241c95d0cd93dfdd81081bdfc87bc

SHA256
2c526c59628e08e466d1c4b2dab0d20b0dc33843f97127126b9b7c4305b4e06c

SHA512
54cabda5d18ad5b57872d8316cca95d3c3ada88eac012345961b419193b74e0dd10bb793e1a5ff56823c1ecc1e6799992d2478bbf5c7c2668cb5009b04c109cb

Download Submit
C:\ProgramData\IObit\Install.ini

Filesize
102B

MD5
b75af6466cd2bad627708bf29387ff72

SHA1
d5056c69ad56a3b0e613f18290a8ef001d7bbb14

SHA256
a38696412a175cb4400a6621b02949d0031236dcaad12650f70a98cfff6211c5

SHA512
b8f9b1359fc8fdb9ad8e7d85e8e34756f61290c49c7e9ed5a94fc6567bc2f0ef811afbeb5868978edf37c83101ca16a02c94b4d8160010c594543df491c1839b

Download Submit
C:\ProgramData\IObit\iobitpromotion.ini

Filesize
256B

MD5
fc4e5f80bee6e21c477c312b9213087d

SHA1
9fd097b3d54ef4e04ac8f6f313abbd27fdf97eeb

SHA256
f4a8b66f6782c6f86b02efd3d6d87583c30e61872f0848edcfc29c7a9ce10aa1

SHA512
d8dd5be68eb8c4fc89db19cc819bbdfa9ac7d99d8547093f2562e1142316eefc274af25909ef184b7b2f33d5445ee488bba50c2aca85f343c8facb372f3d35a5

Download Submit
C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini

Filesize
58B

MD5
93b446dd65d042839a2b8945297bfd27

SHA1
7ef7655ab2cac178f7de0fb202f49a1ede669629

SHA256
c1fa0ccf737521386cd519f7a021db26a67d28cde89da75f564ecc1d1d31ee6b

SHA512
53595d19e40dc3bb704c06efb97303020c053d8d114aff806891535de1c0469b61c4f8d66709f45f07215c44d810afaabc5bb20f67833c789fa18d9bba074cdc

Download Submit
C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\ProtectRecords.ini

Filesize
138B

MD5
0e9856970f5cb2544dbf5ea83fe9391e

SHA1
1379805a305d9de0ba7eeb1f7cc46f40eb59a7f4

SHA256
dd5bf9c2f483789e8853dbc42429774e9c28d51a086a6c57ef78dd414e5a5422

SHA512
010591395be0eec618cc8e9625228ae7fd5e3c91162e24ee96bc2c818abff44b9ae9d0d1e0a6261cb40ccd2cebc1b7145bb1c3cd9abac25780ad41b4463f0c47

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\Rinside.dat

Filesize
22B

MD5
3115e02fd135942a8eb97ebffe751beb

SHA1
31764acb175a41b5342bb89e3a951e85084e5d57

SHA256
a9161ffe6690069e1267c6fdad055fc0112144273b66a8bdc59862941279b21b

SHA512
065dc4358ce8f88a044d1764503901cf4a1ba75cd45e3021c0f956955ebd0942718bc09dbed6214d70c1efbfc9fd3adf02abc10694677e5b8cc50b10e92582e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\libcrypto-1_1.dll

Filesize
1.7MB

MD5
b09a5c562bb1d521de69d37ce5286f3e

SHA1
5177d1c96fc389c6377d4256187f76579cdeb2ed

SHA256
c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181

SHA512
5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\libssl-1_1.dll

Filesize
362KB

MD5
9405ea98989968e07b5c9497ff54b560

SHA1
2c8142bb1b667af133e03a51cfd7427deac1b900

SHA256
5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba

SHA512
1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Installer\Rinside.dat

Filesize
22B

MD5
3115e02fd135942a8eb97ebffe751beb

SHA1
31764acb175a41b5342bb89e3a951e85084e5d57

SHA256
a9161ffe6690069e1267c6fdad055fc0112144273b66a8bdc59862941279b21b

SHA512
065dc4358ce8f88a044d1764503901cf4a1ba75cd45e3021c0f956955ebd0942718bc09dbed6214d70c1efbfc9fd3adf02abc10694677e5b8cc50b10e92582e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Installer\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Installer\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Installer\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Installer\libcrypto-1_1.dll

Filesize
1.7MB

MD5
b09a5c562bb1d521de69d37ce5286f3e

SHA1
5177d1c96fc389c6377d4256187f76579cdeb2ed

SHA256
c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181

SHA512
5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Installer\libssl-1_1.dll

Filesize
362KB

MD5
9405ea98989968e07b5c9497ff54b560

SHA1
2c8142bb1b667af133e03a51cfd7427deac1b900

SHA256
5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba

SHA512
1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SCLLO.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SCLLO.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SCLLO.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TGB0P.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\[email protected]

Filesize
422B

MD5
ef58446cef430aea639f60c6efe167fc

SHA1
2d383a7436394cd82b37d3970533b736e8a7712d

SHA256
95a17475087a259f8ffab7c403b323d2ede73a82f7009ca147bfdcb5a0c19653

SHA512
d961323de4323773314c7c9d52c24f31e7358716694454892b21e29c74215ac415723b67f0c2d4886283db8219fe478dac266f476152efc34f9cbf28e4f355f4

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\HomepageAdvisor.ini

Filesize
214B

MD5
8650b1755b632485f2dd439f3a3c6126

SHA1
8c1ca0c0cbc869d75c7f174a77b282e457e9d78a

SHA256
931b07b89eac79e4011037fb46a1922c3837f25b900598d3ad0f386a030e88d6

SHA512
c0bd889d248e05ff2be70765f48c756ec313e481d7747c676d7365af3fe0e332cc76f08463e07f829d412ea9cf42b2aaeae6eca3d12438e7497bd77a428d1bf6

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
1KB

MD5
739b3f4550a1189bdfec933898b953b4

SHA1
fd8f552bc0c92e5c689dca3c1c4fa2adf95c0593

SHA256
86f1c1b4598669fb29837efde866ed1ee73c6b47d622c2421abea8f0249df4d8

SHA512
f679a472ca1dac7ece4721ecf0cd7e6a3504f88dada41366b6171e2f27527b64ba29665398c9c305f7e4e4049f3d653a9e62785b8fc7b4c88e88085d7f66cc3b

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
2KB

MD5
60990d82a30651bea00c7c382b227a8f

SHA1
eed9fe1ca4f06cb63845294e67a654241846e082

SHA256
d06f26d9b70d908103161d6066befb57829c3ca51a9c00edab13cbf5b6c83d93

SHA512
96eb369aba85c210d51bc48dee4efacf695d3c527f0c4fbfc71ba70195bea1b5821f251eefd1d12dc12e7266f2f58f09d505db9f01f0a0b102ba9aa178403086

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
3KB

MD5
8b18c2e1748d00749764757e88d67a0a

SHA1
5cfa29962a2cdcc46f43025d803ad86b25c03fac

SHA256
906c8c8333850ff3e1c049b54db4b1f9be350388087e765d1e7109e0519488f2

SHA512
82df35bcf049da82e35b8da78f63c337386bd28a4f6be6bebd2df32d392a393e8fc24dd6e9622a606fb5c5223952cffe1a1044df9841e332991adbb651608e5a

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
3KB

MD5
1d18999b7461f0b336e3d585e6fbf51f

SHA1
f6dcd67e3c14884dccdf87dcdc973bbdb5d7b342

SHA256
0d9fe675edf80afa50c063d254620c0fc31ab5f88c1984a9327dc441fc92b4b2

SHA512
edc60826d3b70c6b6652cfa3907d5d1f2e4585bc54b25bd70b6bf80d3dc7112b7d8a2d11bc0c60eaba71354a545b101906033192ac6df6c2d9de2bdfee684021

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
4KB

MD5
3b1918637e9e193226e474e9dbc51ebc

SHA1
8fdfb33baa844ec3b871e52a46344a5d724836b4

SHA256
71df9fdefe4b4bbd6df68353b7746eb0fb803ee44c63b25892e506354aa9329a

SHA512
9cd3103c4833dd959395c0c7b3592f1a2ffc14ae28eedef1ffbfe7238144ad7b9b4a2a58c4efd62a568a03870147cab5365c9b17479e426150cbdef80ab1fc6e

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
1KB

MD5
739b3f4550a1189bdfec933898b953b4

SHA1
fd8f552bc0c92e5c689dca3c1c4fa2adf95c0593

SHA256
86f1c1b4598669fb29837efde866ed1ee73c6b47d622c2421abea8f0249df4d8

SHA512
f679a472ca1dac7ece4721ecf0cd7e6a3504f88dada41366b6171e2f27527b64ba29665398c9c305f7e4e4049f3d653a9e62785b8fc7b4c88e88085d7f66cc3b

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

Filesize
67B

MD5
ae4725980f2440ff3d6b851475d60c0b

SHA1
42025d7ffd7ff977b6691e97f2562f087e403e78

SHA256
1ab5c51dfda75207ff17a5ac48cf2e35bec82105c3476862704f45a74202c07f

SHA512
5e507c159f4d2719dc6e4f430b1bab00f50b12e5a911563c1f75625adc6ad94a459799a6a724ce71301d090a8e16654652374c9e114224170900841dbc25efae

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

Filesize
244B

MD5
0f1771e71b53eef1e3abf4af46d5d5fa

SHA1
e71ae35e77f08b540348005cb26691bec337d89a

SHA256
4df62ace0c73a3ae14b42f8bf8c94a4960ab39b1d2e3256de065f92f1d2a9561

SHA512
3167e19ebdbc73c3f5c3c2c98d3c487b95572ba23f5887155b9a81a36da044f11e2d7d392ebe3dc32b344abe528e8ea735e06ccaae944909024624ec4f6694ae

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

Filesize
316B

MD5
3f095f06c2a5db3f38b06b01d0695015

SHA1
1ec4a660813ac940417e2050ee3e5da11d0e04a4

SHA256
dce547ad454dcea4c1982c4053c4fac095bc24846de26329fad08f19578a5427

SHA512
aee4620f7b59a748e83c1db202c985b59f785a0d8a3826dad6b36c0944c4894f4b9a344b1ae2c212874bc0f91f80a78c59d9be57b9690a8cfaa99d81aafe828c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare.lnk

Filesize
1KB

MD5
0b39ee9bcb048344b71b411d8edf1fc5

SHA1
ece6932530b039be3021ce002e2fc858355c5898

SHA256
d22e35dee9505175ccf3e306cbeea75a46b1a8f11d56b7c03eb3aba1bed9f70d

SHA512
b8272725f72148f88ea8c5c3499bd6c320bfaad9d051ecdb94ed086c847fa6d5e30ddd9280b215abc7faec4553bada315be72e60cdb88546b8948962d1bc4ca1

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

Filesize
845KB

MD5
d0d95ed48c274ede3ec3d81b644ada3d

SHA1
93981f04409bf7fa5d163f10c7fcbe1c8bc18500

SHA256
cefb7c31d2da85081eb5ff1244c757e283a6d5197a1c7ab56971be678128afab

SHA512
254e84a971e44917dc072023a780eda5be32ab78cf78976bb6ef13f0c5071e4c809397596f28b0022ab4f7b1b873e7f1273571237ece97f3d56989473cc1f361

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

Filesize
32KB

MD5
f98a4521a2d99476b50fa4aeb71cd15d

SHA1
7a66ee7d7c88c5ff7f9d84277b97bfd66c4b20c6

SHA256
65d20649d14af3e6025765b5d0436c5396edd430bf155cbf8ad0b1483a7671f4

SHA512
b297763f3d9db97ca84c0509af0b6c289ee934327df280ddeae69573a934ad3fe7be7411e1f831a49080e9418b187864b205c31e8ebb1ce0e41d7cfc6efeabc9

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\HardwareLib.dll

Filesize
188KB

MD5
c534cd2ef9da6d3a50c27dad7a188a04

SHA1
0ec214523183fa2a47e434258fb4320c49cf851d

SHA256
040d71da31dae5b78f3e29149962f79d4cf53cf9a88a6e82d94a3f65cbefb09b

SHA512
b376eeaa837d8ee06b26e06cd31ab22a3ce30c4529cea9040fd876877ade3de8d76e74dc8eee52b7ec6c0880c8fec54b4bcd158f5c3bc676d1f360d09d9cb6e2

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

Filesize
229KB

MD5
bcb3518e3c4f380e7b26ce231997b0a1

SHA1
566fbf7a9272172b01c82d67d5d2345c7bb82577

SHA256
66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5

SHA512
bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

Filesize
229KB

MD5
bcb3518e3c4f380e7b26ce231997b0a1

SHA1
566fbf7a9272172b01c82d67d5d2345c7bb82577

SHA256
66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5

SHA512
bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe

Filesize
1.1MB

MD5
c058768b94f6552aa39061ff214bd065

SHA1
2b38062b78ea134273d676de3430b7031745271a

SHA256
34f09efde3f3e12d148de748757ae6149ba05c3763c167020e59c9dd57e1dfcf

SHA512
9c88c13c987f57b603fe48ff4e19bc951cf48281a57a98a0040f31d3d1d076c7db3550da5177cfd7de7a20eac48e2f7adddaccc4e9d079d6c2db22ca0679325e

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

Filesize
1.1MB

MD5
0e7882975ac8dd3a0f8f48734705c192

SHA1
4f617a3149ef53244b8715ac288af44ceee01467

SHA256
3ea20404b5592aeccc3466eacd93c0e3a1ed1294f525668837a6bd20bdd84383

SHA512
2a9193da99027bb3e1778277b913c0be33076f1d6d73fb6fdd7bf66dbdc07547c9007d0a8da6b10256db73a4ed80e7bba0b9861b4eaf6eebc05bf88cc31b53da

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl

Filesize
212KB

MD5
73bc46c0170de5d72d1e5e0df51ee68f

SHA1
bc92d0c16258b2a42ad9774fa7b6006bc32607ed

SHA256
4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8

SHA512
642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl

Filesize
212KB

MD5
73bc46c0170de5d72d1e5e0df51ee68f

SHA1
bc92d0c16258b2a42ad9774fa7b6006bc32607ed

SHA256
4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8

SHA512
642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl

Filesize
64KB

MD5
f1d430eacd5aac17c5de78f0de3cf774

SHA1
b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d

SHA256
20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62

SHA512
bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl

Filesize
64KB

MD5
f1d430eacd5aac17c5de78f0de3cf774

SHA1
b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d

SHA256
20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62

SHA512
bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl

Filesize
438KB

MD5
9ff9e6b33bee8e297bbdb47e8ac9b60f

SHA1
b49d037a12c43958ab24b3869359e6ddbe8cc551

SHA256
655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815

SHA512
7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl

Filesize
438KB

MD5
9ff9e6b33bee8e297bbdb47e8ac9b60f

SHA1
b49d037a12c43958ab24b3869359e6ddbe8cc551

SHA256
655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815

SHA512
7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\unins000.exe

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-1FLJL.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Installer\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Installer\libcrypto-1_1.dll

Filesize
1.7MB

MD5
b09a5c562bb1d521de69d37ce5286f3e

SHA1
5177d1c96fc389c6377d4256187f76579cdeb2ed

SHA256
c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181

SHA512
5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8

Download Submit
\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Installer\libssl-1_1.dll

Filesize
362KB

MD5
9405ea98989968e07b5c9497ff54b560

SHA1
2c8142bb1b667af133e03a51cfd7427deac1b900

SHA256
5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba

SHA512
1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e

Download Submit
\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-HLN98.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-SCLLO.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
\Users\Admin\AppData\Local\Temp\is-TGB0P.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
memory/672-956-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/672-974-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/672-958-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/672-960-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/672-975-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/672-957-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/672-979-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/752-175-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/752-176-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/944-977-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/944-980-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/944-981-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/944-983-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/1188-136-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/1188-96-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1188-954-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/1188-125-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/1188-104-0x0000000004650000-0x0000000004690000-memory.dmp

Filesize
256KB

Download
memory/1188-244-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/1188-521-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/1188-126-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1188-129-0x0000000004650000-0x0000000004690000-memory.dmp

Filesize
256KB

Download
memory/1236-185-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/1236-186-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/1676-891-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1736-991-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/1736-976-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1736-990-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/1736-989-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1788-55-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1788-95-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2032-2122-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/2032-2123-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/2032-2110-0x0000000004250000-0x000000000438D000-memory.dmp

Filesize
1.2MB

Download
memory/2032-2121-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/2032-2119-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/2032-2125-0x0000000004250000-0x000000000438D000-memory.dmp

Filesize
1.2MB

Download
memory/2032-2120-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/2032-2124-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/2084-92-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2084-62-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2088-2126-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/2088-1401-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2088-2011-0x0000000004500000-0x000000000463D000-memory.dmp

Filesize
1.2MB

Download
memory/2088-986-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2088-973-0x00000000041E0000-0x000000000431D000-memory.dmp

Filesize
1.2MB

Download
memory/2088-2127-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/2088-2117-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/2088-2109-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/2088-2108-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/2328-988-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2328-987-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2420-553-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2420-249-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2420-148-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2420-959-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2420-277-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2784-184-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2784-978-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2784-140-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3076-3373-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/3076-3381-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/3308-3312-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/3308-1941-0x0000000003F80000-0x0000000004098000-memory.dmp

Filesize
1.1MB

Download
memory/3308-1927-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/3308-1926-0x00000000005E0000-0x000000000066C000-memory.dmp

Filesize
560KB

Download
memory/3308-1940-0x0000000000D00000-0x0000000000D01000-memory.dmp

Filesize
4KB

Download
memory/3308-1925-0x00000000002F0000-0x00000000003FA000-memory.dmp

Filesize
1.0MB

Download
memory/3504-1959-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/3640-2087-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/3640-1988-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/3640-2074-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/3640-2075-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/3640-2076-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/3640-2089-0x0000000061E00000-0x0000000061ECA000-memory.dmp

Filesize
808KB

Download
memory/3916-2030-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/3916-2031-0x0000000003AE0000-0x0000000003C1D000-memory.dmp

Filesize
1.2MB

Download
memory/3916-2051-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/3916-2059-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download
memory/3916-2072-0x0000000003220000-0x0000000003260000-memory.dmp

Filesize
256KB

Download
memory/3916-2086-0x0000000000B80000-0x0000000000F81000-memory.dmp

Filesize
4.0MB

Download