990034eea06c068b8384741d36fab9e53c7cf7de10e8531b915f34c1ed0c0885

Resubmissions

13/07/2023, 13:40

230713-qykc6ahg5x 7

13/07/2023, 13:35

230713-qv4mmagh59 7

13/07/2023, 13:31

230713-qsdcnagh49 7

Analysis

max time kernel
152s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2023, 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

advanced-systemcare-setup.exe
Size

48.5MB
MD5

f14d068cfae207f898fb76eaf1367043
SHA1

c3dbda0acaf1e5fd1a493d2dd1cc3da0c017f0bc
SHA256

990034eea06c068b8384741d36fab9e53c7cf7de10e8531b915f34c1ed0c0885
SHA512

544b9fecc1923d12ae027b48383fe4811b3684d7ddd797b2096b10a35fe9a1670d125110f4a2e77222bd6d434681af738cc519be326bfcc551e3fd141a27e663
SSDEEP

786432:yK021ALYXrd2i5u5ySyYTcER34bgeIT10qcbVR5i7ecLrqF1O029nSeJ4z:9IKU0udTdIbgBqbiScLr0h29SNz

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced SystemCare = "\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCTray.exe\" /Auto"	ASCInit.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Control Panel\International\Geo\Nation	advanced-systemcare-setup.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Control Panel\International\Geo\Nation	advanced-systemcare-setup.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Control Panel\International\Geo\Nation	ASCInit.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Control Panel\International\Geo\Nation	IObitLiveUpdate.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\IObit Uninstaller\DistrustPlugin.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\delStartups.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\IObit Uninstaller\BCleanerdb	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\OptFailed.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\Ignore.ini	smBootTimebase.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\IObit Uninstaller\DistrustPlugin.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\config.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\delayEx.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\OptimizeRecord.ini	smBootTimebase.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-JPDCF.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\is-6BTQS.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-K2O5C.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-95OAG.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\History\is-A5NEK.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-BVA9R.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-8C23E.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-BPOIE.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-73IOS.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-NAT99.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\js\is-ADEIQ.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\is-8P09R.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-HOP5E.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-0UJMB.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-K2K39.tmp	advanced-systemcare-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\Update	ASCInit.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-EA0B1.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-9V4RH.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\unins000.msg	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-SMFS7.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\is-6172E.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\SPUrlScanner.dll	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-6NJ67.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\is-P2RIN.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-D041D.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_ia64\is-HPEMA.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\is-HEC6Q.tmp	advanced-systemcare-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log	ASCService.exe
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.log	smBootTimebase.exe
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\LiveUpdateSrvUpt.log	IObitLiveUpdate.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\is-7SNEH.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-TPLP2.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-M4BM3.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-BUGUB.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-ROTAO.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\is-MMCH5.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_x86\is-MBJD3.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\wxp_amd64\is-F7HMO.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-ERLQE.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-8B4SH.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-PR53B.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-SM1BV.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\is-EAR0V.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-37L7V.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-HMDHG.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-TR1KP.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-C3I5G.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-Q9PBI.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-GEN2G.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\is-GTSEB.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\is-KIC31.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-ET5JH.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_ia64\is-948JP.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-96NSR.tmp	advanced-systemcare-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\startupBlack.db	smBootTimebase.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-NOHUC.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\db\is-FK1AS.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-U45V4.tmp	advanced-systemcare-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\startupWhite.db	smBootTimebase.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-VMK97.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-S68TS.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-0G05F.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-GR3CH.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\History\is-0CDGJ.tmp	advanced-systemcare-setup.tmp

Executes dropped EXE 26 IoCs

pid	Process
112	advanced-systemcare-setup.tmp
1604	Setup.exe
996	advanced-systemcare-setup.tmp
1336	ASCUpgrade.exe
4044	ASCUpgrade.exe
460	LocalLang.exe
992	ASCInit.exe
2844	PPUninstaller.exe
2748	RealTimeProtector.exe
2196	DiskDefrag.exe
5192	RealTimeProtector.exe
5616	ASCService.exe
5332	smBootTimebase.exe
4400	smBootTime.exe
6116	UninstallInfo.exe
6060	ICONPIN64.exe
5888	BrowserCleaner.exe
6268	PrivacyShield.exe
5152	smBootTime.exe
4936	RealTimeProtector.exe
492	smBootTime.exe
5044	Display.exe
5916	AutoSweep.exe
5524	AutoCare.exe
6288	IObitLiveUpdate.exe
5344	startupInfo.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5956	sc.exe

Loads dropped DLL 64 IoCs

pid	Process
1604	Setup.exe
1604	Setup.exe
992	ASCInit.exe
992	ASCInit.exe
992	ASCInit.exe
992	ASCInit.exe
992	ASCInit.exe
992	ASCInit.exe
2844	PPUninstaller.exe
2844	PPUninstaller.exe
2844	PPUninstaller.exe
2844	PPUninstaller.exe
2844	PPUninstaller.exe
2844	PPUninstaller.exe
2844	PPUninstaller.exe
2844	PPUninstaller.exe
2748	RealTimeProtector.exe
2748	RealTimeProtector.exe
2748	RealTimeProtector.exe
2748	RealTimeProtector.exe
2748	RealTimeProtector.exe
992	ASCInit.exe
992	ASCInit.exe
2196	DiskDefrag.exe
2196	DiskDefrag.exe
5192	RealTimeProtector.exe
5192	RealTimeProtector.exe
5192	RealTimeProtector.exe
5192	RealTimeProtector.exe
5192	RealTimeProtector.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
992	ASCInit.exe
992	ASCInit.exe
4400	smBootTime.exe
4400	smBootTime.exe
4400	smBootTime.exe
4400	smBootTime.exe
4400	smBootTime.exe
4400	smBootTime.exe
4400	smBootTime.exe
4400	smBootTime.exe
6116	UninstallInfo.exe
6116	UninstallInfo.exe
6116	UninstallInfo.exe
6116	UninstallInfo.exe
6116	UninstallInfo.exe
5972	regsvr32.exe
5888	BrowserCleaner.exe
5888	BrowserCleaner.exe
5888	BrowserCleaner.exe
5888	BrowserCleaner.exe
5888	BrowserCleaner.exe

Modifies system executable filetype association 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4600	5524	WerFault.exe	135

Modifies registry class 63 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Explorer.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Explorer.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\ = "CExtMenu Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CLSID\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\ = "{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CurVer\ = "ASCExtMenu.CExtMenu.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\VersionIndependentProgID\ = "ASCExtMenu.CExtMenu"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	Explorer.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ = "ICExtMenu"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\TypeLib\ = "{60AD0991-ECD4-49dc-B170-8B7E7C60F51B}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ = "CExtMenu Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ = "ICExtMenu"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\CLSID\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ProgID\ = "ASCExtMenu.CExtMenu.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\ = "ASCExtMenu 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Explorer.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\ = "CExtMenu Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\ = "{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1604	Setup.exe
1604	Setup.exe
1336	ASCUpgrade.exe
1336	ASCUpgrade.exe
1336	ASCUpgrade.exe
1336	ASCUpgrade.exe
1336	ASCUpgrade.exe
1336	ASCUpgrade.exe
1336	ASCUpgrade.exe
1336	ASCUpgrade.exe
4044	ASCUpgrade.exe
4044	ASCUpgrade.exe
992	ASCInit.exe
992	ASCInit.exe
2748	RealTimeProtector.exe
2748	RealTimeProtector.exe
2844	PPUninstaller.exe
2844	PPUninstaller.exe
2844	PPUninstaller.exe
2844	PPUninstaller.exe
5192	RealTimeProtector.exe
5192	RealTimeProtector.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
5332	smBootTimebase.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
5616	ASCService.exe
4400	smBootTime.exe
4400	smBootTime.exe
6116	UninstallInfo.exe
6116	UninstallInfo.exe
6116	UninstallInfo.exe
6116	UninstallInfo.exe
6116	UninstallInfo.exe
6116	UninstallInfo.exe
5888	BrowserCleaner.exe
5888	BrowserCleaner.exe
6268	PrivacyShield.exe
6268	PrivacyShield.exe
5616	ASCService.exe
5616	ASCService.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 57 IoCs

description	pid	Process
Token: SeDebugPrivilege	1336	ASCUpgrade.exe
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: 33	5616	ASCService.exe
Token: SeIncBasePriorityPrivilege	5616	ASCService.exe
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE
Token: SeShutdownPrivilege	2520	Explorer.EXE
Token: SeCreatePagefilePrivilege	2520	Explorer.EXE

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
1604	Setup.exe
1604	Setup.exe
1604	Setup.exe
1604	Setup.exe
1604	Setup.exe
1604	Setup.exe
996	advanced-systemcare-setup.tmp
2844	PPUninstaller.exe
2520	Explorer.EXE
5916	AutoSweep.exe
5916	AutoSweep.exe
5916	AutoSweep.exe
5916	AutoSweep.exe
5916	AutoSweep.exe
5916	AutoSweep.exe

Suspicious use of SendNotifyMessage 11 IoCs

pid	Process
1604	Setup.exe
1604	Setup.exe
1604	Setup.exe
1604	Setup.exe
1604	Setup.exe
5916	AutoSweep.exe
5916	AutoSweep.exe
5916	AutoSweep.exe
5916	AutoSweep.exe
5916	AutoSweep.exe
5916	AutoSweep.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 112	4476	advanced-systemcare-setup.exe	85
PID 4476 wrote to memory of 112	4476	advanced-systemcare-setup.exe	85
PID 4476 wrote to memory of 112	4476	advanced-systemcare-setup.exe	85
PID 112 wrote to memory of 1604	112	advanced-systemcare-setup.tmp	88
PID 112 wrote to memory of 1604	112	advanced-systemcare-setup.tmp	88
PID 112 wrote to memory of 1604	112	advanced-systemcare-setup.tmp	88
PID 1604 wrote to memory of 4568	1604	Setup.exe	104
PID 1604 wrote to memory of 4568	1604	Setup.exe	104
PID 1604 wrote to memory of 4568	1604	Setup.exe	104
PID 4568 wrote to memory of 996	4568	advanced-systemcare-setup.exe	105
PID 4568 wrote to memory of 996	4568	advanced-systemcare-setup.exe	105
PID 4568 wrote to memory of 996	4568	advanced-systemcare-setup.exe	105
PID 996 wrote to memory of 1336	996	advanced-systemcare-setup.tmp	106
PID 996 wrote to memory of 1336	996	advanced-systemcare-setup.tmp	106
PID 996 wrote to memory of 1336	996	advanced-systemcare-setup.tmp	106
PID 996 wrote to memory of 4044	996	advanced-systemcare-setup.tmp	107
PID 996 wrote to memory of 4044	996	advanced-systemcare-setup.tmp	107
PID 996 wrote to memory of 4044	996	advanced-systemcare-setup.tmp	107
PID 996 wrote to memory of 460	996	advanced-systemcare-setup.tmp	108
PID 996 wrote to memory of 460	996	advanced-systemcare-setup.tmp	108
PID 996 wrote to memory of 460	996	advanced-systemcare-setup.tmp	108
PID 996 wrote to memory of 992	996	advanced-systemcare-setup.tmp	111
PID 996 wrote to memory of 992	996	advanced-systemcare-setup.tmp	111
PID 996 wrote to memory of 992	996	advanced-systemcare-setup.tmp	111
PID 996 wrote to memory of 2844	996	advanced-systemcare-setup.tmp	112
PID 996 wrote to memory of 2844	996	advanced-systemcare-setup.tmp	112
PID 996 wrote to memory of 2844	996	advanced-systemcare-setup.tmp	112
PID 996 wrote to memory of 2748	996	advanced-systemcare-setup.tmp	113
PID 996 wrote to memory of 2748	996	advanced-systemcare-setup.tmp	113
PID 996 wrote to memory of 2748	996	advanced-systemcare-setup.tmp	113
PID 996 wrote to memory of 2196	996	advanced-systemcare-setup.tmp	123
PID 996 wrote to memory of 2196	996	advanced-systemcare-setup.tmp	123
PID 996 wrote to memory of 2196	996	advanced-systemcare-setup.tmp	123
PID 2748 wrote to memory of 5192	2748	RealTimeProtector.exe	120
PID 2748 wrote to memory of 5192	2748	RealTimeProtector.exe	120
PID 2748 wrote to memory of 5192	2748	RealTimeProtector.exe	120
PID 5616 wrote to memory of 5332	5616	ASCService.exe	114
PID 5616 wrote to memory of 5332	5616	ASCService.exe	114
PID 5616 wrote to memory of 5332	5616	ASCService.exe	114
PID 992 wrote to memory of 5248	992	ASCInit.exe	115
PID 992 wrote to memory of 5248	992	ASCInit.exe	115
PID 992 wrote to memory of 5248	992	ASCInit.exe	115
PID 5616 wrote to memory of 4400	5616	ASCService.exe	118
PID 5616 wrote to memory of 4400	5616	ASCService.exe	118
PID 5616 wrote to memory of 4400	5616	ASCService.exe	118
PID 992 wrote to memory of 6116	992	ASCInit.exe	119
PID 992 wrote to memory of 6116	992	ASCInit.exe	119
PID 992 wrote to memory of 6116	992	ASCInit.exe	119
PID 992 wrote to memory of 6060	992	ASCInit.exe	121
PID 992 wrote to memory of 6060	992	ASCInit.exe	121
PID 992 wrote to memory of 5972	992	ASCInit.exe	124
PID 992 wrote to memory of 5972	992	ASCInit.exe	124
PID 6060 wrote to memory of 2520	6060	ICONPIN64.exe	40
PID 5248 wrote to memory of 5956	5248	cmd.exe	125
PID 5248 wrote to memory of 5956	5248	cmd.exe	125
PID 5248 wrote to memory of 5956	5248	cmd.exe	125
PID 992 wrote to memory of 5888	992	ASCInit.exe	126
PID 992 wrote to memory of 5888	992	ASCInit.exe	126
PID 992 wrote to memory of 5888	992	ASCInit.exe	126
PID 992 wrote to memory of 6268	992	ASCInit.exe	127
PID 992 wrote to memory of 6268	992	ASCInit.exe	127
PID 992 wrote to memory of 6268	992	ASCInit.exe	127
PID 5616 wrote to memory of 5152	5616	ASCService.exe	130
PID 5616 wrote to memory of 5152	5616	ASCService.exe	130

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2520
- C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe
  "C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4476
- - C:\Users\Admin\AppData\Local\Temp\is-TG52C.tmp\advanced-systemcare-setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-TG52C.tmp\advanced-systemcare-setup.tmp" /SL5="$401FA,50323178,137216,C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:112
  - - C:\Users\Admin\AppData\Local\Temp\is-RKSER.tmp\Installer\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\is-RKSER.tmp\Installer\Setup.exe" /InnoSetup "C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\is-QQVQV.tmp\advanced-systemcare-setup.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-QQVQV.tmp\advanced-systemcare-setup.tmp" /SL5="$1501C8,50323178,137216,C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar
        6⤵
        Checks computer location settings
        Drops file in Program Files directory
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\is-N6CEL.tmp\ASCUpgrade.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-N6CEL.tmp\ASCUpgrade.exe" /upgrade "c:\program files (x86)\iobit\advanced systemcare"
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\is-N6CEL.tmp\ASCUpgrade.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-N6CEL.tmp\ASCUpgrade.exe" /CleanDir "C:\Program Files (x86)\IObit\Advanced SystemCare\"
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4044
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe"
        7⤵
        Executes dropped EXE
        
        PID:460
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe" /install /CreateTaskBar /Installer=true /insur=
        7⤵
        Adds Run key to start application
        Checks computer location settings
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:992
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c SC description AdvancedSystemCareService16 "Advanced SystemCare Service"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:5248
        
        C:\Windows\SysWOW64\sc.exe
        
        SC description AdvancedSystemCareService16 "Advanced SystemCare Service"
        9⤵
        Launches sc.exe
        
        PID:5956
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe" /install asc16
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:6116
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe" Pin "C:\Users\Public\Desktop\Advanced SystemCare.lnk"
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:6060
        
        C:\Windows\System32\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll"
        8⤵
        Loads dropped DLL
        Modifies system executable filetype association
        Registers COM server for autorun
        Modifies registry class
        
        PID:5972
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe" /InitData
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5888
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe" /ShowStr=silentWriteCache
        8⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:6268
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe" /i
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        
        PID:2844
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /install
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2748
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /Run
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5192
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe" /install
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2196

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe" /boottime
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5332

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5616
- C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /UpdateTaskschd
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /RunCurUs
  2⤵
  - Executes dropped EXE
  PID:4936
- C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /1 /41006400760061006E006300650064002000530079007300740065006D004300610072006500 /220043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0049004F006200690074005C0041006400760061006E006300650064002000530079007300740065006D0043006100720065005C0041005300430054007200610079002E00650078006500220020002F004100750074006F00 /48004B00450059005F00430055005200520045004E0054005F0055005300450052005C0053004F004600540057004100520045005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C00430075007200720065006E007400560065007200730069006F006E005C00520075006E005C00
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /start
  2⤵
  - Executes dropped EXE
  PID:5152
- C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe" /service
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe" /SvcAutoClean
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5916
- C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe" /autorun /AdvanceScan
  2⤵
  - Executes dropped EXE
  PID:5524
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 760
    3⤵
    - Program crash
    PID:4600
- C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe" /srvupt
  2⤵
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  PID:6288
- - C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe
    "C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe" /auto
    3⤵
    - Executes dropped EXE
    PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5524 -ip 5524
1⤵
PID:6076

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.EXE

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

Filesize
845KB

MD5
d0d95ed48c274ede3ec3d81b644ada3d

SHA1
93981f04409bf7fa5d163f10c7fcbe1c8bc18500

SHA256
cefb7c31d2da85081eb5ff1244c757e283a6d5197a1c7ab56971be678128afab

SHA512
254e84a971e44917dc072023a780eda5be32ab78cf78976bb6ef13f0c5071e4c809397596f28b0022ab4f7b1b873e7f1273571237ece97f3d56989473cc1f361

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

Filesize
845KB

MD5
d0d95ed48c274ede3ec3d81b644ada3d

SHA1
93981f04409bf7fa5d163f10c7fcbe1c8bc18500

SHA256
cefb7c31d2da85081eb5ff1244c757e283a6d5197a1c7ab56971be678128afab

SHA512
254e84a971e44917dc072023a780eda5be32ab78cf78976bb6ef13f0c5071e4c809397596f28b0022ab4f7b1b873e7f1273571237ece97f3d56989473cc1f361

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

Filesize
845KB

MD5
d0d95ed48c274ede3ec3d81b644ada3d

SHA1
93981f04409bf7fa5d163f10c7fcbe1c8bc18500

SHA256
cefb7c31d2da85081eb5ff1244c757e283a6d5197a1c7ab56971be678128afab

SHA512
254e84a971e44917dc072023a780eda5be32ab78cf78976bb6ef13f0c5071e4c809397596f28b0022ab4f7b1b873e7f1273571237ece97f3d56989473cc1f361

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.log

Filesize
776B

MD5
49d525c48b09f4a3924951caf2935a3b

SHA1
b0fb92d811e5ebf8b84f77323fd1b88ca7b53dc6

SHA256
b8fe196eb98e38950c264f9dff4d47f9851192ae54c335c40b117ef7935677dc

SHA512
e149361623bf68fd8306dce836f5ead371215f741eebb9e57e7d92950291b9e48a6019c522c4f4edea83fec297d89dcb0ca59cf07084d9c09528250aa4d4447a

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

Filesize
1KB

MD5
98ec259326bffff70403755d11e5f85c

SHA1
d0e4cf62b68bc10c882cca2bd5f391cf55f25a6f

SHA256
85e6f3d3cd1a989500174d1f2c04a422ef5140a4624205bf269c29b80f782286

SHA512
1cf0785ce5b4af61ff75e17ef66685774eb85f8f958590672819dc088b70b4b3ea0dcd072a6bd99b36ac1d68bbb4ac3bb4152669aadebde6c83eee9ada3b2fca

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

Filesize
2KB

MD5
e4dc54ec961a67a5411155af0f86db4d

SHA1
5fe71c386d76708d5867b3b60e8900f5bec5548e

SHA256
309f7da4b89cf5c1d6d3e023237d3f58b706c1c2ec218e7ba52e9efd84e4e66e

SHA512
5c78282e2550001b43e4733252ad172bacac27e36c44ff487c0a15f47dc0ae952c7842fb523ba09b46457a2a5b336b2b18e39e3ab21b11374aae8b738e373584

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

Filesize
3KB

MD5
8f37278bd2d8023262cbb3fb00530934

SHA1
84e988df754a26db46a9c8052f4de030af2088d3

SHA256
42f980d118adb653c531756099146375c275f2fee0ce3792f36cb047535a1490

SHA512
cd7d49b76d01d34d5d1af43675e6f94f4062bd83bb466d64ee8c0e04c1c3add9922d2bdd6cef7ddd19d4d17468d2e2ca0202376762bcccba75180f2079de4210

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

Filesize
32KB

MD5
f98a4521a2d99476b50fa4aeb71cd15d

SHA1
7a66ee7d7c88c5ff7f9d84277b97bfd66c4b20c6

SHA256
65d20649d14af3e6025765b5d0436c5396edd430bf155cbf8ad0b1483a7671f4

SHA512
b297763f3d9db97ca84c0509af0b6c289ee934327df280ddeae69573a934ad3fe7be7411e1f831a49080e9418b187864b205c31e8ebb1ce0e41d7cfc6efeabc9

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

Filesize
32KB

MD5
f98a4521a2d99476b50fa4aeb71cd15d

SHA1
7a66ee7d7c88c5ff7f9d84277b97bfd66c4b20c6

SHA256
65d20649d14af3e6025765b5d0436c5396edd430bf155cbf8ad0b1483a7671f4

SHA512
b297763f3d9db97ca84c0509af0b6c289ee934327df280ddeae69573a934ad3fe7be7411e1f831a49080e9418b187864b205c31e8ebb1ce0e41d7cfc6efeabc9

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

Filesize
32KB

MD5
f98a4521a2d99476b50fa4aeb71cd15d

SHA1
7a66ee7d7c88c5ff7f9d84277b97bfd66c4b20c6

SHA256
65d20649d14af3e6025765b5d0436c5396edd430bf155cbf8ad0b1483a7671f4

SHA512
b297763f3d9db97ca84c0509af0b6c289ee934327df280ddeae69573a934ad3fe7be7411e1f831a49080e9418b187864b205c31e8ebb1ce0e41d7cfc6efeabc9

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

Filesize
1KB

MD5
cf8299251913cd278b5973a4a1ab08e0

SHA1
e4cec86bc1e0d7ae6514048e56429657769603b4

SHA256
6ee620d4c26b0efcde2156a6af187a4ae1a3cac9c86d60f9acfcba26325b326b

SHA512
8d450c0722c750f324b9d4526a203e0b0460a4b69e7f635afd567fdb6f0c1f312951ec958a31c24ef71d97b605467f9bf5361838c35e155bcb13faeceac3feb3

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

Filesize
2KB

MD5
ba6d5ce0fbf4b272bd51a3a729fd9dbf

SHA1
2763787798a91433e2c878265092daf28b840328

SHA256
7c88d829b5b8b612a00e88d28e1ee3644ed3d6051aab997487a97238bbec5591

SHA512
58ca74d7743a21ee844c3f7082fae59eeea44da5bb4cfec7e7b1d8f6ef2ad5285de6477a2ad625259d78006b77f637c1d6eb06940fc47fea0fe3d679405a5e94

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

Filesize
3KB

MD5
aebebeaab62a1989d38fb5c0f59857f8

SHA1
e2e806716a7cd8afacd4108ed76e75881401343c

SHA256
60ff000d82caf5371efe7352c614f2e6d74fbf7596b178e08e89dbf6ffb8aefe

SHA512
415d467fee2fdec30238db16a385e96e5ed74aedd1dd68e11cb6ab701fa30a5f4006ddd0902872b4b2c0c373d0eeb44428eeeaeb636fe392d262a6571c2e065e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\HardwareLib.dll

Filesize
188KB

MD5
c534cd2ef9da6d3a50c27dad7a188a04

SHA1
0ec214523183fa2a47e434258fb4320c49cf851d

SHA256
040d71da31dae5b78f3e29149962f79d4cf53cf9a88a6e82d94a3f65cbefb09b

SHA512
b376eeaa837d8ee06b26e06cd31ab22a3ce30c4529cea9040fd876877ade3de8d76e74dc8eee52b7ec6c0880c8fec54b4bcd158f5c3bc676d1f360d09d9cb6e2

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\HardwareLib.dll

Filesize
188KB

MD5
c534cd2ef9da6d3a50c27dad7a188a04

SHA1
0ec214523183fa2a47e434258fb4320c49cf851d

SHA256
040d71da31dae5b78f3e29149962f79d4cf53cf9a88a6e82d94a3f65cbefb09b

SHA512
b376eeaa837d8ee06b26e06cd31ab22a3ce30c4529cea9040fd876877ade3de8d76e74dc8eee52b7ec6c0880c8fec54b4bcd158f5c3bc676d1f360d09d9cb6e2

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LiveUpdateSrvUpt.log

Filesize
14KB

MD5
1bbb25ac91e2b9c9d272b123dcf740dc

SHA1
9a39f8f4a25304dc82949e7f20f920886ce4617c

SHA256
d79f073dc9436a7080f18f70883c7ab01dcb35bdf1aeb991d9561291efd68ccd

SHA512
dc24c2551eb17cefb5adbabcbdfb522745f47bfae74701b5fc37f2d1b74d11763b0b3c1c0c81e3580247b5eabe19f1550cdc1895149c59b5e534d4119844a685

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

Filesize
229KB

MD5
bcb3518e3c4f380e7b26ce231997b0a1

SHA1
566fbf7a9272172b01c82d67d5d2345c7bb82577

SHA256
66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5

SHA512
bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

Filesize
229KB

MD5
bcb3518e3c4f380e7b26ce231997b0a1

SHA1
566fbf7a9272172b01c82d67d5d2345c7bb82577

SHA256
66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5

SHA512
bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

Filesize
229KB

MD5
bcb3518e3c4f380e7b26ce231997b0a1

SHA1
566fbf7a9272172b01c82d67d5d2345c7bb82577

SHA256
66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5

SHA512
bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\OFCommon.dll

Filesize
992KB

MD5
35f41fa498bfeff4b3d94aaa670f317b

SHA1
c0a75452c5eb5ff1d372892cd189502bd6ac5520

SHA256
6d5b5b0ec6d85e847007db9d0228f402e3fcf6b43c4e7fe6bb17ca2f89173807

SHA512
d609ebb49d907a6a9164d5b342c7ceb6ffe2a4947b07f81589423f693d6d26a09b45a39d155f5e3633d203e67bb3d4e6c1f637dde0f14b94eedde6b34fc5a0d5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\OFCommon.dll

Filesize
992KB

MD5
35f41fa498bfeff4b3d94aaa670f317b

SHA1
c0a75452c5eb5ff1d372892cd189502bd6ac5520

SHA256
6d5b5b0ec6d85e847007db9d0228f402e3fcf6b43c4e7fe6bb17ca2f89173807

SHA512
d609ebb49d907a6a9164d5b342c7ceb6ffe2a4947b07f81589423f693d6d26a09b45a39d155f5e3633d203e67bb3d4e6c1f637dde0f14b94eedde6b34fc5a0d5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\OFCommon.dll

Filesize
992KB

MD5
35f41fa498bfeff4b3d94aaa670f317b

SHA1
c0a75452c5eb5ff1d372892cd189502bd6ac5520

SHA256
6d5b5b0ec6d85e847007db9d0228f402e3fcf6b43c4e7fe6bb17ca2f89173807

SHA512
d609ebb49d907a6a9164d5b342c7ceb6ffe2a4947b07f81589423f693d6d26a09b45a39d155f5e3633d203e67bb3d4e6c1f637dde0f14b94eedde6b34fc5a0d5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe

Filesize
1.1MB

MD5
c058768b94f6552aa39061ff214bd065

SHA1
2b38062b78ea134273d676de3430b7031745271a

SHA256
34f09efde3f3e12d148de748757ae6149ba05c3763c167020e59c9dd57e1dfcf

SHA512
9c88c13c987f57b603fe48ff4e19bc951cf48281a57a98a0040f31d3d1d076c7db3550da5177cfd7de7a20eac48e2f7adddaccc4e9d079d6c2db22ca0679325e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe

Filesize
1.1MB

MD5
c058768b94f6552aa39061ff214bd065

SHA1
2b38062b78ea134273d676de3430b7031745271a

SHA256
34f09efde3f3e12d148de748757ae6149ba05c3763c167020e59c9dd57e1dfcf

SHA512
9c88c13c987f57b603fe48ff4e19bc951cf48281a57a98a0040f31d3d1d076c7db3550da5177cfd7de7a20eac48e2f7adddaccc4e9d079d6c2db22ca0679325e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe

Filesize
1.1MB

MD5
c058768b94f6552aa39061ff214bd065

SHA1
2b38062b78ea134273d676de3430b7031745271a

SHA256
34f09efde3f3e12d148de748757ae6149ba05c3763c167020e59c9dd57e1dfcf

SHA512
9c88c13c987f57b603fe48ff4e19bc951cf48281a57a98a0040f31d3d1d076c7db3550da5177cfd7de7a20eac48e2f7adddaccc4e9d079d6c2db22ca0679325e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.log

Filesize
60KB

MD5
800bbdb68c48523a75dc61fbbbdade4d

SHA1
c9688bc833f8e1e945f07543254566b8362e4e57

SHA256
0fba1d024e481a3d65357ee7d53615ea98a4318621a78ebce351e04f3da316d3

SHA512
7a1c48fa96da96fbf5f3bec56bacde567658514e7d30a60aff03cfb23a765503852397327a442f51ac5cb1ef6de8b4cb986c566c023cd01a5da9a5d4db3946ff

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

Filesize
1.1MB

MD5
0e7882975ac8dd3a0f8f48734705c192

SHA1
4f617a3149ef53244b8715ac288af44ceee01467

SHA256
3ea20404b5592aeccc3466eacd93c0e3a1ed1294f525668837a6bd20bdd84383

SHA512
2a9193da99027bb3e1778277b913c0be33076f1d6d73fb6fdd7bf66dbdc07547c9007d0a8da6b10256db73a4ed80e7bba0b9861b4eaf6eebc05bf88cc31b53da

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

Filesize
1.1MB

MD5
0e7882975ac8dd3a0f8f48734705c192

SHA1
4f617a3149ef53244b8715ac288af44ceee01467

SHA256
3ea20404b5592aeccc3466eacd93c0e3a1ed1294f525668837a6bd20bdd84383

SHA512
2a9193da99027bb3e1778277b913c0be33076f1d6d73fb6fdd7bf66dbdc07547c9007d0a8da6b10256db73a4ed80e7bba0b9861b4eaf6eebc05bf88cc31b53da

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

Filesize
1.1MB

MD5
0e7882975ac8dd3a0f8f48734705c192

SHA1
4f617a3149ef53244b8715ac288af44ceee01467

SHA256
3ea20404b5592aeccc3466eacd93c0e3a1ed1294f525668837a6bd20bdd84383

SHA512
2a9193da99027bb3e1778277b913c0be33076f1d6d73fb6fdd7bf66dbdc07547c9007d0a8da6b10256db73a4ed80e7bba0b9861b4eaf6eebc05bf88cc31b53da

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Register.exe

Filesize
2.9MB

MD5
c59538de5477005cd9264c57146a1b2e

SHA1
d421339822033d724fded9f330f43b8739826acc

SHA256
742445d540a7d3a96c95a12cb24a84780255c577a4280a65613be4352779e48f

SHA512
21a2e9f941a361e66eb61e78828d7d6445f176622495089c2d36370dbc544352629a2f24f1374f71300aa5b6d23367810533179050611822532885a5b22f4213

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCUrlScanner.dll

Filesize
484KB

MD5
9bbbacf7e04d12ded0b46a69ca785ea6

SHA1
1c66160f340ae8869bcdd0df061acf43616e3115

SHA256
39f78b45d8e587bfd83592bfc00bc553535581f7eac2189e796629c3e942e268

SHA512
b02445bd9d9b4f0d4056f241a1fb36d16c414e9afa85c9ffa2fadcde9223c5e3a1b33d363899402d4f418e706f851ec4b290994e3851670a1a12b04880246c3e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe

Filesize
1.4MB

MD5
a4c4cb5cd7e4c30d4d7e0dfb58c00a22

SHA1
1cf21920ff7c3f14d9084ae72db87b14de8635e4

SHA256
a711deeca99de5187715b98d942ddc93ced74d426f2e7213bd1237d5fdc31bbd

SHA512
b3f36061b60a31f6620f634e2ed2944f59643de2e08e1186eb61592d1660291f294afd5f2f9974bec504e130904222b2239387958d7dea82fc22f856e89b6781

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Update.ini

Filesize
6KB

MD5
04b25f2f64a895e7d2ace377c00d3999

SHA1
4f7a382da9fc38d4b2ed02dc50c4b02d3c95c05b

SHA256
eb581eb57f0cd1a0fd9a1bce536fda7a843bb6b09bdc9c8e6617e74e9933bd1e

SHA512
146fa86e80dfdf21b7b568d420498aa573b6dfa8a092ef11c23411656c44834bae99e71b5f38843b021d3bedf53c2292694e8c483abe401641858027dd8d0783

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\datastate.dll

Filesize
78KB

MD5
86bdbc01aecd0a413ee4a0583949329d

SHA1
f921cd9c5e89c1acecd7b235583e6d65165a6614

SHA256
85c0c5b3e17c5f9e9f5531dd9dc848b946a29902ce1294ca7a32a1d169fa0faf

SHA512
3b13542a9354297b27415ab9d9bca6adda884d4e2238cc924715ef29f14d819a3c768b9d8a2c7fffe6c6500c9a79b5483e1265df870650a215e928ac28b1225f

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\datastate.dll

Filesize
78KB

MD5
86bdbc01aecd0a413ee4a0583949329d

SHA1
f921cd9c5e89c1acecd7b235583e6d65165a6614

SHA256
85c0c5b3e17c5f9e9f5531dd9dc848b946a29902ce1294ca7a32a1d169fa0faf

SHA512
3b13542a9354297b27415ab9d9bca6adda884d4e2238cc924715ef29f14d819a3c768b9d8a2c7fffe6c6500c9a79b5483e1265df870650a215e928ac28b1225f

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\is-9D6T8.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl

Filesize
212KB

MD5
73bc46c0170de5d72d1e5e0df51ee68f

SHA1
bc92d0c16258b2a42ad9774fa7b6006bc32607ed

SHA256
4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8

SHA512
642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl

Filesize
64KB

MD5
f1d430eacd5aac17c5de78f0de3cf774

SHA1
b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d

SHA256
20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62

SHA512
bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl

Filesize
438KB

MD5
9ff9e6b33bee8e297bbdb47e8ac9b60f

SHA1
b49d037a12c43958ab24b3869359e6ddbe8cc551

SHA256
655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815

SHA512
7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl

Filesize
212KB

MD5
73bc46c0170de5d72d1e5e0df51ee68f

SHA1
bc92d0c16258b2a42ad9774fa7b6006bc32607ed

SHA256
4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8

SHA512
642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl

Filesize
212KB

MD5
73bc46c0170de5d72d1e5e0df51ee68f

SHA1
bc92d0c16258b2a42ad9774fa7b6006bc32607ed

SHA256
4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8

SHA512
642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl

Filesize
212KB

MD5
73bc46c0170de5d72d1e5e0df51ee68f

SHA1
bc92d0c16258b2a42ad9774fa7b6006bc32607ed

SHA256
4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8

SHA512
642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl

Filesize
64KB

MD5
f1d430eacd5aac17c5de78f0de3cf774

SHA1
b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d

SHA256
20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62

SHA512
bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl

Filesize
64KB

MD5
f1d430eacd5aac17c5de78f0de3cf774

SHA1
b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d

SHA256
20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62

SHA512
bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl

Filesize
64KB

MD5
f1d430eacd5aac17c5de78f0de3cf774

SHA1
b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d

SHA256
20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62

SHA512
bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl

Filesize
438KB

MD5
9ff9e6b33bee8e297bbdb47e8ac9b60f

SHA1
b49d037a12c43958ab24b3869359e6ddbe8cc551

SHA256
655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815

SHA512
7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl

Filesize
438KB

MD5
9ff9e6b33bee8e297bbdb47e8ac9b60f

SHA1
b49d037a12c43958ab24b3869359e6ddbe8cc551

SHA256
655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815

SHA512
7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl

Filesize
438KB

MD5
9ff9e6b33bee8e297bbdb47e8ac9b60f

SHA1
b49d037a12c43958ab24b3869359e6ddbe8cc551

SHA256
655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815

SHA512
7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\sqlite3.dll

Filesize
908KB

MD5
5b5a926a887f4a9f3eecc54598f697db

SHA1
86044be248e9fac25a0d8a3dd3c617da8688b7ea

SHA256
bc0c750c98bd413e7975e8b17b1101c346dda53100020161bc5141f77ed98932

SHA512
3031b4cf17cd4261d9c36495cfb707c6be10bd1444c8e474d1f117df55cadb32fe1661f239499d6f1ba3d3d96def6f6b4eae7e3fba543c6a5c8b98dedeb91412

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\sqlite3.dll

Filesize
908KB

MD5
5b5a926a887f4a9f3eecc54598f697db

SHA1
86044be248e9fac25a0d8a3dd3c617da8688b7ea

SHA256
bc0c750c98bd413e7975e8b17b1101c346dda53100020161bc5141f77ed98932

SHA512
3031b4cf17cd4261d9c36495cfb707c6be10bd1444c8e474d1f117df55cadb32fe1661f239499d6f1ba3d3d96def6f6b4eae7e3fba543c6a5c8b98dedeb91412

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vclx120.bpl

Filesize
223KB

MD5
49f74e40e1f7971be8d0ea71f2bfe90b

SHA1
a37b40b4bc153a2e76c1d62bcad6f2318f8db903

SHA256
de93bd10fdf546a57f24f97034f61699265dd80f973739f2ea5c68a0db540a5c

SHA512
84239ef5bf648196b4a9bf099d39f8c4603c22b72405485b17c25b0b767b8a08a209dccc800394a8152d4f5a0cc722fbc0390860cab020b269e110d42b310dea

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vclx120.bpl

Filesize
223KB

MD5
49f74e40e1f7971be8d0ea71f2bfe90b

SHA1
a37b40b4bc153a2e76c1d62bcad6f2318f8db903

SHA256
de93bd10fdf546a57f24f97034f61699265dd80f973739f2ea5c68a0db540a5c

SHA512
84239ef5bf648196b4a9bf099d39f8c4603c22b72405485b17c25b0b767b8a08a209dccc800394a8152d4f5a0cc722fbc0390860cab020b269e110d42b310dea

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\winid.dat

Filesize
691B

MD5
257e156c11b8b7add49c39f8ca6a3f0f

SHA1
bb187acab93b07564574869fff60696c56d689be

SHA256
a3f9a47f0b48afb31464cbd4bed3338546094757cf7796cc6bec3bd7d2562852

SHA512
28d22fbd87a05d51af442b662befc06ecae1312136475d286cc1b747d255be4705a9ac5102825942a3b9c3d00cf2e9714f47ca25a246e30d3713ecbaa598fa7b

Download Submit
C:\ProgramData\IObit\IObitLiveUpdate\update.ept

Filesize
58KB

MD5
804cb4884fc3d17a6b732aaaaa5c56ce

SHA1
1bfcf5667ea241c95d0cd93dfdd81081bdfc87bc

SHA256
2c526c59628e08e466d1c4b2dab0d20b0dc33843f97127126b9b7c4305b4e06c

SHA512
54cabda5d18ad5b57872d8316cca95d3c3ada88eac012345961b419193b74e0dd10bb793e1a5ff56823c1ecc1e6799992d2478bbf5c7c2668cb5009b04c109cb

Download Submit
C:\ProgramData\IObit\Install.ini

Filesize
102B

MD5
b75af6466cd2bad627708bf29387ff72

SHA1
d5056c69ad56a3b0e613f18290a8ef001d7bbb14

SHA256
a38696412a175cb4400a6621b02949d0031236dcaad12650f70a98cfff6211c5

SHA512
b8f9b1359fc8fdb9ad8e7d85e8e34756f61290c49c7e9ed5a94fc6567bc2f0ef811afbeb5868978edf37c83101ca16a02c94b4d8160010c594543df491c1839b

Download Submit
C:\ProgramData\IObit\iobitpromotion.ini

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\ProgramData\IObit\iobitpromotion.ini

Filesize
256B

MD5
fc4e5f80bee6e21c477c312b9213087d

SHA1
9fd097b3d54ef4e04ac8f6f313abbd27fdf97eeb

SHA256
f4a8b66f6782c6f86b02efd3d6d87583c30e61872f0848edcfc29c7a9ce10aa1

SHA512
d8dd5be68eb8c4fc89db19cc819bbdfa9ac7d99d8547093f2562e1142316eefc274af25909ef184b7b2f33d5445ee488bba50c2aca85f343c8facb372f3d35a5

Download Submit
C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini

Filesize
58B

MD5
93b446dd65d042839a2b8945297bfd27

SHA1
7ef7655ab2cac178f7de0fb202f49a1ede669629

SHA256
c1fa0ccf737521386cd519f7a021db26a67d28cde89da75f564ecc1d1d31ee6b

SHA512
53595d19e40dc3bb704c06efb97303020c053d8d114aff806891535de1c0469b61c4f8d66709f45f07215c44d810afaabc5bb20f67833c789fa18d9bba074cdc

Download Submit
C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\ProtectRecords.ini

Filesize
138B

MD5
0e9856970f5cb2544dbf5ea83fe9391e

SHA1
1379805a305d9de0ba7eeb1f7cc46f40eb59a7f4

SHA256
dd5bf9c2f483789e8853dbc42429774e9c28d51a086a6c57ef78dd414e5a5422

SHA512
010591395be0eec618cc8e9625228ae7fd5e3c91162e24ee96bc2c818abff44b9ae9d0d1e0a6261cb40ccd2cebc1b7145bb1c3cd9abac25780ad41b4463f0c47

Download Submit
C:\Users\Admin\AppData\Local\Temp\IId2A#sV70qNga4H.tmp.dat

Filesize
422B

MD5
ef58446cef430aea639f60c6efe167fc

SHA1
2d383a7436394cd82b37d3970533b736e8a7712d

SHA256
95a17475087a259f8ffab7c403b323d2ede73a82f7009ca147bfdcb5a0c19653

SHA512
d961323de4323773314c7c9d52c24f31e7358716694454892b21e29c74215ac415723b67f0c2d4886283db8219fe478dac266f476152efc34f9cbf28e4f355f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N6CEL.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N6CEL.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N6CEL.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N6CEL.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N6CEL.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N6CEL.tmp\libcrypto-1_1.dll

Filesize
1.7MB

MD5
b09a5c562bb1d521de69d37ce5286f3e

SHA1
5177d1c96fc389c6377d4256187f76579cdeb2ed

SHA256
c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181

SHA512
5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N6CEL.tmp\libssl-1_1.dll

Filesize
362KB

MD5
9405ea98989968e07b5c9497ff54b560

SHA1
2c8142bb1b667af133e03a51cfd7427deac1b900

SHA256
5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba

SHA512
1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QQVQV.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QQVQV.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RKSER.tmp\Installer\Rinside.dat

Filesize
22B

MD5
3115e02fd135942a8eb97ebffe751beb

SHA1
31764acb175a41b5342bb89e3a951e85084e5d57

SHA256
a9161ffe6690069e1267c6fdad055fc0112144273b66a8bdc59862941279b21b

SHA512
065dc4358ce8f88a044d1764503901cf4a1ba75cd45e3021c0f956955ebd0942718bc09dbed6214d70c1efbfc9fd3adf02abc10694677e5b8cc50b10e92582e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RKSER.tmp\Installer\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RKSER.tmp\Installer\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RKSER.tmp\Installer\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RKSER.tmp\Installer\libcrypto-1_1.dll

Filesize
1.7MB

MD5
b09a5c562bb1d521de69d37ce5286f3e

SHA1
5177d1c96fc389c6377d4256187f76579cdeb2ed

SHA256
c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181

SHA512
5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RKSER.tmp\Installer\libcrypto-1_1.dll

Filesize
1.7MB

MD5
b09a5c562bb1d521de69d37ce5286f3e

SHA1
5177d1c96fc389c6377d4256187f76579cdeb2ed

SHA256
c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181

SHA512
5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RKSER.tmp\Installer\libssl-1_1.dll

Filesize
362KB

MD5
9405ea98989968e07b5c9497ff54b560

SHA1
2c8142bb1b667af133e03a51cfd7427deac1b900

SHA256
5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba

SHA512
1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RKSER.tmp\Installer\libssl-1_1.dll

Filesize
362KB

MD5
9405ea98989968e07b5c9497ff54b560

SHA1
2c8142bb1b667af133e03a51cfd7427deac1b900

SHA256
5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba

SHA512
1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RKSER.tmp\Rinside.dat

Filesize
22B

MD5
3115e02fd135942a8eb97ebffe751beb

SHA1
31764acb175a41b5342bb89e3a951e85084e5d57

SHA256
a9161ffe6690069e1267c6fdad055fc0112144273b66a8bdc59862941279b21b

SHA512
065dc4358ce8f88a044d1764503901cf4a1ba75cd45e3021c0f956955ebd0942718bc09dbed6214d70c1efbfc9fd3adf02abc10694677e5b8cc50b10e92582e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TG52C.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\HomepageAdvisor.ini

Filesize
214B

MD5
8650b1755b632485f2dd439f3a3c6126

SHA1
8c1ca0c0cbc869d75c7f174a77b282e457e9d78a

SHA256
931b07b89eac79e4011037fb46a1922c3837f25b900598d3ad0f386a030e88d6

SHA512
c0bd889d248e05ff2be70765f48c756ec313e481d7747c676d7365af3fe0e332cc76f08463e07f829d412ea9cf42b2aaeae6eca3d12438e7497bd77a428d1bf6

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Ignore.ini

Filesize
14KB

MD5
8cc6f7e704c72dda22035d5fff19759f

SHA1
90bbd43e42b2f46f327f26b01d782d94d8348bd4

SHA256
60b40150366fb7540d6da67f0719b8645d4513c270fe49234c25a664a7a7b623

SHA512
ac2469f5e48564f3e0ad2f645445f1aedc2cfabd53b7706a383cdaa2b1fdbd6f4a255779b079af2ac27c9cf109cf4a0b21e9b302aa68071b0af1d1ff65878673

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
1KB

MD5
c6229275b27163a3c411221a668105e6

SHA1
91bb3985e25cf283d3191276f47dd2da5c5ea24c

SHA256
6efc5d4a98f1fa9972d3dfae9717d3a46c897d902d7acb36f1eb695a2d19b479

SHA512
0f11c2439bd7170844f22afc69abb553e9362a78bff2f6c0373e4207e86606b2d43a37b173f19c70c33310f5c0bdd5c978bcaee28d097bd6e67607b45956c9f0

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
2KB

MD5
54bba2a9d76bc9b3f33371005717bb2c

SHA1
8324295dd9bb1fd7fef0e616432e6ab193bff887

SHA256
3cb2f916e1fc004c02ce7c086e29b2f2b748b7cddfb7a8c4c25a70261a7dfda0

SHA512
7d0f163876b47bdb24e872032091f3dab34b6f115fd0aab226f549798e8a8ba15137e6cdaf02893c99072eb3551927bbd77850307c891c75d63be57daf53a876

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
3KB

MD5
1a4317a7e43e90ed419ee0bdea4393ff

SHA1
78c1272f92a617fef8173cdffa7008001a38e18a

SHA256
86c25f7f56e06a4984ce9e65ee8a99bcf704e9b446d2f04b7f665b406d1ca9e0

SHA512
f97dcff0a80488ec921ab6644169879f0da55235872199abaa66edbc9188a6cc275be527dc65cdcbbbde2cf1b3fac464ce64ec21ea182cd9c67d07ae065df01a

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
3KB

MD5
1a4317a7e43e90ed419ee0bdea4393ff

SHA1
78c1272f92a617fef8173cdffa7008001a38e18a

SHA256
86c25f7f56e06a4984ce9e65ee8a99bcf704e9b446d2f04b7f665b406d1ca9e0

SHA512
f97dcff0a80488ec921ab6644169879f0da55235872199abaa66edbc9188a6cc275be527dc65cdcbbbde2cf1b3fac464ce64ec21ea182cd9c67d07ae065df01a

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
4KB

MD5
67fc981c1f317a1fd811e40c96141731

SHA1
85c6e376f08a04d62ddbc7eecb9bdf451b4f90c1

SHA256
5f6235e61c443adf6f169f0cea5cdce669b8e8109b94e89577abbf4929c06ffb

SHA512
d7cd86c976fa79dd8c2c8d1f4568494553a3703b4234cb616e7d846fa786af38bd389b83c448e2f70d6d2cfe9d45618d715fc63f2636d17e918ace98aea4eafd

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.Ini

Filesize
370B

MD5
30d2dea17c295b2d10a55b4d1a96d648

SHA1
5dbb901d8ee0f6b0d1d299015391f5b8d6180890

SHA256
01e8e59a949cf62aa1017d3a5952c8ca4e536f223e0051e4067b6adb30d932f1

SHA512
cb4ab81dde403a0d07b4b6ed143360812aac20b64898266a42f089efe1ef79e7a11b05851f2eef70f9cc982f7026ba980b02dfd0bbc882482f2c6c8f6dc64124

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

Filesize
370B

MD5
30d2dea17c295b2d10a55b4d1a96d648

SHA1
5dbb901d8ee0f6b0d1d299015391f5b8d6180890

SHA256
01e8e59a949cf62aa1017d3a5952c8ca4e536f223e0051e4067b6adb30d932f1

SHA512
cb4ab81dde403a0d07b4b6ed143360812aac20b64898266a42f089efe1ef79e7a11b05851f2eef70f9cc982f7026ba980b02dfd0bbc882482f2c6c8f6dc64124

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

Filesize
67B

MD5
11f27fba4b96b2ea6c161e058c11457a

SHA1
628b4f75deeb9d4a1eeeeef2d51b6b10113a1e3c

SHA256
46999de61bceb7459c749ec9fb1c35c6176634677217c4d71e9a22d6f6e1d14d

SHA512
91d43fc92dbee494088f4ee3df1eaebd533e05a857f69a1198a3896338b302947594186c0f91aa7f13232cc0764838380aaf7aa5d281b5cbb48ee686020b4810

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

Filesize
244B

MD5
fcf17cb2fb0c610a6af6d16a548344fa

SHA1
4f5e16dff14057cda9648cb7c6e75da62f0af06c

SHA256
583f8d26d34b645cb4bfd948f7ccb9be82e9484f544695faae2cf38a5b8a0ae6

SHA512
5f186a6b3aacd548fb49bb0c8fc555c4fef9acb2773fd52f92c78e4802c0394b643e30e031ecb5d9b547bb27e287fd9f62993135fffbb18ade4df28f0fde70a2

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

Filesize
316B

MD5
0e614743f09268593c66c6424e5f08e5

SHA1
887972e0261cca1f097b73cebde0f66abbcd5483

SHA256
f51d3147e03e2f6b5bad5f3d842eb9f9669c992843710821d7c8c6103b6973aa

SHA512
e3cde8a8013e34ae1b29d5c5050d88e4ce5664b13c471b6e0520f829ce3b75a86937521154f25b71de2e0de878fbf715500f62e79b865087cfa8e4403058ddd5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare.lnk

Filesize
1KB

MD5
d0cb7139396ae829e48d54b308455125

SHA1
b1a192b176bb57a80d46d78fad07049766eb2eeb

SHA256
9038ff5b71c96fa04a8452797b728ee14c0a0e6408ad23f5186d7e16fd0bcbfb

SHA512
9245097ecb9dc2c2abfa782333954b21ba5115a22c2290664262e34e1e4bcfa462786706e74810c4bfa4610de275e76c6eecbf112097c17f47991708dc342c7a

Download Submit
memory/112-172-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/112-139-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/460-973-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/992-3081-0x0000000000400000-0x00000000004D7000-memory.dmp

Filesize
860KB

Download
memory/992-2084-0x0000000004420000-0x000000000455D000-memory.dmp

Filesize
1.2MB

Download
memory/992-3161-0x00000000046A0000-0x00000000046A1000-memory.dmp

Filesize
4KB

Download
memory/992-2097-0x0000000003FB0000-0x0000000003FB1000-memory.dmp

Filesize
4KB

Download
memory/992-3085-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/992-3090-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/992-1097-0x0000000003FB0000-0x0000000003FB1000-memory.dmp

Filesize
4KB

Download
memory/992-1056-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/992-1062-0x0000000003D30000-0x0000000003E6D000-memory.dmp

Filesize
1.2MB

Download
memory/996-228-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/996-1025-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/996-273-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/996-275-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/996-1428-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/1336-263-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/1336-264-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/1604-210-0x0000000004260000-0x0000000004261000-memory.dmp

Filesize
4KB

Download
memory/1604-205-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/1604-212-0x0000000004210000-0x0000000004211000-memory.dmp

Filesize
4KB

Download
memory/1604-175-0x0000000004110000-0x0000000004111000-memory.dmp

Filesize
4KB

Download
memory/1604-947-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/1604-261-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/1604-206-0x0000000004290000-0x00000000042A0000-memory.dmp

Filesize
64KB

Download
memory/1604-222-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/1604-2212-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/1604-183-0x0000000004290000-0x00000000042A0000-memory.dmp

Filesize
64KB

Download
memory/1604-204-0x0000000004110000-0x0000000004111000-memory.dmp

Filesize
4KB

Download
memory/2196-1885-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/2196-1588-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2196-1907-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/2196-1590-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2520-2163-0x0000000003410000-0x0000000003415000-memory.dmp

Filesize
20KB

Download
memory/2520-2159-0x0000000003410000-0x0000000003415000-memory.dmp

Filesize
20KB

Download
memory/2748-1749-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/2748-2023-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/2748-1908-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/2748-2033-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/2748-1886-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/2748-1589-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/2748-1274-0x0000000003C20000-0x0000000003C21000-memory.dmp

Filesize
4KB

Download
memory/2844-1063-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/2844-3093-0x0000000000400000-0x0000000000566000-memory.dmp

Filesize
1.4MB

Download
memory/2844-1272-0x0000000003C70000-0x0000000003C71000-memory.dmp

Filesize
4KB

Download
memory/4044-276-0x0000000003C30000-0x0000000003C31000-memory.dmp

Filesize
4KB

Download
memory/4044-277-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/4400-3083-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/4400-2148-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/4400-2813-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/4400-2445-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/4400-2247-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/4400-3087-0x0000000061E00000-0x0000000061ECA000-memory.dmp

Filesize
808KB

Download
memory/4476-134-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4476-174-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4568-224-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4568-221-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4568-262-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4568-2032-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4936-3077-0x0000000003C40000-0x0000000003D7D000-memory.dmp

Filesize
1.2MB

Download
memory/4936-3092-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/5192-2038-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/5192-2031-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/5192-2035-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/5192-2071-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/5192-2022-0x0000000003C20000-0x0000000003C21000-memory.dmp

Filesize
4KB

Download
memory/5192-2037-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/5332-2072-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/5344-3466-0x0000000003BC0000-0x0000000003BC1000-memory.dmp

Filesize
4KB

Download
memory/5616-2098-0x0000000005970000-0x0000000005980000-memory.dmp

Filesize
64KB

Download
memory/5616-2059-0x0000000004260000-0x0000000004261000-memory.dmp

Filesize
4KB

Download
memory/5616-2188-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/5616-2053-0x0000000004380000-0x0000000004498000-memory.dmp

Filesize
1.1MB

Download
memory/5616-2036-0x0000000000BE0000-0x0000000000C6C000-memory.dmp

Filesize
560KB

Download
memory/5616-2151-0x0000000004250000-0x0000000004251000-memory.dmp

Filesize
4KB

Download
memory/5616-2039-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/5616-3179-0x0000000005970000-0x0000000005980000-memory.dmp

Filesize
64KB

Download
memory/5616-2034-0x00000000009D0000-0x0000000000ADA000-memory.dmp

Filesize
1.0MB

Download
memory/5616-2057-0x00000000041D0000-0x00000000041D1000-memory.dmp

Filesize
4KB

Download
memory/5888-3084-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/5888-3088-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/5888-2658-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/5888-3079-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/5916-3211-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/6116-2196-0x0000000002E30000-0x0000000002E31000-memory.dmp

Filesize
4KB

Download
memory/6116-2167-0x0000000004E80000-0x0000000004FBD000-memory.dmp

Filesize
1.2MB

Download
memory/6116-2200-0x0000000002E70000-0x0000000002E71000-memory.dmp

Filesize
4KB

Download
memory/6116-2812-0x0000000000A40000-0x0000000000E41000-memory.dmp

Filesize
4.0MB

Download
memory/6116-2152-0x0000000000FF0000-0x0000000000FF1000-memory.dmp

Filesize
4KB

Download
memory/6268-3091-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/6268-3086-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/6268-2822-0x0000000003C90000-0x0000000003C91000-memory.dmp

Filesize
4KB

Download
memory/6268-3080-0x0000000000400000-0x00000000005A2000-memory.dmp

Filesize
1.6MB

Download
memory/6288-3254-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/6288-3393-0x0000000005540000-0x0000000005541000-memory.dmp

Filesize
4KB

Download
memory/6288-3263-0x0000000005530000-0x0000000005531000-memory.dmp

Filesize
4KB

Download