990034eea06c068b8384741d36fab9e53c7cf7de10e8531b915f34c1ed0c0885

Resubmissions

13/07/2023, 13:40

230713-qykc6ahg5x 7

13/07/2023, 13:35

230713-qv4mmagh59 7

13/07/2023, 13:31

230713-qsdcnagh49 7

Analysis

max time kernel
118s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2023, 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

advanced-systemcare-setup.exe
Size

48.5MB
MD5

f14d068cfae207f898fb76eaf1367043
SHA1

c3dbda0acaf1e5fd1a493d2dd1cc3da0c017f0bc
SHA256

990034eea06c068b8384741d36fab9e53c7cf7de10e8531b915f34c1ed0c0885
SHA512

544b9fecc1923d12ae027b48383fe4811b3684d7ddd797b2096b10a35fe9a1670d125110f4a2e77222bd6d434681af738cc519be326bfcc551e3fd141a27e663
SSDEEP

786432:yK021ALYXrd2i5u5ySyYTcER34bgeIT10qcbVR5i7ecLrqF1O029nSeJ4z:9IKU0udTdIbgBqbiScLr0h29SNz

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced SystemCare = "\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCTray.exe\" /Auto"	ASCInit.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	advanced-systemcare-setup.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	ASCInit.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	IObitLiveUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000\Control Panel\International\Geo\Nation	advanced-systemcare-setup.tmp

Drops file in System32 directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\delayEx.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\OptFailed.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\Ignore.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\IObit Uninstaller\DistrustPlugin.ini	smBootTimebase.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\IObit Uninstaller\DistrustPlugin.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\delStartups.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\OptimizeRecord.ini	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\IObit Uninstaller\BCleanerdb	smBootTimebase.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\config.ini	smBootTimebase.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\History\is-PACV3.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\wxp_amd64\is-9PGRC.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-MAOGP.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\History\is-JEEH6.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\History\is-0STP6.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_x86\is-60BH3.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-VQ50B.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-M4PB2.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-R7F3A.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-JK0F2.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\is-73P0C.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\is-VRIR9.tmp	advanced-systemcare-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.log	PrivacyShield.exe
File opened for modification	C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare\License.ini	Setup.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-31OU0.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-HB7Q7.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\is-AUNDQ.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-JBQCQ.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-SRQ4O.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log	IObitLiveUpdate.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-I4EIV.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\is-8MIQN.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\History\is-K8PDD.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\db\is-C52A2.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-0CQOA.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_ia64\is-KJ46H.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\is-1VQQO.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-UPOEO.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-6L3NI.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-REPC3.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-T6GD2.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-1B5C7.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-T4828.tmp	advanced-systemcare-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.log	startupInfo.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-GKIMB.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\is-9NCKQ.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-9N13D.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\js\is-SOSLV.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_ia64\is-G7VJO.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\is-AUBQ0.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-3URFN.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.log	PrivacyShield.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-6AVT2.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Config\is-M6MGN.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-FCCNJ.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\is-BV2OM.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\is-J737U.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-V9TFH.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\is-CL5GE.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\is-AI002.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\is-BUCL5.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-AU6KI.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\is-FQUEQ.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\is-F100V.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-GN20O.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-DIK18.tmp	advanced-systemcare-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.log	smBootTimebase.exe
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-DKSRA.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Database\is-JG0TF.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-G3AMB.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\is-0M806.tmp	advanced-systemcare-setup.tmp
File opened for modification	C:\Program Files (x86)\IObit\Advanced SystemCare\unins000.dat	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\Update\is-FA0AO.tmp	advanced-systemcare-setup.tmp
File created	C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\is-K185V.tmp	advanced-systemcare-setup.tmp

Executes dropped EXE 26 IoCs

pid	Process
3136	advanced-systemcare-setup.tmp
4704	Setup.exe
3148	advanced-systemcare-setup.tmp
388	ASCUpgrade.exe
640	ASCUpgrade.exe
4008	LocalLang.exe
2096	ASCInit.exe
3508	PPUninstaller.exe
4544	RealTimeProtector.exe
2108	DiskDefrag.exe
7024	RealTimeProtector.exe
1076	ASCService.exe
4560	smBootTimebase.exe
5208	smBootTime.exe
5540	UninstallInfo.exe
5596	ICONPIN64.exe
5716	BrowserCleaner.exe
5748	PrivacyShield.exe
1896	smBootTime.exe
5684	smBootTime.exe
5784	RealTimeProtector.exe
6756	Display.exe
3136	AutoSweep.exe
7376	AutoCare.exe
7588	IObitLiveUpdate.exe
1912	startupInfo.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5144	sc.exe

Loads dropped DLL 64 IoCs

pid	Process
4704	Setup.exe
4704	Setup.exe
2096	ASCInit.exe
2096	ASCInit.exe
2096	ASCInit.exe
2096	ASCInit.exe
2096	ASCInit.exe
2096	ASCInit.exe
2096	ASCInit.exe
2096	ASCInit.exe
3508	PPUninstaller.exe
3508	PPUninstaller.exe
3508	PPUninstaller.exe
3508	PPUninstaller.exe
3508	PPUninstaller.exe
3508	PPUninstaller.exe
3508	PPUninstaller.exe
3508	PPUninstaller.exe
4544	RealTimeProtector.exe
4544	RealTimeProtector.exe
4544	RealTimeProtector.exe
4544	RealTimeProtector.exe
4544	RealTimeProtector.exe
2108	DiskDefrag.exe
2108	DiskDefrag.exe
7024	RealTimeProtector.exe
7024	RealTimeProtector.exe
7024	RealTimeProtector.exe
7024	RealTimeProtector.exe
7024	RealTimeProtector.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
2096	ASCInit.exe
2096	ASCInit.exe
5208	smBootTime.exe
5208	smBootTime.exe
5208	smBootTime.exe
5208	smBootTime.exe
5208	smBootTime.exe
5208	smBootTime.exe
5208	smBootTime.exe
5208	smBootTime.exe
5540	UninstallInfo.exe
5640	regsvr32.exe
5716	BrowserCleaner.exe
5716	BrowserCleaner.exe
5716	BrowserCleaner.exe
5716	BrowserCleaner.exe
5716	BrowserCleaner.exe
5716	BrowserCleaner.exe
5716	BrowserCleaner.exe
5748	PrivacyShield.exe
5748	PrivacyShield.exe

Modifies system executable filetype association 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7772	7376	WerFault.exe	134

Modifies registry class 63 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\ = "ASCExtMenu 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\ = "CExtMenu Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ = "ICExtMenu"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ = "ICExtMenu"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ = "CExtMenu Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\CLSID\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\ = "{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CurVer\ = "ASCExtMenu.CExtMenu.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Explorer.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ProgID\ = "ASCExtMenu.CExtMenu.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\TypeLib\ = "{60AD0991-ECD4-49dc-B170-8B7E7C60F51B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Explorer.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\VersionIndependentProgID\ = "ASCExtMenu.CExtMenu"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\ = "CExtMenu Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CLSID\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings	Explorer.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\ = "{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Explorer.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4704	Setup.exe
4704	Setup.exe
388	ASCUpgrade.exe
388	ASCUpgrade.exe
388	ASCUpgrade.exe
388	ASCUpgrade.exe
388	ASCUpgrade.exe
388	ASCUpgrade.exe
388	ASCUpgrade.exe
388	ASCUpgrade.exe
640	ASCUpgrade.exe
640	ASCUpgrade.exe
2096	ASCInit.exe
2096	ASCInit.exe
3508	PPUninstaller.exe
3508	PPUninstaller.exe
4544	RealTimeProtector.exe
4544	RealTimeProtector.exe
7024	RealTimeProtector.exe
7024	RealTimeProtector.exe
3508	PPUninstaller.exe
3508	PPUninstaller.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
4560	smBootTimebase.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
1076	ASCService.exe
5208	smBootTime.exe
5208	smBootTime.exe
5540	UninstallInfo.exe
5540	UninstallInfo.exe
5540	UninstallInfo.exe
5540	UninstallInfo.exe
5716	BrowserCleaner.exe
5716	BrowserCleaner.exe
5540	UninstallInfo.exe
5540	UninstallInfo.exe
5748	PrivacyShield.exe
5748	PrivacyShield.exe
1076	ASCService.exe
1076	ASCService.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 55 IoCs

description	pid	Process
Token: SeDebugPrivilege	388	ASCUpgrade.exe
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: 33	1076	ASCService.exe
Token: SeIncBasePriorityPrivilege	1076	ASCService.exe
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE
Token: SeShutdownPrivilege	3140	Explorer.EXE
Token: SeCreatePagefilePrivilege	3140	Explorer.EXE

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
4704	Setup.exe
4704	Setup.exe
4704	Setup.exe
4704	Setup.exe
4704	Setup.exe
4704	Setup.exe
3148	advanced-systemcare-setup.tmp
3508	PPUninstaller.exe
3140	Explorer.EXE
3136	AutoSweep.exe
3136	AutoSweep.exe
3136	AutoSweep.exe
3136	AutoSweep.exe
3136	AutoSweep.exe
3136	AutoSweep.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
4704	Setup.exe
4704	Setup.exe
4704	Setup.exe
4704	Setup.exe
4704	Setup.exe
3136	AutoSweep.exe
3136	AutoSweep.exe
3136	AutoSweep.exe
3136	AutoSweep.exe
3136	AutoSweep.exe
3136	AutoSweep.exe
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE
3140	Explorer.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 3136	2640	advanced-systemcare-setup.exe	86
PID 2640 wrote to memory of 3136	2640	advanced-systemcare-setup.exe	86
PID 2640 wrote to memory of 3136	2640	advanced-systemcare-setup.exe	86
PID 3136 wrote to memory of 4704	3136	advanced-systemcare-setup.tmp	91
PID 3136 wrote to memory of 4704	3136	advanced-systemcare-setup.tmp	91
PID 3136 wrote to memory of 4704	3136	advanced-systemcare-setup.tmp	91
PID 4704 wrote to memory of 1120	4704	Setup.exe	95
PID 4704 wrote to memory of 1120	4704	Setup.exe	95
PID 4704 wrote to memory of 1120	4704	Setup.exe	95
PID 1120 wrote to memory of 3148	1120	advanced-systemcare-setup.exe	96
PID 1120 wrote to memory of 3148	1120	advanced-systemcare-setup.exe	96
PID 1120 wrote to memory of 3148	1120	advanced-systemcare-setup.exe	96
PID 3148 wrote to memory of 388	3148	advanced-systemcare-setup.tmp	98
PID 3148 wrote to memory of 388	3148	advanced-systemcare-setup.tmp	98
PID 3148 wrote to memory of 388	3148	advanced-systemcare-setup.tmp	98
PID 3148 wrote to memory of 640	3148	advanced-systemcare-setup.tmp	99
PID 3148 wrote to memory of 640	3148	advanced-systemcare-setup.tmp	99
PID 3148 wrote to memory of 640	3148	advanced-systemcare-setup.tmp	99
PID 3148 wrote to memory of 4008	3148	advanced-systemcare-setup.tmp	104
PID 3148 wrote to memory of 4008	3148	advanced-systemcare-setup.tmp	104
PID 3148 wrote to memory of 4008	3148	advanced-systemcare-setup.tmp	104
PID 3148 wrote to memory of 2096	3148	advanced-systemcare-setup.tmp	106
PID 3148 wrote to memory of 2096	3148	advanced-systemcare-setup.tmp	106
PID 3148 wrote to memory of 2096	3148	advanced-systemcare-setup.tmp	106
PID 3148 wrote to memory of 3508	3148	advanced-systemcare-setup.tmp	122
PID 3148 wrote to memory of 3508	3148	advanced-systemcare-setup.tmp	122
PID 3148 wrote to memory of 3508	3148	advanced-systemcare-setup.tmp	122
PID 3148 wrote to memory of 4544	3148	advanced-systemcare-setup.tmp	121
PID 3148 wrote to memory of 4544	3148	advanced-systemcare-setup.tmp	121
PID 3148 wrote to memory of 4544	3148	advanced-systemcare-setup.tmp	121
PID 3148 wrote to memory of 2108	3148	advanced-systemcare-setup.tmp	120
PID 3148 wrote to memory of 2108	3148	advanced-systemcare-setup.tmp	120
PID 3148 wrote to memory of 2108	3148	advanced-systemcare-setup.tmp	120
PID 4544 wrote to memory of 7024	4544	RealTimeProtector.exe	119
PID 4544 wrote to memory of 7024	4544	RealTimeProtector.exe	119
PID 4544 wrote to memory of 7024	4544	RealTimeProtector.exe	119
PID 1076 wrote to memory of 4560	1076	ASCService.exe	107
PID 1076 wrote to memory of 4560	1076	ASCService.exe	107
PID 1076 wrote to memory of 4560	1076	ASCService.exe	107
PID 2096 wrote to memory of 2308	2096	ASCInit.exe	109
PID 2096 wrote to memory of 2308	2096	ASCInit.exe	109
PID 2096 wrote to memory of 2308	2096	ASCInit.exe	109
PID 2308 wrote to memory of 5144	2308	cmd.exe	110
PID 2308 wrote to memory of 5144	2308	cmd.exe	110
PID 2308 wrote to memory of 5144	2308	cmd.exe	110
PID 1076 wrote to memory of 5208	1076	ASCService.exe	111
PID 1076 wrote to memory of 5208	1076	ASCService.exe	111
PID 1076 wrote to memory of 5208	1076	ASCService.exe	111
PID 2096 wrote to memory of 5540	2096	ASCInit.exe	112
PID 2096 wrote to memory of 5540	2096	ASCInit.exe	112
PID 2096 wrote to memory of 5540	2096	ASCInit.exe	112
PID 2096 wrote to memory of 5596	2096	ASCInit.exe	113
PID 2096 wrote to memory of 5596	2096	ASCInit.exe	113
PID 2096 wrote to memory of 5640	2096	ASCInit.exe	115
PID 2096 wrote to memory of 5640	2096	ASCInit.exe	115
PID 2096 wrote to memory of 5716	2096	ASCInit.exe	118
PID 2096 wrote to memory of 5716	2096	ASCInit.exe	118
PID 2096 wrote to memory of 5716	2096	ASCInit.exe	118
PID 5596 wrote to memory of 3140	5596	ICONPIN64.exe	63
PID 2096 wrote to memory of 5748	2096	ASCInit.exe	117
PID 2096 wrote to memory of 5748	2096	ASCInit.exe	117
PID 2096 wrote to memory of 5748	2096	ASCInit.exe	117
PID 1076 wrote to memory of 1896	1076	ASCService.exe	123
PID 1076 wrote to memory of 1896	1076	ASCService.exe	123

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3140
- C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe
  "C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\is-ETF80.tmp\advanced-systemcare-setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-ETF80.tmp\advanced-systemcare-setup.tmp" /SL5="$60120,50323178,137216,C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\is-43L5J.tmp\Installer\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\is-43L5J.tmp\Installer\Setup.exe" /InnoSetup "C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
      4⤵
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\is-CHTVU.tmp\advanced-systemcare-setup.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-CHTVU.tmp\advanced-systemcare-setup.tmp" /SL5="$F0236,50323178,137216,C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar
        6⤵
        Checks computer location settings
        Drops file in Program Files directory
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\is-6J57C.tmp\ASCUpgrade.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-6J57C.tmp\ASCUpgrade.exe" /upgrade "c:\program files (x86)\iobit\advanced systemcare"
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\is-6J57C.tmp\ASCUpgrade.exe
        
        "C:\Users\Admin\AppData\Local\Temp\is-6J57C.tmp\ASCUpgrade.exe" /CleanDir "C:\Program Files (x86)\IObit\Advanced SystemCare\"
        7⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:640
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe"
        7⤵
        Executes dropped EXE
        
        PID:4008
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe" /install /CreateTaskBar /Installer=true /insur=
        7⤵
        Adds Run key to start application
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2096
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c SC description AdvancedSystemCareService16 "Advanced SystemCare Service"
        8⤵
        Suspicious use of WriteProcessMemory
        
        PID:2308
        
        C:\Windows\SysWOW64\sc.exe
        
        SC description AdvancedSystemCareService16 "Advanced SystemCare Service"
        9⤵
        Launches sc.exe
        
        PID:5144
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe" /install asc16
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5540
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe" Pin "C:\Users\Public\Desktop\Advanced SystemCare.lnk"
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5596
        
        C:\Windows\System32\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll"
        8⤵
        Loads dropped DLL
        Modifies system executable filetype association
        Registers COM server for autorun
        Modifies registry class
        
        PID:5640
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe" /ShowStr=silentWriteCache
        8⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5748
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe" /InitData
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:5716
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe" /install
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2108
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /install
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4544
        
        C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe" /i
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        
        PID:3508
    - - C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe" /TurnOn
        5⤵
        
        PID:5284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.iobit.com/appgoto.php?name=asc&ver=16.5.0.237&lan=&st=asc_install&ref=asc16&aff=&idata=eyJhc2MiOjEsImRiIjoxMCwiaW1mIjoxMCwiaXUiOjEwLCJzZCI6MTAsImlzdSI6MTB9&usr=0&instd=1&litype=free&expd=0&insur=other
        5⤵
        
        PID:3272
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8715180116135001806,3398308756324306131,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3272 /prefetch:8
        6⤵
        
        PID:6584
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8715180116135001806,3398308756324306131,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3260 /prefetch:3
        6⤵
        
        PID:6856
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8715180116135001806,3398308756324306131,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2944 /prefetch:2
        6⤵
        
        PID:6824
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8715180116135001806,3398308756324306131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1
        6⤵
        
        PID:5808
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8715180116135001806,3398308756324306131,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
        6⤵
        
        PID:5536
    - - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe"
        5⤵
        
        PID:5484
    - - C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe"
        5⤵
        
        PID:5780
    - - C:\Program Files (x86)\IObit\Advanced SystemCare\ActionCenterDownloader.exe
        
        "C:\Program Files (x86)\IObit\Advanced SystemCare\ActionCenterDownloader.exe" /Product=ASC16 "/Config=http://update.iobit.com/infofiles/installer/Freeware-asc.upt" "iTop VPN Installer B" "iTop Screen Recorder Installer" "iTop Data Recovery Installer"
        5⤵
        
        PID:5768

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe" /boottime
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4560

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /UpdateTaskschd
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5208

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /1 /41006400760061006E006300650064002000530079007300740065006D004300610072006500 /220043003A005C00500072006F006700720061006D002000460069006C00650073002000280078003800360029005C0049004F006200690074005C0041006400760061006E006300650064002000530079007300740065006D0043006100720065005C0041005300430054007200610079002E00650078006500220020002F004100750074006F00 /48004B00450059005F00430055005200520045004E0054005F0055005300450052005C0053004F004600540057004100520045005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C00430075007200720065006E007400560065007200730069006F006E005C00520075006E005C00
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /start
  2⤵
  - Executes dropped EXE
  PID:5684
- C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /RunCurUs
  2⤵
  - Executes dropped EXE
  PID:5784
- C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe" /service
  2⤵
  - Executes dropped EXE
  PID:6756
- C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe" /SvcAutoClean
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3136
- C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe" /autorun /AdvanceScan
  2⤵
  - Executes dropped EXE
  PID:7376
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 752
    3⤵
    - Program crash
    PID:7772
- C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe" /srvupt
  2⤵
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  PID:7588
- - C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe
    "C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe" /auto
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    PID:1912
- C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /3 /43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C005400610073006B0073005C004100530043005F0050006500720066006F0072006D0061006E00630065004D006F006E00690074006F007200
  2⤵
  PID:6352
- C:\Program Files (x86)\IObit\Advanced SystemCare\register.exe
  "C:\Program Files (x86)\IObit\Advanced SystemCare\register.exe" /trailcheck
  2⤵
  PID:7308

C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /Run
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 7376 -ip 7376
1⤵
PID:7448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6f2c46f8,0x7ffa6f2c4708,0x7ffa6f2c4718
1⤵
PID:5308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6316

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.EXE

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

Filesize
10.4MB

MD5
d7906166b7b3d2c2c070711224008eb0

SHA1
18bffcfa80b9cebaa4ad5a7be50504c3cdd6de64

SHA256
1baf1813ee58c8c22407e5a260ac8a599281caae7abb7ff7d77d167cf71c49bc

SHA512
16bad4a59105b55e36a9bd08c46c914e0e7dac9c1ca9a215d8f613460ad18766c41ed6e53e71584f25ee67c57b20b17479f20ef6e0c6f5f5c9df61856e400441

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.log

Filesize
1KB

MD5
4c74957e94a23e5dea8875fa4e347535

SHA1
05cbeb321e438fb2a3f9f78cef65a2ae15f2d05e

SHA256
9c7042d998f351943ffe154ec2544bc7ae251db4c76644542955f32e3d3d32e1

SHA512
9a6c85872e9e6bf9bf94caad1323f38e416c55156428cf1b4e55bd139ba2e3cb89a1218f0fd5da542e16f0ad36eb5cddede1ed17160e46839bd4dd194f39ab65

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.log

Filesize
3KB

MD5
7a7836b74f39b764c292a2c7c25dc9fa

SHA1
b99d64ae2f2ecec9dee4c62609726c217a6d26be

SHA256
7ff7f0e414941415eb4144d81d95f10d19fa931424a8c65699cd31cf734d1b2e

SHA512
ac42cdc4b8750edaea2d442a471f0a83e9e866662141b0b6ffe2f7b230752b35f6cb9eeb3b4f49ec9052bf48e94f9be448b69ba2523df80ceab7fe880e7f6ace

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.log

Filesize
4KB

MD5
9ebd04f29d5f43c2dc41ee23ed622324

SHA1
7fe872c8b87e147d6b88a05e14119239b558f57b

SHA256
e6e126de8163d7d8eb42062af86da7271b1b9d8d80cd97309edd2f8f671eb7ff

SHA512
3f9721a870b17774c862f1e30c1f337fcf269782a4745563104af04577c31cd818f748fc0146e35641a7748b1cc95cc1c115602d270dce8e339caa6e5e7658bc

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

Filesize
845KB

MD5
d0d95ed48c274ede3ec3d81b644ada3d

SHA1
93981f04409bf7fa5d163f10c7fcbe1c8bc18500

SHA256
cefb7c31d2da85081eb5ff1244c757e283a6d5197a1c7ab56971be678128afab

SHA512
254e84a971e44917dc072023a780eda5be32ab78cf78976bb6ef13f0c5071e4c809397596f28b0022ab4f7b1b873e7f1273571237ece97f3d56989473cc1f361

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

Filesize
845KB

MD5
d0d95ed48c274ede3ec3d81b644ada3d

SHA1
93981f04409bf7fa5d163f10c7fcbe1c8bc18500

SHA256
cefb7c31d2da85081eb5ff1244c757e283a6d5197a1c7ab56971be678128afab

SHA512
254e84a971e44917dc072023a780eda5be32ab78cf78976bb6ef13f0c5071e4c809397596f28b0022ab4f7b1b873e7f1273571237ece97f3d56989473cc1f361

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

Filesize
845KB

MD5
d0d95ed48c274ede3ec3d81b644ada3d

SHA1
93981f04409bf7fa5d163f10c7fcbe1c8bc18500

SHA256
cefb7c31d2da85081eb5ff1244c757e283a6d5197a1c7ab56971be678128afab

SHA512
254e84a971e44917dc072023a780eda5be32ab78cf78976bb6ef13f0c5071e4c809397596f28b0022ab4f7b1b873e7f1273571237ece97f3d56989473cc1f361

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.log

Filesize
868B

MD5
5c2c9f0737bb3d89232252afe32f539f

SHA1
fb6d7861404d6db89778ade50ff133610c26289f

SHA256
8da6d84b9e911f2bcfff37838ec1e5164e8b5b477a401eedf639da70ef5d745f

SHA512
5410bdce0cd423bcae5429b3f5ade760f708012048055810b568b418c0eed4b37592a06badfa340b523b9571eb22e8878b71489c6625b981acb5c8fc18b16732

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

Filesize
1KB

MD5
a4a785360e038c8b2c25344cf38317b7

SHA1
120123ecb0bad76aed15510115ff7cc381a4e72e

SHA256
f72b84a054348964e9b3806427dbba0e560a932d75c7182b5a30cadf9f386c5c

SHA512
0e0309ce36bb3c54a7f92edeee31f85a568919293e35cdb7f18da134321127cfe229a5ffaf86467802f65de147df1cbbf5ce2864c00c7d52d5b1261478ccda3f

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

Filesize
2KB

MD5
1f7ae129193ea6fb6b4f376112ba5893

SHA1
35a46c20f00d869d516c2cda49ca7a89de8d7445

SHA256
3f834ac34a524f424e7e1270698b09d12ad821e343dd97371e7874dad4cefc6d

SHA512
99be1df29c22f0013897783e021d4b7426baa0d86da89f4a8ba26309eecc385de5338ca73366df97447c1a7f1c56eabcd8db66eed40b6ceae1e6220aa99ca7f6

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

Filesize
3KB

MD5
91e34d257eac3eed8489e1e4c4779c5f

SHA1
188d3d6ff2d9bf823d19d4d2d8b01a6ca9e28154

SHA256
75b84556ac88adcec7d213fb4b59b71114fd51ec9481f6aa398045722b795f51

SHA512
516395885f76fa06bee88ba4688204c512e45461e1879bcd6eebaea0d6868e0c6fc3744fae5cd94845bf0609874482a9be9f1b3166a66778c5f656242740100f

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Database\ignore.dbd

Filesize
12KB

MD5
2802a5adfe7744bfca1ad914491de635

SHA1
43a7182b44282bf5b8a9a6b01cfc726d8a27d511

SHA256
d65c68d86d849e867d6ccce13312377bfab9f9d10de1fd82ebfe4d096aa3c797

SHA512
b76335b6dbcea3497d8a5842decbe6db140ead51ba01c9d7bb0b59cb1847f8f989d08a3ea6a346ce03569d2da6609d2803f111c7c5e49f928ca4b16c34189dfa

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

Filesize
32KB

MD5
f98a4521a2d99476b50fa4aeb71cd15d

SHA1
7a66ee7d7c88c5ff7f9d84277b97bfd66c4b20c6

SHA256
65d20649d14af3e6025765b5d0436c5396edd430bf155cbf8ad0b1483a7671f4

SHA512
b297763f3d9db97ca84c0509af0b6c289ee934327df280ddeae69573a934ad3fe7be7411e1f831a49080e9418b187864b205c31e8ebb1ce0e41d7cfc6efeabc9

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

Filesize
32KB

MD5
f98a4521a2d99476b50fa4aeb71cd15d

SHA1
7a66ee7d7c88c5ff7f9d84277b97bfd66c4b20c6

SHA256
65d20649d14af3e6025765b5d0436c5396edd430bf155cbf8ad0b1483a7671f4

SHA512
b297763f3d9db97ca84c0509af0b6c289ee934327df280ddeae69573a934ad3fe7be7411e1f831a49080e9418b187864b205c31e8ebb1ce0e41d7cfc6efeabc9

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

Filesize
32KB

MD5
f98a4521a2d99476b50fa4aeb71cd15d

SHA1
7a66ee7d7c88c5ff7f9d84277b97bfd66c4b20c6

SHA256
65d20649d14af3e6025765b5d0436c5396edd430bf155cbf8ad0b1483a7671f4

SHA512
b297763f3d9db97ca84c0509af0b6c289ee934327df280ddeae69573a934ad3fe7be7411e1f831a49080e9418b187864b205c31e8ebb1ce0e41d7cfc6efeabc9

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

Filesize
1KB

MD5
deb2cf9da817bf2b2dae932568f37c25

SHA1
4715b7ba82974ef555f43bb60615b5812a6f4139

SHA256
0ad992a8054e947303093f01aaed16708d32bc3e207406ac3a2d755fb54bdf02

SHA512
a2e6696c37c8e7d82aa963bec7c8af8cf295fad1f3b2037c8400d4542c82a1c00e51af6a0706655bb5d6a34e7b221ccb4b80853c115a6b1788c895c288a95c96

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

Filesize
2KB

MD5
3bd6a10e4451f12eae1aa930faee72fd

SHA1
5cc76bf983b1e3565d8120328b8acb6c80d59365

SHA256
44a0ad0c1559069f582fe52d1cb836e8b61bd3e04b33cdca72620c26d38b08e5

SHA512
d71dfe9918838061bf811ec2653fd5a0a61a67b495efc2ba72f94903923cd14763fc4199ca2ee16defc09ed5132c364c87da0d8b241b1fd4c30e433f8cf094c1

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

Filesize
3KB

MD5
fcbc7cfac9e7539731a9fa22e4a286e9

SHA1
fc1874f4555cb8ab7e95656b5f429e4276fc275b

SHA256
6c331fea208792d4c721d2fc8ee104eef843f5458a26cb898eaa4ef0b976114c

SHA512
d2b02984c879f1a995273b21e9716934b79327355bda366b4fa4875a6ecabc9a8e4e416d73a4142ab2619f3d6a2db648780e1559e9da00e36e2fb19424bf1f14

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\HardwareLib.dll

Filesize
188KB

MD5
c534cd2ef9da6d3a50c27dad7a188a04

SHA1
0ec214523183fa2a47e434258fb4320c49cf851d

SHA256
040d71da31dae5b78f3e29149962f79d4cf53cf9a88a6e82d94a3f65cbefb09b

SHA512
b376eeaa837d8ee06b26e06cd31ab22a3ce30c4529cea9040fd876877ade3de8d76e74dc8eee52b7ec6c0880c8fec54b4bcd158f5c3bc676d1f360d09d9cb6e2

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\HardwareLib.dll

Filesize
188KB

MD5
c534cd2ef9da6d3a50c27dad7a188a04

SHA1
0ec214523183fa2a47e434258fb4320c49cf851d

SHA256
040d71da31dae5b78f3e29149962f79d4cf53cf9a88a6e82d94a3f65cbefb09b

SHA512
b376eeaa837d8ee06b26e06cd31ab22a3ce30c4529cea9040fd876877ade3de8d76e74dc8eee52b7ec6c0880c8fec54b4bcd158f5c3bc676d1f360d09d9cb6e2

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LiveUpdateSrvUpt.log

Filesize
804B

MD5
62b564910459a2134a409de4915cd017

SHA1
22e952c1610a1f1820eb4406b72e95fb83e43536

SHA256
a5e698f3610e7eaadf2b398fe5a6c846577c3459f9cd4d87e7f156ba86e76b06

SHA512
85d03ec2d060bd02edf6907f5278da5c52ce4383a608e448d754f8220fab4c9bccd9c6ef5e09a16a28fef87ef03c0f24e147586b720ace798a1801486bbf6aa2

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LiveUpdateSrvUpt.log

Filesize
14KB

MD5
9b40926787cec2e3a34d5820f05783be

SHA1
a526e6d031aaed881eb424efe157d13a8047db58

SHA256
ef1445db3287242f16790a82ec1e6ca6d376a96985b4c4d7900b3a2bbec2c6a9

SHA512
950311efa6c7958fdca48f39a19375cbd5601f56fb168230c3e7e3948b4121090657c5c335d624d73df8fda65938a4cfc94f1ec0c8bd106276a7604594b0be34

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

Filesize
229KB

MD5
bcb3518e3c4f380e7b26ce231997b0a1

SHA1
566fbf7a9272172b01c82d67d5d2345c7bb82577

SHA256
66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5

SHA512
bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

Filesize
229KB

MD5
bcb3518e3c4f380e7b26ce231997b0a1

SHA1
566fbf7a9272172b01c82d67d5d2345c7bb82577

SHA256
66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5

SHA512
bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

Filesize
229KB

MD5
bcb3518e3c4f380e7b26ce231997b0a1

SHA1
566fbf7a9272172b01c82d67d5d2345c7bb82577

SHA256
66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5

SHA512
bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\OFCommon.dll

Filesize
992KB

MD5
35f41fa498bfeff4b3d94aaa670f317b

SHA1
c0a75452c5eb5ff1d372892cd189502bd6ac5520

SHA256
6d5b5b0ec6d85e847007db9d0228f402e3fcf6b43c4e7fe6bb17ca2f89173807

SHA512
d609ebb49d907a6a9164d5b342c7ceb6ffe2a4947b07f81589423f693d6d26a09b45a39d155f5e3633d203e67bb3d4e6c1f637dde0f14b94eedde6b34fc5a0d5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\OFCommon.dll

Filesize
992KB

MD5
35f41fa498bfeff4b3d94aaa670f317b

SHA1
c0a75452c5eb5ff1d372892cd189502bd6ac5520

SHA256
6d5b5b0ec6d85e847007db9d0228f402e3fcf6b43c4e7fe6bb17ca2f89173807

SHA512
d609ebb49d907a6a9164d5b342c7ceb6ffe2a4947b07f81589423f693d6d26a09b45a39d155f5e3633d203e67bb3d4e6c1f637dde0f14b94eedde6b34fc5a0d5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\OFCommon.dll

Filesize
992KB

MD5
35f41fa498bfeff4b3d94aaa670f317b

SHA1
c0a75452c5eb5ff1d372892cd189502bd6ac5520

SHA256
6d5b5b0ec6d85e847007db9d0228f402e3fcf6b43c4e7fe6bb17ca2f89173807

SHA512
d609ebb49d907a6a9164d5b342c7ceb6ffe2a4947b07f81589423f693d6d26a09b45a39d155f5e3633d203e67bb3d4e6c1f637dde0f14b94eedde6b34fc5a0d5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe

Filesize
1.1MB

MD5
c058768b94f6552aa39061ff214bd065

SHA1
2b38062b78ea134273d676de3430b7031745271a

SHA256
34f09efde3f3e12d148de748757ae6149ba05c3763c167020e59c9dd57e1dfcf

SHA512
9c88c13c987f57b603fe48ff4e19bc951cf48281a57a98a0040f31d3d1d076c7db3550da5177cfd7de7a20eac48e2f7adddaccc4e9d079d6c2db22ca0679325e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe

Filesize
1.1MB

MD5
c058768b94f6552aa39061ff214bd065

SHA1
2b38062b78ea134273d676de3430b7031745271a

SHA256
34f09efde3f3e12d148de748757ae6149ba05c3763c167020e59c9dd57e1dfcf

SHA512
9c88c13c987f57b603fe48ff4e19bc951cf48281a57a98a0040f31d3d1d076c7db3550da5177cfd7de7a20eac48e2f7adddaccc4e9d079d6c2db22ca0679325e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe

Filesize
1.1MB

MD5
c058768b94f6552aa39061ff214bd065

SHA1
2b38062b78ea134273d676de3430b7031745271a

SHA256
34f09efde3f3e12d148de748757ae6149ba05c3763c167020e59c9dd57e1dfcf

SHA512
9c88c13c987f57b603fe48ff4e19bc951cf48281a57a98a0040f31d3d1d076c7db3550da5177cfd7de7a20eac48e2f7adddaccc4e9d079d6c2db22ca0679325e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.log

Filesize
87KB

MD5
78bf5e207c258d875b8d9dfbd20df7f7

SHA1
ebfa40f46cf71d2e1d0a871143b2910172080b7b

SHA256
de18cb7a50fbec83523c5ded5bd8ede9c04d5775716e9a5397f52b5ab1b6e926

SHA512
5253b36fab6bd201d3ad7e47b503aa6de75c1818c7741cf000348090a7bba8527246cb6639a463b7396e8b6b92260d86e7c864762ce4f42eb58cc2db7c611135

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

Filesize
1.1MB

MD5
0e7882975ac8dd3a0f8f48734705c192

SHA1
4f617a3149ef53244b8715ac288af44ceee01467

SHA256
3ea20404b5592aeccc3466eacd93c0e3a1ed1294f525668837a6bd20bdd84383

SHA512
2a9193da99027bb3e1778277b913c0be33076f1d6d73fb6fdd7bf66dbdc07547c9007d0a8da6b10256db73a4ed80e7bba0b9861b4eaf6eebc05bf88cc31b53da

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

Filesize
1.1MB

MD5
0e7882975ac8dd3a0f8f48734705c192

SHA1
4f617a3149ef53244b8715ac288af44ceee01467

SHA256
3ea20404b5592aeccc3466eacd93c0e3a1ed1294f525668837a6bd20bdd84383

SHA512
2a9193da99027bb3e1778277b913c0be33076f1d6d73fb6fdd7bf66dbdc07547c9007d0a8da6b10256db73a4ed80e7bba0b9861b4eaf6eebc05bf88cc31b53da

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

Filesize
1.1MB

MD5
0e7882975ac8dd3a0f8f48734705c192

SHA1
4f617a3149ef53244b8715ac288af44ceee01467

SHA256
3ea20404b5592aeccc3466eacd93c0e3a1ed1294f525668837a6bd20bdd84383

SHA512
2a9193da99027bb3e1778277b913c0be33076f1d6d73fb6fdd7bf66dbdc07547c9007d0a8da6b10256db73a4ed80e7bba0b9861b4eaf6eebc05bf88cc31b53da

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Register.exe

Filesize
2.9MB

MD5
c59538de5477005cd9264c57146a1b2e

SHA1
d421339822033d724fded9f330f43b8739826acc

SHA256
742445d540a7d3a96c95a12cb24a84780255c577a4280a65613be4352779e48f

SHA512
21a2e9f941a361e66eb61e78828d7d6445f176622495089c2d36370dbc544352629a2f24f1374f71300aa5b6d23367810533179050611822532885a5b22f4213

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCUrlScanner.dll

Filesize
484KB

MD5
9bbbacf7e04d12ded0b46a69ca785ea6

SHA1
1c66160f340ae8869bcdd0df061acf43616e3115

SHA256
39f78b45d8e587bfd83592bfc00bc553535581f7eac2189e796629c3e942e268

SHA512
b02445bd9d9b4f0d4056f241a1fb36d16c414e9afa85c9ffa2fadcde9223c5e3a1b33d363899402d4f418e706f851ec4b290994e3851670a1a12b04880246c3e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe

Filesize
1.4MB

MD5
a4c4cb5cd7e4c30d4d7e0dfb58c00a22

SHA1
1cf21920ff7c3f14d9084ae72db87b14de8635e4

SHA256
a711deeca99de5187715b98d942ddc93ced74d426f2e7213bd1237d5fdc31bbd

SHA512
b3f36061b60a31f6620f634e2ed2944f59643de2e08e1186eb61592d1660291f294afd5f2f9974bec504e130904222b2239387958d7dea82fc22f856e89b6781

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Update.ini

Filesize
6KB

MD5
04b25f2f64a895e7d2ace377c00d3999

SHA1
4f7a382da9fc38d4b2ed02dc50c4b02d3c95c05b

SHA256
eb581eb57f0cd1a0fd9a1bce536fda7a843bb6b09bdc9c8e6617e74e9933bd1e

SHA512
146fa86e80dfdf21b7b568d420498aa573b6dfa8a092ef11c23411656c44834bae99e71b5f38843b021d3bedf53c2292694e8c483abe401641858027dd8d0783

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\datastate.dll

Filesize
78KB

MD5
86bdbc01aecd0a413ee4a0583949329d

SHA1
f921cd9c5e89c1acecd7b235583e6d65165a6614

SHA256
85c0c5b3e17c5f9e9f5531dd9dc848b946a29902ce1294ca7a32a1d169fa0faf

SHA512
3b13542a9354297b27415ab9d9bca6adda884d4e2238cc924715ef29f14d819a3c768b9d8a2c7fffe6c6500c9a79b5483e1265df870650a215e928ac28b1225f

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\datastate.dll

Filesize
78KB

MD5
86bdbc01aecd0a413ee4a0583949329d

SHA1
f921cd9c5e89c1acecd7b235583e6d65165a6614

SHA256
85c0c5b3e17c5f9e9f5531dd9dc848b946a29902ce1294ca7a32a1d169fa0faf

SHA512
3b13542a9354297b27415ab9d9bca6adda884d4e2238cc924715ef29f14d819a3c768b9d8a2c7fffe6c6500c9a79b5483e1265df870650a215e928ac28b1225f

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\is-0IPC4.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl

Filesize
212KB

MD5
73bc46c0170de5d72d1e5e0df51ee68f

SHA1
bc92d0c16258b2a42ad9774fa7b6006bc32607ed

SHA256
4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8

SHA512
642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl

Filesize
64KB

MD5
f1d430eacd5aac17c5de78f0de3cf774

SHA1
b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d

SHA256
20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62

SHA512
bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl

Filesize
438KB

MD5
9ff9e6b33bee8e297bbdb47e8ac9b60f

SHA1
b49d037a12c43958ab24b3869359e6ddbe8cc551

SHA256
655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815

SHA512
7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl

Filesize
212KB

MD5
73bc46c0170de5d72d1e5e0df51ee68f

SHA1
bc92d0c16258b2a42ad9774fa7b6006bc32607ed

SHA256
4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8

SHA512
642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl

Filesize
212KB

MD5
73bc46c0170de5d72d1e5e0df51ee68f

SHA1
bc92d0c16258b2a42ad9774fa7b6006bc32607ed

SHA256
4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8

SHA512
642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl

Filesize
212KB

MD5
73bc46c0170de5d72d1e5e0df51ee68f

SHA1
bc92d0c16258b2a42ad9774fa7b6006bc32607ed

SHA256
4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8

SHA512
642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl

Filesize
64KB

MD5
f1d430eacd5aac17c5de78f0de3cf774

SHA1
b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d

SHA256
20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62

SHA512
bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl

Filesize
64KB

MD5
f1d430eacd5aac17c5de78f0de3cf774

SHA1
b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d

SHA256
20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62

SHA512
bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl

Filesize
64KB

MD5
f1d430eacd5aac17c5de78f0de3cf774

SHA1
b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d

SHA256
20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62

SHA512
bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl

Filesize
438KB

MD5
9ff9e6b33bee8e297bbdb47e8ac9b60f

SHA1
b49d037a12c43958ab24b3869359e6ddbe8cc551

SHA256
655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815

SHA512
7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl

Filesize
438KB

MD5
9ff9e6b33bee8e297bbdb47e8ac9b60f

SHA1
b49d037a12c43958ab24b3869359e6ddbe8cc551

SHA256
655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815

SHA512
7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl

Filesize
438KB

MD5
9ff9e6b33bee8e297bbdb47e8ac9b60f

SHA1
b49d037a12c43958ab24b3869359e6ddbe8cc551

SHA256
655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815

SHA512
7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

Filesize
1.1MB

MD5
4f2040add9f5b541db07a2e866e2c5ca

SHA1
b04da67e7ba7207deb99f56062661edc919f543a

SHA256
b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22

SHA512
4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\sqlite3.dll

Filesize
908KB

MD5
5b5a926a887f4a9f3eecc54598f697db

SHA1
86044be248e9fac25a0d8a3dd3c617da8688b7ea

SHA256
bc0c750c98bd413e7975e8b17b1101c346dda53100020161bc5141f77ed98932

SHA512
3031b4cf17cd4261d9c36495cfb707c6be10bd1444c8e474d1f117df55cadb32fe1661f239499d6f1ba3d3d96def6f6b4eae7e3fba543c6a5c8b98dedeb91412

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\sqlite3.dll

Filesize
908KB

MD5
5b5a926a887f4a9f3eecc54598f697db

SHA1
86044be248e9fac25a0d8a3dd3c617da8688b7ea

SHA256
bc0c750c98bd413e7975e8b17b1101c346dda53100020161bc5141f77ed98932

SHA512
3031b4cf17cd4261d9c36495cfb707c6be10bd1444c8e474d1f117df55cadb32fe1661f239499d6f1ba3d3d96def6f6b4eae7e3fba543c6a5c8b98dedeb91412

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

Filesize
1.9MB

MD5
3370add5bdff47bc8ebb0dd2fca36b32

SHA1
573144b3427279e687ac1d0f131b58dceb47e186

SHA256
52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244

SHA512
0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vclx120.bpl

Filesize
223KB

MD5
49f74e40e1f7971be8d0ea71f2bfe90b

SHA1
a37b40b4bc153a2e76c1d62bcad6f2318f8db903

SHA256
de93bd10fdf546a57f24f97034f61699265dd80f973739f2ea5c68a0db540a5c

SHA512
84239ef5bf648196b4a9bf099d39f8c4603c22b72405485b17c25b0b767b8a08a209dccc800394a8152d4f5a0cc722fbc0390860cab020b269e110d42b310dea

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\vclx120.bpl

Filesize
223KB

MD5
49f74e40e1f7971be8d0ea71f2bfe90b

SHA1
a37b40b4bc153a2e76c1d62bcad6f2318f8db903

SHA256
de93bd10fdf546a57f24f97034f61699265dd80f973739f2ea5c68a0db540a5c

SHA512
84239ef5bf648196b4a9bf099d39f8c4603c22b72405485b17c25b0b767b8a08a209dccc800394a8152d4f5a0cc722fbc0390860cab020b269e110d42b310dea

Download Submit
C:\Program Files (x86)\IObit\Advanced SystemCare\winid.dat

Filesize
691B

MD5
257e156c11b8b7add49c39f8ca6a3f0f

SHA1
bb187acab93b07564574869fff60696c56d689be

SHA256
a3f9a47f0b48afb31464cbd4bed3338546094757cf7796cc6bec3bd7d2562852

SHA512
28d22fbd87a05d51af442b662befc06ecae1312136475d286cc1b747d255be4705a9ac5102825942a3b9c3d00cf2e9714f47ca25a246e30d3713ecbaa598fa7b

Download Submit
C:\ProgramData\IObit\ASCDownloader\ASC16DownloaderAC.log

Filesize
1KB

MD5
c43c4b1a7c1edaac29a772589f5fa5e5

SHA1
0534f02a66533067a1743862e7a3333238394682

SHA256
fe7575f78d8684392fee7e9c7e5889fe530992e253887eb597b55401d402f363

SHA512
f599d214f32da7aa1d8220a7e4994b99b28e4b090a850f4e83085d1ac7e21f2af460402a036bd7ef61510673a78944fa5bf9cfb6c266dc91e77efc5c53077cc6

Download Submit
C:\ProgramData\IObit\ASCDownloader\ASC16DownloaderAC.log

Filesize
3KB

MD5
77f76177ff1c7500f1f8154f9fa5d2b2

SHA1
274678e557db11cc834ce757428e9cad2d19ca7b

SHA256
7e31320202997600a69ca425cf2432617128f7adff7358f2797f23c5dd124cb7

SHA512
46d94ca7e5544fe52eb615a335840079b83c4b2e1db2bd605c87bb19b65c3ff5cc12900e94d1ceec336cd1c5d2bf5f12da53b0cbfae1a3e4dd8e00027c20e56a

Download Submit
C:\ProgramData\IObit\ASCDownloader\ASC16DownloaderAC.log

Filesize
5KB

MD5
f8ef2d65742b1a9e5b0cc8d1ecf7b5ab

SHA1
d6843ecd7b555ec04a49694a8954c9b657d144d6

SHA256
a429b23970a9e0e6423f9c9b2ec95b93317345f31dd6dea97e0e0e24350abaa0

SHA512
3f8d8c90658b77f59c0fc03ac8267e2137cbbd2ddd0964bca94cffc09c6a35d18c3c1a7a9431d2ca980a6590db5e49efee8c9f3f7a36479c02e6520457c11a64

Download Submit
C:\ProgramData\IObit\ASCDownloader\ASCInstaller_Downloader.log

Filesize
1KB

MD5
70103faad89e0535ad180d38088f7585

SHA1
f1837a0a9684b30828b7eabbebaa998728fe1a92

SHA256
d8f1217ac6cf52d6e5721f176db089c1b425022b996259c331b42425c0a29c82

SHA512
f6a8e019c6f5ee478e5eacaf960a4f6871cfe041b847a5569f190edd20ec63fb358bb1db71953204f98b23e4f3aed61a9bb3b4af4ea01ffbcf2a49ed2a3e7faa

Download Submit
C:\ProgramData\IObit\IObitLiveUpdate\update.ept

Filesize
58KB

MD5
804cb4884fc3d17a6b732aaaaa5c56ce

SHA1
1bfcf5667ea241c95d0cd93dfdd81081bdfc87bc

SHA256
2c526c59628e08e466d1c4b2dab0d20b0dc33843f97127126b9b7c4305b4e06c

SHA512
54cabda5d18ad5b57872d8316cca95d3c3ada88eac012345961b419193b74e0dd10bb793e1a5ff56823c1ecc1e6799992d2478bbf5c7c2668cb5009b04c109cb

Download Submit
C:\ProgramData\IObit\IObitRtt\ASCRtt.ept

Filesize
148B

MD5
b15968aad9e33b0c74ab13dbcc7bdd05

SHA1
065e3ad65cf55e4ef66638f972d1a91ba02e9cbc

SHA256
26109c4c54ec5e237e4a0b1a97ce0a9aa158342066c27a43f388e4a0824a7c19

SHA512
a22f9c330e0d6c986777bd5c7b8ba25102346a3e5c92f50c0dd219cb061e3356e647791ac71595a850eee18301baed0ead065b53811a9738b24d0748ea000249

Download Submit
C:\ProgramData\IObit\Install.ini

Filesize
102B

MD5
b75af6466cd2bad627708bf29387ff72

SHA1
d5056c69ad56a3b0e613f18290a8ef001d7bbb14

SHA256
a38696412a175cb4400a6621b02949d0031236dcaad12650f70a98cfff6211c5

SHA512
b8f9b1359fc8fdb9ad8e7d85e8e34756f61290c49c7e9ed5a94fc6567bc2f0ef811afbeb5868978edf37c83101ca16a02c94b4d8160010c594543df491c1839b

Download Submit
C:\ProgramData\IObit\iobitpromotion.ini

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\ProgramData\ProductData\StatCache.db

Filesize
251B

MD5
a4a49451f406f606c294ae48bf31302b

SHA1
453b45cbdce4cb4168bb87f4312489751325e19b

SHA256
76f9e0b2cd0bdb382e4c5c0dd1c7ea5d70efc0ea90a4898b45987f604e363828

SHA512
9a2574f6802f8bcef2747047a62d08b5dcbc5a1be17e4a5daac0e729fc4584bc568ded482190853c7438b864912eac82ecde4695e9d824664364ce3730a6f39e

Download Submit
C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini

Filesize
58B

MD5
93b446dd65d042839a2b8945297bfd27

SHA1
7ef7655ab2cac178f7de0fb202f49a1ede669629

SHA256
c1fa0ccf737521386cd519f7a021db26a67d28cde89da75f564ecc1d1d31ee6b

SHA512
53595d19e40dc3bb704c06efb97303020c053d8d114aff806891535de1c0469b61c4f8d66709f45f07215c44d810afaabc5bb20f67833c789fa18d9bba074cdc

Download Submit
C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\ProtectRecords.ini

Filesize
138B

MD5
0e9856970f5cb2544dbf5ea83fe9391e

SHA1
1379805a305d9de0ba7eeb1f7cc46f40eb59a7f4

SHA256
dd5bf9c2f483789e8853dbc42429774e9c28d51a086a6c57ef78dd414e5a5422

SHA512
010591395be0eec618cc8e9625228ae7fd5e3c91162e24ee96bc2c818abff44b9ae9d0d1e0a6261cb40ccd2cebc1b7145bb1c3cd9abac25780ad41b4463f0c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2cdec45dd4423406a00c3f43ea9c816a

SHA1
721890cfdb0a0861cb60862c3f4837f59dbd6e61

SHA256
5cc85bf6946512f79372ac8ea7fc4b6a01fc3c900c9bc336a19b660a26bf0a35

SHA512
fd2fc4665fefc8182aa834ca071fc1f79fd581c80b6cb6c3732b0e8188ff2fa79c08d7f428b60cefb941b36f27d6ce52def9d1133b3ac882a4c890294246ec6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\02zxkU6CaC(gZQ4d.tmp.dat

Filesize
422B

MD5
ef58446cef430aea639f60c6efe167fc

SHA1
2d383a7436394cd82b37d3970533b736e8a7712d

SHA256
95a17475087a259f8ffab7c403b323d2ede73a82f7009ca147bfdcb5a0c19653

SHA512
d961323de4323773314c7c9d52c24f31e7358716694454892b21e29c74215ac415723b67f0c2d4886283db8219fe478dac266f476152efc34f9cbf28e4f355f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43L5J.tmp\Installer\Rinside.dat

Filesize
22B

MD5
3115e02fd135942a8eb97ebffe751beb

SHA1
31764acb175a41b5342bb89e3a951e85084e5d57

SHA256
a9161ffe6690069e1267c6fdad055fc0112144273b66a8bdc59862941279b21b

SHA512
065dc4358ce8f88a044d1764503901cf4a1ba75cd45e3021c0f956955ebd0942718bc09dbed6214d70c1efbfc9fd3adf02abc10694677e5b8cc50b10e92582e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43L5J.tmp\Installer\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43L5J.tmp\Installer\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43L5J.tmp\Installer\Setup.exe

Filesize
6.0MB

MD5
d5a0a7b998ea00c38d6c7ea65d8352b9

SHA1
1b2142021f63d9b1bc058fd5f5ee9da1df19b56d

SHA256
2d2fa8ae4e98a9f21888876f26d9214fdc744fb437dd3428fc89f81b1a414ad0

SHA512
43ef234641da5f78f50805e0b9bdb34c2fbd43e4df8a59eb4bc2449d742dd869bd61c51e3757c5b9608a6e668679da35257625fa2c0f028e88b82efab6527b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43L5J.tmp\Installer\libcrypto-1_1.dll

Filesize
1.7MB

MD5
b09a5c562bb1d521de69d37ce5286f3e

SHA1
5177d1c96fc389c6377d4256187f76579cdeb2ed

SHA256
c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181

SHA512
5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43L5J.tmp\Installer\libcrypto-1_1.dll

Filesize
1.7MB

MD5
b09a5c562bb1d521de69d37ce5286f3e

SHA1
5177d1c96fc389c6377d4256187f76579cdeb2ed

SHA256
c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181

SHA512
5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43L5J.tmp\Installer\libssl-1_1.dll

Filesize
362KB

MD5
9405ea98989968e07b5c9497ff54b560

SHA1
2c8142bb1b667af133e03a51cfd7427deac1b900

SHA256
5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba

SHA512
1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43L5J.tmp\Installer\libssl-1_1.dll

Filesize
362KB

MD5
9405ea98989968e07b5c9497ff54b560

SHA1
2c8142bb1b667af133e03a51cfd7427deac1b900

SHA256
5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba

SHA512
1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-43L5J.tmp\Rinside.dat

Filesize
22B

MD5
3115e02fd135942a8eb97ebffe751beb

SHA1
31764acb175a41b5342bb89e3a951e85084e5d57

SHA256
a9161ffe6690069e1267c6fdad055fc0112144273b66a8bdc59862941279b21b

SHA512
065dc4358ce8f88a044d1764503901cf4a1ba75cd45e3021c0f956955ebd0942718bc09dbed6214d70c1efbfc9fd3adf02abc10694677e5b8cc50b10e92582e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6J57C.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6J57C.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6J57C.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6J57C.tmp\ASCUpgrade.exe

Filesize
1.4MB

MD5
59a2ccb20887a9240e8a94cc543eb2e3

SHA1
9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce

SHA256
bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6

SHA512
2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6J57C.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6J57C.tmp\libcrypto-1_1.dll

Filesize
1.7MB

MD5
b09a5c562bb1d521de69d37ce5286f3e

SHA1
5177d1c96fc389c6377d4256187f76579cdeb2ed

SHA256
c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181

SHA512
5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6J57C.tmp\libssl-1_1.dll

Filesize
362KB

MD5
9405ea98989968e07b5c9497ff54b560

SHA1
2c8142bb1b667af133e03a51cfd7427deac1b900

SHA256
5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba

SHA512
1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CHTVU.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CHTVU.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ETF80.tmp\advanced-systemcare-setup.tmp

Filesize
1.2MB

MD5
4100108c68330e46bb48acc5089e139f

SHA1
a467b13d5d4a63b662147af668ab858e957d73e9

SHA256
902757dcab1ab2d599232478e2386b9ae1157e1bc2c677fbe879472863dae3cd

SHA512
9ec9a7b67e46761fb7753d1e566fbf54c59edd67feed62d4b60f1c7b32b5fa63ba36b88306a1525cd172e1395eaace8f9580198ce11c8d13ff1846a56c8dc3c8

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\HomepageAdvisor.ini

Filesize
214B

MD5
8650b1755b632485f2dd439f3a3c6126

SHA1
8c1ca0c0cbc869d75c7f174a77b282e457e9d78a

SHA256
931b07b89eac79e4011037fb46a1922c3837f25b900598d3ad0f386a030e88d6

SHA512
c0bd889d248e05ff2be70765f48c756ec313e481d7747c676d7365af3fe0e332cc76f08463e07f829d412ea9cf42b2aaeae6eca3d12438e7497bd77a428d1bf6

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\HomepageAdvisor.ini

Filesize
3KB

MD5
9de903984e9a73b533f702469eb6808a

SHA1
0642e5b64f427a336395210a4799199ed751ef14

SHA256
fba0f32a8a890a0a6d14d7b2c063b3adb4ba8bcbc0e34d56c3188b8b6e531091

SHA512
1eb6f1d65e571f201760b87266869511ac904780948290035457f6e896366c1357cc81ccfd15c69fbc94f2bf01736b0073bbec916b5034b5181846a3428ee4a7

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Ignore.ini

Filesize
14KB

MD5
8cc6f7e704c72dda22035d5fff19759f

SHA1
90bbd43e42b2f46f327f26b01d782d94d8348bd4

SHA256
60b40150366fb7540d6da67f0719b8645d4513c270fe49234c25a664a7a7b623

SHA512
ac2469f5e48564f3e0ad2f645445f1aedc2cfabd53b7706a383cdaa2b1fdbd6f4a255779b079af2ac27c9cf109cf4a0b21e9b302aa68071b0af1d1ff65878673

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
1KB

MD5
e9bcbe74a8705de5499d14ef6ca9ca3e

SHA1
2cb5f2f35cb6edb54807c77bde872e70ec6f2f4a

SHA256
acf65e87923c51e3baadc713a978ae38c3db29600ff498e409ac26bf62a1c99a

SHA512
30ff7eeb0eb32888f0c8a67227c01c367280d6063f7b85ba049bd37af194110bcf3391d68f96db47dbbb9475fa0e6bfdac7e0fc9f94f168c205c33379203dc09

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
2KB

MD5
abcd7e3aaa782a05202db8cc453eb56b

SHA1
30c2380e813b6ad4eb9d8e99e1e9101896521764

SHA256
457c7488e6426b880072b4b677173f2a611471325562c4af5e68e059b5e3189a

SHA512
783670dc78f38b3273e39f224a03369e75f257ad005feee6e921cbd642c3ed581baf0eb3e55c45f44728181fdf5cd3de2aace39c8295ab9c2e46488e6a25862f

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
3KB

MD5
36ec11201c923abc807ba3773fbd74b0

SHA1
8c8745291aa30c10ea5574200ace61689bb3afd0

SHA256
8a94a8dfe0b7fcbf0f06f48e4fd22bbd10588d5dbe26b3a8417b7cf905508331

SHA512
04a3db4832130137b670612a47f65e7530fc81731c979a1578922c0a455b36d5e343178d444e00cfabd566759723e1c4aaea240f062d97ab97853270bb0b7eea

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

Filesize
4KB

MD5
64cc21f456975ef045c2233bc09b82f0

SHA1
08842ec958d181477a417d024967758de5af8788

SHA256
89570c030071e72bdca0f8d8b3811b3741dc6b9b26550ed6b9da1d57b2ad0947

SHA512
3299841d56962c7b5b88051e57ee140f737b9b278fb14f2fd669bc869987a93d2df04ba4e0eeb715c33d1f2e21fc47e506ef2832a0ba36455091109f21e79384

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.Ini

Filesize
370B

MD5
f4182c509abdd1db1af29e3a52ab115b

SHA1
c48cc690b6501a14d0f19929ef14a0ccfbb6af07

SHA256
765ab56940961ac2247d4e45df8a3c17c9bf15845ed3d0da7139f0966be9f68d

SHA512
50333299de7133c16d2f555336bb51e08ec700933cad3a1f98dbf69ef82bfea7cd8ab8881bb36619884e79b5115d3cf33fac91b02788fed587c9512e2eb55707

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

Filesize
370B

MD5
f4182c509abdd1db1af29e3a52ab115b

SHA1
c48cc690b6501a14d0f19929ef14a0ccfbb6af07

SHA256
765ab56940961ac2247d4e45df8a3c17c9bf15845ed3d0da7139f0966be9f68d

SHA512
50333299de7133c16d2f555336bb51e08ec700933cad3a1f98dbf69ef82bfea7cd8ab8881bb36619884e79b5115d3cf33fac91b02788fed587c9512e2eb55707

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

Filesize
67B

MD5
016220fde89d6e0e639b1aead87e56a5

SHA1
f6bf6bc52bb3598d46dde9a226a040812df9ef38

SHA256
4dff793d5d3fa93c01a5f6239405fb9e95138313bcb0d3c87584b242a2e47bb3

SHA512
c1f063bdcd70cb7038daf583002271a6701f55549e7cac2107df60dce418ec78a0b757ca7fa80291feb2031834e8ac06c08a829225bf9d2fd66e9f1e654ec58a

Download Submit
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

Filesize
316B

MD5
a4d63b768e009627f36888409811425a

SHA1
9847c1a2b7c542ce0de4864c7178de03908d666f

SHA256
7a612fd586d852685be693f672026c18a634ba3673f3fa55f3a399df06233a7e

SHA512
5cc4aca89326921e984d708dbc0ce43b2caf03fe05cd867cebed73b5bee999c36502f202f5934e5c34eff7edc34be9fb40e9a62d6a2ec52a02b5f499d0a808c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare.lnk

Filesize
1KB

MD5
eedeb3ca084466516c9cce26d12c6ae1

SHA1
012bf46c22f249da40aa5ea53fb201454ad322a0

SHA256
913468932fa243f37e3099d16f61f076353bca6ca7bcc598ec81633b7ef67403

SHA512
bb2398bbfc5004cc986be7584415ea793a6f37394beb194c57eb4c1c07e847d58bc778baa54dc77cc806554d6cb0b51da2fb2855e7f49f2cf5255285891ce63a

Download Submit
memory/388-261-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/388-260-0x0000000003C30000-0x0000000003C31000-memory.dmp

Filesize
4KB

Download
memory/640-270-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/640-271-0x0000000000400000-0x0000000000564000-memory.dmp

Filesize
1.4MB

Download
memory/1076-3038-0x0000000001300000-0x0000000001301000-memory.dmp

Filesize
4KB

Download
memory/1076-2050-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/1076-2020-0x0000000000920000-0x0000000000A2A000-memory.dmp

Filesize
1.0MB

Download
memory/1076-2078-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/1076-2137-0x0000000005900000-0x0000000005901000-memory.dmp

Filesize
4KB

Download
memory/1076-3092-0x0000000005910000-0x0000000005920000-memory.dmp

Filesize
64KB

Download
memory/1076-2030-0x0000000000B70000-0x0000000000BFC000-memory.dmp

Filesize
560KB

Download
memory/1076-2034-0x0000000001300000-0x0000000001301000-memory.dmp

Filesize
4KB

Download
memory/1076-2052-0x0000000005CE0000-0x0000000005CE1000-memory.dmp

Filesize
4KB

Download
memory/1076-2047-0x0000000004340000-0x0000000004458000-memory.dmp

Filesize
1.1MB

Download
memory/1120-221-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1120-427-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1120-2024-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1896-3084-0x0000000003D10000-0x0000000003D11000-memory.dmp

Filesize
4KB

Download
memory/1896-3096-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/1912-3485-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/2096-2125-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2096-1025-0x0000000003BF0000-0x0000000003D2D000-memory.dmp

Filesize
1.2MB

Download
memory/2096-2119-0x00000000042E0000-0x000000000441D000-memory.dmp

Filesize
1.2MB

Download
memory/2096-1004-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2096-1111-0x0000000003E70000-0x0000000003E71000-memory.dmp

Filesize
4KB

Download
memory/2096-3077-0x0000000004560000-0x0000000004561000-memory.dmp

Filesize
4KB

Download
memory/2108-2018-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/2108-2022-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/2108-2016-0x0000000002050000-0x0000000002051000-memory.dmp

Filesize
4KB

Download
memory/2108-2015-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2640-134-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2640-174-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/3136-139-0x0000000002420000-0x0000000002421000-memory.dmp

Filesize
4KB

Download
memory/3136-3211-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/3136-172-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/3140-2169-0x0000000002780000-0x0000000002785000-memory.dmp

Filesize
20KB

Download
memory/3140-2780-0x0000000002780000-0x0000000002785000-memory.dmp

Filesize
20KB

Download
memory/3148-1691-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/3148-536-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/3148-226-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/3148-543-0x00000000021A0000-0x00000000021A1000-memory.dmp

Filesize
4KB

Download
memory/3508-1916-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/3508-2019-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/4008-970-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/4544-2032-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/4544-2017-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/4544-2014-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/4544-2029-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/4544-2013-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/4544-2027-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/4544-2021-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/4560-2154-0x0000000000400000-0x00000000005DD000-memory.dmp

Filesize
1.9MB

Download
memory/4560-2065-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download
memory/4560-2155-0x0000000061E00000-0x0000000061ECA000-memory.dmp

Filesize
808KB

Download
memory/4704-183-0x0000000004420000-0x0000000004430000-memory.dmp

Filesize
64KB

Download
memory/4704-205-0x0000000004250000-0x0000000004251000-memory.dmp

Filesize
4KB

Download
memory/4704-204-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/4704-206-0x0000000004420000-0x0000000004430000-memory.dmp

Filesize
64KB

Download
memory/4704-209-0x0000000007660000-0x0000000007661000-memory.dmp

Filesize
4KB

Download
memory/4704-211-0x0000000004350000-0x0000000004351000-memory.dmp

Filesize
4KB

Download
memory/4704-608-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/4704-175-0x0000000004250000-0x0000000004251000-memory.dmp

Filesize
4KB

Download
memory/4704-2198-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/4704-231-0x0000000000400000-0x0000000000A57000-memory.dmp

Filesize
6.3MB

Download
memory/5208-2165-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/5208-2199-0x0000000061E00000-0x0000000061ECA000-memory.dmp

Filesize
808KB

Download
memory/5208-2138-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/5208-2161-0x0000000000400000-0x0000000000657000-memory.dmp

Filesize
2.3MB

Download
memory/5208-2166-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/5208-2197-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/5284-3593-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/5484-3624-0x00000000073D0000-0x00000000073D1000-memory.dmp

Filesize
4KB

Download
memory/5540-3047-0x00000000035A0000-0x00000000035B0000-memory.dmp

Filesize
64KB

Download
memory/5540-3064-0x0000000000C20000-0x0000000001021000-memory.dmp

Filesize
4.0MB

Download
memory/5540-2157-0x00000000010E0000-0x00000000010E1000-memory.dmp

Filesize
4KB

Download
memory/5540-2217-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/5540-2530-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/5684-3097-0x00000000027D0000-0x00000000027D1000-memory.dmp

Filesize
4KB

Download
memory/5716-3086-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/5716-2205-0x0000000002310000-0x0000000002311000-memory.dmp

Filesize
4KB

Download
memory/5716-3078-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/5716-3080-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/5716-3098-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/5716-3091-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/5748-3083-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/5748-3087-0x0000000057800000-0x0000000057812000-memory.dmp

Filesize
72KB

Download
memory/5748-3076-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/5748-3065-0x0000000000400000-0x00000000005A2000-memory.dmp

Filesize
1.6MB

Download
memory/5748-3093-0x0000000061E00000-0x0000000061ECA000-memory.dmp

Filesize
808KB

Download
memory/5748-3066-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/5748-3090-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/5748-3079-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/5768-3635-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/5768-3677-0x0000000003EC0000-0x0000000003EC1000-memory.dmp

Filesize
4KB

Download
memory/5780-3634-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/5784-3088-0x0000000003C20000-0x0000000003C21000-memory.dmp

Filesize
4KB

Download
memory/5784-3085-0x0000000003D20000-0x0000000003E5D000-memory.dmp

Filesize
1.2MB

Download
memory/5784-3095-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/6352-3710-0x0000000003D10000-0x0000000003D11000-memory.dmp

Filesize
4KB

Download
memory/7024-2031-0x0000000050000000-0x0000000050117000-memory.dmp

Filesize
1.1MB

Download
memory/7024-2028-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/7024-2023-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/7024-2033-0x0000000059800000-0x000000005986E000-memory.dmp

Filesize
440KB

Download
memory/7024-2076-0x0000000050120000-0x000000005030E000-memory.dmp

Filesize
1.9MB

Download
memory/7024-2074-0x0000000057000000-0x000000005703F000-memory.dmp

Filesize
252KB

Download
memory/7588-3274-0x0000000005570000-0x0000000005571000-memory.dmp

Filesize
4KB

Download
memory/7588-3474-0x0000000004080000-0x0000000004081000-memory.dmp

Filesize
4KB

Download
memory/7588-3265-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download