Malware Analysis Report

2025-01-18 22:17

Sample ID 240429-m9zqfahb48
Target advanced-systemcare-setup.exe
SHA256 39a83fae516d918e6ba94549f88e1ae80a24337005eee68199564c9eda865cdd
Tags
adware bootkit discovery persistence spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

39a83fae516d918e6ba94549f88e1ae80a24337005eee68199564c9eda865cdd

Threat Level: Shows suspicious behavior

The file advanced-systemcare-setup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

adware bootkit discovery persistence spyware stealer

Reads user/profile data of web browsers

Checks for any installed AV software in registry

Writes to the Master Boot Record (MBR)

Installs/modifies Browser Helper Object

Adds Run key to start application

Enumerates connected drives

Downloads MZ/PE file

Maps connected drives based on registry

Drops file in System32 directory

Registers COM server for autorun

Checks installed software on the system

Drops file in Windows directory

Executes dropped EXE

Launches sc.exe

Modifies system executable filetype association

Drops file in Program Files directory

Loads dropped DLL

Enumerates physical storage devices

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Gathers network information

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: LoadsDriver

Modifies registry class

Modifies system certificate store

Suspicious behavior: GetForegroundWindowSpam

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of UnmapMainImage

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-29 11:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-29 11:10

Reported

2024-04-29 11:12

Platform

win11-20240426-en

Max time kernel

83s

Max time network

110s

Command Line

C:\Windows\Explorer.EXE

Signatures

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Windows\CurrentVersion\Run\Advanced SystemCare = "\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCTray.exe\" /Auto" C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A

Checks for any installed AV software in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\Speedup C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Desktop C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\SOFTWARE\Avira\AntiVirus C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Avast Software\Avast C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\Software\WOW6432Node\Avast Software\Avast C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\Software\Avast Software\Avast C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\A: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\Q: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\NoExplorer = "1" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ C:\Windows\SysWOW64\regsvr32.exe N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\DriverStore\FileRepository\wvmic_vss.inf_amd64_e634ba9298e216f1\wvmic_vss.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_46a3b42507e9d29e\mdmcxpv6.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmnttp2.inf_amd64_af6df21e73344977\mdmnttp2.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\pcmcia.inf_amd64_4efa1b843efa7081\pcmcia.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\swenum.inf_amd64_3bf6c0d173eb26c6\swenum.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\uaspstor.inf_amd64_c3e80113db6147f1\uaspstor.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\uefi.inf_amd64_fb341504564fabc5\uefi.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_smartcard.inf_amd64_728ea9152ab48d0b\c_smartcard.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\hpsamd.inf_amd64_0784fd3ef0d7ec93\hpsamd.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\volmgr.inf_amd64_c46fb1889d563881\volmgr.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_38452bb97e6ec2c3\wvmbusvideo.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_fscopyprotection.inf_amd64_cf0c32897cd972aa\c_fscopyprotection.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\dc1-controller.inf_amd64_66137a0bd56926c4\dc1-controller.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmbw561.inf_amd64_b7be04eb9e01d2a9\mdmbw561.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netlldp.inf_amd64_be17907d28860f8c\netlldp.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\volume.inf_amd64_8baa0e78bc8cb374\volume.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\iai2c.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmgl003.inf_amd64_6e940ca57f2dfd3d\mdmgl003.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmmotou.inf_amd64_1650e08aa8c0f2a1\mdmmotou.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\pci.inf_amd64_429878ca49a21d99\pci.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_f67fbcc0a7a69ec9\c_smartcardreader.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\megasr.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmadc.inf_amd64_6eb176b62afdcbec\mdmadc.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmhandy.inf_amd64_85e447bc15bac623\mdmhandy.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wave.inf_amd64_0e4ae1f52bb7b0fd\wave.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wvid.inf_amd64_334b4d5073649b05\wvid.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\xboxgipsynthetic.inf_amd64_f322983f46cb84b4\xboxgipsynthetic.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wceisvista.inf_amd64_3aa3e69e968123a7\wceisvista.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_sdhost.inf_amd64_7a8873ed59a270d6\c_sdhost.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_system.inf_amd64_9b8d1bdcdb2e7608\c_system.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmdp2.inf_amd64_0833439d00478c75\mdmdp2.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmolic.inf_amd64_92d10a64db12367d\mdmolic.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_281df5304fe06482\mdmzyxlg.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\msdri.inf_amd64_3aba8686305c0121\msdri.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\bthleenum.inf_amd64_1145b9e103f6845b\bthleenum.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\bthprint.inf_amd64_96c98ac9a8367757\bthprint.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_dd53841eb11b777d\c_fssystemrecovery.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\rawsilo.inf_amd64_4fa18e712c0375ea\rawsilo.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\storfwupdate.inf_amd64_989f2caf9d3f297c\storfwupdate.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\hidserv.inf_amd64_a5f08d2285e888ad\hidserv.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmcodex.inf_amd64_c8fa9d09dfae827e\mdmcodex.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mtconfig.inf_amd64_c19e8a04ce3d448f\mtconfig.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\amdgpio2.inf_amd64_808fe94735c4c6b3\amdgpio2.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmmetri.inf_amd64_23ba7bba92b967c5\mdmmetri.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\megasas35i.inf_amd64_3c9ecc1d5a3cfded\megasas35i.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\modemcsa.inf_amd64_da1669e192666780\modemcsa.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\usbaudio2.inf_amd64_0dec4f8ed01fa7ee\usbaudio2.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\megasas2i.inf_amd64_f58b8f0b8ba78d73\megasas2i.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\ndiscap.inf_amd64_d34968d7b3e6da21\ndiscap.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wvmbus.inf_amd64_bc87415e766c04c5\wvmbus.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\oposdrv.inf_amd64_f311c1c114f952ea\oposdrv.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_92929637d27c711a\PerceptionSimulationSixDof.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_media.inf_amd64_8073d2ebb8fbe9b7\c_media.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_sslaccel.inf_amd64_d09291f017449fe6\c_sslaccel.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_128a51f285ab9a86\mdmaiwa3.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmbsb.inf_amd64_21e2506ffb3ca7c4\mdmbsb.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmirmdm.inf_amd64_ecd612da8bf06327\mdmirmdm.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wvmic_ext.inf_amd64_62309e307087c8d9\wvmic_ext.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\Ignore.ini C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\is-25A8K.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File opened for modification C:\Program Files (x86)\IObit\Advanced SystemCare\Database\ZLBFCF.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-GFPDN.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-6N0MQ.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-1KPMD.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-JDOFF.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-EKJJH.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File opened for modification C:\Program Files (x86)\IObit\Advanced SystemCare\ZLBBEB0.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-71L04.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-BC8C7.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-4LSPM.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-9EEK8.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-P6VSO.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-DES4Q.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-TFNMV.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\is-AHL6K.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-3DB1T.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-FEB5A.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-OUHQI.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File opened for modification C:\Program Files (x86)\IObit\Advanced SystemCare\Database\startupBlack.db C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File opened for modification C:\Program Files (x86)\IObit\Advanced SystemCare\Update\cbtntips.exe.dat C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
File opened for modification C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\win1064.ini C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-R2N87.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-TJ6QU.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-0K150.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\is-QN459.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-ETHM7.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_x86\is-SKPVN.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
File opened for modification C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.log C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-0IC24.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-BLNKA.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\is-R5L75.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File opened for modification C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare\License.ini C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-T9R88.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File opened for modification C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.log C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\ScanData\cache-pro.dat C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\DriverCleanAppLog.log C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\is-9GIBT.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-D1OTG.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Test.ini C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_py.log C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-OHDSB.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-ALADH.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\rmuin.exe C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_ia64\is-N07QS.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File opened for modification C:\Program Files (x86)\IObit\Advanced SystemCare\ZLBFE74.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-CSF92.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.log C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-UBGIS.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-CJ9VD.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-7S16H.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\is-GE5UT.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File opened for modification C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.log C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-VC20H.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-AD9FT.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Update\cbtntips.exe C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-G10O9.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File opened for modification C:\Program Files (x86)\IObit\Advanced SystemCare\ZLB348.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_x86\is-HPA97.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\db\is-V6Q9I.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-HDIQQ.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\is-NSR06.tmp C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
File created C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\ascevent.exe C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\c_media.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\INF\c_display.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\INF\c_processor.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\INF\c_volume.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\INF\c_monitor.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
File created C:\Windows\INF\c_diskdrive.PNF C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCFeature.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCFeature.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\PluginInstall.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Windows\System32\regsvr32.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" C:\Windows\System32\regsvr32.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32 C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\regsvr32.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LocationInformation C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Address C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceType C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceType C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceCharacteristics C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceCharacteristics C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Address C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Address C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Driver C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LocationInformation C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Gathers network information

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\ipconfig.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Main\Isolation = "PMIL" C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\PluginInstall.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32 C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1 C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ = "ICExtMenu" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CurVer\ = "ASCExtMenu.CExtMenu.1" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\Programmable C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\FLAGS C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\ = "CExtMenu Class" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\VersionIndependentProgID C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ = "CExtMenu Class" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection\Clsid C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection\Clsid\ = "{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CurVer C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\VersionIndependentProgID\ = "ASCExtMenu.CExtMenu" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64 C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ProgID C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0 C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\TypeLib C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\ = "ASCExtMenu 1.0 Type Library" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ProgID\ = "ASCPlugin_Protection.TASCBrowserProtection" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\ = "{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ = "ICExtMenu" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32 C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\Version = "1.0" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32\ = "C:\\PROGRA~2\\IObit\\ADVANC~1\\SURFIN~1\\BROWER~1\\ASCPLU~1.DLL" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection\ = "IObit Surfing Protection" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\ = "CExtMenu Class" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CLSID\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ = "IObit Surfing Protection" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CLSID C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ProgID\ = "ASCExtMenu.CExtMenu.1" C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\FLAGS\ = "0" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32 C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0 C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\ = "{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\CLSID C:\Windows\System32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" C:\Windows\System32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\Version = "1.0" C:\Windows\System32\regsvr32.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 1900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d9820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 040000000100000010000000ebf59d290d61f9421f7cc2ba6de315090f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e81900000001000000100000004fca18b530ab2d3765b8830436884be620000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8 C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 0f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 5c0000000100000004000000000800001900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d98040000000100000010000000ebf59d290d61f9421f7cc2ba6de3150920000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: 33 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2076 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp
PID 2076 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp
PID 2076 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp
PID 4848 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe
PID 4848 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe
PID 4848 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe
PID 456 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe
PID 456 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe
PID 456 wrote to memory of 752 N/A C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe
PID 752 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp
PID 752 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp
PID 752 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp
PID 1340 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe
PID 1340 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe
PID 1340 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe
PID 1340 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe
PID 1340 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe
PID 1340 wrote to memory of 4788 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe
PID 1340 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe
PID 1340 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe
PID 1340 wrote to memory of 4244 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe
PID 1340 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe
PID 1340 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe
PID 1340 wrote to memory of 3556 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe
PID 5092 wrote to memory of 5360 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe
PID 5092 wrote to memory of 5360 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe
PID 5092 wrote to memory of 5360 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe
PID 3556 wrote to memory of 5448 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Windows\SysWOW64\cmd.exe
PID 3556 wrote to memory of 5448 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Windows\SysWOW64\cmd.exe
PID 3556 wrote to memory of 5448 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Windows\SysWOW64\cmd.exe
PID 5448 wrote to memory of 5500 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\sc.exe
PID 5448 wrote to memory of 5500 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\sc.exe
PID 5448 wrote to memory of 5500 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\sc.exe
PID 3556 wrote to memory of 5600 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe
PID 3556 wrote to memory of 5600 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe
PID 3556 wrote to memory of 5600 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe
PID 3556 wrote to memory of 5612 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe
PID 3556 wrote to memory of 5612 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe
PID 3556 wrote to memory of 5644 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Windows\System32\regsvr32.exe
PID 3556 wrote to memory of 5644 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Windows\System32\regsvr32.exe
PID 5612 wrote to memory of 3180 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe C:\Windows\Explorer.EXE
PID 3556 wrote to memory of 5740 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe
PID 3556 wrote to memory of 5740 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe
PID 3556 wrote to memory of 5740 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe
PID 3556 wrote to memory of 5768 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe
PID 3556 wrote to memory of 5768 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe
PID 3556 wrote to memory of 5768 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe
PID 1340 wrote to memory of 6896 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe
PID 1340 wrote to memory of 6896 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe
PID 1340 wrote to memory of 6896 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe
PID 1340 wrote to memory of 6956 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
PID 1340 wrote to memory of 6956 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
PID 1340 wrote to memory of 6956 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
PID 5092 wrote to memory of 7008 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
PID 5092 wrote to memory of 7008 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
PID 5092 wrote to memory of 7008 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
PID 1340 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe
PID 1340 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe
PID 1340 wrote to memory of 4348 N/A C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe
PID 6956 wrote to memory of 5324 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
PID 6956 wrote to memory of 5324 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
PID 6956 wrote to memory of 5324 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
PID 5092 wrote to memory of 5452 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
PID 5092 wrote to memory of 5452 N/A C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe

"C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp" /SL5="$60240,53538606,139264,C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe" /InnoSetup "C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"

C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe

"C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar

C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp" /SL5="$50248,53538606,139264,C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar

C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe

"C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe" /upgrade "c:\program files (x86)\iobit\advanced systemcare"

C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe

"C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe" /CleanDir "C:\Program Files (x86)\IObit\Advanced SystemCare\"

C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe"

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe" /install /CreateTaskBar /Installer=true /insur=

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe" /boottime

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c SC description AdvancedSystemCareService17 "Advanced SystemCare Service"

C:\Windows\SysWOW64\sc.exe

SC description AdvancedSystemCareService17 "Advanced SystemCare Service"

C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe" /install asc17

C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe" Pin "C:\Users\Public\Desktop\Advanced SystemCare.lnk"

C:\Windows\System32\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll"

C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe" /InitData

C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe" /ShowStr=silentWriteCache

C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe" /i

C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /install

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /UpdateTaskschd

C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe" /install

C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /Run

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /start

C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /RunCurUs

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /manual

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /manual

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCFeature.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCFeature.exe" /asc /user

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 101 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe" /product=ASC /Ver=17.3.0.204 /hwnd=459288

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /postcache /days 7 /cachepath "C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\TrayProductData\"

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCFeature.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCFeature.exe" /u http://stats.iobit.com/active_month.php /a asc17 /p iobit /v 17.3.0.204 /t 1 /d 7

C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe" /check

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 201 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Windows\SysWOW64\sc.exe

sc start MpsSvc

C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe" /service

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 210 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe" /SvcAutoClean

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.iobit.com/appgoto.php?name=asc&ver=17.3.0.204&lan=&st=asc_install&ref=asc17&aff=&idata=eyJhc2MiOjEsImRiIjoxMCwiaW1mIjoxMCwiaXUiOjEwLCJzZCI6MTAsImlzdSI6MTB9&usr=0&instd=1&litype=free&expd=0&insur=other

C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe" /TurnOn

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa68153cb8,0x7ffa68153cc8,0x7ffa68153cd8

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe"

C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 601 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /3 /43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C005400610073006B0073005C004100530043005F0050006500720066006F0072006D0061006E00630065004D006F006E00690074006F007200

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 301 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 307 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\PluginInstall.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\PluginInstall.exe" /Install

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\\BrowerProtect\ASCPlugin_Protection.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\\Adblock\Adblock.dll"

C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPUpdate.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPUpdate.exe" /SvrRun

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 201 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 1101 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 1105 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe" /autorun /AdvanceScan

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe" /srvupt

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /postcache /days 7

C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPUpdate.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPUpdate.exe" /SvrRun

C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe" /auto

C:\Windows\SYSTEM32\netsh.exe

netsh int tcp show global

C:\Windows\SYSTEM32\netsh.exe

netsh int tcp show heuristics

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 1107 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c ipconfig /flushdns

C:\Windows\SysWOW64\ipconfig.exe

ipconfig /flushdns

C:\Program Files (x86)\IObit\Advanced SystemCare\display.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\display.exe" /afterfix

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 501 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 414 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 401 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Windows\SysWOW64\sc.exe

sc start MpsSvc

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 301 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe

"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 201 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"

Network

Country Destination Domain Proto
US 8.8.8.8:53 update.iobit.com udp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 54.167.176.168:80 stats.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 52.73.191.31:80 www.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 54.167.176.168:80 stats.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 54.167.85.86:80 ascstats.iobit.com tcp
US 152.199.20.140:80 update.iobit.com tcp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 86.85.167.54.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 15.197.228.107:443 s1.driverboosterscan.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 15.197.228.107:443 s1.driverboosterscan.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 52.4.58.7:80 startup.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 54.167.176.168:80 stats.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 54.167.176.168:80 stats.iobit.com tcp
US 52.73.191.31:443 www.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 52.73.191.31:443 www.iobit.com tcp
US 52.73.191.31:443 www.iobit.com tcp
US 52.73.191.31:443 www.iobit.com tcp
US 52.73.191.31:443 www.iobit.com tcp
US 52.73.191.31:443 www.iobit.com tcp
US 104.18.40.68:443 kit.fontawesome.com tcp
US 152.199.20.140:443 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 104.21.26.223:443 ka-f.fontawesome.com tcp
US 104.21.26.223:443 ka-f.fontawesome.com tcp
US 104.21.26.223:443 ka-f.fontawesome.com tcp
US 204.79.197.237:443 bat.bing.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.167.157:443 stats.g.doubleclick.net tcp
GB 142.250.178.4:443 www.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
N/A 224.0.0.251:5353 udp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 52.111.227.11:443 tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
US 152.199.20.140:80 codes.iobit.com tcp
PL 93.184.221.240:80 download.windowsupdate.com tcp
PL 93.184.221.240:80 download.windowsupdate.com tcp

Files

memory/2076-0-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2076-2-0x0000000000400000-0x000000000042C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp

MD5 7f0e76562106e3fcefc098dd82378f22
SHA1 53d93bfb95863da6e15c72b16fe26f6f8aaee3da
SHA256 e826ac159d0026e1513c9dbf1f9bdac8534739cfde160955d74160d35081dab9
SHA512 f83c561b6eb7af77e6f9ed722b93a9d4625cb3274cff1706e0f9799f1cb73c6b0dcead9c5fec8565f994706af1b6518b8bcc77c9e3e5ee6463b0fd716f0fbb75

memory/4848-6-0x0000000002630000-0x0000000002631000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Rinside.dat

MD5 3115e02fd135942a8eb97ebffe751beb
SHA1 31764acb175a41b5342bb89e3a951e85084e5d57
SHA256 a9161ffe6690069e1267c6fdad055fc0112144273b66a8bdc59862941279b21b
SHA512 065dc4358ce8f88a044d1764503901cf4a1ba75cd45e3021c0f956955ebd0942718bc09dbed6214d70c1efbfc9fd3adf02abc10694677e5b8cc50b10e92582e9

C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe

MD5 aabfba27a5ff2e74b15b4956b55d4a3e
SHA1 0a69a77a8db23c11f45211c1c9ccaf3e800e6a1b
SHA256 00d67f82d54c0b931afa9f728f6c5c2d0f90fff99f2edaaea4cc4fcc3ad31861
SHA512 7db678ce9a4d543f52d210a71f909c73d5ee1384fa1563699ebd7c604a8733a048a4bc1b37d46be34c4239a8ef0fd447d4048405f0e883ef6e02b8b934aa8cc6

memory/4848-35-0x0000000000400000-0x0000000000532000-memory.dmp

memory/2076-39-0x0000000000400000-0x000000000042C000-memory.dmp

memory/456-40-0x0000000000F40000-0x0000000000F41000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\libcrypto-1_1.dll

MD5 b09a5c562bb1d521de69d37ce5286f3e
SHA1 5177d1c96fc389c6377d4256187f76579cdeb2ed
SHA256 c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181
SHA512 5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8

C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\libssl-1_1.dll

MD5 9405ea98989968e07b5c9497ff54b560
SHA1 2c8142bb1b667af133e03a51cfd7427deac1b900
SHA256 5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba
SHA512 1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 efab3caccd31f41308c0844fb2b28f4a
SHA1 1d373969997fca9ef245da160bd631b7ccb98768
SHA256 862071e48e49d176e751a9a2b95bfd2336853eb7e0c35d8a78a8c760f3a937bd
SHA512 71a4855330c5a5d91d97541cb6ec1220276ead07f3b4326c23716a5038f4615ecd177bc10786d49fe29247969c650b5802367c1b730e0cb042ea5103f242ffa0

memory/456-50-0x00000000043C0000-0x00000000043D0000-memory.dmp

memory/456-66-0x0000000004390000-0x0000000004391000-memory.dmp

memory/456-65-0x0000000004350000-0x0000000004351000-memory.dmp

memory/752-70-0x0000000000400000-0x000000000042C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe

MD5 59a2ccb20887a9240e8a94cc543eb2e3
SHA1 9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce
SHA256 bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6
SHA512 2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75

memory/2476-104-0x0000000000400000-0x0000000000564000-memory.dmp

memory/4788-113-0x0000000000400000-0x0000000000564000-memory.dmp

memory/456-269-0x0000000000400000-0x0000000000AFE000-memory.dmp

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe

MD5 0a73c860ab49dd14336b0a9402c40671
SHA1 7a31d9f82935aafee8c74e55b0764c0ae4aaed1b
SHA256 59b893ac18bcd84dbc2342dca1c11837fee2d0c7d3ba2bce8cb10f2781c51959
SHA512 35a396ee3d8c9b09a875cbde6c98023309b2f8d5889aaf0d54e83e3e4a4d64b5c9887227b9e3d314610084c045db2ebd377b8ce9f290e62a95ee9bdd1f60e559

C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCUrlScanner.dll

MD5 9bbbacf7e04d12ded0b46a69ca785ea6
SHA1 1c66160f340ae8869bcdd0df061acf43616e3115
SHA256 39f78b45d8e587bfd83592bfc00bc553535581f7eac2189e796629c3e942e268
SHA512 b02445bd9d9b4f0d4056f241a1fb36d16c414e9afa85c9ffa2fadcde9223c5e3a1b33d363899402d4f418e706f851ec4b290994e3851670a1a12b04880246c3e

C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe

MD5 bcb3518e3c4f380e7b26ce231997b0a1
SHA1 566fbf7a9272172b01c82d67d5d2345c7bb82577
SHA256 66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5
SHA512 bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc

C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini

MD5 93b446dd65d042839a2b8945297bfd27
SHA1 7ef7655ab2cac178f7de0fb202f49a1ede669629
SHA256 c1fa0ccf737521386cd519f7a021db26a67d28cde89da75f564ecc1d1d31ee6b
SHA512 53595d19e40dc3bb704c06efb97303020c053d8d114aff806891535de1c0469b61c4f8d66709f45f07215c44d810afaabc5bb20f67833c789fa18d9bba074cdc

C:\Program Files (x86)\IObit\Advanced SystemCare\winid.dat

MD5 257e156c11b8b7add49c39f8ca6a3f0f
SHA1 bb187acab93b07564574869fff60696c56d689be
SHA256 a3f9a47f0b48afb31464cbd4bed3338546094757cf7796cc6bec3bd7d2562852
SHA512 28d22fbd87a05d51af442b662befc06ecae1312136475d286cc1b747d255be4705a9ac5102825942a3b9c3d00cf2e9714f47ca25a246e30d3713ecbaa598fa7b

memory/4244-812-0x0000000000400000-0x000000000043F000-memory.dmp

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe

MD5 dcf89d79ed92342132e5f1d961113db4
SHA1 576e3a4a8e30a7060fd687bcb3399f58e8d5937c
SHA256 19c5d579b874ca14b513eea54238eae72d019a07a2eb24bd542d70f903820315
SHA512 3960f21a3b08bb471de7d7af61e3b6db0c2f88cf48684e7770efd5de6a912ebb16acdfc28847312c8a0c34d109f59295c906b0462db5848141ad5749a2f008af

C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl

MD5 4f2040add9f5b541db07a2e866e2c5ca
SHA1 b04da67e7ba7207deb99f56062661edc919f543a
SHA256 b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22
SHA512 4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914

C:\Program Files (x86)\IObit\Advanced SystemCare\HardwareLib.dll

MD5 c534cd2ef9da6d3a50c27dad7a188a04
SHA1 0ec214523183fa2a47e434258fb4320c49cf851d
SHA256 040d71da31dae5b78f3e29149962f79d4cf53cf9a88a6e82d94a3f65cbefb09b
SHA512 b376eeaa837d8ee06b26e06cd31ab22a3ce30c4529cea9040fd876877ade3de8d76e74dc8eee52b7ec6c0880c8fec54b4bcd158f5c3bc676d1f360d09d9cb6e2

C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl

MD5 3370add5bdff47bc8ebb0dd2fca36b32
SHA1 573144b3427279e687ac1d0f131b58dceb47e186
SHA256 52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244
SHA512 0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5

C:\Program Files (x86)\IObit\Advanced SystemCare\OFCommon.dll

MD5 dd425b1e73a5aa0f2d6dc73bdd276e5c
SHA1 b83760322a0dbb0116bb49d3a761f731b28daead
SHA256 9d644735d5e4dd8ed3745ce44a317b4117ebce0957f7844a07cad399211a09bc
SHA512 6991c8be6c1dcf4998ebf5bfeaa0bedf68c5cd30a1fa0c350693fddbe81a9d509f182ee33ccb141a19b0ce3394f635a6b55304c42e640e83a1c706788d6ac0d1

C:\Program Files (x86)\IObit\Advanced SystemCare\Database\ignore.dbd

MD5 2802a5adfe7744bfca1ad914491de635
SHA1 43a7182b44282bf5b8a9a6b01cfc726d8a27d511
SHA256 d65c68d86d849e867d6ccce13312377bfab9f9d10de1fd82ebfe4d096aa3c797
SHA512 b76335b6dbcea3497d8a5842decbe6db140ead51ba01c9d7bb0b59cb1847f8f989d08a3ea6a346ce03569d2da6609d2803f111c7c5e49f928ca4b16c34189dfa

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

MD5 940b4947b193f054c4e8b698ff0d0df5
SHA1 d4c495b3ccb40d7cea0eea840d1ebddafdd89399
SHA256 05fc9502bef95b4b03dc0fc716ee8a11c79cadbab4129eb5498c7bfecc7bea39
SHA512 52757dd94dff66be41b2d6cec23b8855b3173867a0e84029049e473217abf24ec3c941426b3a6c524a2672ca24e6ab7d74ef0f32d62809672101866e6dc65ad9

memory/3556-849-0x0000000003E60000-0x0000000003F3F000-memory.dmp

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.Ini

MD5 f900a678467cdf1dbfa43a6c9e679950
SHA1 0ddba323434ba48d2d7406053642286f8331e6f4
SHA256 f6f731425bbaa2abf8edf4cbf4dadcc08dbd2a793ab63ef4c16085fd1de418df
SHA512 16e4166ba9e51188ff748100cfe49152c216ce743ce0c0178bc676cec8cc7d52bb947f748660c7e26e7bef661ca44324faba538e1069f836e7f5fcc7b063169d

C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl

MD5 73bc46c0170de5d72d1e5e0df51ee68f
SHA1 bc92d0c16258b2a42ad9774fa7b6006bc32607ed
SHA256 4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8
SHA512 642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b

C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl

MD5 f1d430eacd5aac17c5de78f0de3cf774
SHA1 b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d
SHA256 20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62
SHA512 bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e

C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl

MD5 9ff9e6b33bee8e297bbdb47e8ac9b60f
SHA1 b49d037a12c43958ab24b3869359e6ddbe8cc551
SHA256 655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815
SHA512 7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Ignore.ini

MD5 8cc6f7e704c72dda22035d5fff19759f
SHA1 90bbd43e42b2f46f327f26b01d782d94d8348bd4
SHA256 60b40150366fb7540d6da67f0719b8645d4513c270fe49234c25a664a7a7b623
SHA512 ac2469f5e48564f3e0ad2f645445f1aedc2cfabd53b7706a383cdaa2b1fdbd6f4a255779b079af2ac27c9cf109cf4a0b21e9b302aa68071b0af1d1ff65878673

C:\Program Files (x86)\IObit\Advanced SystemCare\rgfpctlextend.dll

MD5 701830002d0724de5e01eda23941f1d9
SHA1 9d7f321463b5ebdedbb57d80ff6eae7c21578f80
SHA256 c033426dea59d3527042f7233cbcaaa478368782955d6f544c7c5b8fcf04094f
SHA512 54f6d9c4a5ca7380f9b6d03a35d8ed421f69316a6738910db823e36102f95b61d8a570efcf6d7523e823908ac4e8be5aad17e3f525a26693681a4be7d3bcffd5

C:\Program Files (x86)\IObit\Advanced SystemCare\fctlextend.dll

MD5 f8673880858f5301121d6db24c39a4d0
SHA1 e1c8c1ad09f92359090d62d41b7d5b475c5a9c61
SHA256 bd63eb612fcfd3e95b089ab231b3a6543a3a35aa63a6f1c2c76eaf68b79a456b
SHA512 9d9751ae99254c63d25be74c10c15d2f0a990ea8abbc43a6a3f65b3c3dfaf32eb055d86418a8d0532c25c3c5b28bba61443c780a9f552a2bf731294f8b38872e

C:\Program Files (x86)\IObit\Advanced SystemCare\filectl.dll

MD5 c0cd5ac0ca613b164aad65015c9a18d2
SHA1 a27c1da2455e52e63fd53a1157a98728ad244fd5
SHA256 81b1fd6a6f71bf9bc7ce5c42e0812cd56ccb0287770243622d7041bc08f4ac72
SHA512 d0e0b4759a03a34aaad51f4d96b71ca24603efda390dcd451fd9fd3d7d0cdf59a7cdcf6a02d5aaa277fc026375b843522da7bb7c1cc51d5c5c90e3bba14bf440

C:\Program Files (x86)\IObit\Advanced SystemCare\HomepageSvc.dll

MD5 2afca520fff1cd5700d268d4c81a2fd4
SHA1 90a2aa59f715058a59a772a147d032154fb55453
SHA256 470c64569cf95163d952d58e4eed75aff65fcfe7bc90c7a7defaea7cb5939263
SHA512 9d4947c7c269c63711903d76fd708a4979c0c393972bf5d87c3b5733e46d18b1fd1f6317cd5085db637e13f047a5b140fb5894f0577459e18d1b57d9bfa4cb54

C:\Program Files (x86)\IObit\Advanced SystemCare\PluginHelper.dll

MD5 56f73b88f51c65723b8520671df083ff
SHA1 698351ddb1beff60efa7d8086e46bf96c0da0c55
SHA256 6f4818fe24b9c29aecd1b0f26f7cccf9a92aa518bad08612e1d13bc76c947430
SHA512 b2542a9f19063f7aebe9236cb94a59a5efdbe79d72aa808af4882524298a7c33befa1be42e47730b02e51971892695513a74c1dfb5cf0e6beeee4543ec99a63b

memory/5092-1804-0x00000000031C0000-0x00000000032D8000-memory.dmp

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Update.ini

MD5 eb431d332a8f7ce89c6602fb2f783273
SHA1 02039f758108771736a605cb1dfdaebd400a6a1b
SHA256 27975d4f8b065d23637db6e9c5a65132e251ca17e67b827c41c712e173437a89
SHA512 e243bc05d30cb4320e988709633ed1b00b7020524c542634295d9ee6619c97356c31af98e2e6c166e821c8df329bb67e73b2d86b6ca1d501075c3892a96a2d24

memory/5092-1783-0x0000000000CB0000-0x0000000000DBA000-memory.dmp

C:\Program Files (x86)\IObit\Advanced SystemCare\rgfpctl.dll

MD5 3845565d2b71b127c6dbce06fde9c218
SHA1 ec2a4b694aad7eda20dbe2451039c6787ae68eb1
SHA256 6581e2173cce7bfefffa9243e55d352e7cffa08b2a449b1bb06bbdbd68d45cfe
SHA512 890038d08938a6429d5dfd2a7a6723949def8baa02570939b5f6d1acdda516fa2e1d455f79427f637a646a7bf67d06903fb06a2d2543593e57da3285f40d9946

C:\Program Files (x86)\IObit\Advanced SystemCare\sqlite3.dll

MD5 5b5a926a887f4a9f3eecc54598f697db
SHA1 86044be248e9fac25a0d8a3dd3c617da8688b7ea
SHA256 bc0c750c98bd413e7975e8b17b1101c346dda53100020161bc5141f77ed98932
SHA512 3031b4cf17cd4261d9c36495cfb707c6be10bd1444c8e474d1f117df55cadb32fe1661f239499d6f1ba3d3d96def6f6b4eae7e3fba543c6a5c8b98dedeb91412

C:\Program Files (x86)\IObit\Advanced SystemCare\datastate.dll

MD5 86bdbc01aecd0a413ee4a0583949329d
SHA1 f921cd9c5e89c1acecd7b235583e6d65165a6614
SHA256 85c0c5b3e17c5f9e9f5531dd9dc848b946a29902ce1294ca7a32a1d169fa0faf
SHA512 3b13542a9354297b27415ab9d9bca6adda884d4e2238cc924715ef29f14d819a3c768b9d8a2c7fffe6c6500c9a79b5483e1265df870650a215e928ac28b1225f

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe

MD5 2caddd6173a2ae95dff95c3c7776537f
SHA1 f38dc18735e2ba0eff2d8fc8f92fceac4eca27ff
SHA256 a871865aa0a4b9e07aa8b2a4754155f2fa0de156c3ad8b0bc0a4049a04a20db5
SHA512 4dc72eb0f3eac4cfb9f3b489719de5f32d3f3565c5e3131c92523a4b3fd8901dbb01746b1dc1c65795a38bc60688cf8b3d050d179c28dc664ea172f7551a7281

memory/5092-1781-0x0000000000C20000-0x0000000000CAC000-memory.dmp

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

MD5 8d98d1e67b5ba582ae11f4dea935281a
SHA1 ea641888a6b1e5d9f666d688ffe3936e746c2148
SHA256 b59dc8b5ebad4226438fbd4e3d3d395d16d9aef3ec20bcecb9b0ccdc715b2367
SHA512 d9b975137c7824f16f07d41170463ddcc5d57696b18ca1b605e49109bbcfdbd91b42d8d3975ac6e8e4ba112d2cc531785c51e523456a13ccfea05a1287f762e5

memory/3556-1830-0x0000000004680000-0x000000000475F000-memory.dmp

memory/3180-1843-0x0000000003A20000-0x0000000003A25000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare.lnk

MD5 11fcc91cacad79dba5e6acf3b576ee2b
SHA1 229401211fc859cb0ac432a8395054217eb9a644
SHA256 b31c10fb3e40883c332caad1707577d4aeaad185ad8055523769e8f1d87225e0
SHA512 096e0d51b330d2f93ac6b037ceb0ecd711d2c7ec0864711cbf482f7f288fd9f2ebd6f9ae15b76309ec6225f8a4b6542b079b6cfbfbe2c2a6184d7736bd9a513e

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 4b86f14ac49243f488530e596ad8289c
SHA1 6a45ff042d4f06b70429d56d6ec9457ea49b9215
SHA256 f89357c3f440b5834a154d01303f605cb40ae9d89a9aef16885f9923b4179e7d
SHA512 74e80105817d1fbba2826252455f740b8599faac3d814db01dca4c2f437eacef88da124ac1ffef92da83b9a19ef80d4ba8642f22efbdfa7ecec10076eb175817

memory/3180-1852-0x0000000003A20000-0x0000000003A25000-memory.dmp

memory/5600-1855-0x0000000003020000-0x00000000030FF000-memory.dmp

C:\ProgramData\IObit\Install.ini

MD5 b6c37d5a572c420ab51ef6cfa479c5b7
SHA1 8b9be1e5021dde313710a2731c16bc57efdc312a
SHA256 3088032fcb16cc3369f636ff7e7cd24d4e41d3943fd7af80af92bcf2616b2e20
SHA512 6a885127300bf5c691644dd292caf4ac7329a346403888a106b8bba01b849519c95cb1a0d5e1eb28a20de840488f5be74f90a5ccf7130cd03ff14c546fe4085b

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log

MD5 ff0d436e0825e1eb8f9f5897c4770d2a
SHA1 27d4c37508d37eef177eace1ccddc7d93147a623
SHA256 4e9d7ffbc0601ec12d5fc965806719f0640cea68386a4d045e5dea601be58aee
SHA512 0fee76474f8326a8275db247332a57c6be8576063168c5d11211270341d8b1e48ea0212378607856379c90365a9fcab121704a240ab149fd3a16b7bf1ea58950

C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.log

MD5 1124cefd8e89c93ab031b333357b4dd1
SHA1 81d3a13a3e7096eedd8bc00ef5ab8161b0009056
SHA256 2b85b37c08cac0ed2dd78b7562407088fc1a1422a82a7515d7736f8f7f38409c
SHA512 a5ee296425c042d1c3064a61b11cd6fb545339600f60cc0cbb1ebc8350d834c8ebce4b69554737074c0395c0c146d670de58200aeb9bae9c77e1335242dc7ebb

C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\ProtectRecords.ini

MD5 0e9856970f5cb2544dbf5ea83fe9391e
SHA1 1379805a305d9de0ba7eeb1f7cc46f40eb59a7f4
SHA256 dd5bf9c2f483789e8853dbc42429774e9c28d51a086a6c57ef78dd414e5a5422
SHA512 010591395be0eec618cc8e9625228ae7fd5e3c91162e24ee96bc2c818abff44b9ae9d0d1e0a6261cb40ccd2cebc1b7145bb1c3cd9abac25780ad41b4463f0c47

memory/5768-1897-0x0000000003DB0000-0x0000000003E8F000-memory.dmp

memory/5768-2939-0x0000000061E00000-0x0000000061ECA000-memory.dmp

memory/5768-2938-0x0000000050120000-0x000000005030E000-memory.dmp

memory/5360-2941-0x0000000061E00000-0x0000000061ECA000-memory.dmp

memory/5740-2948-0x0000000061E00000-0x0000000061ECA000-memory.dmp

memory/5740-2947-0x0000000050120000-0x000000005030E000-memory.dmp

memory/5740-2944-0x0000000059800000-0x000000005986E000-memory.dmp

memory/5740-2942-0x0000000000400000-0x00000000005DB000-memory.dmp

memory/5360-2940-0x0000000000400000-0x00000000005DD000-memory.dmp

memory/5740-2945-0x0000000057000000-0x000000005703F000-memory.dmp

memory/3556-2968-0x0000000050120000-0x000000005030E000-memory.dmp

memory/3556-2969-0x0000000004680000-0x000000000475F000-memory.dmp

memory/5600-2955-0x00000000002C0000-0x000000000078C000-memory.dmp

C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe

MD5 c058768b94f6552aa39061ff214bd065
SHA1 2b38062b78ea134273d676de3430b7031745271a
SHA256 34f09efde3f3e12d148de748757ae6149ba05c3763c167020e59c9dd57e1dfcf
SHA512 9c88c13c987f57b603fe48ff4e19bc951cf48281a57a98a0040f31d3d1d076c7db3550da5177cfd7de7a20eac48e2f7adddaccc4e9d079d6c2db22ca0679325e

C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe

MD5 0110b5295219bfd64f1e48e3abb7e600
SHA1 3427da850c4041d69a88b6a7db79c1d0919ff02d
SHA256 6a0a220b9a0685f957b5f1c744ec98455cb03ac507e6d2878724662be2c490d3
SHA512 f2059956f8a2d0b3fca720a1d06325c028ec495e5bcb059e2ffddf954db34f197f17dd1844834b577c2ae98561be3d277c7d2d691c228b1e9884dbc5593f198c

memory/3556-2967-0x0000000057000000-0x000000005703F000-memory.dmp

memory/3556-2965-0x0000000050000000-0x0000000050117000-memory.dmp

memory/3556-2964-0x0000000059800000-0x000000005986E000-memory.dmp

memory/3556-2963-0x0000000000400000-0x0000000000534000-memory.dmp

memory/5740-2943-0x0000000050000000-0x0000000050117000-memory.dmp

memory/5768-2937-0x0000000057800000-0x0000000057812000-memory.dmp

memory/5768-2936-0x0000000059800000-0x000000005986E000-memory.dmp

memory/5768-2935-0x0000000057000000-0x000000005703F000-memory.dmp

memory/5768-2933-0x0000000000400000-0x00000000005AD000-memory.dmp

memory/5768-2934-0x0000000050000000-0x0000000050117000-memory.dmp

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\HomepageAdvisor.ini

MD5 8650b1755b632485f2dd439f3a3c6126
SHA1 8c1ca0c0cbc869d75c7f174a77b282e457e9d78a
SHA256 931b07b89eac79e4011037fb46a1922c3837f25b900598d3ad0f386a030e88d6
SHA512 c0bd889d248e05ff2be70765f48c756ec313e481d7747c676d7365af3fe0e332cc76f08463e07f829d412ea9cf42b2aaeae6eca3d12438e7497bd77a428d1bf6

C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

MD5 f98a4521a2d99476b50fa4aeb71cd15d
SHA1 7a66ee7d7c88c5ff7f9d84277b97bfd66c4b20c6
SHA256 65d20649d14af3e6025765b5d0436c5396edd430bf155cbf8ad0b1483a7671f4
SHA512 b297763f3d9db97ca84c0509af0b6c289ee934327df280ddeae69573a934ad3fe7be7411e1f831a49080e9418b187864b205c31e8ebb1ce0e41d7cfc6efeabc9

C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe

MD5 a4c4cb5cd7e4c30d4d7e0dfb58c00a22
SHA1 1cf21920ff7c3f14d9084ae72db87b14de8635e4
SHA256 a711deeca99de5187715b98d942ddc93ced74d426f2e7213bd1237d5fdc31bbd
SHA512 b3f36061b60a31f6620f634e2ed2944f59643de2e08e1186eb61592d1660291f294afd5f2f9974bec504e130904222b2239387958d7dea82fc22f856e89b6781

memory/7008-3063-0x0000000004040000-0x000000000411F000-memory.dmp

memory/6956-3077-0x0000000050120000-0x000000005030E000-memory.dmp

memory/4348-3081-0x0000000050120000-0x000000005030E000-memory.dmp

memory/5324-3086-0x0000000057000000-0x000000005703F000-memory.dmp

memory/5324-3083-0x0000000000400000-0x0000000000552000-memory.dmp

memory/5324-3088-0x0000000050120000-0x000000005030E000-memory.dmp

memory/5324-3085-0x0000000059800000-0x000000005986E000-memory.dmp

memory/5324-3084-0x0000000050000000-0x0000000050117000-memory.dmp

memory/752-3082-0x0000000000400000-0x000000000042C000-memory.dmp

memory/4348-3080-0x0000000050000000-0x0000000050117000-memory.dmp

memory/4348-3079-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6956-3073-0x0000000050000000-0x0000000050117000-memory.dmp

memory/6956-3076-0x0000000057800000-0x0000000057812000-memory.dmp

memory/6956-3075-0x0000000057000000-0x000000005703F000-memory.dmp

memory/6956-3074-0x0000000059800000-0x000000005986E000-memory.dmp

memory/6956-3072-0x0000000000400000-0x0000000000552000-memory.dmp

memory/1340-3071-0x0000000000400000-0x0000000000532000-memory.dmp

C:\Program Files (x86)\IObit\Advanced SystemCare\Register.exe

MD5 7e5ba085d34688d31a0e312a042db571
SHA1 22f7cbbd537d21f76f1469a29a93ba179f3f6395
SHA256 8e0b2b92ae7bafe02c5dbc217a90e6b382eccb412660653c3aa028fde6ee20bc
SHA512 6ffa4e28eb31e45c16ee15fb3fa8bb914be70a11d8a507c89fe770d3e4bca6722fb8ba68d94c07c541a4dd8828b588c9ba5a1493f233c76262d25a23303fff53

memory/7008-3091-0x0000000050000000-0x0000000050117000-memory.dmp

memory/7008-3090-0x0000000000400000-0x0000000000661000-memory.dmp

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

MD5 f4015436dd2f9f10b3145a7e091cd4b1
SHA1 df94c1473b9f754aade3ac5f1f4d2d39aaed60e3
SHA256 6ecdc062395f9f77c672f209932c104fdb0fa8b5b865e10ca7d43f27b7ce9198
SHA512 16ef560626145e7320871705e2c0ddcf13b93481b7007ccd0188ebe2c92f888eb90124ffa3f72ca9113af40f427667cd7ae1313138bb1439ce5494bf1d09e7e3

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.log

MD5 e69d24b186492fd7cd164be466b6ce2d
SHA1 b517d27f5ee6859ae961a61c7ed3f4109942999a
SHA256 599dcd0638c68b192703b029b1be75b98e791c827c3b069cbdd3b8c86c049846
SHA512 4b8b09005c9934f727c50a0bc03e175569cd8288971b92e17dd00591f0a06dc1aecb316d7077aad482156212cde2075dca0699303130347e75504ee8dac462b7

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.log

MD5 514002e6df7881b9906779d75504cb04
SHA1 ae6c4704d24099180c0d6d1484a652ef8827fd4a
SHA256 4239f0171a480038b160ae1def7bdde32e8c04d6e5f68c79f7958c82068c68ec
SHA512 5ace089c34369a9a9cc03fe554a64c3e678aca1cc964283bb510ea272bac9cf059acd5af84124d7644b1e7d074b1067f5b4b6bd3d1712e1c30e263c1b4aa1533

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 a0b39082b00abc1a43cf6a0be98a8295
SHA1 8a475ed34424ddffc8be5d009eb44201439b7e6a
SHA256 0c737f2d06f25b6e039920f7100eca9feac3c79c34d46d1fdd68d79e5e517674
SHA512 585e4fc385be5eedb87af3f4e8edaacf214ef6156bda65a5fb9a6052c5ba17f576ca4de24a7388ca8163abdedbdcd865e98499288f86a45724aa6f368e2aed1c

memory/456-3281-0x0000000000F40000-0x0000000000F41000-memory.dmp

C:\ProgramData\ProductData3\asc\asc17Stat3.ini

MD5 e8ae8b1d022d319120aac3ee6ca77454
SHA1 191579a3c6960a1121d21c4b23d8807d4174c577
SHA256 d2e738a91c00cbd64327da07cd9150566040dea8201e523fba62e6fbfa42716b
SHA512 d235c0b3d8b4ae6fa21f1489696eb89ae71ac19e83d5edd60e69de38189b790e0f266876710a04a58e05f139047fe5f85b4fa9245d0f1740ceeb57dcec7cc9ed

C:\ProgramData\ProductData3\StatCache3.db

MD5 61f7cd9a536fd3751ce2af546dc141cf
SHA1 414852618b24d000c879f131f8f2c462db3653c3
SHA256 189899dd0fbe86f57c575fea2ba4e3067588e37ec7a8bd05da2b9177471a5502
SHA512 cb10ddc789443ab72f4ac3fff808f58c6ca4da3a9a0ad1e45c3786e07198546ed64be680d088b4e362714142e7ec5a6edd789a5e3d5de427cdb67224ba7c2cd3

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 ebe66a41a426cd03bf87db01e57f1e4b
SHA1 563afc778a77011c7776ccbc047c494111f5189f
SHA256 e5502f1cb1a26313340e6cc673886cbe8ea2b5cc81c12122d2ebb043fde2f9a6
SHA512 240ea8711a1aa9e6772b998e4e9f8eaf8e3c685ba65d092a4862d46e152a986cd6e8205ab515b03a975ad5028d3e58b0372a18901e3067525e59b2c23ccbed97

C:\ProgramData\IObit\dnsprotect.ini

MD5 61ac714b024cd9bcc9b78567f5cf8699
SHA1 aaf020969a274ff78b0d56e3a976f7c7d63ddb2f
SHA256 569f73537730a9240d4a5cd127e8b8b79307dc2ead733e77e6e6b73a2ce9adc7
SHA512 7f46d2fe2db6d47dd0baaefc2b41b2716fa589089e9fda52924382a417cfcd1427ab115a882f04d354a6f4e40c55f71cef23abc64267fb46ee9651c81d9e0a58

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\ncconfig.ini

MD5 132103d7dfa807915e23413fb96d10d9
SHA1 dcd143032895423a49b9086b47d17b4f53ac52fd
SHA256 065f64665ca72b3944cb40ab6d84551e995902402560afc39b54ab3906e42e80
SHA512 aedb56d9301d7540f191a7f4f26b1d7e2fdeaca6ddaba3a7a899a0794657fd4902f22354b21bfd4775169e756043468f49cc19c0efa604744d012b82163a753a

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe.log

MD5 bae361721fef873579f2dc90b6c9d8a1
SHA1 97c01d799418ba9fa770e7f723fa1b58610efa7c
SHA256 8a9cf51c1bca6025a8c180041654832f06c5a76b1501e4b4e86c0fd9765c75e6
SHA512 d66ad20680279d540b0932d6f167b723c964ee833236dab79cf8d0ca0031f91a4ab73b58f4afc650ad6bc35d48f350ab10fb927e66b844f10302d30d0009d77f

C:\Users\Admin\AppData\LocalLow\IObit\AUpdate.ini

MD5 96babccdc7b5729fbc7dc981fa0b4645
SHA1 746938a70e729e8fb67c72a364cc87007bf2f931
SHA256 d66467e0caf1d22923b16a29db4adf7cdbe0743034c9d0742d68c432406e0aed
SHA512 035991e686a9a5243a47661ac005a184815bf20a0365d05a03ea4a55f469d4808182feb8724afa163e926c998f38780a6df8f95c735b743cca36851e1206de80

C:\ProgramData\IObit\IObitRtt\ASCRtt.ept

MD5 127489c744292b692b72b4ad1e8b0231
SHA1 74b38735c759653283ab8fcc63ea7ac35838409c
SHA256 125bd1717ed7db8d311eb7da8e2a44cc720719e1d69c1c7bd311ce42e9d7497e
SHA512 3e37a5b0c5b0694e4a74c1e46d667dd3a739ceb8f599df45eff35afc82375f4dfb61ed2d45f1902f8727e206996109410b8350168c07435d1981caeb3cad26b9

C:\Program Files (x86)\IObit\Advanced SystemCare\LatestNews\NewsData_v2.dat.tmp.dat

MD5 d274f77de3882b035f27ba7aaa56fdd6
SHA1 42ccfd7ab2dfdba8e2f6a68a2ee5fda68df52a4d
SHA256 d78761cd5d3f94e220fb43549a329def8c1f3243b0f3b0ab30e74d9cfeb095ad
SHA512 921b9fbcf8b38ff27db8fef12d726a2970544858a65031e2a0a0f0514d37623c58306d17af4814df8276d68d5d213c775a85fbef95281426b9adff9397987ae3

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe.log

MD5 b4450480dd390bef921c8ad55cbf7a93
SHA1 4cf4b136ef5244d6155c990df8c4ed72fa7c6129
SHA256 812646c75355413345ce9dcf6398b8c94c85e7bed6bb210e84b25f7e5d95c752
SHA512 29704d92bd752babdb58c0d6573eb5371829cb7e0ee39633bd949f9fbc61949c41cea2dbc31caecbc7321bdffda374021df8fbc48c4dfb70af482441c18b3aec

C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.log

MD5 6fe5c78cacf95b16075f2ab1f7a22768
SHA1 7a75bf695e044ee2e2c31ddf64a3db8d0fce200c
SHA256 77c0e72ac07d36e98098e96f87f4fa610873bc62f0f990817f11c68c62bc1f43
SHA512 ff309e65f58bef08aacf9f12bed555963a78cabe4e63c31b356ce27d82b946045c986e777b32cbba0170b369f4e96ae50986719f5593c20993018bf11d635513

C:\ProgramData\ProductData\NewsStatV2.po

MD5 dc72bdebf3016a463eb4e209af1aefe1
SHA1 9bde7acc8b748a89daee4d756fa57ce3007e82a9
SHA256 472e48643c0b957bb7c612448330f07ce0cb71e14541c6b0b9ce789bc82e91da
SHA512 de6999ebc8dd931a4417c6861e36127a6b7caca1543f1db94eb90c3624045ee57398d2fb1a4841e0647ac0191ab41a04d6dc8642c7f1b888743a03a985c65ea5

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe.log

MD5 f15c91d77aa0157e770dc99153900036
SHA1 e831c1edee6f550f04ee6f2d50319128ca71a58d
SHA256 bcdd5fd60ce94ea7905524ddb2711064fef1638d51881fc01f3803b499baaf3c
SHA512 a060487abed528350eb09229c6d53aa99f8d245ced52dc5cb1f4607f46ab4e6c95fc9a345e91bb6467b175f262f85d3bd4c33231ca0c1425e2a07f7cf21df923

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe.log

MD5 a1a05aad9f450e43e318ca3772cabcd9
SHA1 af4642394fa26509b6d8862b4e01c8cd73e68477
SHA256 ea94aa2ec92d941550901b98493d02549a47cf876947da7da53cc0b000aebc94
SHA512 436d64020d49a94c086394df56a72931d835151b7df3a9a3971ad0ce846354cf2442f7523984bf2b6d0e64b0fdd03d7f0efd786171f80fa5daa06e83dd97d6b6

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe.log

MD5 c2bc7db58ba48d01387df7aa4972c0cb
SHA1 ba85cea7cefd8d65dec2762a99536fab2f30f20f
SHA256 fb00df8ee99de863aebe737e991098428a19e49da7ea5e37b89b3a0ec44a1312
SHA512 10280542d419f063f01ec2c671b0d0d0a23ab5b1ba8ea10e40d109af1c39c5ff0853de23b7a7c3205c5f3fc6d751814ddddbd47685e62ddf8285f740abf41aa5

C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.log

MD5 800407940da5650867a1ff02587721cb
SHA1 dc7f2597c286ef8f1f7a99bd6ca52ae68ee2ff2e
SHA256 22e3aef3d11fa6806f84781a1bef57618e15808c7f2e681aac6992c351264202
SHA512 00a94e4877ddde69df00c30b1994970edd5223a6f0b5219e271c7f2d3267d8c5092c4f4a21a8b168cea93aec4d7946c6001770cce1a71ee49a6aa8a144361f43

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Update.ini

MD5 01ef38a6dc4b6f816aa277c7e198f4bf
SHA1 be77089fa6074074347d2f321d34de408d81098d
SHA256 f1ab45258bdd7a4c34a2a4968531192ff04f6e734641284c65c4d187a91a4a7b
SHA512 aeb70173ec20ef7d323a63f5a779eaf469e03262827496957c05025b1689b1d770f9a37717e2356484b41d2286e2e7b779c4e0ec0213f4000ac6b158eb037c8f

memory/456-3629-0x00000000043C0000-0x00000000043D0000-memory.dmp

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 09876e7420f5e246da8a45a786b14a46
SHA1 49f53fc1df7b44785c70fbd5f008eddef2b42d5c
SHA256 a005521b4346c8d69bc37f61f0e02bdb7a80c6d8b6e7d361f1040ec144eb4d2d
SHA512 5a7cdda781101a00e917cc6fa6932ba5493bd33faf6c852b74c28c33465b9d2c6a1f22ec0c41c3739f3e52bb926ec57ed3b8db8aeb6c2739437b4ccfa0fabc71

C:\Windows\INF\c_volume.PNF

MD5 b51be19095bc72c0d98992d49662ea60
SHA1 eb70d3d6311e5d6556079c3d6c628b37d5bc8b17
SHA256 f69d9f1301921bc5dad0ecb69adb6eab0d9d10382351a8375bb35179fdbce7a0
SHA512 d995833caa7e09babb4222d339ea7bdfb04d411a44faac5a4ce1e5451b482e086eff354c5bb175ea1a65d1d0a425c51cdf57d027a535a6e23337b4a6e566cbd6

C:\ProgramData\ProductData3\StatCache3.db

MD5 d7c20d1df48eca9092f39b8b9f101ec0
SHA1 2fd0df3206282690b09ff218d3c04c75c3750ea8
SHA256 558c5dbf1e94a4c138dba2fa4dd677af7379cf60510809756befa9f6a6fe1837
SHA512 5f2974310e04b6028ec2f643f971a1e07c99e094576984ac45f9b53c2180a3309def4e4e4d02e324b8c34aafae91c2af2e7187286d35800474757a87f56091f6

C:\ProgramData\ProductData3\asc\asc17Stat3.ini

MD5 db8f7a9be4925ef9191d9a46c54ba9c1
SHA1 c69b43c6ba08f38b59f9b36af9c6fba46603b2ff
SHA256 a6fa46c0aa72aed3f25695ad315e415eaaa644e27b281aaa9106755b48a1db0b
SHA512 d00a085d8dd200053069950b1935b4f383108fd6021d816ac1f9ecdf55ec830ed88f8c9eb15917f6584b749b19d8906c7c19a3f6adac3c668cabd191d386a9a8

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 058075ce77fca4eb496228b0cdd1d0c3
SHA1 044f46537b9b1fbe8594e54e14306ed05572513c
SHA256 e6f2f1ecc6350c6cff2cfd7cfcaf80627cd214e906842e97950896a1a835b8a7
SHA512 fa4aa1d74416f8f792ac9b60df1e0a4e44f8a298261af21932b1c312eb0fbfbe71d993c02c43fce0c0214fa6b6f542df9d155a02f22d446dea52dbb4e877562a

C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log

MD5 0b5773f03cd79f74085fc931acb5f717
SHA1 22d871060658e5fb8ecb03a61f3a7e3d7dd57d83
SHA256 a25b9c2fd80c2b640e35c77ed42f581598095316cba20c341fb1b1159c947e50
SHA512 4450b1b63a8905204e47e06cc8de0db3e1087bc8668da27be6e76e1ebd124ce5395b2db1f754cf12666c6eac14b3ac39150f12ce6c37bf0a9c71bc52c99edc83

C:\ProgramData\ProductData3\asc\asc17Stat3.ini

MD5 c8bd58abe0bf51ad25d2d89691d17d75
SHA1 c0d21902ba850ef9ec0bcb37de1482ec4dfc74e3
SHA256 c52ef898a352acd38b1ce78954edcc2a1cb0f5fd18a7329f96598d75e20cbcc9
SHA512 df43984654a8429411fb9f4a84556a528be2969d7001331c5f00f49b9390910f92fe81c4406b2d560cf9cdeb64aad364029715257d1904db041967b33e7a3caa

C:\ProgramData\ProductData3\StatCache3.db

MD5 f324b505684f20bc205edb400d32e661
SHA1 f0ff0f523639e7f8fc6d56677cd0b5694bf8f6d5
SHA256 706e1c96c65496037e730a602396d2c1e26b6c2bf1eed45dc50ab449e60ced54
SHA512 8634c48aff20f7a11f02360c0ae90177fa71b067be8cdfea8b4ab3dad073bc7e15ab27a816c0ded5bc0a29faf9aa77480f311a25db5b2f8bf00c4628e382c591

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\popconfig.upt.dat

MD5 8c1e44e3173a3725c8624db4c0489b61
SHA1 57511bfe9a08046385dd404098ab643bfbe8008c
SHA256 b4c6d01cc6418139ea1d6abe70e3017a9c824c2c86f868010397ae1b53499f17
SHA512 c14683214c6e2cbd73844fc8d3340ec70d804e8d4f88eef5dc04f4f7636d4923539dfa31166e7c62e549781dcb76872cf326b2b4739119d8f51096741fbbe36d

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\ascevent.exe

MD5 14de43d43150d15ff82aecb77fe9deec
SHA1 c854d9cd58951bc6b7426bb7ba9aca190210eca7
SHA256 5ebd9a78bb0b7d7640bb53173a86cb48f42fb0092ee0c4f9461c4a07050719e2
SHA512 283da8e8af37d6d5441b8c10f255d34b4a930411a1d74b087473989a07cae767f6f1bb5477861d8c234533200b27dbdeddaf98eef1f3dd8ff70d44828c0f7a54

C:\ProgramData\IObit\ASCDownloader\ASCInstaller_Downloader.log

MD5 d14cd17d26d7531d8dbc62c1734dfe52
SHA1 58de48dbf41a6296b53a9f0c2b3edefb40b4cdef
SHA256 5b6c0d0757c0478769a34d7015511624c41a647a537ce0149d45f78972323d3a
SHA512 ae4f64d642607c3dec44c717f02189ea7e39aced7aa5cefaa1afd8e58e0940c17425acd6fb78f85469c0ef2316457bc15cc85959a942d03b6e32fa2aa233581d

C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\ZLB2A19.tmp

MD5 64c95ee7b4bf7962485029bb65c14679
SHA1 63c5d9edd269e6dba4a4f9a54c3a3912e13f2908
SHA256 666a4fd416b9f5a822bd9c3653098ab3d66db748b992ff347ec962501d0633ae
SHA512 36426017ff2d379f4d143fa1b6a90909bdcfdd1fedfeca7fe38e5f538927649f840bc9f244f1818df2f7f0ec96cd50e4d09e23519680070bc64e2376c24473a8

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\ascevent.exe.dat

MD5 7accd1fe17bf6cc24069a7c56b836389
SHA1 b2cbb57d7c11d356c39128e8394af69c03b531e0
SHA256 c05eedd746fea3e14ae683a8c9b27e571ba35a5926650865b77a04d75de86f3e
SHA512 9246e545489737bea01e5cdb3298d43fd723ad4aabab9eb0c9d24b5db5e914bba97b4dbf39d6b521ee696d6583322365cac763d5000bae5632f8981e85f2a7ec

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\HomepageAdvisor.ini

MD5 99076368ecfa1d8fdc3b1ef854d81b97
SHA1 a34a1c22e72431fa16b0c21cb07bf620a03a1300
SHA256 e41fbfe729850c91550553c74395d92fd63859fa59206ec206adf4dfcaa546e4
SHA512 a681e2b3c0210aaab89eeaa5ad3269acd4858a5c9424d3198b8d50f8363b74702eb454e43d3cead61f409104ad1afaa3c7bbf8b14595bba4b0ff34bb609ab454

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ffa07b9a59daf025c30d00d26391d66f
SHA1 382cb374cf0dda03fa67bd55288eeb588b9353da
SHA256 7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb
SHA512 25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8e1dd984856ef51f4512d3bf2c7aef54
SHA1 81cb28f2153ec7ae0cbf79c04c1a445efedd125f
SHA256 34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7
SHA512 d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f538a42c706eaed1fdf4c41741af9eb
SHA1 46f7f9105455d993e511f717e71a7d29dbc0c48e
SHA256 f5dcccffbaa27cc65815a1867d4cefd8f5475f706cd0034e039941685e97a0cc
SHA512 92e4cf4b98658de4ce68c9de44ada0314f9b78de4b21c6ad04ac99333c4e7e5abbb0ce1db20ca8c6348cdff52b219976a29f9df9d08533a853750d7b64722bd3

C:\ProgramData\ProductData3\StatCache3.db

MD5 5a905c8e05d339f5bac77eab4a5d4cb0
SHA1 a200d26c16ca770442347555854cb90c03307839
SHA256 f3291cdac095a4c48b88853c7a27e0c4bd2aee515c8a4f58c7d97ba4676c9e82
SHA512 2e68f6de5463c11da141de971cfa6b0727ff697b9b60d658ca27832adbb2505244ce4b39bcd847f569a16ffbd2e86de69ef021a4371555e3a3beeb8fd935232b

C:\ProgramData\ProductData3\asc\asc17Stat3.ini

MD5 c2157b458ec5821050b9a677d15fc4c2
SHA1 05b49d0ebcf6f158bc1f7d46082a5b4d485a3568
SHA256 7d96ad60a70f6b77c1d0186ac40e3062b45eb18006a6d66381bd3120c790c99d
SHA512 287f9e1375449f729b191502629f53b9811bfec49ecc51ec7383d84210e026a5f8277bbf873c50ee7be2b5c3fa882c38941edb72e0838e4bd99b954e94b9acca

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\PMProm.dll

MD5 527f9a39649c5af4afdb10a0d1f4569f
SHA1 91c162c77c673b5fc2725fddd27c308094babbd8
SHA256 77b5226fc62eaa6f146fc0b47c2ee16b940da9af71f2f5f151f3d431e6988ff4
SHA512 dcca969790b1554b2a150121f54a8ff33c8ad4e008a0338df4869dd788ed16287522d6b7556a20bb939750c1d186907839d2e2810124d8cb39825b27f89bb1b2

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\PMProm.dll.dat

MD5 1575d519e78f08358b4ae5cc6912dc25
SHA1 a2d2112b835c9da0f74c758de4fd99afbf29e60c
SHA256 c8cb38244b8ad965053d6e345b189c3e4f051a150da039d3bd0ba8456a9c2875
SHA512 7919c02ea8591802be4a9e824c19d3473b077a1e046b742436f29ff601d0667cd7491aa96a1c4d8b96d1ec7189f0f3fbc7bfc0c86f83e456ea49f072288466eb

C:\Users\Admin\AppData\Local\Temp\ZLB3A67.tmp

MD5 b24d1cadd03a90771e90eb3bf08f299f
SHA1 132357682491d4fbe8c453849d3cc97baf961651
SHA256 28c8d2e08425df2897f2f4d440dca33ef169cf037137850d98c719a50daa1463
SHA512 8ab02591346a387deb7dcade8dcf5cbe3249572e7348c48e43d078226386d07e659942ff1a4ac6ca6a05cbeee48516c6464efa1aa07535cbbb1e3ffc1ced78f9

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\rmuin.exe

MD5 786da5e6e611f691bf5f88b51d379e47
SHA1 cc2fc447748d30545bbce0128b56cfd3302bff68
SHA256 87580b8b527e8324ab75923a48efd6dc90c23bab56b0e133a25ddea85d369e28
SHA512 0cc8ffbd645377f383097420ccf04d0eb486c0c6d37636f1617eff5e8e6de6f248b1a8629f3c12c5be82c9c8fd99caf82e893206cd3f36671012bd9578d2d3e5

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\rmuin.exe.dat

MD5 a6125b7d9dd6e8e092e30d6c9783e3d0
SHA1 298068aaad70c30259e00c67d988ab896ea32476
SHA256 4df8f087c6443b11d3f0509ca924a3ec651b8a3e2d23bcef12ca66c9d49bf267
SHA512 b7dc3d3280559bde7dbe243534b27902a2faae003b86006d8630b5b6d48aaeb2a727001809072647a9668966e881147f1541c6df8714087b47914ca2c8244c54

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\PDFTRTips.exe

MD5 001b9b5ca86e1a157dcd0a3055cea25c
SHA1 8a6b3fdbcda48dc94a0f81639d64fec407ad1b4d
SHA256 22be46ac3571deaa1b0322841ca9c5e392999e25dfddd46c134be9647fd05011
SHA512 b531667d6989f8d1ac7b74bb66ad429becf616fd6efbb7c38137fc15e94b5d1ed1290c449241adde4cc922a19bc3f2bec69863cce994294518f336f3135071e6

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\imsctadn.exe

MD5 11acd6f4b2b483533c92881b22529fcc
SHA1 e8a0dc12506b9f2500ff52bdba1ecbef469a6820
SHA256 65032e5836ff40d3bbe6ae7629e5d4d710ed10a2f0f7a6814091f1ba475d51e6
SHA512 f4ed9b027569bb733c82245a74dc37df65177199751bc05d3f1c8766fbffb9350249530e97a752627ec3440101f16f259476687b25e44eb192f0198b76edc30c

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\imsctadn.exe.dat

MD5 4d451d6603a37681444b8b63bce129ef
SHA1 7bbf4e878b956439eeee7db88eff653ae19cf93a
SHA256 a66d52f558fc0d5b049c4d7c95ba7e7df4ac50cc87efb9b736070b59eb08b678
SHA512 57b9a9331655d4494fb6514648eff5fff8d4d7c3beb31681207c7d82cde1d694218fab4efcaf06ad64a13b938c0121b8fb9f3613953df16802f4930bb4a1fb20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1900376ac2a01b57ca9a18be85576bf7
SHA1 ad7d04144e948238635a5bdff5e5a36ac676c397
SHA256 69cd20558767c999154c62dd89773ccaa50b931e9392b1a9d679f52a31b4a66f
SHA512 b0f9e7be77a3db2f1ef682cc2366ca541fab1d02c046141593a924cb7ad7b412c714c4262549d18de8659c91941f16e3820cfc056ff48046aedaf156afb8bedf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e4e532b1806345fbe8e6112a9ebf559e
SHA1 ca055686478e6ac79ebc8902e17736ca297c730c
SHA256 883fba8e46b3d1420623d518d0672b8ce967330f97b414133c646a446b09d9ab
SHA512 6b9ffb37f937c6cf20e63fa30eab18ed2856bdc75a243a6f546f3d4bc6595b1706b26bc5853252299b9bb4628e3e2d2225459701098836a0238ec024e2754f39

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\IEasyPop.exe

MD5 7c8e5d68fdd25e72a3f61844bbdc22c8
SHA1 cc000face22d4825174a072747daee6a3fc0f84c
SHA256 3784dbd430c0f27d140dea531fcaf1c0654278bf0f2e011ae7f9dda2dae979de
SHA512 55edcffabb37150bae56bba0bd965e04b6012d7ca5597770cb6d3d9e234bd56a7901cb24143066692a048f659f8a269015dae648ca6e0b9cddbd4b1d0f3665dc

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\IEasyPop.exe.dat

MD5 889b4b1eba38ae01c000032303a3e0bc
SHA1 6bd7b69e590d095cb0f52effd31d12240aa59337
SHA256 751b798c363dab5ddb203727251c36c76991e9797a7210bc28b11392128a94cb
SHA512 4e8c5852d929bf16ee8a0ceef290b8327c571601e370596044cf28a57416c81962201cb57caa7b4adc58d44823797b4ea63d0f98cd2a191d11568732ec92d3bd

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\IEDRCTips.exe

MD5 991452f603a6e23611358783ce209aba
SHA1 2f5aad7e0e3b232b79192e017fb5eb11124b316c
SHA256 9940eb46dd8934b6af606ac66c00c8a3660ff78c8819c8b7433f05f4e439aff0
SHA512 44d237e5c8bb358cb54dfa31f09968ef34c187625270b50fab9511a3f8585522cf1e8dc76f4e1aae9436e3447ac4ecc93769963044cace136ca5cf4e9f06df8f

C:\ProgramData\ProductData3\StatCache3.db

MD5 25011bb2c28426047a3dd339adc9a226
SHA1 d345cd1d8093f09d227b6c991778c56b62e171cf
SHA256 160ac87c47a66907fcaa5f7770da1ebab9aeb422b12a8f868b861000de4b6546
SHA512 957cc99a2f91b70de8bc06eb80dc16781b684631419291c515b831d040c213fd96e9d893fe099291ef9159ce5b2790bca37994e3fc926d0446a1af8b8ad16cdc

C:\ProgramData\ProductData3\asc\asc17Stat3.ini

MD5 b1e320b7773910afde2924509b7f4fbe
SHA1 d5f94d8df3f4bcde70566ee17173fbfe7ec18aa6
SHA256 91cd5dbf2ba8947858131eb541dc933617f80e6efc3bc40290c4bd88a44badfd
SHA512 93636b8815729020879423e9f443faa71aefba22a69d989b212b38ca51e3fd94c01b0bc69c2d8fc9fb2ea2524fa016406b8f8b9acf8da7a4b6581220d737f116

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\IEDRCTips.exe.dat

MD5 714cbc60ca4a3649c9394edf5f37a220
SHA1 ed229d746e9f6e5c9b187b748b5d9ea60e03f6a3
SHA256 569de83f49b554f8b61492946054a4f1c22e138de9a8e4c4a8ebf007dd94e86e
SHA512 10c8903e7b131b50c62c98fc5adda92dc287e4a86fb608af54e1fce24c5c9d924149d3b30f9e6329ebecc37f7c7874014e0be2912cb7ea75fe1286512edf3595

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\cbtntips.exe

MD5 d91ff47a22eba4c268706bb3adca2422
SHA1 c088299e08608947bfb2cd2695041cda3c9342c8
SHA256 d2e55e8d5eae1e6135295b7d9a5aad381c38194360e1a96472ddf140aecb9866
SHA512 39792fbb17c9ec71f3a064ea1bd98faba2cc2c7324b8eb9b801334e80df26e1a14b39049067c4f346b0fdc0230a97d48cfbecdc85b2babfa6260d11fc7deed78

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\DataRecoveryTips.exe

MD5 3307cdfa5179ece7b28eb1826b11154e
SHA1 63bf508d4fd4fc4ad0571e0ecdd56bc9043ef445
SHA256 aca2e50110ac3acc40cbda5edbf542954a25cb8a82c3e754352474b424ad6790
SHA512 9656c44a9e0f3453f04e77fffe005a6d0969e7c88d4b98dd1463fa63893906231880092e13dd9c14dc781f072bfc659085df4d74e958935e9a05236076f9cff4

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\DataRecoveryTips.exe.dat

MD5 d727f3ec6dcdc43fdd161c9679189d2c
SHA1 734aef8cf37f7e2b7148fc7467989c9b4a517ea4
SHA256 cdacfa6a4677024dc52390394e0dec4a9c2cfc53e7daeda0483103daa92d4ae6
SHA512 174fefc36d2d8a4a9c41223977bef99cb47d6c8cb7a31f6dcada8824edde1b6509f73c3ccdc25a0785553c855c1bcbe2e3cb79040b397fd7f2455444aa60f8b9

C:\ProgramData\ProductData3\StatCache3.db

MD5 241b4f8d4c08e3b611704eaa6c754f4e
SHA1 273bc4b316515a59935df8684d260370ef282e7f
SHA256 9a7a6e94aca1c8da728d31faf09233e459123ab111e769b2896f16ff9e760165
SHA512 04cb0ad6db075ceb0ec5c723728365187b33396a5a5e53eaf24761da013d15461bc2d3eef9223480f211443f8fbc0a51157e0b4a76f95ace104e400b9a6da162

C:\ProgramData\ProductData3\asc\asc17Stat3.ini

MD5 4659666e838669405131b9cae38cba8e
SHA1 92a731a2490901dece1a175bf0692707428b22d9
SHA256 583964af1fbadb150aa44f3a5f533a23e1a0c55a656a2301cd94e1a5d0af925e
SHA512 94cb91842c283e6c07457c6044637a8b83d98ecb98c50da73a510787b1bb26eda686d3d0a48951c1801beacf4ba0779583f3c2177e76173755787e1921c1088b

C:\Program Files (x86)\IObit\Advanced SystemCare\Update\DPMRCTips.exe

MD5 db0eff55a0d1b049a2534d94fd6f4780
SHA1 b9d2e9f84575910085ffdb258058285a005a900f
SHA256 f09f5c3b1260671daf94b3c857c3ed824790ed3ec59b1240c4b5351d323e7d47
SHA512 84ed176cbc54b1b60d7eb21d703bffb670e51c87e47b5aeb04061ab6861757ff05f2fb92c48ed29fc7d0f6ac00647a9679169e81f28cbaeba9a6ad28de8320de

C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPInit.log

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini

MD5 d3002ece36be593dce396c9a95557bde
SHA1 81a694c89547bd52cf2268024e2bb0733b520c7b
SHA256 746382225d65283df53df7235121aeab2d279975c5c4004a4ce83fd16132d7d6
SHA512 9ad60610557e834447548185957333ff19f719d32ebf96ccc6e92d5c128100b007c5681d9efcf5a88be8b680d158de905ad2748c7473d46ea9a0ac943c28a26d

C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPInit.log

MD5 7ce71bd5e5972e9bb0899026bc6c2691
SHA1 3f944694c246224c46ecde219666649ecd863c29
SHA256 17beb25b7b0b48804db6dd39abfc6142c7ee0495d31e481aa27ded259338d49e
SHA512 fef45ab9a92110fedd32032596e2d60ffbe652d10d13816fd8c0c468c35519e39d4e42e0144424c355edf0db0459f2d4b8ad10bfb80a5cbaf4742a4d57a9a2f2

C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPInit.log

MD5 0476b1cb8cadf8503a6ccd7fa735c4bb
SHA1 93a6494b60a9256ab4c7d36c0a39b59542b7b6e1
SHA256 6c447477a4ff062b0a5559a0fa032196f38ee63ee3292d5c61e04d54a3b4e5a0
SHA512 c634b498249cebe8b94837c53413c8c22bad43e0d8ca4515e291e4d9e0bd0170c02bcde0210fff03a04214551e3942f0d07a87342647866083eb31324f2e7693

C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPInit.log

MD5 18ae2113668d1d3928fad9d783647620
SHA1 0c9ad5b4e271deccfdc44ad5d95e95ac2d265a1d
SHA256 36696c6f191456771f4dead7095c19adc0f8210b408e02717d10b04db7b99e0c
SHA512 e3486003dc04a974c114242a7ae6c95717ff52accdb4855b9f292d985e390b75fd4f99c2f712c98d409813f5872ea99201ee16ee632fd81ffc5129d56bb27c14

C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini

MD5 0dec3ec229c3330d93a88731dbda57f4
SHA1 4848123f825cf4563a385902e72fe5ec2ddd8d43
SHA256 d641018586042f576610771c5a9da37f9cbf706eab100459fc3c40dc87faa021
SHA512 293494405c4071abd99e86a3f908a4ee48d56764dbbc205545e9870a931994b92a0a9ded8c52f0ecce88349a522f0ba32ef770794dd2c05ec760b4ef9171c4fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 435c8dbbe0e30fa9bb9ab29f8832c4a1
SHA1 0f365634b285b928738b8f0479da702187aa179c
SHA256 e3b0b4adf49390e24948008ab4ce238632ea3dd40e9ac20142b55ed48bf53577
SHA512 f2ba632e25a49b608cde5a1aba5b62ddda085d99ff3c992e9ab3092d50b22ee019c8e3636e0a23f4284cc8f818939d2790eb7fef6dfaf3a90f969c4b2a3f4d07

C:\ProgramData\ProductData3\StatCache3.db

MD5 654d93f4b7d0ff77c1bb5114ef95d202
SHA1 5654b3ef62edbcb4bcd180cbac115b3b673eca73
SHA256 991ea10d057cc8bdbdec5e451a5081995cdf82eefc255f4034a3047fc28f8f1f
SHA512 8b69cccabf02f669953a93082dca703990dae61f0feb121e6240e52c169080e2680d714945ae2426173780acdd3f3b314d130a8aa2a823c0e17f94816b99e8fc

C:\ProgramData\ProductData3\asc\asc17Stat3.ini

MD5 3c86d8c12ba772aa019a5da3f8348064
SHA1 7f41673180d83fc0f7d38f8c69b56a230dc5ca39
SHA256 fc171e548d5a2f4d40c36595e92abb385875eaf0de5f9007ecbd52fb8078e967
SHA512 64248b73c3d0992204ca38b28de5e6fe3d212e1131bff5d888539aba6af8bfa70b3af7fd60d7281a46dc54e6a21fe58a3955d05a061a6387914f34fbf262d2b3

C:\ProgramData\ProductData3\StatCache3.db

MD5 637cced9585b11516683111badc715f4
SHA1 99e9320e60def8b2cdfa8aec73ff2df7a7ec3bd1
SHA256 110ebc1d2a72a8b435560b3e105cd3ae8d79914a1162be87cc161a46c61557f2
SHA512 cad6ef9a13a6ec1764f072d3d62df0605a75be8e7cc2063f4fa6559e4c3e97525b040cb585ea8004cbf6a9c4e962a135b9a8946034b2b888bfaf87aa0e870058

C:\ProgramData\ProductData3\asc\asc17Stat3.ini

MD5 0c976fbf60479f5d706c55f7150749f7
SHA1 fa34d1689b0b0dba20d06c8aa8fb0f787b82d7fe
SHA256 a7ef2d5eeccb591e499468000dd3656364a4774a04eb810df15cee91398d9bd8
SHA512 cfe46c69ceff89821a4a769d9bc4a2cdfcd3d1aa7e2d2ca18ced06df4b1b8c3d8c52677d63b24ab9f351123ef0ca4359b8bdc6b37bd43dafdd6fdba7c17cb5fc

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 0298845c5dacce57863d4d716c73834b
SHA1 dea05eccb840c1a7ae1ab884c9d5ea829552e5ea
SHA256 69c67d7ca800fccbb1c63c6ca65d39ce1e669ac8c08b13783776ce4e5564ca4b
SHA512 d271404a2ccef468387ed7561e7a7297fee62e11f617b794b39400c9f29af9d7b429af46889ed420a4ebc97e3f7882083d0703adc6106370d9a6356fd8ec67f5

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_py.log

MD5 f2d12fbf5de95a68b4a0557d34ed2c2b
SHA1 d22205d46295499163c8e23b44fbb4200bd075a4
SHA256 fd7e8cf52f15f5f31a9e72f2ef00b8122245dec672ed9bc1cb52dbcc31fd20a9
SHA512 95b4357e9d5a3ef7b4b63e0ebd4d848f55c200993dbe61a908fb1cb0f5ad3fa7e3bdd91dac06453624023d3ee687613cf2afdd1f1203aa38f168c7b5a15d21ba

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_py.log

MD5 a346ad77f7c5e792a81553dcad1aca06
SHA1 9ee53eb441abad9d0d04753869967139546706e4
SHA256 151600dc6b1a2ed97b04a85ab854665e50dd94e7417614754283ebfb73a466e1
SHA512 bd7d7f68522255d799939359503880bb9f7d085fe043caf05c5187bdf0bfbc7428c5b47fcdfc6ad6cfd720b0bc77b98c440b9712069650c1c7f0577a70898cf7

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_jk.log

MD5 be51a298ff376d70674c43ac0d96556a
SHA1 c9524fc615a7e1b278c0e4a39d7c12d9632115e8
SHA256 541469b6fc0880875f81ca8a26c9e3ef6d962d4c7a62fdc8c456fbab3289153d
SHA512 6b3268879be00d349c713a2b0d57d3fd8beaf003a65ca0d6f60eda200b47837ac5d9d20126a6058f65a6e22741d164342daeaaaac69806f6bd2526744379d6bc

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_jk.log

MD5 a417b73a21cd527319315b44d0db20e1
SHA1 b380430001bcd2fc6ebd558679e6ed1910a5bb1a
SHA256 2c857b1347c17f0a97bfe73b9bebb40e62da4387d3ee05be1f2b6267829a6078
SHA512 98294eee0ea643727424956fd2f87329053a3627d531f2f4adf5d6c34cb916c4922263e117c4204ae9e8c1c9bbcdf6f4498400777978457f07b3282047a960c5

C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_jk.log

MD5 d8bd1e9fe3433808cddf9c8c63bca6a3
SHA1 4645d592ef6214364b944789bb0f902cb1000e46
SHA256 9a50db35315c887582864927c1eeb6cc20ba9a2a99a975008ffa50b0f41e8371
SHA512 271cf829e8da0d77d1bfb971ee9b11b38002e59f1b4a5e9269d5e3b23bed99824cbd3a397f880d77ff18b761a2a2c87d8803f585ccc68b7c2d6248e2dc2e27ab

C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.log

MD5 23f175a17f08f536720d20bbb06bf5c9
SHA1 cc863acc4786154f59027cd518bc67771dac6e8e
SHA256 5134d037cb5e876a2b023da4bad6bfbd7cd5b00a0bd6de35432c098b53902826
SHA512 fa27e44b15a8e739c77881550971bf80dca71855b9face9504c010f6a9cfd5c9ff9f99295dc97b8589f61e7fdadc8129e369f2cd2419d5ca8c69a8d10a0c4184

C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.log

MD5 d6706c2d1a57d3396c75442f3389fe5e
SHA1 4020641a725e54069172830853eb0c6b21a9a101
SHA256 25b67aa4ebe78994b27e78b75da5af09853f57424345937b9f36c0e0e543734d
SHA512 ca6e3d73e8accbf950eafde4dfb91c6572b3af5754d33863d792699d1de65ae624646bec9387ae0bfb758457c120bdd1ce404596070d1966ab69fb17b900bb85

C:\Windows\INF\c_processor.PNF

MD5 ec877e288a4bbfdc04eff629e1d8ea17
SHA1 b4bfa2962fae175c53b37114722c0bdece168c7b
SHA256 c72131ca27f5d9aabaf9c5d423d4410a3c6369db4f6f69c0ee2a8c397c1c9d07
SHA512 b9d2d42e1bb72be946edd10a55f2b41d0e9ecf68c4b2373a839f5aa4a35d0fbdec79961ec385296df68d1bcaf82c444fc5fcb04ad25cf4d2b87ee2560baf2665

C:\Program Files (x86)\IObit\Advanced SystemCare\DriverCleanAppLog.log

MD5 2af3843b5efdd67a806814a8bc0589c4
SHA1 5bd70cf5310bb50d12c70c70e127c487269c0336
SHA256 34a2aebeaace3ca86081325600ea7f824d98ce794a59916514e37c5c4a8bbe09
SHA512 fa06ff962e8706a782dfeb3cef41e4f6711399ad78082212fd0c81924d57da41fae3704714ea34b6bdfc6a8ecc1d8479c82d8f219a7a5a6a6878c18c328da38c

C:\Program Files (x86)\IObit\Advanced SystemCare\DriverCleanAppLog.log

MD5 2263e3f3830e906f3f15dbd0c01f36cd
SHA1 4abab7e4616d8845185737c82915db8f9e23e2ad
SHA256 e961faa30377dd449fa6abf2f5b37e4117a1efa42dca33d892d0b508e17ab15b
SHA512 8f81cbab9060663cc0e78ecf76a9877af5963ea93fac7f446f0230893cbda28e0511d25e808c8999f2b9742bbbe2e2154feb5ef7fadfc68576733ac70e274aff

C:\Program Files (x86)\IObit\Advanced SystemCare\RegRunLog.log

MD5 40165d2ab730fb07ab371d83a42f884f
SHA1 d91028347458fe14a777f2cff4223de006a2c8ba
SHA256 2889d9257d7f1eef48e4f3108bc959bb7962b79596288e2ac60e6b79dc4a6db4
SHA512 41e3311e4f57e77559e6b2999a57ce58f8e1ba3e12090194fa39f00d37a4c82a3db0463602379e83533893487655561e7980330d33b79999a5480c62be2a973b

C:\Program Files (x86)\IObit\Advanced SystemCare\RegScan.log

MD5 2c146acebd7edf349e537a08034645bb
SHA1 41839c4fc58eb9836e3b67c4131a177cbb84a28d
SHA256 1f453c65afc4220067334cd021fc59a421b9fa6b4639587d67f8e06d1d1bdfb1
SHA512 87a3b8fb7f66f20472a1aad1973200470d9b6dcf4a8e0793bfd657016901d2c18a70a3fd8008d56275dd2f107fd817b34deb7a860f701fc576050cab30eccf6e

C:\Program Files (x86)\IObit\Advanced SystemCare\RegScan.log

MD5 7bd9a26c474d9547dc076b1772be0b66
SHA1 7df2c716efd19bbee6ecdad7d51a22d020aeff00
SHA256 3576306a0432538679fef2607a44dfbfde9b8c8db72d1de27b51cd863abd17df
SHA512 5dcda806355810c07dc0682d8e3bb9f31db076c48ea29b116cd8eb0cd85b6e7993874fde6938143e88ec466f4c396e9f241ee820091a4872ac30e174ca12911d

C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

MD5 b5ca1f5a0380eb23af9eea66e72c5d3d
SHA1 da0eb6d3768c5cdd6fe3b3f4fdc314a4b1699308
SHA256 33e1f13e2d5d7ecc3bc4186c8d7ee0dd134e679559b23e6ad9f353d4365f979e
SHA512 828e201fc3a42fbc9fad3d6f87d3a0f9e5257e573c8102d9b7f3a1e1da7b487fb9c063b9fd798dfe870b8a624cd5511dfce42f8d21d4f9d6f8ecd9ab8dfd6064

C:\Users\Admin\AppData\Local\Temp\FEZYC&d,tVPaZ!ez.tmp.dat

MD5 071510a9713ff58dd13f80c5ed372cd8
SHA1 ee6be71ebcd05dd9add9d226c04a90bb3444e5a1
SHA256 cdf52a28be6b6cd172ee0957f6f5339f2e2064bea9dc738cf7923d5a83fad196
SHA512 9deb15a4ac581344ffa377d2fd4d7197730d6b3f4b79f6866f98485b86f206b8f3c8ea8817575e9c3fd5795506ba7819c484b829c7c5fe916439d63c18beab74

C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

MD5 4f97b4e192fa1911173340d8ddbace79
SHA1 5e25c97947a415656206c5ba0f2b476abb132f22
SHA256 fecbbbaef6a967ed944a99734ead70e81f56f37a5e04ae7169b29a32bc064aeb
SHA512 95ab4d555190d62f01201d39d62f63fa86063af5baf9c21e913e7b64a2ce043dd981bbd1e39d1c859f4848b53d2c71e738936382184b8e4ad9006d173951aa7e

C:\Program Files (x86)\IObit\Advanced SystemCare\LiveUpdateSrvUpt.log

MD5 f3ef2e57d5914d2ab9e745105a98e915
SHA1 4a7016b0b70eb6164e831d033ee64f043418e585
SHA256 7d3306bf5748aa6792972ab435da949af6d9d33652c715cdc481280dd31bc2f5
SHA512 d323fa08351018b2808280ae32ad4ebc66ef058060f673fae78dbaa860a860be4ba4f1a03610984866653d4ec86d6327a97e38eac2ff5168b5eb3bd19fcb306b

C:\ProgramData\IObit\IObitLiveUpdate\update.ept

MD5 3adc960fa743a5cb9c2afb1641ce4be1
SHA1 45194813a20d1e73b7550e91b32bebd16be8e9d4
SHA256 2f98692e2b7f0427092f4510d4ecfa2a9eef18aa66c4f24e9c687173866da6f1
SHA512 a64bfa70697d8a1ff20342c3b55bd4bbf22c224a2303b40339b93badc4b1b8ed53c9bab7d66556c1a290206ed32594d70d697341780899186267c0e515f0f686

C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

MD5 12e05b4e67ffe38367edb290ef3a1b78
SHA1 7d77b48f40cb0561f1d3d531cc5fdea30e127caa
SHA256 e28f775162586036bcf909e0d79b1ac7250aa1df4ffe253862901ae81c3e45a1
SHA512 cdbdaac6859b504f1e4b1d4b0da90650d3531469a0cb59d0e549daad86a7e5d287817627b404be6cbbc381ba5bb11e7e2418fc6ca122c9e1fe1f5a87091402c5

C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log

MD5 7569ce9967acd47e4c1abb8c881e635d
SHA1 fa1d5bcbd6946715f58524efae53134c56783c6e
SHA256 46e3690e8978c56e9c8d5b9903e3a656b882bba8bc1ed5fef0ac76f36aab668b
SHA512 9577d1d83074563c0e6a7487e81e2a877065056edb2a21190c37824007cf19c40caa135d4ff64c8ce907458bfba4825af4a724a4e5d8fb0c1c24ca6b698993f6

C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\ASCSpecialUrl.db.dat

MD5 52040e3d2fe4eac12c5b9ab21570fb7a
SHA1 e9cb64ac9dacd9a2c68619e39c2d216551c6a986
SHA256 7f0fc9ce6f8a562ac62f4077fd7dad0ab9af122e76154a72764992fc83045dca
SHA512 76275212d9d435a9d99c76082cdffc8baebe99c4eaa610a3deada18dc833de8b39788589b24048a508e6fe4f579f6e54f748555c0bf771d6b7b0c2607e916c12

C:\Program Files (x86)\IObit\Advanced SystemCare\system.ini

MD5 c177412ce5d4ff2a78f5e9b7ec7126ea
SHA1 90197c59e12f707b15984b6ae11ed724d0f3a422
SHA256 f9411fd2e4515c3c1ff946dc2593b827917690e31e8b332e3bbcc40c17371a47
SHA512 96a9b9a1d3048ee7cd5a61e4aef88db5338d4a248c831a2330b4664961765c50f4690f02831fa222c2c3d7ecb55b18b770005df358102a5fda294a162cc0a848

C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\SPSpecialUrl.db.dat

MD5 0b68d6fd59f9b642deecae908907d589
SHA1 e43cbd6cf0eb3a5b449a43037c8de0524e28eec4
SHA256 1346366ed862dd3be59902aefefb933ce3d017c6b55a53824f2a63433f067457
SHA512 d3d0d48423b373ff4a21ce2d30ea90a7abff4640197fd4ea3b7b5d2bdb22cbafc7c76d316b732f6084a81cc5e838e3bb8c82e86dd53ca0b63bcd369951657cf4

C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\SPSpecialUrl.db

MD5 bd6db00f5b33dfdfee04da7cea726a92
SHA1 d97b3ff8d8a90ba95c4bbfa4ae63f870c871d5db
SHA256 49900da4527a2c5940fa118f2a453a809478df77ff0562bf0fa62b9927e8922c
SHA512 f22b1fb0b36c8f37d77e581d878f9f118361f4498d99b582d1e41ca8cbf8673387c3bc18cf13aaa278c6a22e5e027066b96a95eaa5b3966ff4d133d15ee5abfa

C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\ASCSpecialUrl.db

MD5 52ed35b8b7973aada04c54c7437eb5d8
SHA1 2afe98f78c5459b2f423af8c5248b3831f7e67e7
SHA256 c026729c0054efff54463dc916411624964a24954c0a1689da3e9f1bb17e5db3
SHA512 83bb53493d5ad2a978b8f68bf9ee0f76fe4365c4be7e510d9ef6d3cbad98d8925b85e89941b72f94f95be1005023e87527f165bf724a4091640a33c12c5b54ee

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Internet Booster\ASCNETSHBak.dat

MD5 a8a70cd31cccdce1285a723a7a0255b0
SHA1 309dde555a258c53f52876a3f9725e38c871b206
SHA256 e66816f0206e218c485e00200ec19f8094d85236bdc9a7af2fa46207007218dc
SHA512 db644467a5a8fdbaa18d92e6d2e2c04d9b5dc9cc364562360a25db11f085595288421488c87e5861eaccfcaf2f9ebb4154c0dd5168d17987895463e347ba8020

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Internet Booster\ASCInternetBak.dat

MD5 8efe0fdb51c3934767194f5e21c9a36d
SHA1 189621604364f4bfaf47b5f452b6d286f51df646
SHA256 05db188a19263e702599f57cfb8d3b62c4518a6e0df631dee6b5cdf8d2bda9fd
SHA512 c7e2795db85b283370192e2143ddfd89f7ac253ba5810e7c465d696da6c8aafa697a3e163d1b9f930ac6494f4be6f4092a6db5b769647eb92c2cbb647bc5c6fe

C:\Users\Admin\AppData\Local\Temp\ASCSR.Del

MD5 a65042f8974e3c3bdb6fdda8d3c17e40
SHA1 d71ec9ab492f3cf18f651905f9983c4de6eee943
SHA256 e281b13505d715cc2ee5d35e4b44d09c784f03ce5493f2cc65c8b2d77b2698f5
SHA512 249ccf70f7746d149bf374b6991227b4e30790a0b6a9b5458af70bd4bfe14606e0df78916802ac6f101ee6427b42e6c4c808d9ddb7df25308e6fb2a9951da765

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 e04be350ae05da024a8c616f16aa3abb
SHA1 0d2163eb893f227a44bf2ca4f849ac511672c328
SHA256 86c8da7f386827d289a297857f70588e9c644ea09527a86b9a8bc498136f5cc8
SHA512 37eee7911a2657e5e726f18a4c8e5e14fa83db334c0eae296b7f19911d246caf37ffe5c19e7d3256f280b22ed5914f72cd260159cfd75fae255891d2fbc890dc

C:\ProgramData\ProductData3\StatCache3.db

MD5 ae07e10dceec1b8cdd28acd5bffe3fd6
SHA1 8d75ae208dd28d6bc3efd20530ccdb6546d50ceb
SHA256 612377419b20b7650d4a59522576ee4a19fabd88d457b7a10964eb708e02d9e9
SHA512 c7969793d2cf2dbf24642c73664cc32499bccc99f375e98952c0122703b03a5a3ce5ba3706003bcc156da501fef4d530ed987188b0b946b189ad1e23cdb118d2

C:\ProgramData\ProductData3\asc\asc17Stat3.ini

MD5 324bd2eb29c05927fe196590383b971d
SHA1 0a2b00c49aa13e3bc7a22922a719fa735c040d7d
SHA256 5f252b1b9aed56ee9fa59062d9ebd26254c4cdde1fcae407cbcc5beb9d09e28a
SHA512 6baffd93d41a494f332792f006e7639a74493e11c3682c164dede8ef2d1b6443c6a0706ab23f3b791a3f8c5ccd253635760a8a916e8a3d4c61612f36521015cb

C:\Program Files (x86)\IObit\Advanced SystemCare\inflog\1_printqueue.log

MD5 c9f7f4ba7c0669e49a5ed3041baac2cb
SHA1 d867ab7c78d77bf6a45c2fe6794fd71000f29c51
SHA256 7b8a55d244e07c564ad3ed14d7082ec694ea5ed904a436c2970f8f1521723c8f
SHA512 6ca1d78916f4826cb144f998a45152d9374939a929cfeb727ded4edc8d4d707e931df69e6286895a53eed6f25671776ad4d0b22a1275f7f69cfe74c0f9f1982f

C:\Program Files (x86)\IObit\Advanced SystemCare\inflog\1_machine.log

MD5 e1ca1e72122362002dbc2c60f9471fff
SHA1 b09bc7a2cfdb3b80c7cf00a40c1e6fbbee376604
SHA256 7c218c5c5c581d09d7f7d965880bac3f69ab70df659cbbfc9051b361636c306c
SHA512 63c750c7ea8f9660c1e7e9ac676697ee3d3a44c80e112ec6df4cdcdcd5aae1c1be7440c0698b09e6999bcf237a8959c6dc716a8ba19e4de411cbf4533084199b

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini

MD5 2f5363a917502493feaaf9f0bebcef14
SHA1 8c8b18715df65d6a858704717a3f02ee212ea4e5
SHA256 8a83c8ad580216f3fb4802e210fc2a34e7fbe28d27f80bf6884208f1904aa93b
SHA512 fe0003622a328ba23fd32645f026781f57c2cfcb7123af0a5469faf8fd91fdd8ccaf06949e52e2b825dc2b827f6ba35e126b18b185695b1156d58c49a2e65dd2

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini

MD5 3c92c3e2abc61186d3c4989c15049363
SHA1 a9bed935fb4e8e5c704c9bf85cf388697939cc8b
SHA256 ac43019933d5cfc1a92e24d05f037c92d7e273e1b6354fbe565d2ffa9106677f
SHA512 72b21c56351e88681b292fb87694865b7d3e20f2c3dd42d7554bc26d5b914df622a0b8a15625fcfb20af8b172202a55cdb97cfe2b5e4c78c757fba158b08676b

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini

MD5 142b92fcac428928b900e28e9cffaab3
SHA1 25d17c584084a372939e2366b5b9669668e8765d
SHA256 87b385ed565039d8a5a0c749a3d1b0e06aa9cc099c68ad56d129a6b9316aa910
SHA512 95675ce51eabaf67653d685e075afcb72b6a48f1c496c1fa261d21b2110898bf239f54e25fde65753e897ae6a5e369a84d7bfa9844e5a2b20ab2fefb41f1024c

C:\Windows\INF\setupapi.dev.log

MD5 c206477c9552528e8ed88788f29ce5a9
SHA1 8d8990e6fbde4dcae66b71f44c8364f6eed6292a
SHA256 bd5fda99e5071c70f7e337c06914a901655e4a7de16641ef0cb0121e65bd04a3
SHA512 19d75fc3a77e0f99384f0116d1ffb1d059845d18cc56c6077b624cf1d56ae77b9f16310c60c5c5f943154728cda2c6737ee60de3afb5b7a823f1a94b0cf5d687

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini

MD5 a0736bb76779c1fb5d5d60dc96bf83c2
SHA1 4209a3c07a288a438a4eebb9c76bcad99c5438e6
SHA256 157228070395567c8ac70da38cbdd83a80da1b7188f914432cd473ba4fede0cd
SHA512 e0b677e555cf778be7313b0d7b5ed5007b76335d151d558ba39285c8752891b1b8ca138f4517e3099f1577466a12dc62e765ede2fdf3ab6eb68656ba7aa2cbc5

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini

MD5 0609a90004fc95daf12056ca3a2d3a8d
SHA1 b138dfb256b679ba1fc0d7950b3849a4976eae9b
SHA256 06a1257b6669d7927575531aeadcfc13adc67137266c08bb12d7dc7426324c5f
SHA512 f17197cc9d8886bfa443b93123848960c11c11138003962cc4ebc0aad66135de2e26ba90d79f60cf187698fd2cdd58c2c8feef602dd164130f5c960954d3b79a

C:\Windows\INF\setupapi.dev.log

MD5 7486d1e4f4008c08165d3720672caddf
SHA1 38f0fd3fa176682c53f5c68b7be44a3093530add
SHA256 39f04f2f5799ca228a3cf63564cc193108ffb0fd224cd61261d9a8990ebf31e4
SHA512 8e19028b04ce0e247243f3583c61779b02030f0a41f3300987ead66a38a596e56115f08433f74d9ad7b69ae030896fcc7a03989c34ce7e2391d503ef22ec6c60

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini

MD5 5677f89e84d9a9be42fca589ab107d2b
SHA1 8623794c6f8959a6b1e68d837788b3d4170394d8
SHA256 99a156784dd8af03e4da98afd35f4a64358ba56287376cf3ccbda005105d6aa7
SHA512 fbdbd07d8527309111b050a094647f90dfdc0325299a246b4529c74b6b4b2d4155848a3978d13d43b2b7cb688056c84ef28dd28cd6914b0fd0bbecfd6db50d06

C:\Windows\INF\setupapi.dev.log

MD5 5614e08e5892099fc63aedd3190893b7
SHA1 fd186bafe216795139d1cb90fe7074442385b7d7
SHA256 d9128a8647eaadd226ed42dbc35d8852cc821f1076ea2bf43aab1422f1d6fb05
SHA512 2d077b0b36d5be34e3d9cd0614c97df1afc96dea49b01856d26ef66704049908a9a729afebf4e1d15871fd8d59707125e9a88fc9563aa471a0c15dd6f8dbe6f5

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini

MD5 eac6043ee312a07cc691fb6022b55aa4
SHA1 66de066878a76f1eaec03f0edb380de22d11d136
SHA256 3892f53d6dae451ad03266996c9cf29663553a5c74a41be864b424b0fcbfd665
SHA512 789b059ce16eb59ea47ff2493e3323b24c94e56f27e2d5f882d9a2835a1714c242ece430c2618fbf06222c5688e89e0428aa1a4a98cae9c629355b37b1ede8f5

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini

MD5 b63feb03d13b51a7bf8baecd85be1dac
SHA1 d5106f916c4fe19337b8706fef20d3403f25f04d
SHA256 cf457b5ba5eeb14d276788697fab92c78580b99f4d6ba6df7d08083af20daa16
SHA512 16ea4a071b05ee9c6f4f4757fdbc499ef16afef3660122c1e5d34649db340d2ff610d4b92e692a3eb727d4039c8a245982a4f5c77e7805002427991c25f917ed

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini

MD5 277b85aabd04acf1ee73ef2c15f224fb
SHA1 da16a4dd780790abdbb4d65b0bef17771e4e7c3f
SHA256 7066f32c105b2be557d29b7c2e13ee8283d5283f6f028e8af26f3ec9489bf757
SHA512 2d10ab9871c64c27b70efb70315beaed30dfd70ae183d7466ae94b2a99a867a5e2458324d24a0966cd47c95a972501fd1a6683a310179b3e20563b4d0903f1a7

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini

MD5 2a374fba9a498815f353cf318e7a40eb
SHA1 46ede60be9296682e0ff584f13dca1f2e0160ca8
SHA256 1cdcbac5d82d06897390c05bab7d3f170108c93d2e994439f16ce65181fde3e5
SHA512 694ed63f8b3d5ac504e9d84654758fee638adc1293a6f21fc823b1966c6b85a5c6976e8649185721f780a86c13f8e26ae7b0fd01d89f5da56ae56f026430b538

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini

MD5 547e7d6da7fb4b4f7caaf89818fea56f
SHA1 01f5d2944e099ae97d08b2e0589dd3252a74a01e
SHA256 157fba1528ca847636e0b6b8d09e022902a41aab5fd44b4a17fe9d11cb930245
SHA512 0aaa639df9016f18f87e4a41e392f2f11c67a87794573747520944a0a916d9d0cccb8b7122ce827ca5ea295128dc60ca15dde8143da83ad7b1eedaa12ca9c40a

C:\ProgramData\ProductData3\StatCache3.db

MD5 35f9a1ee8a69dcfb2e98a276af66a685
SHA1 1a91f9c6b8613f986e5fee44687da51d8b40e532
SHA256 3e4c96df8b7dbbc505c28f0bca83e1b8657f509a100f63f3fec31dbdb401c4a2
SHA512 f60098788ddca5b312033ccf6bdb20e5344c211af5c15db5b3e4d5a2d6ebdfc5304e0c6411e82a2f5f7c4142a5a698010308d733f7fe3e00995059af6aca705d

C:\ProgramData\ProductData3\asc\asc17Stat3.ini

MD5 640bcb8038d8a0402ec90107ed037807
SHA1 ec2ab215c1492f0d0358d359b5b1b29d84a972a1
SHA256 bfea8aa4583f71ed9af0d5b7998912543e5075fcf307d402dd4dc7029c2a25b3
SHA512 e8bcbedd53f0d98cf33528171662018136d4c925c99877256368b34d3347551d03a8c9c7b01918a5aad2820eb44f8bde39cc6bbcff7b597b23f216b50f982669

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 54c2bcaed1f92a790b620c72d3b0cbbb
SHA1 ee2abbf7bc129b39de6aa940d105b57beea8b448
SHA256 e72c5fc869c94ad585e7ebc102286aa2b922f0aecc9fa92354c1204386a9d87a
SHA512 540000b1eb891813c253b3f677105b134a8a6853e6002506c852823814d6d4964871b853ab9cbab99b582f2f1376517021447f334ab0263d22db233ab14a7463

C:\ProgramData\ProductData3\StatCache3.db

MD5 7cfb10c1df68666fbd935287e42d6162
SHA1 72f8be6ffb6284da3f3c8aec1de4b42588bffe80
SHA256 561c4ab24bde8c4c70f2654e4634d3838b4e8b575960fc0364d8145c5a3b5f94
SHA512 89e079af002587fac0e9ca572320c72a83baca0cd15fdc293a117140f5de322015d23b0db811e016112725e50ea0e4e3764e4740d9d0d17323d6058118925170

C:\ProgramData\ProductData3\asc\asc17Stat3.ini

MD5 5f587ff798cc65411d0f87915997b268
SHA1 1da68982d1093ed7b57f5521164d0fdf70c2f1fe
SHA256 36428f4275024ec703c9bc1740ea4b0e8afa6bd66734ea0025c771e5f1066c67
SHA512 ba88063f12d14ccd7e498c27a147875e81a1741cb8410b2863d494da2098f42dca7524d6f7eeca1ffc5923b094a0fabde593271e1da903fe2426854b7b27677a

C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini

MD5 bffbae422c8169dfcd31662c1f63bd4b
SHA1 fdff1e7a5eba142667289f8dbee0cd7d397c3bf0
SHA256 3021f2be206a71d36b8d0b27cf25a7a10c4fcb5ae6195aa1c0cfcacefad446c6
SHA512 67c40e765579e522b022c4949af529b0fcc61439dd18cac356db81ea2dca50db4716099fc4fe52b7fb1da36e581b81610a75cb15acfce11f28972b2f30793914

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 385796b80537cbe1574d580c83af9b41
SHA1 4b82553fd382af346e5cf2755ba7884d1b7b66b5
SHA256 8f1fd59b21310dfd07a63e5bea93b191d0e8be6bb556b9078732f52e40a8d930
SHA512 2befa2bca93d167711ef901eddd1ce7caf5772f3da7d627d5fae3b37a016d7404670eeb149c1dd1c5c0f5be5d50a138cf3174bbd7e7a2bc753440c5b6c95f807