Analysis Overview
SHA256
39a83fae516d918e6ba94549f88e1ae80a24337005eee68199564c9eda865cdd
Threat Level: Shows suspicious behavior
The file advanced-systemcare-setup.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Reads user/profile data of web browsers
Checks for any installed AV software in registry
Writes to the Master Boot Record (MBR)
Installs/modifies Browser Helper Object
Adds Run key to start application
Enumerates connected drives
Downloads MZ/PE file
Maps connected drives based on registry
Drops file in System32 directory
Registers COM server for autorun
Checks installed software on the system
Drops file in Windows directory
Executes dropped EXE
Launches sc.exe
Modifies system executable filetype association
Drops file in Program Files directory
Loads dropped DLL
Enumerates physical storage devices
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Gathers network information
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: LoadsDriver
Modifies registry class
Modifies system certificate store
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of UnmapMainImage
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-29 11:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-29 11:10
Reported
2024-04-29 11:12
Platform
win11-20240426-en
Max time kernel
83s
Max time network
110s
Command Line
Signatures
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Windows\CurrentVersion\Run\Advanced SystemCare = "\"C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCTray.exe\" /Auto" | C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe | N/A |
Checks for any installed AV software in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\Speedup | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Desktop | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Avira\AntiVir Desktop | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\SOFTWARE\Avira\AntiVirus | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Avast Software\Avast | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\WOW6432Node\Avast Software\Avast | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Software\Avast Software\Avast | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Speedup | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
Downloads MZ/PE file
Enumerates connected drives
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\NoExplorer = "1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum | C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\Count | C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DriverStore\FileRepository\wvmic_vss.inf_amd64_e634ba9298e216f1\wvmic_vss.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_46a3b42507e9d29e\mdmcxpv6.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmnttp2.inf_amd64_af6df21e73344977\mdmnttp2.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\pcmcia.inf_amd64_4efa1b843efa7081\pcmcia.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\swenum.inf_amd64_3bf6c0d173eb26c6\swenum.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\uaspstor.inf_amd64_c3e80113db6147f1\uaspstor.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\uefi.inf_amd64_fb341504564fabc5\uefi.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_smartcard.inf_amd64_728ea9152ab48d0b\c_smartcard.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\hpsamd.inf_amd64_0784fd3ef0d7ec93\hpsamd.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\volmgr.inf_amd64_c46fb1889d563881\volmgr.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wvmbusvideo.inf_amd64_38452bb97e6ec2c3\wvmbusvideo.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_fscopyprotection.inf_amd64_cf0c32897cd972aa\c_fscopyprotection.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\dc1-controller.inf_amd64_66137a0bd56926c4\dc1-controller.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmbw561.inf_amd64_b7be04eb9e01d2a9\mdmbw561.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\netlldp.inf_amd64_be17907d28860f8c\netlldp.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\volume.inf_amd64_8baa0e78bc8cb374\volume.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\iai2c.inf_amd64_a77c815b2999404d\iai2c.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmgl003.inf_amd64_6e940ca57f2dfd3d\mdmgl003.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmmotou.inf_amd64_1650e08aa8c0f2a1\mdmmotou.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\pci.inf_amd64_429878ca49a21d99\pci.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_smartcardreader.inf_amd64_f67fbcc0a7a69ec9\c_smartcardreader.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\megasr.inf_amd64_72258921635be994\megasr.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmadc.inf_amd64_6eb176b62afdcbec\mdmadc.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmhandy.inf_amd64_85e447bc15bac623\mdmhandy.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wave.inf_amd64_0e4ae1f52bb7b0fd\wave.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wvid.inf_amd64_334b4d5073649b05\wvid.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\xboxgipsynthetic.inf_amd64_f322983f46cb84b4\xboxgipsynthetic.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wceisvista.inf_amd64_3aa3e69e968123a7\wceisvista.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_sdhost.inf_amd64_7a8873ed59a270d6\c_sdhost.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_system.inf_amd64_9b8d1bdcdb2e7608\c_system.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmdp2.inf_amd64_0833439d00478c75\mdmdp2.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmolic.inf_amd64_92d10a64db12367d\mdmolic.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmzyxlg.inf_amd64_281df5304fe06482\mdmzyxlg.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\msdri.inf_amd64_3aba8686305c0121\msdri.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\bthleenum.inf_amd64_1145b9e103f6845b\bthleenum.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\bthprint.inf_amd64_96c98ac9a8367757\bthprint.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_fssystemrecovery.inf_amd64_dd53841eb11b777d\c_fssystemrecovery.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\rawsilo.inf_amd64_4fa18e712c0375ea\rawsilo.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\storfwupdate.inf_amd64_989f2caf9d3f297c\storfwupdate.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\hidserv.inf_amd64_a5f08d2285e888ad\hidserv.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmcodex.inf_amd64_c8fa9d09dfae827e\mdmcodex.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mtconfig.inf_amd64_c19e8a04ce3d448f\mtconfig.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\amdgpio2.inf_amd64_808fe94735c4c6b3\amdgpio2.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmmetri.inf_amd64_23ba7bba92b967c5\mdmmetri.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\megasas35i.inf_amd64_3c9ecc1d5a3cfded\megasas35i.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\modemcsa.inf_amd64_da1669e192666780\modemcsa.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\usbaudio2.inf_amd64_0dec4f8ed01fa7ee\usbaudio2.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\megasas2i.inf_amd64_f58b8f0b8ba78d73\megasas2i.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\ndiscap.inf_amd64_d34968d7b3e6da21\ndiscap.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wvmbus.inf_amd64_bc87415e766c04c5\wvmbus.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\oposdrv.inf_amd64_f311c1c114f952ea\oposdrv.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\perceptionsimulationsixdof.inf_amd64_92929637d27c711a\PerceptionSimulationSixDof.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_media.inf_amd64_8073d2ebb8fbe9b7\c_media.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\c_sslaccel.inf_amd64_d09291f017449fe6\c_sslaccel.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmaiwa3.inf_amd64_128a51f285ab9a86\mdmaiwa3.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmbsb.inf_amd64_21e2506ffb3ca7c4\mdmbsb.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\mdmirmdm.inf_amd64_ecd612da8bf06327\mdmirmdm.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\system32\DriverStore\FileRepository\wvmic_ext.inf_amd64_62309e307087c8d9\wvmic_ext.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare\Startup Manager\Ignore.ini | C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_amd64\is-25A8K.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\Advanced SystemCare\Database\ZLBFCF.tmp | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-GFPDN.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-6N0MQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-1KPMD.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-JDOFF.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-EKJJH.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\Advanced SystemCare\ZLBBEB0.tmp | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-71L04.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-BC8C7.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-4LSPM.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-9EEK8.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-P6VSO.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\images\is-DES4Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-TFNMV.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\is-AHL6K.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-3DB1T.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-FEB5A.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Language\is-OUHQI.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\Advanced SystemCare\Database\startupBlack.db | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\Advanced SystemCare\Update\cbtntips.exe.dat | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\win1064.ini | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-R2N87.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-TJ6QU.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-0K150.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_amd64\is-QN459.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-ETHM7.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_x86\is-SKPVN.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log | C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.log | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-0IC24.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-BLNKA.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\is-R5L75.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare\License.ini | C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-T9R88.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.log | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\ScanData\cache-pro.dat | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\DriverCleanAppLog.log | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Database\InBoxDriverFeature\is-9GIBT.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-D1OTG.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Test.ini | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_py.log | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-OHDSB.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-ALADH.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\rmuin.exe | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win7_ia64\is-N07QS.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\Advanced SystemCare\ZLBFE74.tmp | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-CSF92.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.log | C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Language\is-UBGIS.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-CJ9VD.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-7S16H.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\is-GE5UT.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.log | C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-VC20H.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-AD9FT.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Update\cbtntips.exe | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-G10O9.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\IObit\Advanced SystemCare\ZLB348.tmp | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\win10_x86\is-HPA97.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\db\is-V6Q9I.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Toolbox_Language\is-HDIQQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\is-NSR06.tmp | C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp | N/A |
| File created | C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\ascevent.exe | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\INF\c_media.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\INF\c_display.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\INF\c_processor.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\INF\c_volume.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\INF\c_monitor.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| File created | C:\Windows\INF\c_diskdrive.PNF | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
Executes dropped EXE
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" | C:\Windows\System32\regsvr32.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32 | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\regsvr32.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LocationInformation | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Address | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceType | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceType | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceCharacteristics | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceCharacteristics | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Address | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Address | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Driver | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Driver | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LocationInformation | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\ipconfig.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Main\Isolation = "PMIL" | C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\PluginInstall.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32 | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1 | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ = "ICExtMenu" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CurVer\ = "ASCExtMenu.CExtMenu.1" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\Programmable | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\FLAGS | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\ = "CExtMenu Class" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\VersionIndependentProgID | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ = "CExtMenu Class" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection\Clsid | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection\Clsid\ = "{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CurVer | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\VersionIndependentProgID\ = "ASCExtMenu.CExtMenu" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B} | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64 | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99} | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ProgID | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0 | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\TypeLib | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Advanced SystemCare | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\ = "ASCExtMenu 1.0 Type Library" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ProgID\ = "ASCPlugin_Protection.TASCBrowserProtection" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\ = "{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ = "ICExtMenu" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32 | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\Version = "1.0" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32\ = "C:\\PROGRA~2\\IObit\\ADVANC~1\\SURFIN~1\\BROWER~1\\ASCPLU~1.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection\ = "IObit Surfing Protection" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\ = "CExtMenu Class" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CLSID\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\0\win64\ = "C:\\Program Files (x86)\\IObit\\Advanced SystemCare\\ASCExtMenu_64.dll" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ = "IObit Surfing Protection" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu\CLSID | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D} | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}\ProgID\ = "ASCExtMenu.CExtMenu.1" | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\FLAGS\ = "0" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\ProxyStubClsid32 | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0 | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}\1.0\HELPDIR | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\ = "{60AD0991-ECD4-49DC-B170-8B7E7C60F51B}" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\ASCExtMenu.CExtMenu.1\CLSID | C:\Windows\System32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare\ = "{2803063F-4B8D-4dc6-8874-D1802487FE2D}" | C:\Windows\System32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BA935377-E17C-4475-B1BF-DE3110613A99}\TypeLib\Version = "1.0" | C:\Windows\System32\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 1900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d9820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 040000000100000010000000ebf59d290d61f9421f7cc2ba6de315090f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e81900000001000000100000004fca18b530ab2d3765b8830436884be620000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8 | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 0f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d980b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d0049002900000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030162000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d1d00000001000000100000003475b6ae07580528b505a98d7f0fe1f47e000000010000000800000000409120d035d90103000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e820000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\28903A635B5280FAE6774C0B6DA7D6BAA64AF2E8\Blob = 5c0000000100000004000000000800001900000001000000100000004fca18b530ab2d3765b8830436884be603000000010000001400000028903a635b5280fae6774c0b6da7d6baa64af2e87e000000010000000800000000409120d035d9011d00000001000000100000003475b6ae07580528b505a98d7f0fe1f4140000000100000014000000a0c38b44aa37a545bf97805ad1f178a29be95d8d62000000010000002000000088497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba79687997f0000000100000020000000301e06082b0601050507030306082b0601050507030906082b0601050507030153000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b00000001000000660000004100670065006e00630069006100200043006100740061006c0061006e0061002000640065002000430065007200740069006600690063006100630069006f00200028004e0049004600200051002d0030003800300031003100370036002d004900290000000f00000001000000140000001b8b713e8748912a4b073db0c8e9e3e5c0962d98040000000100000010000000ebf59d290d61f9421f7cc2ba6de3150920000000010000005a050000308205563082043ea0030201020210ee2b3debd421de14a862ac04f3ddc401300d06092a864886f70d01010505003081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d414343301e170d3033303130373233303030305a170d3331303130373232353935395a3081f3310b3009060355040613024553313b3039060355040a13324167656e63696120436174616c616e612064652043657274696669636163696f20284e494620512d303830313137362d492931283026060355040b131f53657276656973205075626c6963732064652043657274696669636163696f31353033060355040b132c56656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20286329303331353033060355040b132c4a657261727175696120456e7469746174732064652043657274696669636163696f20436174616c616e6573310f300d0603550403130645432d41434330820122300d06092a864886f70d01010105000382010f003082010a0282010100b322c74fe297429588478340f61d17f38373241e51f3988ac392b8ff409005708760c900a9b5946519221517c2436c66449a0d043e396fa54b7aaa63b78a449dd963918466e0280fba42e36e8ef714279369ee910ea35f0eb1eb66a2724f121386657a3edb4f07f4a70960da3a4299c7b27fb316951cc7f934b59485d5995ea048a07ee71765b8a275b81ef3e5427dafedf38a48645d821493d8c0e4ffb35072f276f6b35d425079d0943e6b0c00bed86b0e4e2aec3ed2cc82a218653313779e9a5d1a13d8c3db3dc8977aee70eda7e67cdb71cf2d9462df6dd6f538be3fa5850a19b8a8d809754270c4eaefcb0ec834a81222980cb81394b64becf0d090e7270203010001a381e33081e0301d0603551d1104163014811265635f61636340636174636572742e6e6574300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414a0c38b44aa37a545bf97805ad1f178a29be95d8d307f0603551d20047830763074060b2b06010401f5780103010a3065302c06082b06010505070201162068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c303506082b0601050507020230291a2756656765752068747470733a2f2f7777772e636174636572742e6e65742f766572617272656c20300d06092a864886f70d01010505000382010100a0485b8201f64d48b83955359c807a5399d55affb1713bcc3909945ed6daefbe015b5dd31ed8fd7d4fcda041e03493bfcbe2869c379290561cdceb2905e5c49ec735df8a0ccdc52143e9aa88e535c01942635a025ea448183a856fdc9dbc3f9d9cc187b87a6108e9770b7f70ab7addd9972c641e85bfbc7496a1c37a12ec0c1a6e830c3ce872469ffb48d55e97e6b1a1f8e4ef4625949c89db6938beec5c0e56c76551e5508888bf42d52b3de5f9ba9e2eb3caf47392020bbe4c66eb20feb9cbb5997fe6b613faca4b4dd9ee5346063bc64ead935a817e6c2a4b6a05458cf221a43190876c659c9da560953a527ff5d1ab086ef3ee5bf9883d7eb86f6e03e442 | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: 33 | N/A | C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe
"C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp" /SL5="$60240,53538606,139264,C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe" /InnoSetup "C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe"
C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe
"C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar
C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-MC26U.tmp\advanced-systemcare-setup.tmp" /SL5="$50248,53538606,139264,C:\Users\Admin\AppData\Local\Temp\advanced-systemcare-setup.exe" /VerySilent /DIR="C:\Program Files (x86)\IObit\Advanced SystemCare\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbar
C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe
"C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe" /upgrade "c:\program files (x86)\iobit\advanced systemcare"
C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe
"C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe" /CleanDir "C:\Program Files (x86)\IObit\Advanced SystemCare\"
C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe"
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe" /install /CreateTaskBar /Installer=true /insur=
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe"
C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTimebase.exe" /boottime
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c SC description AdvancedSystemCareService17 "Advanced SystemCare Service"
C:\Windows\SysWOW64\sc.exe
SC description AdvancedSystemCareService17 "Advanced SystemCare Service"
C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\UninstallInfo.exe" /install asc17
C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\PinLink\ICONPIN64.exe" Pin "C:\Users\Public\Desktop\Advanced SystemCare.lnk"
C:\Windows\System32\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll"
C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserCleaner.exe" /InitData
C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.exe" /ShowStr=silentWriteCache
C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe" /i
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /install
C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /UpdateTaskschd
C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe" /install
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /Run
C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /start
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe" /RunCurUs
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe" /manual
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /manual
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCFeature.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCFeature.exe" /asc /user
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 101 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe" /product=ASC /Ver=17.3.0.204 /hwnd=459288
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /postcache /days 7 /cachepath "C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\TrayProductData\"
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCFeature.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCFeature.exe" /u http://stats.iobit.com/active_month.php /a asc17 /p iobit /v 17.3.0.204 /t 1 /d 7
C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.exe" /check
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 201 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Windows\SysWOW64\sc.exe
sc start MpsSvc
C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\Display.exe" /service
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 210 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\AutoSweep.exe" /SvcAutoClean
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.iobit.com/appgoto.php?name=asc&ver=17.3.0.204&lan=&st=asc_install&ref=asc17&aff=&idata=eyJhc2MiOjEsImRiIjoxMCwiaW1mIjoxMCwiaXUiOjEwLCJzZCI6MTAsImlzdSI6MTB9&usr=0&instd=1&litype=free&expd=0&insur=other
C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\BrowserProtect.exe" /TurnOn
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa68153cb8,0x7ffa68153cc8,0x7ffa68153cd8
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe"
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 601 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /3 /43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C005400610073006B0073005C004100530043005F0050006500720066006F0072006D0061006E00630065004D006F006E00690074006F007200
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 301 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 307 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\PluginInstall.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\PluginInstall.exe" /Install
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\\BrowerProtect\ASCPlugin_Protection.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\\Adblock\Adblock.dll"
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPUpdate.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPUpdate.exe" /SvrRun
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 201 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 1101 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 1105 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.exe" /autorun /AdvanceScan
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,6154021450730803934,3408698278258353831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\IObitLiveUpdate.exe" /srvupt
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /postcache /days 7
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPUpdate.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPUpdate.exe" /SvrRun
C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\startupInfo.exe" /auto
C:\Windows\SYSTEM32\netsh.exe
netsh int tcp show global
C:\Windows\SYSTEM32\netsh.exe
netsh int tcp show heuristics
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 1107 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c ipconfig /flushdns
C:\Windows\SysWOW64\ipconfig.exe
ipconfig /flushdns
C:\Program Files (x86)\IObit\Advanced SystemCare\display.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\display.exe" /afterfix
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 501 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 414 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 401 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Windows\SysWOW64\sc.exe
sc start MpsSvc
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 301 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe
"C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStat3.exe" /statcom /stflag 201 /appid "asc17" /pd "asc" /url "http://stats.iobit.com/usage_v2.php?action=insert" /user 0 /insur "other" /type 1 /pr "iobit" /ver "17.3.0.204"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | update.iobit.com | udp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 54.167.176.168:80 | stats.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 52.73.191.31:80 | www.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 54.167.176.168:80 | stats.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 54.167.85.86:80 | ascstats.iobit.com | tcp |
| US | 152.199.20.140:80 | update.iobit.com | tcp |
| US | 8.8.8.8:53 | 133.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.85.167.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 15.197.228.107:443 | s1.driverboosterscan.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 15.197.228.107:443 | s1.driverboosterscan.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 52.4.58.7:80 | startup.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 54.167.176.168:80 | stats.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 54.167.176.168:80 | stats.iobit.com | tcp |
| US | 52.73.191.31:443 | www.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 52.73.191.31:443 | www.iobit.com | tcp |
| US | 52.73.191.31:443 | www.iobit.com | tcp |
| US | 52.73.191.31:443 | www.iobit.com | tcp |
| US | 52.73.191.31:443 | www.iobit.com | tcp |
| US | 52.73.191.31:443 | www.iobit.com | tcp |
| US | 104.18.40.68:443 | kit.fontawesome.com | tcp |
| US | 152.199.20.140:443 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.26.223:443 | ka-f.fontawesome.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 52.111.227.11:443 | tcp | |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| US | 152.199.20.140:80 | codes.iobit.com | tcp |
| PL | 93.184.221.240:80 | download.windowsupdate.com | tcp |
| PL | 93.184.221.240:80 | download.windowsupdate.com | tcp |
Files
memory/2076-0-0x0000000000400000-0x000000000042C000-memory.dmp
memory/2076-2-0x0000000000400000-0x000000000042C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-ESGD4.tmp\advanced-systemcare-setup.tmp
| MD5 | 7f0e76562106e3fcefc098dd82378f22 |
| SHA1 | 53d93bfb95863da6e15c72b16fe26f6f8aaee3da |
| SHA256 | e826ac159d0026e1513c9dbf1f9bdac8534739cfde160955d74160d35081dab9 |
| SHA512 | f83c561b6eb7af77e6f9ed722b93a9d4625cb3274cff1706e0f9799f1cb73c6b0dcead9c5fec8565f994706af1b6518b8bcc77c9e3e5ee6463b0fd716f0fbb75 |
memory/4848-6-0x0000000002630000-0x0000000002631000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Rinside.dat
| MD5 | 3115e02fd135942a8eb97ebffe751beb |
| SHA1 | 31764acb175a41b5342bb89e3a951e85084e5d57 |
| SHA256 | a9161ffe6690069e1267c6fdad055fc0112144273b66a8bdc59862941279b21b |
| SHA512 | 065dc4358ce8f88a044d1764503901cf4a1ba75cd45e3021c0f956955ebd0942718bc09dbed6214d70c1efbfc9fd3adf02abc10694677e5b8cc50b10e92582e9 |
C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\Setup.exe
| MD5 | aabfba27a5ff2e74b15b4956b55d4a3e |
| SHA1 | 0a69a77a8db23c11f45211c1c9ccaf3e800e6a1b |
| SHA256 | 00d67f82d54c0b931afa9f728f6c5c2d0f90fff99f2edaaea4cc4fcc3ad31861 |
| SHA512 | 7db678ce9a4d543f52d210a71f909c73d5ee1384fa1563699ebd7c604a8733a048a4bc1b37d46be34c4239a8ef0fd447d4048405f0e883ef6e02b8b934aa8cc6 |
memory/4848-35-0x0000000000400000-0x0000000000532000-memory.dmp
memory/2076-39-0x0000000000400000-0x000000000042C000-memory.dmp
memory/456-40-0x0000000000F40000-0x0000000000F41000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\libcrypto-1_1.dll
| MD5 | b09a5c562bb1d521de69d37ce5286f3e |
| SHA1 | 5177d1c96fc389c6377d4256187f76579cdeb2ed |
| SHA256 | c4e3f16290ce92d87c62da129249fae41bdb4f65b47d31d911ed722623fbb181 |
| SHA512 | 5d2c0cd8d9625fb4424d01b1316064e8b4ec6106e76fb3f7972ad6f6d646464269a0351c228ee2e5cb247d3b8366a48d9791297e13244253a0e01c6793c148b8 |
C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\libssl-1_1.dll
| MD5 | 9405ea98989968e07b5c9497ff54b560 |
| SHA1 | 2c8142bb1b667af133e03a51cfd7427deac1b900 |
| SHA256 | 5d74920adc711daff4d22c45ff29693265381d5359b6a42cfb51e674e3db7cba |
| SHA512 | 1c1eb10f144aaa1ae4fcc42b9dd970cfa3f3514948d0d1dcdaf9f7d8cfec1e752b1ce6d70460622b475bcac331fdb8eaa847725c9612593ce3550c4da7112f3e |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
| MD5 | efab3caccd31f41308c0844fb2b28f4a |
| SHA1 | 1d373969997fca9ef245da160bd631b7ccb98768 |
| SHA256 | 862071e48e49d176e751a9a2b95bfd2336853eb7e0c35d8a78a8c760f3a937bd |
| SHA512 | 71a4855330c5a5d91d97541cb6ec1220276ead07f3b4326c23716a5038f4615ecd177bc10786d49fe29247969c650b5802367c1b730e0cb042ea5103f242ffa0 |
memory/456-50-0x00000000043C0000-0x00000000043D0000-memory.dmp
memory/456-66-0x0000000004390000-0x0000000004391000-memory.dmp
memory/456-65-0x0000000004350000-0x0000000004351000-memory.dmp
memory/752-70-0x0000000000400000-0x000000000042C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-2EEJ7.tmp\ASCUpgrade.exe
| MD5 | 59a2ccb20887a9240e8a94cc543eb2e3 |
| SHA1 | 9aeeca3d1f4edd4b43db69f305ae4cbbfc7e3dce |
| SHA256 | bce838df1abf389a6d92f757fd4607606a711b1a0d4a92b7697302f38a55bde6 |
| SHA512 | 2aa01e97f25e445d6f36ce112cfc37bdb3a85bb2c4c371020ab12207bed635a1a24c8474786fa694176571a197c862123073b81d816929b81208dcf849b8aa75 |
memory/2476-104-0x0000000000400000-0x0000000000564000-memory.dmp
memory/4788-113-0x0000000000400000-0x0000000000564000-memory.dmp
memory/456-269-0x0000000000400000-0x0000000000AFE000-memory.dmp
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
| MD5 | 0a73c860ab49dd14336b0a9402c40671 |
| SHA1 | 7a31d9f82935aafee8c74e55b0764c0ae4aaed1b |
| SHA256 | 59b893ac18bcd84dbc2342dca1c11837fee2d0c7d3ba2bce8cb10f2781c51959 |
| SHA512 | 35a396ee3d8c9b09a875cbde6c98023309b2f8d5889aaf0d54e83e3e4a4d64b5c9887227b9e3d314610084c045db2ebd377b8ce9f290e62a95ee9bdd1f60e559 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCUrlScanner.dll
| MD5 | 9bbbacf7e04d12ded0b46a69ca785ea6 |
| SHA1 | 1c66160f340ae8869bcdd0df061acf43616e3115 |
| SHA256 | 39f78b45d8e587bfd83592bfc00bc553535581f7eac2189e796629c3e942e268 |
| SHA512 | b02445bd9d9b4f0d4056f241a1fb36d16c414e9afa85c9ffa2fadcde9223c5e3a1b33d363899402d4f418e706f851ec4b290994e3851670a1a12b04880246c3e |
C:\Program Files (x86)\IObit\Advanced SystemCare\LocalLang.exe
| MD5 | bcb3518e3c4f380e7b26ce231997b0a1 |
| SHA1 | 566fbf7a9272172b01c82d67d5d2345c7bb82577 |
| SHA256 | 66c52f12265cd51d05a94f506dfea049ffe29c7e3705c6f0a8808455a877b5f5 |
| SHA512 | bb99790cb1465848d0d7d7376519823058f642bd7b69ec6573379d219a9147fd2af662904d75bb51a13d8010cfd7d125ca4b1921a4acd03845a0597d477f12cc |
C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini
| MD5 | 93b446dd65d042839a2b8945297bfd27 |
| SHA1 | 7ef7655ab2cac178f7de0fb202f49a1ede669629 |
| SHA256 | c1fa0ccf737521386cd519f7a021db26a67d28cde89da75f564ecc1d1d31ee6b |
| SHA512 | 53595d19e40dc3bb704c06efb97303020c053d8d114aff806891535de1c0469b61c4f8d66709f45f07215c44d810afaabc5bb20f67833c789fa18d9bba074cdc |
C:\Program Files (x86)\IObit\Advanced SystemCare\winid.dat
| MD5 | 257e156c11b8b7add49c39f8ca6a3f0f |
| SHA1 | bb187acab93b07564574869fff60696c56d689be |
| SHA256 | a3f9a47f0b48afb31464cbd4bed3338546094757cf7796cc6bec3bd7d2562852 |
| SHA512 | 28d22fbd87a05d51af442b662befc06ecae1312136475d286cc1b747d255be4705a9ac5102825942a3b9c3d00cf2e9714f47ca25a246e30d3713ecbaa598fa7b |
memory/4244-812-0x0000000000400000-0x000000000043F000-memory.dmp
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCInit.exe
| MD5 | dcf89d79ed92342132e5f1d961113db4 |
| SHA1 | 576e3a4a8e30a7060fd687bcb3399f58e8d5937c |
| SHA256 | 19c5d579b874ca14b513eea54238eae72d019a07a2eb24bd542d70f903820315 |
| SHA512 | 3960f21a3b08bb471de7d7af61e3b6db0c2f88cf48684e7770efd5de6a912ebb16acdfc28847312c8a0c34d109f59295c906b0462db5848141ad5749a2f008af |
C:\Program Files (x86)\IObit\Advanced SystemCare\rtl120.bpl
| MD5 | 4f2040add9f5b541db07a2e866e2c5ca |
| SHA1 | b04da67e7ba7207deb99f56062661edc919f543a |
| SHA256 | b3dee68af7b2805f6cf74976b60564dcc7d6d38444078d32cdca99ee1bb5bb22 |
| SHA512 | 4fc2f75a8999e1a463d97bb89ad3cfdef4dd35615df6538f794e01f98de205a19bdae9dee58ceff6e9e3f08b5497c0f62e1b971a859bce711974d5f2e2180914 |
C:\Program Files (x86)\IObit\Advanced SystemCare\HardwareLib.dll
| MD5 | c534cd2ef9da6d3a50c27dad7a188a04 |
| SHA1 | 0ec214523183fa2a47e434258fb4320c49cf851d |
| SHA256 | 040d71da31dae5b78f3e29149962f79d4cf53cf9a88a6e82d94a3f65cbefb09b |
| SHA512 | b376eeaa837d8ee06b26e06cd31ab22a3ce30c4529cea9040fd876877ade3de8d76e74dc8eee52b7ec6c0880c8fec54b4bcd158f5c3bc676d1f360d09d9cb6e2 |
C:\Program Files (x86)\IObit\Advanced SystemCare\vcl120.bpl
| MD5 | 3370add5bdff47bc8ebb0dd2fca36b32 |
| SHA1 | 573144b3427279e687ac1d0f131b58dceb47e186 |
| SHA256 | 52b78e79ae9b9cccd8f85dea12dd8f5dbc8ffb62f9bc537efb1ced7a4b21c244 |
| SHA512 | 0efc1d3a723d8ec15b5067812741b67c281c6b5aa29a057467e668f10d8e6379f48299e83ad35cf60a2ae26b5acee660d41f7aa12a122adb36a1bc512cd241e5 |
C:\Program Files (x86)\IObit\Advanced SystemCare\OFCommon.dll
| MD5 | dd425b1e73a5aa0f2d6dc73bdd276e5c |
| SHA1 | b83760322a0dbb0116bb49d3a761f731b28daead |
| SHA256 | 9d644735d5e4dd8ed3745ce44a317b4117ebce0957f7844a07cad399211a09bc |
| SHA512 | 6991c8be6c1dcf4998ebf5bfeaa0bedf68c5cd30a1fa0c350693fddbe81a9d509f182ee33ccb141a19b0ce3394f635a6b55304c42e640e83a1c706788d6ac0d1 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Database\ignore.dbd
| MD5 | 2802a5adfe7744bfca1ad914491de635 |
| SHA1 | 43a7182b44282bf5b8a9a6b01cfc726d8a27d511 |
| SHA256 | d65c68d86d849e867d6ccce13312377bfab9f9d10de1fd82ebfe4d096aa3c797 |
| SHA512 | b76335b6dbcea3497d8a5842decbe6db140ead51ba01c9d7bb0b59cb1847f8f989d08a3ea6a346ce03569d2da6609d2803f111c7c5e49f928ca4b16c34189dfa |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log
| MD5 | 940b4947b193f054c4e8b698ff0d0df5 |
| SHA1 | d4c495b3ccb40d7cea0eea840d1ebddafdd89399 |
| SHA256 | 05fc9502bef95b4b03dc0fc716ee8a11c79cadbab4129eb5498c7bfecc7bea39 |
| SHA512 | 52757dd94dff66be41b2d6cec23b8855b3173867a0e84029049e473217abf24ec3c941426b3a6c524a2672ca24e6ab7d74ef0f32d62809672101866e6dc65ad9 |
memory/3556-849-0x0000000003E60000-0x0000000003F3F000-memory.dmp
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.Ini
| MD5 | f900a678467cdf1dbfa43a6c9e679950 |
| SHA1 | 0ddba323434ba48d2d7406053642286f8331e6f4 |
| SHA256 | f6f731425bbaa2abf8edf4cbf4dadcc08dbd2a793ab63ef4c16085fd1de418df |
| SHA512 | 16e4166ba9e51188ff748100cfe49152c216ce743ce0c0178bc676cec8cc7d52bb947f748660c7e26e7bef661ca44324faba538e1069f836e7f5fcc7b063169d |
C:\Program Files (x86)\IObit\Advanced SystemCare\madbasic_.bpl
| MD5 | 73bc46c0170de5d72d1e5e0df51ee68f |
| SHA1 | bc92d0c16258b2a42ad9774fa7b6006bc32607ed |
| SHA256 | 4926203fdd4fd70b55409e84728faf927d71274fb368193205d44e4f04a605f8 |
| SHA512 | 642b19235bc62c26610092a865a1cabb7421296ac1885d1a50e99affe92a732347723fd028f71ff3d641a8ac7ec1567a97c8423369f28c806da9dbe00cd09e9b |
C:\Program Files (x86)\IObit\Advanced SystemCare\maddisAsm_.bpl
| MD5 | f1d430eacd5aac17c5de78f0de3cf774 |
| SHA1 | b1c410ea2659d2d7a44b8458ffd98e14ef6ddb8d |
| SHA256 | 20ddd0bdf076a91d9d82c8e447e1dbf6dba52fe6613cfe1e5373aeac7f889b62 |
| SHA512 | bcbf4b4c7b02ddefd78d03f1d6d047aa5729a4e8ae673ca6d72488ca7d3fc6a03893d9a6b446e6bb629927352535d85745b882c80b5913c726d5674efaf2339e |
C:\Program Files (x86)\IObit\Advanced SystemCare\madexcept_.bpl
| MD5 | 9ff9e6b33bee8e297bbdb47e8ac9b60f |
| SHA1 | b49d037a12c43958ab24b3869359e6ddbe8cc551 |
| SHA256 | 655c2a4b484ce587c8c99cbc17f7cada640e79fc8f92b4de2d68882d79c0c815 |
| SHA512 | 7552139146d3cc913cb0c20ac612e194cdca01f202abb668e3451c343d8e4b5e967a3c90420817cea400a20c215b4cb4956a80896d6bb10c4f5ad720b9667109 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Ignore.ini
| MD5 | 8cc6f7e704c72dda22035d5fff19759f |
| SHA1 | 90bbd43e42b2f46f327f26b01d782d94d8348bd4 |
| SHA256 | 60b40150366fb7540d6da67f0719b8645d4513c270fe49234c25a664a7a7b623 |
| SHA512 | ac2469f5e48564f3e0ad2f645445f1aedc2cfabd53b7706a383cdaa2b1fdbd6f4a255779b079af2ac27c9cf109cf4a0b21e9b302aa68071b0af1d1ff65878673 |
C:\Program Files (x86)\IObit\Advanced SystemCare\rgfpctlextend.dll
| MD5 | 701830002d0724de5e01eda23941f1d9 |
| SHA1 | 9d7f321463b5ebdedbb57d80ff6eae7c21578f80 |
| SHA256 | c033426dea59d3527042f7233cbcaaa478368782955d6f544c7c5b8fcf04094f |
| SHA512 | 54f6d9c4a5ca7380f9b6d03a35d8ed421f69316a6738910db823e36102f95b61d8a570efcf6d7523e823908ac4e8be5aad17e3f525a26693681a4be7d3bcffd5 |
C:\Program Files (x86)\IObit\Advanced SystemCare\fctlextend.dll
| MD5 | f8673880858f5301121d6db24c39a4d0 |
| SHA1 | e1c8c1ad09f92359090d62d41b7d5b475c5a9c61 |
| SHA256 | bd63eb612fcfd3e95b089ab231b3a6543a3a35aa63a6f1c2c76eaf68b79a456b |
| SHA512 | 9d9751ae99254c63d25be74c10c15d2f0a990ea8abbc43a6a3f65b3c3dfaf32eb055d86418a8d0532c25c3c5b28bba61443c780a9f552a2bf731294f8b38872e |
C:\Program Files (x86)\IObit\Advanced SystemCare\filectl.dll
| MD5 | c0cd5ac0ca613b164aad65015c9a18d2 |
| SHA1 | a27c1da2455e52e63fd53a1157a98728ad244fd5 |
| SHA256 | 81b1fd6a6f71bf9bc7ce5c42e0812cd56ccb0287770243622d7041bc08f4ac72 |
| SHA512 | d0e0b4759a03a34aaad51f4d96b71ca24603efda390dcd451fd9fd3d7d0cdf59a7cdcf6a02d5aaa277fc026375b843522da7bb7c1cc51d5c5c90e3bba14bf440 |
C:\Program Files (x86)\IObit\Advanced SystemCare\HomepageSvc.dll
| MD5 | 2afca520fff1cd5700d268d4c81a2fd4 |
| SHA1 | 90a2aa59f715058a59a772a147d032154fb55453 |
| SHA256 | 470c64569cf95163d952d58e4eed75aff65fcfe7bc90c7a7defaea7cb5939263 |
| SHA512 | 9d4947c7c269c63711903d76fd708a4979c0c393972bf5d87c3b5733e46d18b1fd1f6317cd5085db637e13f047a5b140fb5894f0577459e18d1b57d9bfa4cb54 |
C:\Program Files (x86)\IObit\Advanced SystemCare\PluginHelper.dll
| MD5 | 56f73b88f51c65723b8520671df083ff |
| SHA1 | 698351ddb1beff60efa7d8086e46bf96c0da0c55 |
| SHA256 | 6f4818fe24b9c29aecd1b0f26f7cccf9a92aa518bad08612e1d13bc76c947430 |
| SHA512 | b2542a9f19063f7aebe9236cb94a59a5efdbe79d72aa808af4882524298a7c33befa1be42e47730b02e51971892695513a74c1dfb5cf0e6beeee4543ec99a63b |
memory/5092-1804-0x00000000031C0000-0x00000000032D8000-memory.dmp
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Update.ini
| MD5 | eb431d332a8f7ce89c6602fb2f783273 |
| SHA1 | 02039f758108771736a605cb1dfdaebd400a6a1b |
| SHA256 | 27975d4f8b065d23637db6e9c5a65132e251ca17e67b827c41c712e173437a89 |
| SHA512 | e243bc05d30cb4320e988709633ed1b00b7020524c542634295d9ee6619c97356c31af98e2e6c166e821c8df329bb67e73b2d86b6ca1d501075c3892a96a2d24 |
memory/5092-1783-0x0000000000CB0000-0x0000000000DBA000-memory.dmp
C:\Program Files (x86)\IObit\Advanced SystemCare\rgfpctl.dll
| MD5 | 3845565d2b71b127c6dbce06fde9c218 |
| SHA1 | ec2a4b694aad7eda20dbe2451039c6787ae68eb1 |
| SHA256 | 6581e2173cce7bfefffa9243e55d352e7cffa08b2a449b1bb06bbdbd68d45cfe |
| SHA512 | 890038d08938a6429d5dfd2a7a6723949def8baa02570939b5f6d1acdda516fa2e1d455f79427f637a646a7bf67d06903fb06a2d2543593e57da3285f40d9946 |
C:\Program Files (x86)\IObit\Advanced SystemCare\sqlite3.dll
| MD5 | 5b5a926a887f4a9f3eecc54598f697db |
| SHA1 | 86044be248e9fac25a0d8a3dd3c617da8688b7ea |
| SHA256 | bc0c750c98bd413e7975e8b17b1101c346dda53100020161bc5141f77ed98932 |
| SHA512 | 3031b4cf17cd4261d9c36495cfb707c6be10bd1444c8e474d1f117df55cadb32fe1661f239499d6f1ba3d3d96def6f6b4eae7e3fba543c6a5c8b98dedeb91412 |
C:\Program Files (x86)\IObit\Advanced SystemCare\datastate.dll
| MD5 | 86bdbc01aecd0a413ee4a0583949329d |
| SHA1 | f921cd9c5e89c1acecd7b235583e6d65165a6614 |
| SHA256 | 85c0c5b3e17c5f9e9f5531dd9dc848b946a29902ce1294ca7a32a1d169fa0faf |
| SHA512 | 3b13542a9354297b27415ab9d9bca6adda884d4e2238cc924715ef29f14d819a3c768b9d8a2c7fffe6c6500c9a79b5483e1265df870650a215e928ac28b1225f |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
| MD5 | 2caddd6173a2ae95dff95c3c7776537f |
| SHA1 | f38dc18735e2ba0eff2d8fc8f92fceac4eca27ff |
| SHA256 | a871865aa0a4b9e07aa8b2a4754155f2fa0de156c3ad8b0bc0a4049a04a20db5 |
| SHA512 | 4dc72eb0f3eac4cfb9f3b489719de5f32d3f3565c5e3131c92523a4b3fd8901dbb01746b1dc1c65795a38bc60688cf8b3d050d179c28dc664ea172f7551a7281 |
memory/5092-1781-0x0000000000C20000-0x0000000000CAC000-memory.dmp
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log
| MD5 | 8d98d1e67b5ba582ae11f4dea935281a |
| SHA1 | ea641888a6b1e5d9f666d688ffe3936e746c2148 |
| SHA256 | b59dc8b5ebad4226438fbd4e3d3d395d16d9aef3ec20bcecb9b0ccdc715b2367 |
| SHA512 | d9b975137c7824f16f07d41170463ddcc5d57696b18ca1b605e49109bbcfdbd91b42d8d3975ac6e8e4ba112d2cc531785c51e523456a13ccfea05a1287f762e5 |
memory/3556-1830-0x0000000004680000-0x000000000475F000-memory.dmp
memory/3180-1843-0x0000000003A20000-0x0000000003A25000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare.lnk
| MD5 | 11fcc91cacad79dba5e6acf3b576ee2b |
| SHA1 | 229401211fc859cb0ac432a8395054217eb9a644 |
| SHA256 | b31c10fb3e40883c332caad1707577d4aeaad185ad8055523769e8f1d87225e0 |
| SHA512 | 096e0d51b330d2f93ac6b037ceb0ecd711d2c7ec0864711cbf482f7f288fd9f2ebd6f9ae15b76309ec6225f8a4b6542b079b6cfbfbe2c2a6184d7736bd9a513e |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
| MD5 | 4b86f14ac49243f488530e596ad8289c |
| SHA1 | 6a45ff042d4f06b70429d56d6ec9457ea49b9215 |
| SHA256 | f89357c3f440b5834a154d01303f605cb40ae9d89a9aef16885f9923b4179e7d |
| SHA512 | 74e80105817d1fbba2826252455f740b8599faac3d814db01dca4c2f437eacef88da124ac1ffef92da83b9a19ef80d4ba8642f22efbdfa7ecec10076eb175817 |
memory/3180-1852-0x0000000003A20000-0x0000000003A25000-memory.dmp
memory/5600-1855-0x0000000003020000-0x00000000030FF000-memory.dmp
C:\ProgramData\IObit\Install.ini
| MD5 | b6c37d5a572c420ab51ef6cfa479c5b7 |
| SHA1 | 8b9be1e5021dde313710a2731c16bc57efdc312a |
| SHA256 | 3088032fcb16cc3369f636ff7e7cd24d4e41d3943fd7af80af92bcf2616b2e20 |
| SHA512 | 6a885127300bf5c691644dd292caf4ac7329a346403888a106b8bba01b849519c95cb1a0d5e1eb28a20de840488f5be74f90a5ccf7130cd03ff14c546fe4085b |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\License.log
| MD5 | ff0d436e0825e1eb8f9f5897c4770d2a |
| SHA1 | 27d4c37508d37eef177eace1ccddc7d93147a623 |
| SHA256 | 4e9d7ffbc0601ec12d5fc965806719f0640cea68386a4d045e5dea601be58aee |
| SHA512 | 0fee76474f8326a8275db247332a57c6be8576063168c5d11211270341d8b1e48ea0212378607856379c90365a9fcab121704a240ab149fd3a16b7bf1ea58950 |
C:\Program Files (x86)\IObit\Advanced SystemCare\PrivacyShield.log
| MD5 | 1124cefd8e89c93ab031b333357b4dd1 |
| SHA1 | 81d3a13a3e7096eedd8bc00ef5ab8161b0009056 |
| SHA256 | 2b85b37c08cac0ed2dd78b7562407088fc1a1422a82a7515d7736f8f7f38409c |
| SHA512 | a5ee296425c042d1c3064a61b11cd6fb545339600f60cc0cbb1ebc8350d834c8ebce4b69554737074c0395c0c146d670de58200aeb9bae9c77e1335242dc7ebb |
C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\ProtectRecords.ini
| MD5 | 0e9856970f5cb2544dbf5ea83fe9391e |
| SHA1 | 1379805a305d9de0ba7eeb1f7cc46f40eb59a7f4 |
| SHA256 | dd5bf9c2f483789e8853dbc42429774e9c28d51a086a6c57ef78dd414e5a5422 |
| SHA512 | 010591395be0eec618cc8e9625228ae7fd5e3c91162e24ee96bc2c818abff44b9ae9d0d1e0a6261cb40ccd2cebc1b7145bb1c3cd9abac25780ad41b4463f0c47 |
memory/5768-1897-0x0000000003DB0000-0x0000000003E8F000-memory.dmp
memory/5768-2939-0x0000000061E00000-0x0000000061ECA000-memory.dmp
memory/5768-2938-0x0000000050120000-0x000000005030E000-memory.dmp
memory/5360-2941-0x0000000061E00000-0x0000000061ECA000-memory.dmp
memory/5740-2948-0x0000000061E00000-0x0000000061ECA000-memory.dmp
memory/5740-2947-0x0000000050120000-0x000000005030E000-memory.dmp
memory/5740-2944-0x0000000059800000-0x000000005986E000-memory.dmp
memory/5740-2942-0x0000000000400000-0x00000000005DB000-memory.dmp
memory/5360-2940-0x0000000000400000-0x00000000005DD000-memory.dmp
memory/5740-2945-0x0000000057000000-0x000000005703F000-memory.dmp
memory/3556-2968-0x0000000050120000-0x000000005030E000-memory.dmp
memory/3556-2969-0x0000000004680000-0x000000000475F000-memory.dmp
memory/5600-2955-0x00000000002C0000-0x000000000078C000-memory.dmp
C:\Program Files (x86)\IObit\Advanced SystemCare\PPUninstaller.exe
| MD5 | c058768b94f6552aa39061ff214bd065 |
| SHA1 | 2b38062b78ea134273d676de3430b7031745271a |
| SHA256 | 34f09efde3f3e12d148de748757ae6149ba05c3763c167020e59c9dd57e1dfcf |
| SHA512 | 9c88c13c987f57b603fe48ff4e19bc951cf48281a57a98a0040f31d3d1d076c7db3550da5177cfd7de7a20eac48e2f7adddaccc4e9d079d6c2db22ca0679325e |
C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
| MD5 | 0110b5295219bfd64f1e48e3abb7e600 |
| SHA1 | 3427da850c4041d69a88b6a7db79c1d0919ff02d |
| SHA256 | 6a0a220b9a0685f957b5f1c744ec98455cb03ac507e6d2878724662be2c490d3 |
| SHA512 | f2059956f8a2d0b3fca720a1d06325c028ec495e5bcb059e2ffddf954db34f197f17dd1844834b577c2ae98561be3d277c7d2d691c228b1e9884dbc5593f198c |
memory/3556-2967-0x0000000057000000-0x000000005703F000-memory.dmp
memory/3556-2965-0x0000000050000000-0x0000000050117000-memory.dmp
memory/3556-2964-0x0000000059800000-0x000000005986E000-memory.dmp
memory/3556-2963-0x0000000000400000-0x0000000000534000-memory.dmp
memory/5740-2943-0x0000000050000000-0x0000000050117000-memory.dmp
memory/5768-2937-0x0000000057800000-0x0000000057812000-memory.dmp
memory/5768-2936-0x0000000059800000-0x000000005986E000-memory.dmp
memory/5768-2935-0x0000000057000000-0x000000005703F000-memory.dmp
memory/5768-2933-0x0000000000400000-0x00000000005AD000-memory.dmp
memory/5768-2934-0x0000000050000000-0x0000000050117000-memory.dmp
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\HomepageAdvisor.ini
| MD5 | 8650b1755b632485f2dd439f3a3c6126 |
| SHA1 | 8c1ca0c0cbc869d75c7f174a77b282e457e9d78a |
| SHA256 | 931b07b89eac79e4011037fb46a1922c3837f25b900598d3ad0f386a030e88d6 |
| SHA512 | c0bd889d248e05ff2be70765f48c756ec313e481d7747c676d7365af3fe0e332cc76f08463e07f829d412ea9cf42b2aaeae6eca3d12438e7497bd77a428d1bf6 |
C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe
| MD5 | f98a4521a2d99476b50fa4aeb71cd15d |
| SHA1 | 7a66ee7d7c88c5ff7f9d84277b97bfd66c4b20c6 |
| SHA256 | 65d20649d14af3e6025765b5d0436c5396edd430bf155cbf8ad0b1483a7671f4 |
| SHA512 | b297763f3d9db97ca84c0509af0b6c289ee934327df280ddeae69573a934ad3fe7be7411e1f831a49080e9418b187864b205c31e8ebb1ce0e41d7cfc6efeabc9 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe
| MD5 | a4c4cb5cd7e4c30d4d7e0dfb58c00a22 |
| SHA1 | 1cf21920ff7c3f14d9084ae72db87b14de8635e4 |
| SHA256 | a711deeca99de5187715b98d942ddc93ced74d426f2e7213bd1237d5fdc31bbd |
| SHA512 | b3f36061b60a31f6620f634e2ed2944f59643de2e08e1186eb61592d1660291f294afd5f2f9974bec504e130904222b2239387958d7dea82fc22f856e89b6781 |
memory/7008-3063-0x0000000004040000-0x000000000411F000-memory.dmp
memory/6956-3077-0x0000000050120000-0x000000005030E000-memory.dmp
memory/4348-3081-0x0000000050120000-0x000000005030E000-memory.dmp
memory/5324-3086-0x0000000057000000-0x000000005703F000-memory.dmp
memory/5324-3083-0x0000000000400000-0x0000000000552000-memory.dmp
memory/5324-3088-0x0000000050120000-0x000000005030E000-memory.dmp
memory/5324-3085-0x0000000059800000-0x000000005986E000-memory.dmp
memory/5324-3084-0x0000000050000000-0x0000000050117000-memory.dmp
memory/752-3082-0x0000000000400000-0x000000000042C000-memory.dmp
memory/4348-3080-0x0000000050000000-0x0000000050117000-memory.dmp
memory/4348-3079-0x0000000000400000-0x0000000000409000-memory.dmp
memory/6956-3073-0x0000000050000000-0x0000000050117000-memory.dmp
memory/6956-3076-0x0000000057800000-0x0000000057812000-memory.dmp
memory/6956-3075-0x0000000057000000-0x000000005703F000-memory.dmp
memory/6956-3074-0x0000000059800000-0x000000005986E000-memory.dmp
memory/6956-3072-0x0000000000400000-0x0000000000552000-memory.dmp
memory/1340-3071-0x0000000000400000-0x0000000000532000-memory.dmp
C:\Program Files (x86)\IObit\Advanced SystemCare\Register.exe
| MD5 | 7e5ba085d34688d31a0e312a042db571 |
| SHA1 | 22f7cbbd537d21f76f1469a29a93ba179f3f6395 |
| SHA256 | 8e0b2b92ae7bafe02c5dbc217a90e6b382eccb412660653c3aa028fde6ee20bc |
| SHA512 | 6ffa4e28eb31e45c16ee15fb3fa8bb914be70a11d8a507c89fe770d3e4bca6722fb8ba68d94c07c541a4dd8828b588c9ba5a1493f233c76262d25a23303fff53 |
memory/7008-3091-0x0000000050000000-0x0000000050117000-memory.dmp
memory/7008-3090-0x0000000000400000-0x0000000000661000-memory.dmp
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log
| MD5 | f4015436dd2f9f10b3145a7e091cd4b1 |
| SHA1 | df94c1473b9f754aade3ac5f1f4d2d39aaed60e3 |
| SHA256 | 6ecdc062395f9f77c672f209932c104fdb0fa8b5b865e10ca7d43f27b7ce9198 |
| SHA512 | 16ef560626145e7320871705e2c0ddcf13b93481b7007ccd0188ebe2c92f888eb90124ffa3f72ca9113af40f427667cd7ae1313138bb1439ce5494bf1d09e7e3 |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.log
| MD5 | e69d24b186492fd7cd164be466b6ce2d |
| SHA1 | b517d27f5ee6859ae961a61c7ed3f4109942999a |
| SHA256 | 599dcd0638c68b192703b029b1be75b98e791c827c3b069cbdd3b8c86c049846 |
| SHA512 | 4b8b09005c9934f727c50a0bc03e175569cd8288971b92e17dd00591f0a06dc1aecb316d7077aad482156212cde2075dca0699303130347e75504ee8dac462b7 |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.log
| MD5 | 514002e6df7881b9906779d75504cb04 |
| SHA1 | ae6c4704d24099180c0d6d1484a652ef8827fd4a |
| SHA256 | 4239f0171a480038b160ae1def7bdde32e8c04d6e5f68c79f7958c82068c68ec |
| SHA512 | 5ace089c34369a9a9cc03fe554a64c3e678aca1cc964283bb510ea272bac9cf059acd5af84124d7644b1e7d074b1067f5b4b6bd3d1712e1c30e263c1b4aa1533 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
| MD5 | a0b39082b00abc1a43cf6a0be98a8295 |
| SHA1 | 8a475ed34424ddffc8be5d009eb44201439b7e6a |
| SHA256 | 0c737f2d06f25b6e039920f7100eca9feac3c79c34d46d1fdd68d79e5e517674 |
| SHA512 | 585e4fc385be5eedb87af3f4e8edaacf214ef6156bda65a5fb9a6052c5ba17f576ca4de24a7388ca8163abdedbdcd865e98499288f86a45724aa6f368e2aed1c |
memory/456-3281-0x0000000000F40000-0x0000000000F41000-memory.dmp
C:\ProgramData\ProductData3\asc\asc17Stat3.ini
| MD5 | e8ae8b1d022d319120aac3ee6ca77454 |
| SHA1 | 191579a3c6960a1121d21c4b23d8807d4174c577 |
| SHA256 | d2e738a91c00cbd64327da07cd9150566040dea8201e523fba62e6fbfa42716b |
| SHA512 | d235c0b3d8b4ae6fa21f1489696eb89ae71ac19e83d5edd60e69de38189b790e0f266876710a04a58e05f139047fe5f85b4fa9245d0f1740ceeb57dcec7cc9ed |
C:\ProgramData\ProductData3\StatCache3.db
| MD5 | 61f7cd9a536fd3751ce2af546dc141cf |
| SHA1 | 414852618b24d000c879f131f8f2c462db3653c3 |
| SHA256 | 189899dd0fbe86f57c575fea2ba4e3067588e37ec7a8bd05da2b9177471a5502 |
| SHA512 | cb10ddc789443ab72f4ac3fff808f58c6ca4da3a9a0ad1e45c3786e07198546ed64be680d088b4e362714142e7ec5a6edd789a5e3d5de427cdb67224ba7c2cd3 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
| MD5 | ebe66a41a426cd03bf87db01e57f1e4b |
| SHA1 | 563afc778a77011c7776ccbc047c494111f5189f |
| SHA256 | e5502f1cb1a26313340e6cc673886cbe8ea2b5cc81c12122d2ebb043fde2f9a6 |
| SHA512 | 240ea8711a1aa9e6772b998e4e9f8eaf8e3c685ba65d092a4862d46e152a986cd6e8205ab515b03a975ad5028d3e58b0372a18901e3067525e59b2c23ccbed97 |
C:\ProgramData\IObit\dnsprotect.ini
| MD5 | 61ac714b024cd9bcc9b78567f5cf8699 |
| SHA1 | aaf020969a274ff78b0d56e3a976f7c7d63ddb2f |
| SHA256 | 569f73537730a9240d4a5cd127e8b8b79307dc2ead733e77e6e6b73a2ce9adc7 |
| SHA512 | 7f46d2fe2db6d47dd0baaefc2b41b2716fa589089e9fda52924382a417cfcd1427ab115a882f04d354a6f4e40c55f71cef23abc64267fb46ee9651c81d9e0a58 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\ncconfig.ini
| MD5 | 132103d7dfa807915e23413fb96d10d9 |
| SHA1 | dcd143032895423a49b9086b47d17b4f53ac52fd |
| SHA256 | 065f64665ca72b3944cb40ab6d84551e995902402560afc39b54ab3906e42e80 |
| SHA512 | aedb56d9301d7540f191a7f4f26b1d7e2fdeaca6ddaba3a7a899a0794657fd4902f22354b21bfd4775169e756043468f49cc19c0efa604744d012b82163a753a |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe.log
| MD5 | bae361721fef873579f2dc90b6c9d8a1 |
| SHA1 | 97c01d799418ba9fa770e7f723fa1b58610efa7c |
| SHA256 | 8a9cf51c1bca6025a8c180041654832f06c5a76b1501e4b4e86c0fd9765c75e6 |
| SHA512 | d66ad20680279d540b0932d6f167b723c964ee833236dab79cf8d0ca0031f91a4ab73b58f4afc650ad6bc35d48f350ab10fb927e66b844f10302d30d0009d77f |
C:\Users\Admin\AppData\LocalLow\IObit\AUpdate.ini
| MD5 | 96babccdc7b5729fbc7dc981fa0b4645 |
| SHA1 | 746938a70e729e8fb67c72a364cc87007bf2f931 |
| SHA256 | d66467e0caf1d22923b16a29db4adf7cdbe0743034c9d0742d68c432406e0aed |
| SHA512 | 035991e686a9a5243a47661ac005a184815bf20a0365d05a03ea4a55f469d4808182feb8724afa163e926c998f38780a6df8f95c735b743cca36851e1206de80 |
C:\ProgramData\IObit\IObitRtt\ASCRtt.ept
| MD5 | 127489c744292b692b72b4ad1e8b0231 |
| SHA1 | 74b38735c759653283ab8fcc63ea7ac35838409c |
| SHA256 | 125bd1717ed7db8d311eb7da8e2a44cc720719e1d69c1c7bd311ce42e9d7497e |
| SHA512 | 3e37a5b0c5b0694e4a74c1e46d667dd3a739ceb8f599df45eff35afc82375f4dfb61ed2d45f1902f8727e206996109410b8350168c07435d1981caeb3cad26b9 |
C:\Program Files (x86)\IObit\Advanced SystemCare\LatestNews\NewsData_v2.dat.tmp.dat
| MD5 | d274f77de3882b035f27ba7aaa56fdd6 |
| SHA1 | 42ccfd7ab2dfdba8e2f6a68a2ee5fda68df52a4d |
| SHA256 | d78761cd5d3f94e220fb43549a329def8c1f3243b0f3b0ab30e74d9cfeb095ad |
| SHA512 | 921b9fbcf8b38ff27db8fef12d726a2970544858a65031e2a0a0f0514d37623c58306d17af4814df8276d68d5d213c775a85fbef95281426b9adff9397987ae3 |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe.log
| MD5 | b4450480dd390bef921c8ad55cbf7a93 |
| SHA1 | 4cf4b136ef5244d6155c990df8c4ed72fa7c6129 |
| SHA256 | 812646c75355413345ce9dcf6398b8c94c85e7bed6bb210e84b25f7e5d95c752 |
| SHA512 | 29704d92bd752babdb58c0d6573eb5371829cb7e0ee39633bd949f9fbc61949c41cea2dbc31caecbc7321bdffda374021df8fbc48c4dfb70af482441c18b3aec |
C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.log
| MD5 | 6fe5c78cacf95b16075f2ab1f7a22768 |
| SHA1 | 7a75bf695e044ee2e2c31ddf64a3db8d0fce200c |
| SHA256 | 77c0e72ac07d36e98098e96f87f4fa610873bc62f0f990817f11c68c62bc1f43 |
| SHA512 | ff309e65f58bef08aacf9f12bed555963a78cabe4e63c31b356ce27d82b946045c986e777b32cbba0170b369f4e96ae50986719f5593c20993018bf11d635513 |
C:\ProgramData\ProductData\NewsStatV2.po
| MD5 | dc72bdebf3016a463eb4e209af1aefe1 |
| SHA1 | 9bde7acc8b748a89daee4d756fa57ce3007e82a9 |
| SHA256 | 472e48643c0b957bb7c612448330f07ce0cb71e14541c6b0b9ce789bc82e91da |
| SHA512 | de6999ebc8dd931a4417c6861e36127a6b7caca1543f1db94eb90c3624045ee57398d2fb1a4841e0647ac0191ab41a04d6dc8642c7f1b888743a03a985c65ea5 |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe.log
| MD5 | f15c91d77aa0157e770dc99153900036 |
| SHA1 | e831c1edee6f550f04ee6f2d50319128ca71a58d |
| SHA256 | bcdd5fd60ce94ea7905524ddb2711064fef1638d51881fc01f3803b499baaf3c |
| SHA512 | a060487abed528350eb09229c6d53aa99f8d245ced52dc5cb1f4607f46ab4e6c95fc9a345e91bb6467b175f262f85d3bd4c33231ca0c1425e2a07f7cf21df923 |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe.log
| MD5 | a1a05aad9f450e43e318ca3772cabcd9 |
| SHA1 | af4642394fa26509b6d8862b4e01c8cd73e68477 |
| SHA256 | ea94aa2ec92d941550901b98493d02549a47cf876947da7da53cc0b000aebc94 |
| SHA512 | 436d64020d49a94c086394df56a72931d835151b7df3a9a3971ad0ce846354cf2442f7523984bf2b6d0e64b0fdd03d7f0efd786171f80fa5daa06e83dd97d6b6 |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCVER.exe.log
| MD5 | c2bc7db58ba48d01387df7aa4972c0cb |
| SHA1 | ba85cea7cefd8d65dec2762a99536fab2f30f20f |
| SHA256 | fb00df8ee99de863aebe737e991098428a19e49da7ea5e37b89b3a0ec44a1312 |
| SHA512 | 10280542d419f063f01ec2c671b0d0d0a23ab5b1ba8ea10e40d109af1c39c5ff0853de23b7a7c3205c5f3fc6d751814ddddbd47685e62ddf8285f740abf41aa5 |
C:\Program Files (x86)\IObit\Advanced SystemCare\AutoUpdate.log
| MD5 | 800407940da5650867a1ff02587721cb |
| SHA1 | dc7f2597c286ef8f1f7a99bd6ca52ae68ee2ff2e |
| SHA256 | 22e3aef3d11fa6806f84781a1bef57618e15808c7f2e681aac6992c351264202 |
| SHA512 | 00a94e4877ddde69df00c30b1994970edd5223a6f0b5219e271c7f2d3267d8c5092c4f4a21a8b168cea93aec4d7946c6001770cce1a71ee49a6aa8a144361f43 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Update.ini
| MD5 | 01ef38a6dc4b6f816aa277c7e198f4bf |
| SHA1 | be77089fa6074074347d2f321d34de408d81098d |
| SHA256 | f1ab45258bdd7a4c34a2a4968531192ff04f6e734641284c65c4d187a91a4a7b |
| SHA512 | aeb70173ec20ef7d323a63f5a779eaf469e03262827496957c05025b1689b1d770f9a37717e2356484b41d2286e2e7b779c4e0ec0213f4000ac6b158eb037c8f |
memory/456-3629-0x00000000043C0000-0x00000000043D0000-memory.dmp
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
| MD5 | 09876e7420f5e246da8a45a786b14a46 |
| SHA1 | 49f53fc1df7b44785c70fbd5f008eddef2b42d5c |
| SHA256 | a005521b4346c8d69bc37f61f0e02bdb7a80c6d8b6e7d361f1040ec144eb4d2d |
| SHA512 | 5a7cdda781101a00e917cc6fa6932ba5493bd33faf6c852b74c28c33465b9d2c6a1f22ec0c41c3739f3e52bb926ec57ed3b8db8aeb6c2739437b4ccfa0fabc71 |
C:\Windows\INF\c_volume.PNF
| MD5 | b51be19095bc72c0d98992d49662ea60 |
| SHA1 | eb70d3d6311e5d6556079c3d6c628b37d5bc8b17 |
| SHA256 | f69d9f1301921bc5dad0ecb69adb6eab0d9d10382351a8375bb35179fdbce7a0 |
| SHA512 | d995833caa7e09babb4222d339ea7bdfb04d411a44faac5a4ce1e5451b482e086eff354c5bb175ea1a65d1d0a425c51cdf57d027a535a6e23337b4a6e566cbd6 |
C:\ProgramData\ProductData3\StatCache3.db
| MD5 | d7c20d1df48eca9092f39b8b9f101ec0 |
| SHA1 | 2fd0df3206282690b09ff218d3c04c75c3750ea8 |
| SHA256 | 558c5dbf1e94a4c138dba2fa4dd677af7379cf60510809756befa9f6a6fe1837 |
| SHA512 | 5f2974310e04b6028ec2f643f971a1e07c99e094576984ac45f9b53c2180a3309def4e4e4d02e324b8c34aafae91c2af2e7187286d35800474757a87f56091f6 |
C:\ProgramData\ProductData3\asc\asc17Stat3.ini
| MD5 | db8f7a9be4925ef9191d9a46c54ba9c1 |
| SHA1 | c69b43c6ba08f38b59f9b36af9c6fba46603b2ff |
| SHA256 | a6fa46c0aa72aed3f25695ad315e415eaaa644e27b281aaa9106755b48a1db0b |
| SHA512 | d00a085d8dd200053069950b1935b4f383108fd6021d816ac1f9ecdf55ec830ed88f8c9eb15917f6584b749b19d8906c7c19a3f6adac3c668cabd191d386a9a8 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
| MD5 | 058075ce77fca4eb496228b0cdd1d0c3 |
| SHA1 | 044f46537b9b1fbe8594e54e14306ed05572513c |
| SHA256 | e6f2f1ecc6350c6cff2cfd7cfcaf80627cd214e906842e97950896a1a835b8a7 |
| SHA512 | fa4aa1d74416f8f792ac9b60df1e0a4e44f8a298261af21932b1c312eb0fbfbe71d993c02c43fce0c0214fa6b6f542df9d155a02f22d446dea52dbb4e877562a |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.log
| MD5 | 0b5773f03cd79f74085fc931acb5f717 |
| SHA1 | 22d871060658e5fb8ecb03a61f3a7e3d7dd57d83 |
| SHA256 | a25b9c2fd80c2b640e35c77ed42f581598095316cba20c341fb1b1159c947e50 |
| SHA512 | 4450b1b63a8905204e47e06cc8de0db3e1087bc8668da27be6e76e1ebd124ce5395b2db1f754cf12666c6eac14b3ac39150f12ce6c37bf0a9c71bc52c99edc83 |
C:\ProgramData\ProductData3\asc\asc17Stat3.ini
| MD5 | c8bd58abe0bf51ad25d2d89691d17d75 |
| SHA1 | c0d21902ba850ef9ec0bcb37de1482ec4dfc74e3 |
| SHA256 | c52ef898a352acd38b1ce78954edcc2a1cb0f5fd18a7329f96598d75e20cbcc9 |
| SHA512 | df43984654a8429411fb9f4a84556a528be2969d7001331c5f00f49b9390910f92fe81c4406b2d560cf9cdeb64aad364029715257d1904db041967b33e7a3caa |
C:\ProgramData\ProductData3\StatCache3.db
| MD5 | f324b505684f20bc205edb400d32e661 |
| SHA1 | f0ff0f523639e7f8fc6d56677cd0b5694bf8f6d5 |
| SHA256 | 706e1c96c65496037e730a602396d2c1e26b6c2bf1eed45dc50ab449e60ced54 |
| SHA512 | 8634c48aff20f7a11f02360c0ae90177fa71b067be8cdfea8b4ab3dad073bc7e15ab27a816c0ded5bc0a29faf9aa77480f311a25db5b2f8bf00c4628e382c591 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\popconfig.upt.dat
| MD5 | 8c1e44e3173a3725c8624db4c0489b61 |
| SHA1 | 57511bfe9a08046385dd404098ab643bfbe8008c |
| SHA256 | b4c6d01cc6418139ea1d6abe70e3017a9c824c2c86f868010397ae1b53499f17 |
| SHA512 | c14683214c6e2cbd73844fc8d3340ec70d804e8d4f88eef5dc04f4f7636d4923539dfa31166e7c62e549781dcb76872cf326b2b4739119d8f51096741fbbe36d |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\ascevent.exe
| MD5 | 14de43d43150d15ff82aecb77fe9deec |
| SHA1 | c854d9cd58951bc6b7426bb7ba9aca190210eca7 |
| SHA256 | 5ebd9a78bb0b7d7640bb53173a86cb48f42fb0092ee0c4f9461c4a07050719e2 |
| SHA512 | 283da8e8af37d6d5441b8c10f255d34b4a930411a1d74b087473989a07cae767f6f1bb5477861d8c234533200b27dbdeddaf98eef1f3dd8ff70d44828c0f7a54 |
C:\ProgramData\IObit\ASCDownloader\ASCInstaller_Downloader.log
| MD5 | d14cd17d26d7531d8dbc62c1734dfe52 |
| SHA1 | 58de48dbf41a6296b53a9f0c2b3edefb40b4cdef |
| SHA256 | 5b6c0d0757c0478769a34d7015511624c41a647a537ce0149d45f78972323d3a |
| SHA512 | ae4f64d642607c3dec44c717f02189ea7e39aced7aa5cefaa1afd8e58e0940c17425acd6fb78f85469c0ef2316457bc15cc85959a942d03b6e32fa2aa233581d |
C:\Users\Admin\AppData\Local\Temp\is-GP8RN.tmp\Installer\ZLB2A19.tmp
| MD5 | 64c95ee7b4bf7962485029bb65c14679 |
| SHA1 | 63c5d9edd269e6dba4a4f9a54c3a3912e13f2908 |
| SHA256 | 666a4fd416b9f5a822bd9c3653098ab3d66db748b992ff347ec962501d0633ae |
| SHA512 | 36426017ff2d379f4d143fa1b6a90909bdcfdd1fedfeca7fe38e5f538927649f840bc9f244f1818df2f7f0ec96cd50e4d09e23519680070bc64e2376c24473a8 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\ascevent.exe.dat
| MD5 | 7accd1fe17bf6cc24069a7c56b836389 |
| SHA1 | b2cbb57d7c11d356c39128e8394af69c03b531e0 |
| SHA256 | c05eedd746fea3e14ae683a8c9b27e571ba35a5926650865b77a04d75de86f3e |
| SHA512 | 9246e545489737bea01e5cdb3298d43fd723ad4aabab9eb0c9d24b5db5e914bba97b4dbf39d6b521ee696d6583322365cac763d5000bae5632f8981e85f2a7ec |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\HomepageAdvisor.ini
| MD5 | 99076368ecfa1d8fdc3b1ef854d81b97 |
| SHA1 | a34a1c22e72431fa16b0c21cb07bf620a03a1300 |
| SHA256 | e41fbfe729850c91550553c74395d92fd63859fa59206ec206adf4dfcaa546e4 |
| SHA512 | a681e2b3c0210aaab89eeaa5ad3269acd4858a5c9424d3198b8d50f8363b74702eb454e43d3cead61f409104ad1afaa3c7bbf8b14595bba4b0ff34bb609ab454 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ffa07b9a59daf025c30d00d26391d66f |
| SHA1 | 382cb374cf0dda03fa67bd55288eeb588b9353da |
| SHA256 | 7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb |
| SHA512 | 25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8e1dd984856ef51f4512d3bf2c7aef54 |
| SHA1 | 81cb28f2153ec7ae0cbf79c04c1a445efedd125f |
| SHA256 | 34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7 |
| SHA512 | d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f538a42c706eaed1fdf4c41741af9eb |
| SHA1 | 46f7f9105455d993e511f717e71a7d29dbc0c48e |
| SHA256 | f5dcccffbaa27cc65815a1867d4cefd8f5475f706cd0034e039941685e97a0cc |
| SHA512 | 92e4cf4b98658de4ce68c9de44ada0314f9b78de4b21c6ad04ac99333c4e7e5abbb0ce1db20ca8c6348cdff52b219976a29f9df9d08533a853750d7b64722bd3 |
C:\ProgramData\ProductData3\StatCache3.db
| MD5 | 5a905c8e05d339f5bac77eab4a5d4cb0 |
| SHA1 | a200d26c16ca770442347555854cb90c03307839 |
| SHA256 | f3291cdac095a4c48b88853c7a27e0c4bd2aee515c8a4f58c7d97ba4676c9e82 |
| SHA512 | 2e68f6de5463c11da141de971cfa6b0727ff697b9b60d658ca27832adbb2505244ce4b39bcd847f569a16ffbd2e86de69ef021a4371555e3a3beeb8fd935232b |
C:\ProgramData\ProductData3\asc\asc17Stat3.ini
| MD5 | c2157b458ec5821050b9a677d15fc4c2 |
| SHA1 | 05b49d0ebcf6f158bc1f7d46082a5b4d485a3568 |
| SHA256 | 7d96ad60a70f6b77c1d0186ac40e3062b45eb18006a6d66381bd3120c790c99d |
| SHA512 | 287f9e1375449f729b191502629f53b9811bfec49ecc51ec7383d84210e026a5f8277bbf873c50ee7be2b5c3fa882c38941edb72e0838e4bd99b954e94b9acca |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\PMProm.dll
| MD5 | 527f9a39649c5af4afdb10a0d1f4569f |
| SHA1 | 91c162c77c673b5fc2725fddd27c308094babbd8 |
| SHA256 | 77b5226fc62eaa6f146fc0b47c2ee16b940da9af71f2f5f151f3d431e6988ff4 |
| SHA512 | dcca969790b1554b2a150121f54a8ff33c8ad4e008a0338df4869dd788ed16287522d6b7556a20bb939750c1d186907839d2e2810124d8cb39825b27f89bb1b2 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\PMProm.dll.dat
| MD5 | 1575d519e78f08358b4ae5cc6912dc25 |
| SHA1 | a2d2112b835c9da0f74c758de4fd99afbf29e60c |
| SHA256 | c8cb38244b8ad965053d6e345b189c3e4f051a150da039d3bd0ba8456a9c2875 |
| SHA512 | 7919c02ea8591802be4a9e824c19d3473b077a1e046b742436f29ff601d0667cd7491aa96a1c4d8b96d1ec7189f0f3fbc7bfc0c86f83e456ea49f072288466eb |
C:\Users\Admin\AppData\Local\Temp\ZLB3A67.tmp
| MD5 | b24d1cadd03a90771e90eb3bf08f299f |
| SHA1 | 132357682491d4fbe8c453849d3cc97baf961651 |
| SHA256 | 28c8d2e08425df2897f2f4d440dca33ef169cf037137850d98c719a50daa1463 |
| SHA512 | 8ab02591346a387deb7dcade8dcf5cbe3249572e7348c48e43d078226386d07e659942ff1a4ac6ca6a05cbeee48516c6464efa1aa07535cbbb1e3ffc1ced78f9 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\rmuin.exe
| MD5 | 786da5e6e611f691bf5f88b51d379e47 |
| SHA1 | cc2fc447748d30545bbce0128b56cfd3302bff68 |
| SHA256 | 87580b8b527e8324ab75923a48efd6dc90c23bab56b0e133a25ddea85d369e28 |
| SHA512 | 0cc8ffbd645377f383097420ccf04d0eb486c0c6d37636f1617eff5e8e6de6f248b1a8629f3c12c5be82c9c8fd99caf82e893206cd3f36671012bd9578d2d3e5 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\rmuin.exe.dat
| MD5 | a6125b7d9dd6e8e092e30d6c9783e3d0 |
| SHA1 | 298068aaad70c30259e00c67d988ab896ea32476 |
| SHA256 | 4df8f087c6443b11d3f0509ca924a3ec651b8a3e2d23bcef12ca66c9d49bf267 |
| SHA512 | b7dc3d3280559bde7dbe243534b27902a2faae003b86006d8630b5b6d48aaeb2a727001809072647a9668966e881147f1541c6df8714087b47914ca2c8244c54 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\PDFTRTips.exe
| MD5 | 001b9b5ca86e1a157dcd0a3055cea25c |
| SHA1 | 8a6b3fdbcda48dc94a0f81639d64fec407ad1b4d |
| SHA256 | 22be46ac3571deaa1b0322841ca9c5e392999e25dfddd46c134be9647fd05011 |
| SHA512 | b531667d6989f8d1ac7b74bb66ad429becf616fd6efbb7c38137fc15e94b5d1ed1290c449241adde4cc922a19bc3f2bec69863cce994294518f336f3135071e6 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\imsctadn.exe
| MD5 | 11acd6f4b2b483533c92881b22529fcc |
| SHA1 | e8a0dc12506b9f2500ff52bdba1ecbef469a6820 |
| SHA256 | 65032e5836ff40d3bbe6ae7629e5d4d710ed10a2f0f7a6814091f1ba475d51e6 |
| SHA512 | f4ed9b027569bb733c82245a74dc37df65177199751bc05d3f1c8766fbffb9350249530e97a752627ec3440101f16f259476687b25e44eb192f0198b76edc30c |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\imsctadn.exe.dat
| MD5 | 4d451d6603a37681444b8b63bce129ef |
| SHA1 | 7bbf4e878b956439eeee7db88eff653ae19cf93a |
| SHA256 | a66d52f558fc0d5b049c4d7c95ba7e7df4ac50cc87efb9b736070b59eb08b678 |
| SHA512 | 57b9a9331655d4494fb6514648eff5fff8d4d7c3beb31681207c7d82cde1d694218fab4efcaf06ad64a13b938c0121b8fb9f3613953df16802f4930bb4a1fb20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1900376ac2a01b57ca9a18be85576bf7 |
| SHA1 | ad7d04144e948238635a5bdff5e5a36ac676c397 |
| SHA256 | 69cd20558767c999154c62dd89773ccaa50b931e9392b1a9d679f52a31b4a66f |
| SHA512 | b0f9e7be77a3db2f1ef682cc2366ca541fab1d02c046141593a924cb7ad7b412c714c4262549d18de8659c91941f16e3820cfc056ff48046aedaf156afb8bedf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e4e532b1806345fbe8e6112a9ebf559e |
| SHA1 | ca055686478e6ac79ebc8902e17736ca297c730c |
| SHA256 | 883fba8e46b3d1420623d518d0672b8ce967330f97b414133c646a446b09d9ab |
| SHA512 | 6b9ffb37f937c6cf20e63fa30eab18ed2856bdc75a243a6f546f3d4bc6595b1706b26bc5853252299b9bb4628e3e2d2225459701098836a0238ec024e2754f39 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\IEasyPop.exe
| MD5 | 7c8e5d68fdd25e72a3f61844bbdc22c8 |
| SHA1 | cc000face22d4825174a072747daee6a3fc0f84c |
| SHA256 | 3784dbd430c0f27d140dea531fcaf1c0654278bf0f2e011ae7f9dda2dae979de |
| SHA512 | 55edcffabb37150bae56bba0bd965e04b6012d7ca5597770cb6d3d9e234bd56a7901cb24143066692a048f659f8a269015dae648ca6e0b9cddbd4b1d0f3665dc |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\IEasyPop.exe.dat
| MD5 | 889b4b1eba38ae01c000032303a3e0bc |
| SHA1 | 6bd7b69e590d095cb0f52effd31d12240aa59337 |
| SHA256 | 751b798c363dab5ddb203727251c36c76991e9797a7210bc28b11392128a94cb |
| SHA512 | 4e8c5852d929bf16ee8a0ceef290b8327c571601e370596044cf28a57416c81962201cb57caa7b4adc58d44823797b4ea63d0f98cd2a191d11568732ec92d3bd |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\IEDRCTips.exe
| MD5 | 991452f603a6e23611358783ce209aba |
| SHA1 | 2f5aad7e0e3b232b79192e017fb5eb11124b316c |
| SHA256 | 9940eb46dd8934b6af606ac66c00c8a3660ff78c8819c8b7433f05f4e439aff0 |
| SHA512 | 44d237e5c8bb358cb54dfa31f09968ef34c187625270b50fab9511a3f8585522cf1e8dc76f4e1aae9436e3447ac4ecc93769963044cace136ca5cf4e9f06df8f |
C:\ProgramData\ProductData3\StatCache3.db
| MD5 | 25011bb2c28426047a3dd339adc9a226 |
| SHA1 | d345cd1d8093f09d227b6c991778c56b62e171cf |
| SHA256 | 160ac87c47a66907fcaa5f7770da1ebab9aeb422b12a8f868b861000de4b6546 |
| SHA512 | 957cc99a2f91b70de8bc06eb80dc16781b684631419291c515b831d040c213fd96e9d893fe099291ef9159ce5b2790bca37994e3fc926d0446a1af8b8ad16cdc |
C:\ProgramData\ProductData3\asc\asc17Stat3.ini
| MD5 | b1e320b7773910afde2924509b7f4fbe |
| SHA1 | d5f94d8df3f4bcde70566ee17173fbfe7ec18aa6 |
| SHA256 | 91cd5dbf2ba8947858131eb541dc933617f80e6efc3bc40290c4bd88a44badfd |
| SHA512 | 93636b8815729020879423e9f443faa71aefba22a69d989b212b38ca51e3fd94c01b0bc69c2d8fc9fb2ea2524fa016406b8f8b9acf8da7a4b6581220d737f116 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\Pub\IEDRCTips.exe.dat
| MD5 | 714cbc60ca4a3649c9394edf5f37a220 |
| SHA1 | ed229d746e9f6e5c9b187b748b5d9ea60e03f6a3 |
| SHA256 | 569de83f49b554f8b61492946054a4f1c22e138de9a8e4c4a8ebf007dd94e86e |
| SHA512 | 10c8903e7b131b50c62c98fc5adda92dc287e4a86fb608af54e1fce24c5c9d924149d3b30f9e6329ebecc37f7c7874014e0be2912cb7ea75fe1286512edf3595 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\cbtntips.exe
| MD5 | d91ff47a22eba4c268706bb3adca2422 |
| SHA1 | c088299e08608947bfb2cd2695041cda3c9342c8 |
| SHA256 | d2e55e8d5eae1e6135295b7d9a5aad381c38194360e1a96472ddf140aecb9866 |
| SHA512 | 39792fbb17c9ec71f3a064ea1bd98faba2cc2c7324b8eb9b801334e80df26e1a14b39049067c4f346b0fdc0230a97d48cfbecdc85b2babfa6260d11fc7deed78 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\DataRecoveryTips.exe
| MD5 | 3307cdfa5179ece7b28eb1826b11154e |
| SHA1 | 63bf508d4fd4fc4ad0571e0ecdd56bc9043ef445 |
| SHA256 | aca2e50110ac3acc40cbda5edbf542954a25cb8a82c3e754352474b424ad6790 |
| SHA512 | 9656c44a9e0f3453f04e77fffe005a6d0969e7c88d4b98dd1463fa63893906231880092e13dd9c14dc781f072bfc659085df4d74e958935e9a05236076f9cff4 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\DataRecoveryTips.exe.dat
| MD5 | d727f3ec6dcdc43fdd161c9679189d2c |
| SHA1 | 734aef8cf37f7e2b7148fc7467989c9b4a517ea4 |
| SHA256 | cdacfa6a4677024dc52390394e0dec4a9c2cfc53e7daeda0483103daa92d4ae6 |
| SHA512 | 174fefc36d2d8a4a9c41223977bef99cb47d6c8cb7a31f6dcada8824edde1b6509f73c3ccdc25a0785553c855c1bcbe2e3cb79040b397fd7f2455444aa60f8b9 |
C:\ProgramData\ProductData3\StatCache3.db
| MD5 | 241b4f8d4c08e3b611704eaa6c754f4e |
| SHA1 | 273bc4b316515a59935df8684d260370ef282e7f |
| SHA256 | 9a7a6e94aca1c8da728d31faf09233e459123ab111e769b2896f16ff9e760165 |
| SHA512 | 04cb0ad6db075ceb0ec5c723728365187b33396a5a5e53eaf24761da013d15461bc2d3eef9223480f211443f8fbc0a51157e0b4a76f95ace104e400b9a6da162 |
C:\ProgramData\ProductData3\asc\asc17Stat3.ini
| MD5 | 4659666e838669405131b9cae38cba8e |
| SHA1 | 92a731a2490901dece1a175bf0692707428b22d9 |
| SHA256 | 583964af1fbadb150aa44f3a5f533a23e1a0c55a656a2301cd94e1a5d0af925e |
| SHA512 | 94cb91842c283e6c07457c6044637a8b83d98ecb98c50da73a510787b1bb26eda686d3d0a48951c1801beacf4ba0779583f3c2177e76173755787e1921c1088b |
C:\Program Files (x86)\IObit\Advanced SystemCare\Update\DPMRCTips.exe
| MD5 | db0eff55a0d1b049a2534d94fd6f4780 |
| SHA1 | b9d2e9f84575910085ffdb258058285a005a900f |
| SHA256 | f09f5c3b1260671daf94b3c857c3ed824790ed3ec59b1240c4b5351d323e7d47 |
| SHA512 | 84ed176cbc54b1b60d7eb21d703bffb670e51c87e47b5aeb04061ab6861757ff05f2fb92c48ed29fc7d0f6ac00647a9679169e81f28cbaeba9a6ad28de8320de |
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPInit.log
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini
| MD5 | d3002ece36be593dce396c9a95557bde |
| SHA1 | 81a694c89547bd52cf2268024e2bb0733b520c7b |
| SHA256 | 746382225d65283df53df7235121aeab2d279975c5c4004a4ce83fd16132d7d6 |
| SHA512 | 9ad60610557e834447548185957333ff19f719d32ebf96ccc6e92d5c128100b007c5681d9efcf5a88be8b680d158de905ad2748c7473d46ea9a0ac943c28a26d |
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPInit.log
| MD5 | 7ce71bd5e5972e9bb0899026bc6c2691 |
| SHA1 | 3f944694c246224c46ecde219666649ecd863c29 |
| SHA256 | 17beb25b7b0b48804db6dd39abfc6142c7ee0495d31e481aa27ded259338d49e |
| SHA512 | fef45ab9a92110fedd32032596e2d60ffbe652d10d13816fd8c0c468c35519e39d4e42e0144424c355edf0db0459f2d4b8ad10bfb80a5cbaf4742a4d57a9a2f2 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPInit.log
| MD5 | 0476b1cb8cadf8503a6ccd7fa735c4bb |
| SHA1 | 93a6494b60a9256ab4c7d36c0a39b59542b7b6e1 |
| SHA256 | 6c447477a4ff062b0a5559a0fa032196f38ee63ee3292d5c61e04d54a3b4e5a0 |
| SHA512 | c634b498249cebe8b94837c53413c8c22bad43e0d8ca4515e291e4d9e0bd0170c02bcde0210fff03a04214551e3942f0d07a87342647866083eb31324f2e7693 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPInit.log
| MD5 | 18ae2113668d1d3928fad9d783647620 |
| SHA1 | 0c9ad5b4e271deccfdc44ad5d95e95ac2d265a1d |
| SHA256 | 36696c6f191456771f4dead7095c19adc0f8210b408e02717d10b04db7b99e0c |
| SHA512 | e3486003dc04a974c114242a7ae6c95717ff52accdb4855b9f292d985e390b75fd4f99c2f712c98d409813f5872ea99201ee16ee632fd81ffc5129d56bb27c14 |
C:\Users\Admin\AppData\LocalLow\IObit\Advanced SystemCare\Main.ini
| MD5 | 0dec3ec229c3330d93a88731dbda57f4 |
| SHA1 | 4848123f825cf4563a385902e72fe5ec2ddd8d43 |
| SHA256 | d641018586042f576610771c5a9da37f9cbf706eab100459fc3c40dc87faa021 |
| SHA512 | 293494405c4071abd99e86a3f908a4ee48d56764dbbc205545e9870a931994b92a0a9ded8c52f0ecce88349a522f0ba32ef770794dd2c05ec760b4ef9171c4fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 435c8dbbe0e30fa9bb9ab29f8832c4a1 |
| SHA1 | 0f365634b285b928738b8f0479da702187aa179c |
| SHA256 | e3b0b4adf49390e24948008ab4ce238632ea3dd40e9ac20142b55ed48bf53577 |
| SHA512 | f2ba632e25a49b608cde5a1aba5b62ddda085d99ff3c992e9ab3092d50b22ee019c8e3636e0a23f4284cc8f818939d2790eb7fef6dfaf3a90f969c4b2a3f4d07 |
C:\ProgramData\ProductData3\StatCache3.db
| MD5 | 654d93f4b7d0ff77c1bb5114ef95d202 |
| SHA1 | 5654b3ef62edbcb4bcd180cbac115b3b673eca73 |
| SHA256 | 991ea10d057cc8bdbdec5e451a5081995cdf82eefc255f4034a3047fc28f8f1f |
| SHA512 | 8b69cccabf02f669953a93082dca703990dae61f0feb121e6240e52c169080e2680d714945ae2426173780acdd3f3b314d130a8aa2a823c0e17f94816b99e8fc |
C:\ProgramData\ProductData3\asc\asc17Stat3.ini
| MD5 | 3c86d8c12ba772aa019a5da3f8348064 |
| SHA1 | 7f41673180d83fc0f7d38f8c69b56a230dc5ca39 |
| SHA256 | fc171e548d5a2f4d40c36595e92abb385875eaf0de5f9007ecbd52fb8078e967 |
| SHA512 | 64248b73c3d0992204ca38b28de5e6fe3d212e1131bff5d888539aba6af8bfa70b3af7fd60d7281a46dc54e6a21fe58a3955d05a061a6387914f34fbf262d2b3 |
C:\ProgramData\ProductData3\StatCache3.db
| MD5 | 637cced9585b11516683111badc715f4 |
| SHA1 | 99e9320e60def8b2cdfa8aec73ff2df7a7ec3bd1 |
| SHA256 | 110ebc1d2a72a8b435560b3e105cd3ae8d79914a1162be87cc161a46c61557f2 |
| SHA512 | cad6ef9a13a6ec1764f072d3d62df0605a75be8e7cc2063f4fa6559e4c3e97525b040cb585ea8004cbf6a9c4e962a135b9a8946034b2b888bfaf87aa0e870058 |
C:\ProgramData\ProductData3\asc\asc17Stat3.ini
| MD5 | 0c976fbf60479f5d706c55f7150749f7 |
| SHA1 | fa34d1689b0b0dba20d06c8aa8fb0f787b82d7fe |
| SHA256 | a7ef2d5eeccb591e499468000dd3656364a4774a04eb810df15cee91398d9bd8 |
| SHA512 | cfe46c69ceff89821a4a769d9bc4a2cdfcd3d1aa7e2d2ca18ced06df4b1b8c3d8c52677d63b24ab9f351123ef0ca4359b8bdc6b37bd43dafdd6fdba7c17cb5fc |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
| MD5 | 0298845c5dacce57863d4d716c73834b |
| SHA1 | dea05eccb840c1a7ae1ab884c9d5ea829552e5ea |
| SHA256 | 69c67d7ca800fccbb1c63c6ca65d39ce1e669ac8c08b13783776ce4e5564ca4b |
| SHA512 | d271404a2ccef468387ed7561e7a7297fee62e11f617b794b39400c9f29af9d7b429af46889ed420a4ebc97e3f7882083d0703adc6106370d9a6356fd8ec67f5 |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_py.log
| MD5 | f2d12fbf5de95a68b4a0557d34ed2c2b |
| SHA1 | d22205d46295499163c8e23b44fbb4200bd075a4 |
| SHA256 | fd7e8cf52f15f5f31a9e72f2ef00b8122245dec672ed9bc1cb52dbcc31fd20a9 |
| SHA512 | 95b4357e9d5a3ef7b4b63e0ebd4d848f55c200993dbe61a908fb1cb0f5ad3fa7e3bdd91dac06453624023d3ee687613cf2afdd1f1203aa38f168c7b5a15d21ba |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_py.log
| MD5 | a346ad77f7c5e792a81553dcad1aca06 |
| SHA1 | 9ee53eb441abad9d0d04753869967139546706e4 |
| SHA256 | 151600dc6b1a2ed97b04a85ab854665e50dd94e7417614754283ebfb73a466e1 |
| SHA512 | bd7d7f68522255d799939359503880bb9f7d085fe043caf05c5187bdf0bfbc7428c5b47fcdfc6ad6cfd720b0bc77b98c440b9712069650c1c7f0577a70898cf7 |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_jk.log
| MD5 | be51a298ff376d70674c43ac0d96556a |
| SHA1 | c9524fc615a7e1b278c0e4a39d7c12d9632115e8 |
| SHA256 | 541469b6fc0880875f81ca8a26c9e3ef6d962d4c7a62fdc8c456fbab3289153d |
| SHA512 | 6b3268879be00d349c713a2b0d57d3fd8beaf003a65ca0d6f60eda200b47837ac5d9d20126a6058f65a6e22741d164342daeaaaac69806f6bd2526744379d6bc |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_jk.log
| MD5 | a417b73a21cd527319315b44d0db20e1 |
| SHA1 | b380430001bcd2fc6ebd558679e6ed1910a5bb1a |
| SHA256 | 2c857b1347c17f0a97bfe73b9bebb40e62da4387d3ee05be1f2b6267829a6078 |
| SHA512 | 98294eee0ea643727424956fd2f87329053a3627d531f2f4adf5d6c34cb916c4922263e117c4204ae9e8c1c9bbcdf6f4498400777978457f07b3282047a960c5 |
C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe_jk.log
| MD5 | d8bd1e9fe3433808cddf9c8c63bca6a3 |
| SHA1 | 4645d592ef6214364b944789bb0f902cb1000e46 |
| SHA256 | 9a50db35315c887582864927c1eeb6cc20ba9a2a99a975008ffa50b0f41e8371 |
| SHA512 | 271cf829e8da0d77d1bfb971ee9b11b38002e59f1b4a5e9269d5e3b23bed99824cbd3a397f880d77ff18b761a2a2c87d8803f585ccc68b7c2d6248e2dc2e27ab |
C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.log
| MD5 | 23f175a17f08f536720d20bbb06bf5c9 |
| SHA1 | cc863acc4786154f59027cd518bc67771dac6e8e |
| SHA256 | 5134d037cb5e876a2b023da4bad6bfbd7cd5b00a0bd6de35432c098b53902826 |
| SHA512 | fa27e44b15a8e739c77881550971bf80dca71855b9face9504c010f6a9cfd5c9ff9f99295dc97b8589f61e7fdadc8129e369f2cd2419d5ca8c69a8d10a0c4184 |
C:\Program Files (x86)\IObit\Advanced SystemCare\AutoCare.log
| MD5 | d6706c2d1a57d3396c75442f3389fe5e |
| SHA1 | 4020641a725e54069172830853eb0c6b21a9a101 |
| SHA256 | 25b67aa4ebe78994b27e78b75da5af09853f57424345937b9f36c0e0e543734d |
| SHA512 | ca6e3d73e8accbf950eafde4dfb91c6572b3af5754d33863d792699d1de65ae624646bec9387ae0bfb758457c120bdd1ce404596070d1966ab69fb17b900bb85 |
C:\Windows\INF\c_processor.PNF
| MD5 | ec877e288a4bbfdc04eff629e1d8ea17 |
| SHA1 | b4bfa2962fae175c53b37114722c0bdece168c7b |
| SHA256 | c72131ca27f5d9aabaf9c5d423d4410a3c6369db4f6f69c0ee2a8c397c1c9d07 |
| SHA512 | b9d2d42e1bb72be946edd10a55f2b41d0e9ecf68c4b2373a839f5aa4a35d0fbdec79961ec385296df68d1bcaf82c444fc5fcb04ad25cf4d2b87ee2560baf2665 |
C:\Program Files (x86)\IObit\Advanced SystemCare\DriverCleanAppLog.log
| MD5 | 2af3843b5efdd67a806814a8bc0589c4 |
| SHA1 | 5bd70cf5310bb50d12c70c70e127c487269c0336 |
| SHA256 | 34a2aebeaace3ca86081325600ea7f824d98ce794a59916514e37c5c4a8bbe09 |
| SHA512 | fa06ff962e8706a782dfeb3cef41e4f6711399ad78082212fd0c81924d57da41fae3704714ea34b6bdfc6a8ecc1d8479c82d8f219a7a5a6a6878c18c328da38c |
C:\Program Files (x86)\IObit\Advanced SystemCare\DriverCleanAppLog.log
| MD5 | 2263e3f3830e906f3f15dbd0c01f36cd |
| SHA1 | 4abab7e4616d8845185737c82915db8f9e23e2ad |
| SHA256 | e961faa30377dd449fa6abf2f5b37e4117a1efa42dca33d892d0b508e17ab15b |
| SHA512 | 8f81cbab9060663cc0e78ecf76a9877af5963ea93fac7f446f0230893cbda28e0511d25e808c8999f2b9742bbbe2e2154feb5ef7fadfc68576733ac70e274aff |
C:\Program Files (x86)\IObit\Advanced SystemCare\RegRunLog.log
| MD5 | 40165d2ab730fb07ab371d83a42f884f |
| SHA1 | d91028347458fe14a777f2cff4223de006a2c8ba |
| SHA256 | 2889d9257d7f1eef48e4f3108bc959bb7962b79596288e2ac60e6b79dc4a6db4 |
| SHA512 | 41e3311e4f57e77559e6b2999a57ce58f8e1ba3e12090194fa39f00d37a4c82a3db0463602379e83533893487655561e7980330d33b79999a5480c62be2a973b |
C:\Program Files (x86)\IObit\Advanced SystemCare\RegScan.log
| MD5 | 2c146acebd7edf349e537a08034645bb |
| SHA1 | 41839c4fc58eb9836e3b67c4131a177cbb84a28d |
| SHA256 | 1f453c65afc4220067334cd021fc59a421b9fa6b4639587d67f8e06d1d1bdfb1 |
| SHA512 | 87a3b8fb7f66f20472a1aad1973200470d9b6dcf4a8e0793bfd657016901d2c18a70a3fd8008d56275dd2f107fd817b34deb7a860f701fc576050cab30eccf6e |
C:\Program Files (x86)\IObit\Advanced SystemCare\RegScan.log
| MD5 | 7bd9a26c474d9547dc076b1772be0b66 |
| SHA1 | 7df2c716efd19bbee6ecdad7d51a22d020aeff00 |
| SHA256 | 3576306a0432538679fef2607a44dfbfde9b8c8db72d1de27b51cd863abd17df |
| SHA512 | 5dcda806355810c07dc0682d8e3bb9f31db076c48ea29b116cd8eb0cd85b6e7993874fde6938143e88ec466f4c396e9f241ee820091a4872ac30e174ca12911d |
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log
| MD5 | b5ca1f5a0380eb23af9eea66e72c5d3d |
| SHA1 | da0eb6d3768c5cdd6fe3b3f4fdc314a4b1699308 |
| SHA256 | 33e1f13e2d5d7ecc3bc4186c8d7ee0dd134e679559b23e6ad9f353d4365f979e |
| SHA512 | 828e201fc3a42fbc9fad3d6f87d3a0f9e5257e573c8102d9b7f3a1e1da7b487fb9c063b9fd798dfe870b8a624cd5511dfce42f8d21d4f9d6f8ecd9ab8dfd6064 |
C:\Users\Admin\AppData\Local\Temp\FEZYC&d,tVPaZ!ez.tmp.dat
| MD5 | 071510a9713ff58dd13f80c5ed372cd8 |
| SHA1 | ee6be71ebcd05dd9add9d226c04a90bb3444e5a1 |
| SHA256 | cdf52a28be6b6cd172ee0957f6f5339f2e2064bea9dc738cf7923d5a83fad196 |
| SHA512 | 9deb15a4ac581344ffa377d2fd4d7197730d6b3f4b79f6866f98485b86f206b8f3c8ea8817575e9c3fd5795506ba7819c484b829c7c5fe916439d63c18beab74 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log
| MD5 | 4f97b4e192fa1911173340d8ddbace79 |
| SHA1 | 5e25c97947a415656206c5ba0f2b476abb132f22 |
| SHA256 | fecbbbaef6a967ed944a99734ead70e81f56f37a5e04ae7169b29a32bc064aeb |
| SHA512 | 95ab4d555190d62f01201d39d62f63fa86063af5baf9c21e913e7b64a2ce043dd981bbd1e39d1c859f4848b53d2c71e738936382184b8e4ad9006d173951aa7e |
C:\Program Files (x86)\IObit\Advanced SystemCare\LiveUpdateSrvUpt.log
| MD5 | f3ef2e57d5914d2ab9e745105a98e915 |
| SHA1 | 4a7016b0b70eb6164e831d033ee64f043418e585 |
| SHA256 | 7d3306bf5748aa6792972ab435da949af6d9d33652c715cdc481280dd31bc2f5 |
| SHA512 | d323fa08351018b2808280ae32ad4ebc66ef058060f673fae78dbaa860a860be4ba4f1a03610984866653d4ec86d6327a97e38eac2ff5168b5eb3bd19fcb306b |
C:\ProgramData\IObit\IObitLiveUpdate\update.ept
| MD5 | 3adc960fa743a5cb9c2afb1641ce4be1 |
| SHA1 | 45194813a20d1e73b7550e91b32bebd16be8e9d4 |
| SHA256 | 2f98692e2b7f0427092f4510d4ecfa2a9eef18aa66c4f24e9c687173866da6f1 |
| SHA512 | a64bfa70697d8a1ff20342c3b55bd4bbf22c224a2303b40339b93badc4b1b8ed53c9bab7d66556c1a290206ed32594d70d697341780899186267c0e515f0f686 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log
| MD5 | 12e05b4e67ffe38367edb290ef3a1b78 |
| SHA1 | 7d77b48f40cb0561f1d3d531cc5fdea30e127caa |
| SHA256 | e28f775162586036bcf909e0d79b1ac7250aa1df4ffe253862901ae81c3e45a1 |
| SHA512 | cdbdaac6859b504f1e4b1d4b0da90650d3531469a0cb59d0e549daad86a7e5d287817627b404be6cbbc381ba5bb11e7e2418fc6ca122c9e1fe1f5a87091402c5 |
C:\Program Files (x86)\IObit\Advanced SystemCare\Downloader.log
| MD5 | 7569ce9967acd47e4c1abb8c881e635d |
| SHA1 | fa1d5bcbd6946715f58524efae53134c56783c6e |
| SHA256 | 46e3690e8978c56e9c8d5b9903e3a656b882bba8bc1ed5fef0ac76f36aab668b |
| SHA512 | 9577d1d83074563c0e6a7487e81e2a877065056edb2a21190c37824007cf19c40caa135d4ff64c8ce907458bfba4825af4a724a4e5d8fb0c1c24ca6b698993f6 |
C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\ASCSpecialUrl.db.dat
| MD5 | 52040e3d2fe4eac12c5b9ab21570fb7a |
| SHA1 | e9cb64ac9dacd9a2c68619e39c2d216551c6a986 |
| SHA256 | 7f0fc9ce6f8a562ac62f4077fd7dad0ab9af122e76154a72764992fc83045dca |
| SHA512 | 76275212d9d435a9d99c76082cdffc8baebe99c4eaa610a3deada18dc833de8b39788589b24048a508e6fe4f579f6e54f748555c0bf771d6b7b0c2607e916c12 |
C:\Program Files (x86)\IObit\Advanced SystemCare\system.ini
| MD5 | c177412ce5d4ff2a78f5e9b7ec7126ea |
| SHA1 | 90197c59e12f707b15984b6ae11ed724d0f3a422 |
| SHA256 | f9411fd2e4515c3c1ff946dc2593b827917690e31e8b332e3bbcc40c17371a47 |
| SHA512 | 96a9b9a1d3048ee7cd5a61e4aef88db5338d4a248c831a2330b4664961765c50f4690f02831fa222c2c3d7ecb55b18b770005df358102a5fda294a162cc0a848 |
C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\SPSpecialUrl.db.dat
| MD5 | 0b68d6fd59f9b642deecae908907d589 |
| SHA1 | e43cbd6cf0eb3a5b449a43037c8de0524e28eec4 |
| SHA256 | 1346366ed862dd3be59902aefefb933ce3d017c6b55a53824f2a63433f067457 |
| SHA512 | d3d0d48423b373ff4a21ce2d30ea90a7abff4640197fd4ea3b7b5d2bdb22cbafc7c76d316b732f6084a81cc5e838e3bb8c82e86dd53ca0b63bcd369951657cf4 |
C:\Users\Admin\AppData\Local\Temp\Surfing ProtectionNew\Database\SPSpecialUrl.db
| MD5 | bd6db00f5b33dfdfee04da7cea726a92 |
| SHA1 | d97b3ff8d8a90ba95c4bbfa4ae63f870c871d5db |
| SHA256 | 49900da4527a2c5940fa118f2a453a809478df77ff0562bf0fa62b9927e8922c |
| SHA512 | f22b1fb0b36c8f37d77e581d878f9f118361f4498d99b582d1e41ca8cbf8673387c3bc18cf13aaa278c6a22e5e027066b96a95eaa5b3966ff4d133d15ee5abfa |
C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Database\ASCSpecialUrl.db
| MD5 | 52ed35b8b7973aada04c54c7437eb5d8 |
| SHA1 | 2afe98f78c5459b2f423af8c5248b3831f7e67e7 |
| SHA256 | c026729c0054efff54463dc916411624964a24954c0a1689da3e9f1bb17e5db3 |
| SHA512 | 83bb53493d5ad2a978b8f68bf9ee0f76fe4365c4be7e510d9ef6d3cbad98d8925b85e89941b72f94f95be1005023e87527f165bf724a4091640a33c12c5b54ee |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Internet Booster\ASCNETSHBak.dat
| MD5 | a8a70cd31cccdce1285a723a7a0255b0 |
| SHA1 | 309dde555a258c53f52876a3f9725e38c871b206 |
| SHA256 | e66816f0206e218c485e00200ec19f8094d85236bdc9a7af2fa46207007218dc |
| SHA512 | db644467a5a8fdbaa18d92e6d2e2c04d9b5dc9cc364562360a25db11f085595288421488c87e5861eaccfcaf2f9ebb4154c0dd5168d17987895463e347ba8020 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Internet Booster\ASCInternetBak.dat
| MD5 | 8efe0fdb51c3934767194f5e21c9a36d |
| SHA1 | 189621604364f4bfaf47b5f452b6d286f51df646 |
| SHA256 | 05db188a19263e702599f57cfb8d3b62c4518a6e0df631dee6b5cdf8d2bda9fd |
| SHA512 | c7e2795db85b283370192e2143ddfd89f7ac253ba5810e7c465d696da6c8aafa697a3e163d1b9f930ac6494f4be6f4092a6db5b769647eb92c2cbb647bc5c6fe |
C:\Users\Admin\AppData\Local\Temp\ASCSR.Del
| MD5 | a65042f8974e3c3bdb6fdda8d3c17e40 |
| SHA1 | d71ec9ab492f3cf18f651905f9983c4de6eee943 |
| SHA256 | e281b13505d715cc2ee5d35e4b44d09c784f03ce5493f2cc65c8b2d77b2698f5 |
| SHA512 | 249ccf70f7746d149bf374b6991227b4e30790a0b6a9b5458af70bd4bfe14606e0df78916802ac6f101ee6427b42e6c4c808d9ddb7df25308e6fb2a9951da765 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
| MD5 | e04be350ae05da024a8c616f16aa3abb |
| SHA1 | 0d2163eb893f227a44bf2ca4f849ac511672c328 |
| SHA256 | 86c8da7f386827d289a297857f70588e9c644ea09527a86b9a8bc498136f5cc8 |
| SHA512 | 37eee7911a2657e5e726f18a4c8e5e14fa83db334c0eae296b7f19911d246caf37ffe5c19e7d3256f280b22ed5914f72cd260159cfd75fae255891d2fbc890dc |
C:\ProgramData\ProductData3\StatCache3.db
| MD5 | ae07e10dceec1b8cdd28acd5bffe3fd6 |
| SHA1 | 8d75ae208dd28d6bc3efd20530ccdb6546d50ceb |
| SHA256 | 612377419b20b7650d4a59522576ee4a19fabd88d457b7a10964eb708e02d9e9 |
| SHA512 | c7969793d2cf2dbf24642c73664cc32499bccc99f375e98952c0122703b03a5a3ce5ba3706003bcc156da501fef4d530ed987188b0b946b189ad1e23cdb118d2 |
C:\ProgramData\ProductData3\asc\asc17Stat3.ini
| MD5 | 324bd2eb29c05927fe196590383b971d |
| SHA1 | 0a2b00c49aa13e3bc7a22922a719fa735c040d7d |
| SHA256 | 5f252b1b9aed56ee9fa59062d9ebd26254c4cdde1fcae407cbcc5beb9d09e28a |
| SHA512 | 6baffd93d41a494f332792f006e7639a74493e11c3682c164dede8ef2d1b6443c6a0706ab23f3b791a3f8c5ccd253635760a8a916e8a3d4c61612f36521015cb |
C:\Program Files (x86)\IObit\Advanced SystemCare\inflog\1_printqueue.log
| MD5 | c9f7f4ba7c0669e49a5ed3041baac2cb |
| SHA1 | d867ab7c78d77bf6a45c2fe6794fd71000f29c51 |
| SHA256 | 7b8a55d244e07c564ad3ed14d7082ec694ea5ed904a436c2970f8f1521723c8f |
| SHA512 | 6ca1d78916f4826cb144f998a45152d9374939a929cfeb727ded4edc8d4d707e931df69e6286895a53eed6f25671776ad4d0b22a1275f7f69cfe74c0f9f1982f |
C:\Program Files (x86)\IObit\Advanced SystemCare\inflog\1_machine.log
| MD5 | e1ca1e72122362002dbc2c60f9471fff |
| SHA1 | b09bc7a2cfdb3b80c7cf00a40c1e6fbbee376604 |
| SHA256 | 7c218c5c5c581d09d7f7d965880bac3f69ab70df659cbbfc9051b361636c306c |
| SHA512 | 63c750c7ea8f9660c1e7e9ac676697ee3d3a44c80e112ec6df4cdcdcd5aae1c1be7440c0698b09e6999bcf237a8959c6dc716a8ba19e4de411cbf4533084199b |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini
| MD5 | 2f5363a917502493feaaf9f0bebcef14 |
| SHA1 | 8c8b18715df65d6a858704717a3f02ee212ea4e5 |
| SHA256 | 8a83c8ad580216f3fb4802e210fc2a34e7fbe28d27f80bf6884208f1904aa93b |
| SHA512 | fe0003622a328ba23fd32645f026781f57c2cfcb7123af0a5469faf8fd91fdd8ccaf06949e52e2b825dc2b827f6ba35e126b18b185695b1156d58c49a2e65dd2 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini
| MD5 | 3c92c3e2abc61186d3c4989c15049363 |
| SHA1 | a9bed935fb4e8e5c704c9bf85cf388697939cc8b |
| SHA256 | ac43019933d5cfc1a92e24d05f037c92d7e273e1b6354fbe565d2ffa9106677f |
| SHA512 | 72b21c56351e88681b292fb87694865b7d3e20f2c3dd42d7554bc26d5b914df622a0b8a15625fcfb20af8b172202a55cdb97cfe2b5e4c78c757fba158b08676b |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini
| MD5 | 142b92fcac428928b900e28e9cffaab3 |
| SHA1 | 25d17c584084a372939e2366b5b9669668e8765d |
| SHA256 | 87b385ed565039d8a5a0c749a3d1b0e06aa9cc099c68ad56d129a6b9316aa910 |
| SHA512 | 95675ce51eabaf67653d685e075afcb72b6a48f1c496c1fa261d21b2110898bf239f54e25fde65753e897ae6a5e369a84d7bfa9844e5a2b20ab2fefb41f1024c |
C:\Windows\INF\setupapi.dev.log
| MD5 | c206477c9552528e8ed88788f29ce5a9 |
| SHA1 | 8d8990e6fbde4dcae66b71f44c8364f6eed6292a |
| SHA256 | bd5fda99e5071c70f7e337c06914a901655e4a7de16641ef0cb0121e65bd04a3 |
| SHA512 | 19d75fc3a77e0f99384f0116d1ffb1d059845d18cc56c6077b624cf1d56ae77b9f16310c60c5c5f943154728cda2c6737ee60de3afb5b7a823f1a94b0cf5d687 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini
| MD5 | a0736bb76779c1fb5d5d60dc96bf83c2 |
| SHA1 | 4209a3c07a288a438a4eebb9c76bcad99c5438e6 |
| SHA256 | 157228070395567c8ac70da38cbdd83a80da1b7188f914432cd473ba4fede0cd |
| SHA512 | e0b677e555cf778be7313b0d7b5ed5007b76335d151d558ba39285c8752891b1b8ca138f4517e3099f1577466a12dc62e765ede2fdf3ab6eb68656ba7aa2cbc5 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini
| MD5 | 0609a90004fc95daf12056ca3a2d3a8d |
| SHA1 | b138dfb256b679ba1fc0d7950b3849a4976eae9b |
| SHA256 | 06a1257b6669d7927575531aeadcfc13adc67137266c08bb12d7dc7426324c5f |
| SHA512 | f17197cc9d8886bfa443b93123848960c11c11138003962cc4ebc0aad66135de2e26ba90d79f60cf187698fd2cdd58c2c8feef602dd164130f5c960954d3b79a |
C:\Windows\INF\setupapi.dev.log
| MD5 | 7486d1e4f4008c08165d3720672caddf |
| SHA1 | 38f0fd3fa176682c53f5c68b7be44a3093530add |
| SHA256 | 39f04f2f5799ca228a3cf63564cc193108ffb0fd224cd61261d9a8990ebf31e4 |
| SHA512 | 8e19028b04ce0e247243f3583c61779b02030f0a41f3300987ead66a38a596e56115f08433f74d9ad7b69ae030896fcc7a03989c34ce7e2391d503ef22ec6c60 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini
| MD5 | 5677f89e84d9a9be42fca589ab107d2b |
| SHA1 | 8623794c6f8959a6b1e68d837788b3d4170394d8 |
| SHA256 | 99a156784dd8af03e4da98afd35f4a64358ba56287376cf3ccbda005105d6aa7 |
| SHA512 | fbdbd07d8527309111b050a094647f90dfdc0325299a246b4529c74b6b4b2d4155848a3978d13d43b2b7cb688056c84ef28dd28cd6914b0fd0bbecfd6db50d06 |
C:\Windows\INF\setupapi.dev.log
| MD5 | 5614e08e5892099fc63aedd3190893b7 |
| SHA1 | fd186bafe216795139d1cb90fe7074442385b7d7 |
| SHA256 | d9128a8647eaadd226ed42dbc35d8852cc821f1076ea2bf43aab1422f1d6fb05 |
| SHA512 | 2d077b0b36d5be34e3d9cd0614c97df1afc96dea49b01856d26ef66704049908a9a729afebf4e1d15871fd8d59707125e9a88fc9563aa471a0c15dd6f8dbe6f5 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini
| MD5 | eac6043ee312a07cc691fb6022b55aa4 |
| SHA1 | 66de066878a76f1eaec03f0edb380de22d11d136 |
| SHA256 | 3892f53d6dae451ad03266996c9cf29663553a5c74a41be864b424b0fcbfd665 |
| SHA512 | 789b059ce16eb59ea47ff2493e3323b24c94e56f27e2d5f882d9a2835a1714c242ece430c2618fbf06222c5688e89e0428aa1a4a98cae9c629355b37b1ede8f5 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini
| MD5 | b63feb03d13b51a7bf8baecd85be1dac |
| SHA1 | d5106f916c4fe19337b8706fef20d3403f25f04d |
| SHA256 | cf457b5ba5eeb14d276788697fab92c78580b99f4d6ba6df7d08083af20daa16 |
| SHA512 | 16ea4a071b05ee9c6f4f4757fdbc499ef16afef3660122c1e5d34649db340d2ff610d4b92e692a3eb727d4039c8a245982a4f5c77e7805002427991c25f917ed |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini
| MD5 | 277b85aabd04acf1ee73ef2c15f224fb |
| SHA1 | da16a4dd780790abdbb4d65b0bef17771e4e7c3f |
| SHA256 | 7066f32c105b2be557d29b7c2e13ee8283d5283f6f028e8af26f3ec9489bf757 |
| SHA512 | 2d10ab9871c64c27b70efb70315beaed30dfd70ae183d7466ae94b2a99a867a5e2458324d24a0966cd47c95a972501fd1a6683a310179b3e20563b4d0903f1a7 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini
| MD5 | 2a374fba9a498815f353cf318e7a40eb |
| SHA1 | 46ede60be9296682e0ff584f13dca1f2e0160ca8 |
| SHA256 | 1cdcbac5d82d06897390c05bab7d3f170108c93d2e994439f16ce65181fde3e5 |
| SHA512 | 694ed63f8b3d5ac504e9d84654758fee638adc1293a6f21fc823b1966c6b85a5c6976e8649185721f780a86c13f8e26ae7b0fd01d89f5da56ae56f026430b538 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Drivercleanignore.ini
| MD5 | 547e7d6da7fb4b4f7caaf89818fea56f |
| SHA1 | 01f5d2944e099ae97d08b2e0589dd3252a74a01e |
| SHA256 | 157fba1528ca847636e0b6b8d09e022902a41aab5fd44b4a17fe9d11cb930245 |
| SHA512 | 0aaa639df9016f18f87e4a41e392f2f11c67a87794573747520944a0a916d9d0cccb8b7122ce827ca5ea295128dc60ca15dde8143da83ad7b1eedaa12ca9c40a |
C:\ProgramData\ProductData3\StatCache3.db
| MD5 | 35f9a1ee8a69dcfb2e98a276af66a685 |
| SHA1 | 1a91f9c6b8613f986e5fee44687da51d8b40e532 |
| SHA256 | 3e4c96df8b7dbbc505c28f0bca83e1b8657f509a100f63f3fec31dbdb401c4a2 |
| SHA512 | f60098788ddca5b312033ccf6bdb20e5344c211af5c15db5b3e4d5a2d6ebdfc5304e0c6411e82a2f5f7c4142a5a698010308d733f7fe3e00995059af6aca705d |
C:\ProgramData\ProductData3\asc\asc17Stat3.ini
| MD5 | 640bcb8038d8a0402ec90107ed037807 |
| SHA1 | ec2ab215c1492f0d0358d359b5b1b29d84a972a1 |
| SHA256 | bfea8aa4583f71ed9af0d5b7998912543e5075fcf307d402dd4dc7029c2a25b3 |
| SHA512 | e8bcbedd53f0d98cf33528171662018136d4c925c99877256368b34d3347551d03a8c9c7b01918a5aad2820eb44f8bde39cc6bbcff7b597b23f216b50f982669 |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
| MD5 | 54c2bcaed1f92a790b620c72d3b0cbbb |
| SHA1 | ee2abbf7bc129b39de6aa940d105b57beea8b448 |
| SHA256 | e72c5fc869c94ad585e7ebc102286aa2b922f0aecc9fa92354c1204386a9d87a |
| SHA512 | 540000b1eb891813c253b3f677105b134a8a6853e6002506c852823814d6d4964871b853ab9cbab99b582f2f1376517021447f334ab0263d22db233ab14a7463 |
C:\ProgramData\ProductData3\StatCache3.db
| MD5 | 7cfb10c1df68666fbd935287e42d6162 |
| SHA1 | 72f8be6ffb6284da3f3c8aec1de4b42588bffe80 |
| SHA256 | 561c4ab24bde8c4c70f2654e4634d3838b4e8b575960fc0364d8145c5a3b5f94 |
| SHA512 | 89e079af002587fac0e9ca572320c72a83baca0cd15fdc293a117140f5de322015d23b0db811e016112725e50ea0e4e3764e4740d9d0d17323d6058118925170 |
C:\ProgramData\ProductData3\asc\asc17Stat3.ini
| MD5 | 5f587ff798cc65411d0f87915997b268 |
| SHA1 | 1da68982d1093ed7b57f5521164d0fdf70c2f1fe |
| SHA256 | 36428f4275024ec703c9bc1740ea4b0e8afa6bd66734ea0025c771e5f1066c67 |
| SHA512 | ba88063f12d14ccd7e498c27a147875e81a1741cb8410b2863d494da2098f42dca7524d6f7eeca1ffc5923b094a0fabde593271e1da903fe2426854b7b27677a |
C:\Users\Admin\AppData\Roaming\IObit\Advanced SystemCare\Main.ini
| MD5 | bffbae422c8169dfcd31662c1f63bd4b |
| SHA1 | fdff1e7a5eba142667289f8dbee0cd7d397c3bf0 |
| SHA256 | 3021f2be206a71d36b8d0b27cf25a7a10c4fcb5ae6195aa1c0cfcacefad446c6 |
| SHA512 | 67c40e765579e522b022c4949af529b0fcc61439dd18cac356db81ea2dca50db4716099fc4fe52b7fb1da36e581b81610a75cb15acfce11f28972b2f30793914 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 385796b80537cbe1574d580c83af9b41 |
| SHA1 | 4b82553fd382af346e5cf2755ba7884d1b7b66b5 |
| SHA256 | 8f1fd59b21310dfd07a63e5bea93b191d0e8be6bb556b9078732f52e40a8d930 |
| SHA512 | 2befa2bca93d167711ef901eddd1ce7caf5772f3da7d627d5fae3b37a016d7404670eeb149c1dd1c5c0f5be5d50a138cf3174bbd7e7a2bc753440c5b6c95f807 |