URL:

https://download.cnet.com/

Full analysis: https://app.any.run/tasks/e1ce782b-be87-456d-9ba7-9602dfefee13
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: September 28, 2020, 13:15:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
trojan
loader
Indicators:
MD5:

6B8C8F9CA2BF5254A06D8AFE02B04658

SHA1:

464C29FDC9D651AD000E4255CC065AC4A2DA85EE

SHA256:

3939DCABB2430E4165C1583497F9A45E995AA57029FBF11E1F6F095CE2D8DFAE

SSDEEP:

3:N8SElbKK:2SKmK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • advanced-systemcare-setup.exe (PID: 2828)
      • advanced-systemcare-setup.exe (PID: 2360)
      • Setup.exe (PID: 1596)
      • advanced-systemcare-setup.exe (PID: 2960)
      • ASC.exe (PID: 1492)
      • ASCInit.exe (PID: 2748)
      • ASCService.exe (PID: 2300)
      • BrowserCleaner.exe (PID: 2388)
      • DiskDefrag.exe (PID: 3288)
      • ASCTray.exe (PID: 3468)
      • BrowserProtect.exe (PID: 3508)
      • Display.exe (PID: 3704)
      • ASCFeature.exe (PID: 1432)
      • AutoSweep.exe (PID: 2804)
      • AutoUpdate.exe (PID: 2624)
      • ASCFeature.exe (PID: 3256)
      • ASCVER.exe (PID: 2276)
      • LocalLang.exe (PID: 3004)
      • Monitor.exe (PID: 4000)
      • RealTimeProtector.exe (PID: 892)
      • RealTimeProtector.exe (PID: 3996)
      • RealTimeProtector.exe (PID: 1756)
      • PrivacyShield.exe (PID: 3652)
      • Register.exe (PID: 2700)
      • OperaSetup.exe (PID: 1632)
      • OperaSetup.exe (PID: 1724)
      • OperaSetup.exe (PID: 3312)
      • OperaSetup.exe (PID: 292)
      • OperaSetup.exe (PID: 3208)
      • AutoCare.exe (PID: 2812)
      • IObitLiveUpdate.exe (PID: 3584)
      • smBootTime.exe (PID: 2392)
      • smBootTime.exe (PID: 3776)
      • smBootTime.exe (PID: 3272)
      • startupInfo.exe (PID: 1744)
      • startupInfo.exe (PID: 3252)
      • smBootTime.exe (PID: 3444)
      • Suo12_StartupManager.exe (PID: 552)
      • startupInfo.exe (PID: 1768)
      • UninstallPromote.exe (PID: 308)
      • Suo12_StartupManager.exe (PID: 3760)
      • Suo12_StartupManager.exe (PID: 3176)
      • Suo12_StartupManager.exe (PID: 3216)
      • drowzee.exe (PID: 6048)
      • Suo12_StartupManager.exe (PID: 3040)
      • ASCDownload.exe (PID: 4332)
      • iobituninstaller.exe (PID: 5536)
      • iobituninstaller.exe (PID: 5532)
      • register.exe (PID: 5188)
      • Setup.exe (PID: 4424)
      • _sfx.exe (PID: 1736)
      • assistant_installer.exe (PID: 4320)
      • assistant_installer.exe (PID: 5836)
      • iobituninstaller.exe (PID: 5764)
      • MonitorDisk.exe (PID: 2028)
      • installer.exe (PID: 5200)
      • iushrun.exe (PID: 2696)
      • installer.exe (PID: 3388)
      • AutoCare.exe (PID: 5308)
      • assistant_installer.exe (PID: 5044)
      • assistant_installer.exe (PID: 5832)
      • assistant_installer.exe (PID: 4516)
      • assistant_installer.exe (PID: 6084)
      • smBootTime.exe (PID: 2988)
      • browser_assistant.exe (PID: 4736)
      • browser_assistant.exe (PID: 4824)
      • launcher.exe (PID: 3280)
      • smBootTime.exe (PID: 5820)
      • launcher.exe (PID: 1244)
      • opera.exe (PID: 4932)
      • launcher.exe (PID: 3432)
      • smBootTime.exe (PID: 3428)
      • launcher.exe (PID: 2964)
      • opera_crashreporter.exe (PID: 824)
      • opera.exe (PID: 3860)
      • opera.exe (PID: 4360)
      • iush.exe (PID: 4792)
      • opera.exe (PID: 5028)
      • opera_crashreporter.exe (PID: 4500)
      • opera.exe (PID: 4828)
      • opera.exe (PID: 3772)
      • opera.exe (PID: 3628)
      • opera.exe (PID: 4812)
      • opera.exe (PID: 4420)
      • opera.exe (PID: 5052)
      • opera.exe (PID: 5676)
      • opera.exe (PID: 5424)
      • opera.exe (PID: 4224)
      • IUService.exe (PID: 5004)
      • smBootTime.exe (PID: 2356)
      • opera.exe (PID: 5932)
      • opera.exe (PID: 6012)
      • opera.exe (PID: 4684)

    • Actions looks like stealing of personal data

      • advanced-systemcare-setup.tmp (PID: 4092)
      • Suo12_StartupManager.exe (PID: 552)
      • ASCService.exe (PID: 2300)
      • OperaSetup.exe (PID: 1632)
      • OperaSetup.exe (PID: 1724)
      • OperaSetup.exe (PID: 292)
      • OperaSetup.exe (PID: 3208)
      • assistant_installer.exe (PID: 5836)
      • iobituninstaller.tmp (PID: 6000)
      • assistant_installer.exe (PID: 4320)
      • installer.exe (PID: 5200)
      • installer.exe (PID: 3388)
      • assistant_installer.exe (PID: 5044)
      • assistant_installer.exe (PID: 5832)
      • assistant_installer.exe (PID: 4516)
      • assistant_installer.exe (PID: 6084)
      • browser_assistant.exe (PID: 4736)
      • AutoCare.exe (PID: 5308)
      • browser_assistant.exe (PID: 4824)
      • opera_crashreporter.exe (PID: 824)
      • opera.exe (PID: 4360)
      • opera.exe (PID: 4932)
      • opera.exe (PID: 3860)
      • opera_crashreporter.exe (PID: 4500)
      • opera.exe (PID: 3772)
      • opera.exe (PID: 5028)
      • opera.exe (PID: 4828)
      • opera.exe (PID: 3628)
      • opera.exe (PID: 4812)
      • opera.exe (PID: 4420)
      • opera.exe (PID: 5052)

    • Loads the Task Scheduler COM API

      • Suo12_StartupManager.exe (PID: 552)
      • ASCInit.exe (PID: 2748)
      • smBootTime.exe (PID: 3776)
      • smBootTime.exe (PID: 2392)
      • Setup.exe (PID: 1596)
      • ASC.exe (PID: 1492)
      • smBootTime.exe (PID: 3444)
      • Suo12_StartupManager.exe (PID: 3040)
      • installer.exe (PID: 5200)
      • assistant_installer.exe (PID: 5044)
      • smBootTime.exe (PID: 5820)
      • smBootTime.exe (PID: 3428)

    • Loads dropped or rewritten executable

      • Register.exe (PID: 2700)
      • RealTimeProtector.exe (PID: 892)
      • smBootTime.exe (PID: 2392)
      • RealTimeProtector.exe (PID: 3996)
      • regsvr32.exe (PID: 2656)
      • RealTimeProtector.exe (PID: 1756)
      • smBootTime.exe (PID: 3776)
      • smBootTime.exe (PID: 3272)
      • smBootTime.exe (PID: 3444)
      • Display.exe (PID: 3704)
      • ASC.exe (PID: 1492)
      • PrivacyShield.exe (PID: 3652)
      • ASCService.exe (PID: 2300)
      • BrowserCleaner.exe (PID: 2388)
      • BrowserProtect.exe (PID: 3508)
      • Monitor.exe (PID: 4000)
      • ASCTray.exe (PID: 3468)
      • ASCFeature.exe (PID: 1432)
      • ASCInit.exe (PID: 2748)
      • AutoSweep.exe (PID: 2804)
      • ASCFeature.exe (PID: 3256)
      • Setup.exe (PID: 1596)
      • Suo12_StartupManager.exe (PID: 3176)
      • Suo12_StartupManager.exe (PID: 552)
      • Suo12_StartupManager.exe (PID: 3216)
      • Suo12_StartupManager.exe (PID: 3760)
      • AutoUpdate.exe (PID: 2624)
      • ASCVER.exe (PID: 2276)
      • UninstallPromote.exe (PID: 308)
      • Suo12_StartupManager.exe (PID: 3040)
      • startupInfo.exe (PID: 1744)
      • OperaSetup.exe (PID: 1724)
      • OperaSetup.exe (PID: 1632)
      • OperaSetup.exe (PID: 3208)
      • OperaSetup.exe (PID: 3312)
      • OperaSetup.exe (PID: 292)
      • startupInfo.exe (PID: 3252)
      • AutoCare.exe (PID: 2812)
      • startupInfo.exe (PID: 1768)
      • drowzee.exe (PID: 6048)
      • register.exe (PID: 5188)
      • installer.exe (PID: 5200)
      • installer.exe (PID: 3388)
      • svchost.exe (PID: 872)
      • AutoCare.exe (PID: 5308)
      • MonitorDisk.exe (PID: 2028)
      • smBootTime.exe (PID: 2988)
      • smBootTime.exe (PID: 5820)
      • smBootTime.exe (PID: 3428)
      • opera.exe (PID: 4932)
      • opera.exe (PID: 4360)
      • opera.exe (PID: 3860)
      • opera.exe (PID: 5028)
      • opera.exe (PID: 4828)
      • opera.exe (PID: 3772)
      • iush.exe (PID: 4792)
      • opera.exe (PID: 3628)
      • opera.exe (PID: 4812)
      • opera.exe (PID: 4420)
      • opera.exe (PID: 5676)
      • opera.exe (PID: 5052)
      • opera.exe (PID: 5424)
      • opera.exe (PID: 4224)
      • IUService.exe (PID: 5004)
      • regsvr32.exe (PID: 3636)
      • regsvr32.exe (PID: 2312)
      • opera.exe (PID: 5932)
      • opera.exe (PID: 6012)
      • smBootTime.exe (PID: 2356)

    • Registers / Runs the DLL via REGSVR32.EXE

      • ASCInit.exe (PID: 2748)
      • iush.exe (PID: 4792)

    • Changes the autorun value in the registry

      • ASCInit.exe (PID: 2748)
      • assistant_installer.exe (PID: 5044)

    • Connects to CnC server

      • ASC.exe (PID: 1492)
      • Suo12_StartupManager.exe (PID: 552)

    • Changes settings of System certificates

      • ASCVER.exe (PID: 2276)
      • OperaSetup.exe (PID: 1632)

    • Downloads executable files from the Internet

      • AutoUpdate.exe (PID: 2624)

  • SUSPICIOUS

    • Creates files in the program directory

      • firefox.exe (PID: 2480)
      • Setup.exe (PID: 1596)
      • ASCInit.exe (PID: 2748)
      • Suo12_StartupManager.exe (PID: 552)
      • ASCService.exe (PID: 2300)
      • smBootTime.exe (PID: 3776)
      • UninstallPromote.exe (PID: 308)
      • PrivacyShield.exe (PID: 3652)
      • BrowserProtect.exe (PID: 3508)
      • ASC.exe (PID: 1492)
      • Display.exe (PID: 3704)
      • Monitor.exe (PID: 4000)
      • AutoUpdate.exe (PID: 2624)
      • AutoSweep.exe (PID: 2804)
      • ASCVER.exe (PID: 2276)
      • AutoCare.exe (PID: 2812)
      • IObitLiveUpdate.exe (PID: 3584)
      • Suo12_StartupManager.exe (PID: 3040)
      • Suo12_StartupManager.exe (PID: 3176)
      • ASCDownload.exe (PID: 4332)
      • OperaSetup.exe (PID: 292)
      • installer.exe (PID: 5200)
      • AutoCare.exe (PID: 5308)
      • assistant_installer.exe (PID: 5044)
      • iush.exe (PID: 4792)

    • Executable content was dropped or overwritten

      • advanced-systemcare-setup.exe (PID: 2828)
      • firefox.exe (PID: 2480)
      • advanced-systemcare-setup.exe (PID: 2360)
      • advanced-systemcare-setup.tmp (PID: 4092)
      • advanced-systemcare-setup.exe (PID: 2960)
      • advanced-systemcare-setup.tmp (PID: 3804)
      • ASCInit.exe (PID: 2748)
      • Monitor.exe (PID: 4000)
      • Setup.exe (PID: 1596)
      • AutoUpdate.exe (PID: 2624)
      • OperaSetup.exe (PID: 1724)
      • OperaSetup.exe (PID: 1632)
      • OperaSetup.exe (PID: 292)
      • OperaSetup.exe (PID: 3208)
      • iobituninstaller.exe (PID: 5536)
      • iobituninstaller.exe (PID: 5532)
      • iobituninstaller.tmp (PID: 6000)
      • _sfx.exe (PID: 1736)
      • iobituninstaller.exe (PID: 5764)
      • installer.exe (PID: 5200)
      • installer.exe (PID: 3388)
      • iobituninstaller.tmp (PID: 4180)
      • assistant_installer.exe (PID: 5044)

    • Reads Windows owner or organization settings

      • advanced-systemcare-setup.tmp (PID: 4092)
      • advanced-systemcare-setup.tmp (PID: 3804)
      • iobituninstaller.tmp (PID: 6000)
      • iobituninstaller.tmp (PID: 4180)
      • AutoCare.exe (PID: 5308)

    • Reads the Windows organization settings

      • advanced-systemcare-setup.tmp (PID: 4092)
      • advanced-systemcare-setup.tmp (PID: 3804)
      • iobituninstaller.tmp (PID: 6000)
      • iobituninstaller.tmp (PID: 4180)
      • AutoCare.exe (PID: 5308)

    • Creates files in the user directory

      • advanced-systemcare-setup.tmp (PID: 4092)
      • ASCUpgrade.exe (PID: 2988)
      • advanced-systemcare-setup.tmp (PID: 3804)
      • ASCInit.exe (PID: 2748)
      • Register.exe (PID: 2700)
      • ASCService.exe (PID: 2300)
      • Suo12_StartupManager.exe (PID: 552)
      • BrowserCleaner.exe (PID: 2388)
      • ASC.exe (PID: 1492)
      • ASCTray.exe (PID: 3468)
      • OperaSetup.exe (PID: 1724)
      • Setup.exe (PID: 4424)
      • installer.exe (PID: 5200)
      • browser_assistant.exe (PID: 4736)
      • opera.exe (PID: 4932)
      • opera.exe (PID: 5028)

    • Executed as Windows Service

      • ASCService.exe (PID: 2300)
      • IUService.exe (PID: 5004)

    • Application launched itself

      • RealTimeProtector.exe (PID: 3996)
      • OperaSetup.exe (PID: 1632)
      • OperaSetup.exe (PID: 292)
      • startupInfo.exe (PID: 1744)
      • assistant_installer.exe (PID: 5836)
      • installer.exe (PID: 5200)
      • assistant_installer.exe (PID: 5044)
      • assistant_installer.exe (PID: 6084)
      • browser_assistant.exe (PID: 4736)
      • opera.exe (PID: 4932)
      • opera.exe (PID: 5028)

    • Removes files from Windows directory

      • ASCService.exe (PID: 2300)
      • Suo12_StartupManager.exe (PID: 3760)
      • IUService.exe (PID: 5004)

    • Starts CMD.EXE for commands execution

      • ASCInit.exe (PID: 2748)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 3732)

    • Searches for installed software

      • ASCService.exe (PID: 2300)
      • drowzee.exe (PID: 6048)
      • AutoCare.exe (PID: 5308)

    • Creates files in the Windows directory

      • ASCService.exe (PID: 2300)
      • svchost.exe (PID: 872)
      • Monitor.exe (PID: 4000)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 2656)
      • regsvr32.exe (PID: 3636)
      • regsvr32.exe (PID: 2312)

    • Starts Internet Explorer

      • Setup.exe (PID: 1596)

    • Executed via COM

      • DllHost.exe (PID: 1804)
      • unsecapp.exe (PID: 5160)

    • Reads Internet Cache Settings

      • ASC.exe (PID: 1492)
      • ASCFeature.exe (PID: 3256)
      • AutoUpdate.exe (PID: 2624)
      • OperaSetup.exe (PID: 1632)
      • drowzee.exe (PID: 6048)
      • Setup.exe (PID: 4424)
      • browser_assistant.exe (PID: 4736)
      • AutoCare.exe (PID: 5308)

    • Reads Environment values

      • Monitor.exe (PID: 4000)

    • Low-level read access rights to disk partition

      • Monitor.exe (PID: 4000)

    • Adds / modifies Windows certificates

      • ASCVER.exe (PID: 2276)
      • OperaSetup.exe (PID: 1632)

    • Reads CPU info

      • ASC.exe (PID: 1492)

    • Starts itself from another location

      • OperaSetup.exe (PID: 1632)

    • Creates a software uninstall entry

      • installer.exe (PID: 5200)

    • Modifies the open verb of a shell class

      • installer.exe (PID: 5200)
      • iush.exe (PID: 4792)

    • Changes IE settings (feature browser emulation)

      • assistant_installer.exe (PID: 5044)

    • Uses NETSH.EXE for network configuration

      • AutoCare.exe (PID: 5308)

    • Check for Java to be installed

      • AutoCare.exe (PID: 5308)

    • Reads the machine GUID from the registry

      • opera.exe (PID: 4932)
      • opera.exe (PID: 5028)

    • Reads the time zone

      • AutoCare.exe (PID: 5308)

  • INFO

    • Reads CPU info

      • firefox.exe (PID: 2480)

    • Reads Internet Cache Settings

      • firefox.exe (PID: 2480)
      • iexplore.exe (PID: 3664)
      • iexplore.exe (PID: 3588)

    • Dropped object may contain Bitcoin addresses

      • firefox.exe (PID: 2480)
      • Suo12_StartupManager.exe (PID: 552)
      • advanced-systemcare-setup.tmp (PID: 3804)
      • ASC.exe (PID: 1492)
      • OperaSetup.exe (PID: 292)
      • iobituninstaller.tmp (PID: 4180)

    • Application launched itself

      • firefox.exe (PID: 2208)
      • firefox.exe (PID: 2480)
      • iexplore.exe (PID: 3664)

    • Application was dropped or rewritten from another process

      • advanced-systemcare-setup.tmp (PID: 324)
      • advanced-systemcare-setup.tmp (PID: 4092)
      • advanced-systemcare-setup.tmp (PID: 3804)
      • ASCUpgrade.exe (PID: 2988)
      • ASCUpgrade.exe (PID: 3620)
      • iobituninstaller.tmp (PID: 4288)
      • iobituninstaller.tmp (PID: 6000)
      • iobituninstaller.tmp (PID: 4180)

    • Reads settings of System Certificates

      • firefox.exe (PID: 2480)
      • iexplore.exe (PID: 3588)
      • OperaSetup.exe (PID: 1632)
      • iexplore.exe (PID: 3664)
      • opera.exe (PID: 3772)

    • Loads dropped or rewritten executable

      • advanced-systemcare-setup.tmp (PID: 4092)
      • advanced-systemcare-setup.tmp (PID: 3804)
      • iobituninstaller.tmp (PID: 6000)
      • iobituninstaller.tmp (PID: 4180)

    • Creates files in the user directory

      • firefox.exe (PID: 2480)
      • iexplore.exe (PID: 3588)
      • iexplore.exe (PID: 3664)

    • Creates a software uninstall entry

      • advanced-systemcare-setup.tmp (PID: 3804)
      • iobituninstaller.tmp (PID: 4180)

    • Creates files in the program directory

      • advanced-systemcare-setup.tmp (PID: 3804)
      • iobituninstaller.tmp (PID: 4180)

    • Changes internet zones settings

      • iexplore.exe (PID: 3664)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 3588)

    • Changes settings of System certificates

      • iexplore.exe (PID: 3588)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3588)

    • Manual execution by user

      • assistant_installer.exe (PID: 6084)
      • opera.exe (PID: 5028)

    • Reads the hosts file

      • opera.exe (PID: 4932)
      • opera.exe (PID: 4360)
      • opera.exe (PID: 5028)
      • opera.exe (PID: 3772)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
168
Monitored processes
120
Malicious processes
66
Suspicious processes
24

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe firefox.exe firefox.exe firefox.exe advanced-systemcare-setup.exe advanced-systemcare-setup.tmp no specs advanced-systemcare-setup.exe advanced-systemcare-setup.tmp setup.exe advanced-systemcare-setup.exe advanced-systemcare-setup.tmp ascupgrade.exe no specs ascupgrade.exe suo12_startupmanager.exe ascinit.exe locallang.exe no specs register.exe ascservice.exe realtimeprotector.exe diskdefrag.exe no specs realtimeprotector.exe suo12_startupmanager.exe no specs smboottime.exe cmd.exe no specs sc.exe no specs uninstallpromote.exe suo12_startupmanager.exe no specs realtimeprotector.exe smboottime.exe regsvr32.exe no specs browsercleaner.exe iexplore.exe browserprotect.exe privacyshield.exe asc.exe smboottime.exe monitor.exe display.exe smboottime.exe SPPSurrogate no specs iexplore.exe suo12_startupmanager.exe no specs asctray.exe ascfeature.exe no specs ascfeature.exe autoupdate.exe autosweep.exe ascver.exe startupinfo.exe suo12_startupmanager.exe no specs operasetup.exe operasetup.exe operasetup.exe no specs operasetup.exe operasetup.exe autocare.exe startupinfo.exe iobitliveupdate.exe startupinfo.exe firefox.exe drowzee.exe ascdownload.exe iobituninstaller.exe iobituninstaller.tmp no specs iobituninstaller.exe iobituninstaller.tmp register.exe setup.exe _sfx.exe assistant_installer.exe assistant_installer.exe iobituninstaller.exe iobituninstaller.tmp installer.exe installer.exe monitordisk.exe svchost.exe iushrun.exe autocare.exe assistant_installer.exe assistant_installer.exe netsh.exe no specs assistant_installer.exe assistant_installer.exe browser_assistant.exe smboottime.exe browser_assistant.exe launcher.exe no specs smboottime.exe smboottime.exe launcher.exe no specs opera.exe launcher.exe no specs launcher.exe no specs opera_crashreporter.exe unsecapp.exe no specs opera.exe opera.exe iush.exe opera.exe opera_crashreporter.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe opera.exe no specs opera.exe no specs opera.exe no specs regsvr32.exe regsvr32.exe iuservice.exe smboottime.exe no specs opera.exe no specs opera.exe no specs opera.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
292"C:\Users\admin\AppData\Local\Temp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Program Files\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --initial-pid=1632 --package-dir-prefix="C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20200928141832" --session-guid=b23e8ec3-0f96-4ca8-b42f-ca081f55609d --server-tracking-blob="NzRjMzQ4OTZlNjAxYmUzZmRiYjlhYWQzODUxNzYxYjgzZDZiNTY0NmQ5ODcxNDQ0OGUzMDQ0NTJhMzJmNjQzZDp7ImNvdW50cnkiOiJMViIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWlvYml0JnV0bV9tZWRpdW09cGImdXRtX2NhbXBhaWduPWlvYml0LWluc3RhbGxlciIsInRpbWVzdGFtcCI6IjE2MDEyOTkxMDAuMjkxNiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNC4wIiwidXRtIjp7ImNhbXBhaWduIjoiaW9iaXQtaW5zdGFsbGVyLXN5c3RlbWNhcmUtZWRnZS1pZSIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6ImlvYml0In0sInV1aWQiOiI5NTFlNjAwZS0zYzc0LTRiMTEtOGM3Ny03N2YzMzI4MjYzZjYifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1003000000000000C:\Users\admin\AppData\Local\Temp\OperaSetup.exe
OperaSetup.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Exit code:
0
Version:
71.0.3770.171
Modules
Images
c:\users\admin\appdata\local\temp\operasetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
308"C:\Program Files\IObit\Advanced SystemCare\UninstallPromote.exe" /install asc13C:\Program Files\IObit\Advanced SystemCare\UninstallPromote.exe
ASCInit.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
UnistallPromote
Exit code:
0
Version:
2.0.0.235
Modules
Images
c:\program files\iobit\advanced systemcare\uninstallpromote.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
324"C:\Users\admin\AppData\Local\Temp\is-ETI2Q.tmp\advanced-systemcare-setup.tmp" /SL5="$3001B0,49496505,137216,C:\Users\admin\Downloads\advanced-systemcare-setup.exe" C:\Users\admin\AppData\Local\Temp\is-ETI2Q.tmp\advanced-systemcare-setup.tmpadvanced-systemcare-setup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-eti2q.tmp\advanced-systemcare-setup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
332"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2480.34.711296749\1772175159" -childID 5 -isForBrowser -prefsHandle 7984 -prefMapHandle 7784 -prefsLen 8971 -prefMapSize 191824 -parentBuildID 20190717172542 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2480 "\\.\pipe\gecko-crash-server-pipe.2480" 6920 tabC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
68.0.1
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
552"C:\Program Files\IObit\Advanced SystemCare\Suo12_StartupManager.exe" /disablerateC:\Program Files\IObit\Advanced SystemCare\Suo12_StartupManager.exe
advanced-systemcare-setup.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Manage startup items
Exit code:
0
Version:
13.0.0.247
Modules
Images
c:\program files\iobit\advanced systemcare\suo12_startupmanager.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
824"C:\Program Files\Opera\71.0.3770.171\opera_crashreporter.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=71.0.3770.171 --initial-client-data=0x1e8,0x1ec,0x1f0,0x1bc,0x1f4,0x5fedb3f0,0x5fedb400,0x5fedb40cC:\Program Files\Opera\71.0.3770.171\opera_crashreporter.exe
opera.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera crash-reporter
Exit code:
0
Version:
71.0.3770.171
Modules
Images
c:\program files\opera\71.0.3770.171\opera_crashreporter.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
872C:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
892"C:\Program Files\IObit\Advanced SystemCare\RealTimeProtector.exe" /RunC:\Program Files\IObit\Advanced SystemCare\RealTimeProtector.exe
RealTimeProtector.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Real-time Protector
Exit code:
0
Version:
13.0.0.257
Modules
Images
c:\program files\iobit\advanced systemcare\realtimeprotector.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\advanced systemcare\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1244"C:\Program Files\Opera\launcher.exe" --streamC:\Program Files\Opera\launcher.exebrowser_assistant.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Exit code:
0
Version:
71.0.3770.171
Modules
Images
c:\program files\opera\launcher.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
1432"C:\Program Files\IObit\Advanced SystemCare\ASCFeature.exe" /asc /userC:\Program Files\IObit\Advanced SystemCare\ASCFeature.exeASC.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit ASCFeature
Exit code:
0
Version:
13.0.0.3
Modules
Images
c:\program files\iobit\advanced systemcare\ascfeature.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\advanced systemcare\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
14 998
Read events
13 948
Write events
1 048
Delete events
2

Modification events

(PID) Process:(2480) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
287A864100000000
(PID) Process:(2208) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
117A864100000000
(PID) Process:(2480) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
1
(PID) Process:(2480) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2480) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A5000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2480) firefox.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2480) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2480) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(872) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1302019708-1500728564-335382590-1000
Operation:writeName:RefCount
Value:
8
(PID) Process:(872) svchost.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1302019708-1500728564-335382590-1000
Operation:writeName:RefCount
Value:
7
Executable files
272
Suspicious files
2 008
Text files
1 072
Unknown types
379

Dropped files

PID
Process
Filename
Type
2480firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
2480firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs-1.js
MD5:
SHA256:
2480firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmp
MD5:
SHA256:
2480firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4.tmp
MD5:
SHA256:
2480firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm
MD5:
SHA256:
2480firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-child-current.binbinary
MD5:
SHA256:
2480firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\urlCache-current.binbinary
MD5:
SHA256:
2480firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\prefs.jstext
MD5:
SHA256:
872svchost.exeC:\Windows\appcompat\programs\RecentFileCache.bcftxt
MD5:
SHA256:
2480firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\search.json.mozlz4jsonlz4
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
167
TCP/UDP connections
449
DNS requests
633
Threats
86

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2480
firefox.exe
POST
200
216.58.208.35:80
http://ocsp.pki.goog/gts1o1core
US
der
472 b
whitelisted
2480
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
2480
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
2480
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
279 b
whitelisted
2480
firefox.exe
POST
200
216.58.208.35:80
http://ocsp.pki.goog/gts1o1core
US
der
471 b
whitelisted
2480
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
2480
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
2480
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
2480
firefox.exe
POST
200
151.139.128.14:80
http://ocsp.sectigo.com/
US
der
471 b
whitelisted
2480
firefox.exe
POST
200
216.58.208.35:80
http://ocsp.pki.goog/gts1o1core
US
der
472 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2480
firefox.exe
2.22.147.17:80
detectportal.firefox.com
Akamai International B.V.
GB
unknown
2480
firefox.exe
104.104.184.87:443
download.cnet.com
Akamai International B.V.
NL
unknown
2480
firefox.exe
54.148.7.60:443
search.services.mozilla.com
Amazon.com, Inc.
US
unknown
2480
firefox.exe
52.43.170.200:443
push.services.mozilla.com
Amazon.com, Inc.
US
unknown
2480
firefox.exe
104.16.148.64:443
cdn.cookielaw.org
Cloudflare Inc
US
unknown
2480
firefox.exe
151.101.113.188:443
production-cmp.isgprivacy.cbsi.com
Fastly
US
suspicious
2480
firefox.exe
216.58.212.130:443
securepubads.g.doubleclick.net
Google Inc.
US
whitelisted
2480
firefox.exe
216.58.208.35:80
ocsp.pki.goog
Google Inc.
US
whitelisted
2480
firefox.exe
216.58.212.138:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
2480
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
detectportal.firefox.com
  • 2.22.147.17
  • 2.22.147.97
whitelisted
a1089.dscd.akamai.net
  • 2.22.147.97
  • 2.22.147.17
whitelisted
download.cnet.com
  • 104.104.184.87
whitelisted
e6562.f.akamaiedge.net
  • 104.104.184.87
unknown
search.services.mozilla.com
  • 54.148.7.60
  • 52.13.211.193
  • 35.161.199.137
whitelisted
search.r53-2.services.mozilla.com
  • 35.161.199.137
  • 52.13.211.193
  • 54.148.7.60
whitelisted
push.services.mozilla.com
  • 52.43.170.200
whitelisted
autopush.prod.mozaws.net
  • 52.43.170.200
whitelisted
snippets.cdn.mozilla.net
  • 143.204.94.50
  • 143.204.94.62
  • 143.204.94.15
  • 143.204.94.64
whitelisted
d228z91au11ukj.cloudfront.net
  • 143.204.94.64
  • 143.204.94.15
  • 143.204.94.62
  • 143.204.94.50
whitelisted

Threats

PID
Process
Class
Message
1056
svchost.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
1056
svchost.exe
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
1596
Setup.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
1596
Setup.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.AdvancedSystemCare
1596
Setup.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
308
UninstallPromote.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.AdvancedSystemCare
1492
ASC.exe
A Network Trojan was detected
AV TROJAN Bancos Variant C2 Checkin 2
2624
AutoUpdate.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2624
AutoUpdate.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2624
AutoUpdate.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Process
Message
Setup.exe
************** Win32MinorVersion: 1
Setup.exe
C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare\
Setup.exe
********** FLanguageName: English
Setup.exe
CheckDiskSpace: 5
Setup.exe
CheckDiskSpace: 3
Setup.exe
GetDownloadPath: 3
Setup.exe
CheckDiskSpace: 2
Setup.exe
CheckDiskSpace: 2
Setup.exe
CheckDiskSpace: 4
Setup.exe
CheckDiskSpace: 3
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://download.cnet.com/