URL:

http://advancedsystemrepair.com/ASR_G-Installer.exe

Full analysis: https://app.any.run/tasks/18f9df55-b104-47e1-922b-a4789b6620e9
Verdict: Malicious activity
Analysis date: September 18, 2019, 20:17:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

D0DF6EBCCA2E086DB3F89652A12871FF

SHA1:

57C86E32C06E4DB942E6C14FE7423E312C5D3222

SHA256:

868668B60FF41EB1A3CA377302A5826D0273F0F207E9F07B8930878A33D1A31F

SSDEEP:

3:N1KfoZWRA7uHTKkviRwXLNn:CQZWRaSKkvBXLN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ASR_G-Installer.exe (PID: 3312)
      • ASR_G-Installer.exe (PID: 2772)
      • tscmon.exe (PID: 2312)
      • AdvancedSystemRepairPro.exe (PID: 3536)
      • dsutil.exe (PID: 3896)
      • tscmon.exe (PID: 2456)

    • Loads the Task Scheduler COM API

      • ASR_G-Installer.exe (PID: 2772)
      • AdvancedSystemRepairPro.exe (PID: 3536)

    • Loads dropped or rewritten executable

      • tscmon.exe (PID: 2456)
      • dsutil.exe (PID: 3896)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 3428)
      • iexplore.exe (PID: 3908)
      • ASR_G-Installer.exe (PID: 2772)
      • tscmon.exe (PID: 2312)
      • tscmon.exe (PID: 2456)
      • AdvancedSystemRepairPro.exe (PID: 3536)

    • Creates files in the program directory

      • ASR_G-Installer.exe (PID: 2772)
      • tscmon.exe (PID: 2312)
      • tscmon.exe (PID: 2456)
      • AdvancedSystemRepairPro.exe (PID: 3536)
      • dsutil.exe (PID: 3896)

    • Executes scripts

      • ASR_G-Installer.exe (PID: 2772)
      • AdvancedSystemRepairPro.exe (PID: 3536)

    • Creates files in the Windows directory

      • tscmon.exe (PID: 2312)
      • tscmon.exe (PID: 2456)

    • Creates a software uninstall entry

      • ASR_G-Installer.exe (PID: 2772)

    • Creates files in the driver directory

      • tscmon.exe (PID: 2312)

    • Creates files in the user directory

      • ASR_G-Installer.exe (PID: 2772)
      • wscript.exe (PID: 2428)

    • Creates or modifies windows services

      • tscmon.exe (PID: 2312)

    • Executed as Windows Service

      • tscmon.exe (PID: 2456)

    • Reads Environment values

      • dsutil.exe (PID: 3896)

    • Reads the cookies of Mozilla Firefox

      • AdvancedSystemRepairPro.exe (PID: 3536)

    • Reads CPU info

      • dsutil.exe (PID: 3896)

    • Reads the cookies of Google Chrome

      • AdvancedSystemRepairPro.exe (PID: 3536)

    • Searches for installed software

      • AdvancedSystemRepairPro.exe (PID: 3536)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3428)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3908)
      • iexplore.exe (PID: 3428)

    • Changes internet zones settings

      • iexplore.exe (PID: 3428)

    • Dropped object may contain TOR URL's

      • tscmon.exe (PID: 2456)

    • Reads settings of System Certificates

      • dsutil.exe (PID: 3896)

    • Dropped object may contain Bitcoin addresses

      • dsutil.exe (PID: 3896)
      • AdvancedSystemRepairPro.exe (PID: 3536)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
310
Monitored processes
140
Malicious processes
6
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start iexplore.exe iexplore.exe asr_g-installer.exe no specs asr_g-installer.exe wscript.exe no specs tscmon.exe wscript.exe no specs tscmon.exe advancedsystemrepairpro.exe dsutil.exe cscript.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs sfc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
304C:\Windows\system32\sfc.exe /VERIFYFILE=C:\Windows\system32\mfc140enu.dllC:\Windows\system32\sfc.exeAdvancedSystemRepairPro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
System Integrity Check and Repair
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sfc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
360C:\Windows\system32\sfc.exe /VERIFYFILE=C:\Windows\system32\mfc120deu.dllC:\Windows\system32\sfc.exeAdvancedSystemRepairPro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
System Integrity Check and Repair
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sfc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
360C:\Windows\system32\sfc.exe /VERIFYFILE=C:\Windows\system32\mssrch.dllC:\Windows\system32\sfc.exeAdvancedSystemRepairPro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
System Integrity Check and Repair
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\rpcrt4.dll
408C:\Windows\system32\sfc.exe /VERIFYFILE=C:\Windows\system32\WindowsAccessBridge.dllC:\Windows\system32\sfc.exeAdvancedSystemRepairPro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
System Integrity Check and Repair
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sfc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
888C:\Windows\system32\sfc.exe /VERIFYFILE=C:\Windows\system32\mfc120kor.dllC:\Windows\system32\sfc.exeAdvancedSystemRepairPro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
System Integrity Check and Repair
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sfc.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\conhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
996C:\Windows\system32\sfc.exe /VERIFYFILE=C:\Windows\system32\msclmd.dllC:\Windows\system32\sfc.exeAdvancedSystemRepairPro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
System Integrity Check and Repair
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sfc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1080C:\Windows\system32\sfc.exe /VERIFYFILE=C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dllC:\Windows\system32\sfc.exeAdvancedSystemRepairPro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
System Integrity Check and Repair
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sfc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1108C:\Windows\system32\sfc.exe /VERIFYFILE=C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dllC:\Windows\system32\sfc.exeAdvancedSystemRepairPro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
System Integrity Check and Repair
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sfc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
1132C:\Windows\system32\sfc.exe /VERIFYFILE=C:\Windows\system32\mfc140chs.dllC:\Windows\system32\sfc.exeAdvancedSystemRepairPro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
System Integrity Check and Repair
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sfc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1144C:\Windows\system32\sfc.exe /VERIFYFILE=C:\Windows\system32\mfcm100.dllC:\Windows\system32\sfc.exeAdvancedSystemRepairPro.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
System Integrity Check and Repair
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sfc.exe
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\conhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
Total events
2 184
Read events
1 635
Write events
544
Delete events
5

Modification events

(PID) Process:(3428) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3428) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3428) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(3428) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3428) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3428) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
4600000092000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(3428) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
Operation:writeName:{67AAD1CB-DA51-11E9-B86F-5254004A04AF}
Value:
0
(PID) Process:(3428) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Type
Value:
4
(PID) Process:(3428) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Count
Value:
2
(PID) Process:(3428) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Operation:writeName:Time
Value:
E307090003001200140011003B004D00
Executable files
27
Suspicious files
5
Text files
332
Unknown types
16

Dropped files

PID
Process
Filename
Type
3428iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico
MD5:
SHA256:
3428iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
3428iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFF9E6C72ED22BC61F.TMP
MD5:
SHA256:
3428iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF6B0A408B3A07B385.TMP
MD5:
SHA256:
3428iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{67AAD1CB-DA51-11E9-B86F-5254004A04AF}.dat
MD5:
SHA256:
3908iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:
SHA256:
3428iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{67AAD1CC-DA51-11E9-B86F-5254004A04AF}.datbinary
MD5:
SHA256:
3908iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019091820190919\index.datdat
MD5:
SHA256:
3908iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZLD1CZVZ\ASR_G-Installer[1].exeexecutable
MD5:
SHA256:
2772ASR_G-Installer.exeC:\Program Files\Advanced System Repair Pro 1.8.9.9.0\asrscan.sysexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
205
TCP/UDP connections
137
DNS requests
9
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3536
AdvancedSystemRepairPro.exe
GET
200
192.227.82.55:80
http://asrupdates.com/updatefr4/rep.php?id=download_done
US
unknown
HEAD
200
13.107.4.50:80
http://ds.download.windowsupdate.com/v11/2/microsoftupdate/redir/v6-legacy-muauth.cab?1909182019
US
whitelisted
HEAD
200
2.16.106.186:80
http://download.windowsupdate.com/v9/windowsupdate/redir/muv4wuredir.cab?1909182019
unknown
whitelisted
2456
tscmon.exe
GET
200
192.227.82.55:80
http://asrupdates.com/db3/0.db
US
binary
3.46 Mb
unknown
2456
tscmon.exe
GET
200
192.227.82.55:80
http://asrupdates.com/db3/1.db
US
binary
7.83 Mb
unknown
GET
200
13.107.4.50:80
http://ds.download.windowsupdate.com/v11/2/microsoftupdate/redir/v6-legacy-muredir.cab?1909182019
US
compressed
22.9 Kb
whitelisted
HEAD
200
13.107.4.50:80
http://ds.download.windowsupdate.com/v11/2/microsoftupdate/redir/v6-legacy-muauth.cab?1909182019
US
compressed
23.3 Kb
whitelisted
HEAD
200
13.107.4.50:80
http://ds.download.windowsupdate.com/v11/2/microsoftupdate/redir/v6-legacy-muredir.cab?1909182019
US
compressed
23.3 Kb
whitelisted
2456
tscmon.exe
GET
200
192.227.82.55:80
http://asrupdates.com/db3/2.db
US
binary
15.5 Mb
unknown
3536
AdvancedSystemRepairPro.exe
GET
404
192.227.82.55:80
http://asrupdates.com/pui/pui.php
US
text
16 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3428
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3908
iexplore.exe
8.26.21.195:443
advancedsystemrepair.com
Infolink Global Corporation
US
suspicious
3908
iexplore.exe
8.26.21.195:80
advancedsystemrepair.com
Infolink Global Corporation
US
suspicious
192.227.82.55:80
asrupdates.com
Cloud South
US
unknown
8.26.21.195:443
advancedsystemrepair.com
Infolink Global Corporation
US
suspicious
13.107.4.50:80
ds.download.windowsupdate.com
Microsoft Corporation
US
whitelisted
3896
dsutil.exe
173.244.200.90:80
drv-updates.com
Hosting Services, Inc.
US
unknown
143.204.247.35:443
cdn.ywxi.net
US
unknown
2.19.39.221:443
seal.websecurity.norton.com
Akamai International B.V.
whitelisted
3536
AdvancedSystemRepairPro.exe
192.227.82.55:80
asrupdates.com
Cloud South
US
unknown

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
advancedsystemrepair.com
  • 8.26.21.195
unknown
asrupdates.com
  • 192.227.82.55
unknown
download.windowsupdate.com
  • 2.16.106.186
  • 2.16.106.233
whitelisted
ds.download.windowsupdate.com
  • 13.107.4.50
whitelisted
www.update.microsoft.com
  • 40.91.124.111
  • 13.64.25.102
whitelisted
drv-updates.com
  • 173.244.200.90
unknown
seal.websecurity.norton.com
  • 2.19.39.221
whitelisted
cdn.ywxi.net
  • 143.204.247.35
  • 143.204.247.51
  • 143.204.247.14
  • 143.204.247.81
shared

Threats

No threats detected
Process
Message
AdvancedSystemRepairPro.exe
Object::connect: (sender name: 'comboX')
AdvancedSystemRepairPro.exe
Object::connect: (sender name: 'comboX')
AdvancedSystemRepairPro.exe
Object::connect: (receiver name: 'UIClass')
AdvancedSystemRepairPro.exe
Object::connect: No such signal QComboBox::clicked()
AdvancedSystemRepairPro.exe
Object::connect: (sender name: 'comboAOpt')
AdvancedSystemRepairPro.exe
Object::connect: (receiver name: 'UIClass')
AdvancedSystemRepairPro.exe
Object::connect: No such signal QComboBox::clicked()
AdvancedSystemRepairPro.exe
Object::connect: (sender name: 'comboSJunk')
AdvancedSystemRepairPro.exe
Object::connect: (receiver name: 'UIClass')
AdvancedSystemRepairPro.exe
Object::connect: No such signal QComboBox::clicked()
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://advancedsystemrepair.com/ASR_G-Installer.exe