URL:

http://update.iobit.com/dl/asc-ultimate-setup.exe

Full analysis: https://app.any.run/tasks/36308075-498a-4fe4-8c19-d043e140659d
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: September 16, 2019, 08:45:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
trojan
loader
Indicators:
MD5:

8101F77B545A8C2796E83389F04E6BB5

SHA1:

44886048A1EA5135CA478F7759DCDEA72DB287A7

SHA256:

96E5E023E0E91EBD5155A11AA40CAAD692496527CBF313A02F7906B1ED355F3C

SSDEEP:

3:N1KLQRAMzP+4BCvA:CUnS+WA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • asc-ultimate-setup.exe (PID: 2824)
      • asc-ultimate-setup.exe (PID: 2520)
      • Setup.exe (PID: 2868)
      • asc-ultimate-setup.exe (PID: 564)
      • LocalLang.exe (PID: 2620)
      • IWsASC.exe (PID: 2592)
      • IWsASC.exe (PID: 3316)
      • ASCInit.exe (PID: 2332)
      • ascavsvc.exe (PID: 2488)
      • Ransomware.exe (PID: 2584)
      • ASCAvWsc.exe (PID: 2664)
      • ASCService.exe (PID: 3260)
      • ASCAntivirusFix.exe (PID: 2632)
      • Suo12_StartupManager.exe (PID: 2224)
      • ASCAvWsc.exe (PID: 1016)
      • Display.exe (PID: 3100)
      • smBootTime.exe (PID: 3160)
      • IWsASC.exe (PID: 2784)
      • LocalLang.exe (PID: 2460)
      • LocalLang.exe (PID: 3156)
      • PPUninstaller.exe (PID: 1128)
      • DiskDefrag.exe (PID: 3672)
      • Suo12_StartupManager.exe (PID: 2328)
      • IWsASC.exe (PID: 2680)
      • FWRules.exe (PID: 3112)
      • RealTimeProtector.exe (PID: 3128)
      • PubMonitor.exe (PID: 1264)
      • Display.exe (PID: 940)
      • UninstallPromote.exe (PID: 2240)
      • AutoSweep.exe (PID: 3596)
      • IWsASC.exe (PID: 3340)
      • BrowserProtect.exe (PID: 408)
      • ASC.exe (PID: 2392)
      • Monitor.exe (PID: 3912)
      • Suo12_StartupManager.exe (PID: 2712)
      • IWsASC.exe (PID: 2960)
      • ASCTray.exe (PID: 2576)
      • ASCAntivirusFix.exe (PID: 4064)
      • smBootTime.exe (PID: 2892)
      • IWsASC.exe (PID: 2864)
      • Register.exe (PID: 3132)
      • IWsASC.exe (PID: 3772)
      • ASCFeature.exe (PID: 324)
      • ASCFeature.exe (PID: 2304)
      • AutoUpdate.exe (PID: 1216)
      • Vulnerabilityfix_1908.exe (PID: 1512)
      • IWsASC.exe (PID: 2388)
      • IWsASC.exe (PID: 1008)
      • IWsASC.exe (PID: 324)
      • AutoCare.exe (PID: 2928)
      • IWsASC.exe (PID: 2616)
      • IWsASC.exe (PID: 3304)
      • IWsASC.exe (PID: 1876)
      • IWsASC.exe (PID: 3140)
      • IObitLiveUpdate.exe (PID: 4072)
      • BrowserCleaner.exe (PID: 3836)
      • startupInfo.exe (PID: 2056)
      • IWsASC.exe (PID: 2900)
      • IWsASC.exe (PID: 460)
      • ASCAntivirusFix.exe (PID: 3420)
      • reminder.exe (PID: 2500)
      • ActionCenterDownloader.exe (PID: 2412)
      • display.exe (PID: 3988)
      • iushrun.exe (PID: 1728)
      • IObit Uninstaller.exe (PID: 3480)
      • MonitorDisk.exe (PID: 4024)
      • Sun12_SystemControl.exe (PID: 2196)
      • iush.exe (PID: 552)
      • smBootTime.exe (PID: 752)
      • PPUninstaller.exe (PID: 3136)
      • Sun12_SystemControl.exe (PID: 2720)
      • CrRestore.exe (PID: 3360)
      • smBootTime.exe (PID: 2380)
      • IUService.exe (PID: 2936)
      • UninstallPromote.exe (PID: 2544)
      • iush.exe (PID: 2284)
      • IObitUninstaler.exe (PID: 4060)

    • Loads dropped or rewritten executable

      • ASCInit.exe (PID: 2332)
      • ASCAvWsc.exe (PID: 2664)
      • ASCAntivirusFix.exe (PID: 2632)
      • Ransomware.exe (PID: 2584)
      • ASCService.exe (PID: 3260)
      • ascavsvc.exe (PID: 2488)
      • regsvr32.exe (PID: 2468)
      • Display.exe (PID: 3100)
      • ASCAvWsc.exe (PID: 1016)
      • Suo12_StartupManager.exe (PID: 2224)
      • smBootTime.exe (PID: 3160)
      • PPUninstaller.exe (PID: 1128)
      • RealTimeProtector.exe (PID: 3128)
      • Suo12_StartupManager.exe (PID: 2328)
      • Display.exe (PID: 940)
      • UninstallPromote.exe (PID: 2240)
      • Setup.exe (PID: 2868)
      • AutoSweep.exe (PID: 3596)
      • ASC.exe (PID: 2392)
      • BrowserProtect.exe (PID: 408)
      • Monitor.exe (PID: 3912)
      • ASCAntivirusFix.exe (PID: 4064)
      • smBootTime.exe (PID: 2892)
      • ASCTray.exe (PID: 2576)
      • Suo12_StartupManager.exe (PID: 2712)
      • AutoUpdate.exe (PID: 1216)
      • Register.exe (PID: 3132)
      • ASCFeature.exe (PID: 324)
      • ASCFeature.exe (PID: 2304)
      • AutoCare.exe (PID: 2928)
      • IObitLiveUpdate.exe (PID: 4072)
      • startupInfo.exe (PID: 2056)
      • ASCAntivirusFix.exe (PID: 3420)
      • reminder.exe (PID: 2500)
      • BrowserCleaner.exe (PID: 3836)
      • display.exe (PID: 3988)
      • MonitorDisk.exe (PID: 4024)
      • Sun12_SystemControl.exe (PID: 2196)
      • PPUninstaller.exe (PID: 3136)
      • smBootTime.exe (PID: 752)
      • svchost.exe (PID: 852)
      • iush.exe (PID: 552)
      • Sun12_SystemControl.exe (PID: 2720)
      • IObitUninstaler.exe (PID: 4060)
      • smBootTime.exe (PID: 2380)
      • regsvr32.exe (PID: 3356)
      • regsvr32.exe (PID: 320)
      • iushrun.exe (PID: 1728)

    • Loads the Task Scheduler COM API

      • ASCInit.exe (PID: 2332)
      • smBootTime.exe (PID: 3160)
      • Setup.exe (PID: 2868)
      • ASC.exe (PID: 2392)
      • smBootTime.exe (PID: 2892)
      • PPUninstaller.exe (PID: 3136)
      • iush.exe (PID: 552)
      • smBootTime.exe (PID: 2380)
      • IObitUninstaler.exe (PID: 4060)

    • Registers / Runs the DLL via REGSVR32.EXE

      • ASCInit.exe (PID: 2332)
      • iush.exe (PID: 552)

    • Changes the autorun value in the registry

      • ASCInit.exe (PID: 2332)

    • Starts NET.EXE for service management

      • ascavsvc.exe (PID: 2488)
      • ASCService.exe (PID: 3260)
      • cmd.exe (PID: 3896)

    • Connects to CnC server

      • ASC.exe (PID: 2392)
      • ActionCenterDownloader.exe (PID: 2412)

    • Actions looks like stealing of personal data

      • ASC.exe (PID: 2392)
      • PPUninstaller.exe (PID: 3136)

    • Downloads executable files from the Internet

      • AutoUpdate.exe (PID: 1216)
      • ActionCenterDownloader.exe (PID: 2412)
      • ASC.exe (PID: 2392)

  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 3552)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 3552)
      • asc-ultimate-setup.tmp (PID: 2012)
      • asc-ultimate-setup.exe (PID: 2520)
      • asc-ultimate-setup.exe (PID: 2824)
      • asc-ultimate-setup.exe (PID: 564)
      • asc-ultimate-setup.tmp (PID: 1808)
      • ASCInit.exe (PID: 2332)
      • ascavsvc.exe (PID: 2488)
      • Monitor.exe (PID: 3912)
      • AutoUpdate.exe (PID: 1216)
      • IObit Uninstaller.exe (PID: 3480)
      • ActionCenterDownloader.exe (PID: 2412)
      • IObit Uninstaller.tmp (PID: 3960)
      • ASC.exe (PID: 2392)
      • CrRestore.exe (PID: 3360)

    • Reads the Windows organization settings

      • asc-ultimate-setup.tmp (PID: 2012)
      • asc-ultimate-setup.tmp (PID: 1808)
      • IObit Uninstaller.tmp (PID: 3960)

    • Reads Windows owner or organization settings

      • asc-ultimate-setup.tmp (PID: 2012)
      • asc-ultimate-setup.tmp (PID: 1808)
      • IObit Uninstaller.tmp (PID: 3960)

    • Creates files in the user directory

      • asc-ultimate-setup.tmp (PID: 2012)
      • ASCUpgrade.exe (PID: 3600)
      • ASCInit.exe (PID: 2332)
      • ASCService.exe (PID: 3260)
      • ASC.exe (PID: 2392)
      • ASCTray.exe (PID: 2576)
      • PPUninstaller.exe (PID: 1128)
      • Sun12_SystemControl.exe (PID: 2196)
      • CrRestore.exe (PID: 3360)
      • iush.exe (PID: 552)

    • Cleans NTFS data-stream (Zone Identifier)

      • chrome.exe (PID: 3552)

    • Creates files in the program directory

      • Setup.exe (PID: 2868)
      • ASCInit.exe (PID: 2332)
      • ascavsvc.exe (PID: 2488)
      • ASCAvWsc.exe (PID: 2664)
      • Ransomware.exe (PID: 2584)
      • ASCService.exe (PID: 3260)
      • Display.exe (PID: 3100)
      • Suo12_StartupManager.exe (PID: 2224)
      • smBootTime.exe (PID: 3160)
      • Suo12_StartupManager.exe (PID: 2328)
      • UninstallPromote.exe (PID: 2240)
      • AutoSweep.exe (PID: 3596)
      • BrowserProtect.exe (PID: 408)
      • ASC.exe (PID: 2392)
      • AutoUpdate.exe (PID: 1216)
      • Register.exe (PID: 3132)
      • AutoCare.exe (PID: 2928)
      • ASCAntivirusFix.exe (PID: 3420)
      • IObitLiveUpdate.exe (PID: 4072)
      • ActionCenterDownloader.exe (PID: 2412)
      • iush.exe (PID: 552)
      • Sun12_SystemControl.exe (PID: 2196)
      • CrRestore.exe (PID: 3360)
      • UninstallPromote.exe (PID: 2544)

    • Starts CMD.EXE for commands execution

      • ASCInit.exe (PID: 2332)
      • ASC.exe (PID: 2392)

    • Writes to a desktop.ini file (may be used to cloak folders)

      • ASCInit.exe (PID: 2332)

    • Creates files in the Windows directory

      • svchost.exe (PID: 852)
      • ascavsvc.exe (PID: 2488)
      • ASCService.exe (PID: 3260)
      • Monitor.exe (PID: 3912)

    • Executed as Windows Service

      • ascavsvc.exe (PID: 2488)
      • ASCService.exe (PID: 3260)
      • IUService.exe (PID: 2936)

    • Removes files from Windows directory

      • ascavsvc.exe (PID: 2488)
      • ASCService.exe (PID: 3260)
      • Suo12_StartupManager.exe (PID: 2224)
      • ASC.exe (PID: 2392)
      • IUService.exe (PID: 2936)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 3856)
      • cmd.exe (PID: 3940)

    • Creates files in the driver directory

      • ascavsvc.exe (PID: 2488)

    • Searches for installed software

      • ascavsvc.exe (PID: 2488)
      • ASC.exe (PID: 2392)
      • ASCService.exe (PID: 3260)

    • Creates or modifies windows services

      • ascavsvc.exe (PID: 2488)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 2468)
      • regsvr32.exe (PID: 320)
      • regsvr32.exe (PID: 3356)

    • Executed via COM

      • DllHost.exe (PID: 3764)

    • Low-level read access rights to disk partition

      • Monitor.exe (PID: 3912)
      • ascavsvc.exe (PID: 2488)
      • bcdedit.exe (PID: 2284)
      • bcdedit.exe (PID: 2840)

    • Reads Environment values

      • Monitor.exe (PID: 3912)

    • Starts Internet Explorer

      • ASC.exe (PID: 2392)

    • Reads Internet Cache Settings

      • ASC.exe (PID: 2392)

    • Uses IPCONFIG.EXE to discover IP address

      • cmd.exe (PID: 3780)

    • Modifies the open verb of a shell class

      • iush.exe (PID: 552)

    • Creates a software uninstall entry

      • iush.exe (PID: 552)

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 2916)
      • chrome.exe (PID: 3552)
      • Register.exe (PID: 3132)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2916)
      • chrome.exe (PID: 3552)
      • AutoUpdate.exe (PID: 1216)

    • Application launched itself

      • chrome.exe (PID: 3552)

    • Application was dropped or rewritten from another process

      • asc-ultimate-setup.tmp (PID: 3876)
      • asc-ultimate-setup.tmp (PID: 2012)
      • asc-ultimate-setup.tmp (PID: 1808)
      • ASCUpgrade.exe (PID: 3600)
      • ASCUpgrade.exe (PID: 3204)
      • DownConfig.exe (PID: 2164)
      • IObit Uninstaller.tmp (PID: 3960)

    • Reads Internet Cache Settings

      • chrome.exe (PID: 3552)
      • iexplore.exe (PID: 2944)

    • Loads dropped or rewritten executable

      • asc-ultimate-setup.tmp (PID: 2012)
      • ASCUpgrade.exe (PID: 3600)
      • asc-ultimate-setup.tmp (PID: 1808)
      • ASCUpgrade.exe (PID: 3204)
      • IObit Uninstaller.tmp (PID: 3960)

    • Creates a software uninstall entry

      • asc-ultimate-setup.tmp (PID: 1808)
      • IObit Uninstaller.tmp (PID: 3960)

    • Dropped object may contain Bitcoin addresses

      • asc-ultimate-setup.tmp (PID: 1808)
      • ascavsvc.exe (PID: 2488)
      • ASC.exe (PID: 2392)
      • AutoUpdate.exe (PID: 1216)
      • IObit Uninstaller.tmp (PID: 3960)

    • Creates files in the program directory

      • asc-ultimate-setup.tmp (PID: 1808)
      • IObit Uninstaller.tmp (PID: 3960)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2944)

    • Creates files in the user directory

      • iexplore.exe (PID: 2944)

    • Changes internet zones settings

      • iexplore.exe (PID: 2676)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
217
Monitored processes
141
Malicious processes
41
Suspicious processes
16

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start download and start download and start drop and start download and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs asc-ultimate-setup.exe asc-ultimate-setup.tmp no specs asc-ultimate-setup.exe asc-ultimate-setup.tmp setup.exe asc-ultimate-setup.exe asc-ultimate-setup.tmp ascupgrade.exe no specs ascupgrade.exe locallang.exe no specs downconfig.exe no specs iwsasc.exe no specs iwsasc.exe no specs ascinit.exe ascavsvc.exe ransomware.exe cmd.exe no specs ascavwsc.exe no specs ascservice.exe ascantivirusfix.exe sc.exe no specs cmd.exe no specs suo12_startupmanager.exe no specs regsvr32.exe no specs ascavwsc.exe no specs display.exe sc.exe no specs smboottime.exe iwsasc.exe no specs SPPSurrogate no specs locallang.exe no specs locallang.exe no specs ppuninstaller.exe diskdefrag.exe no specs suo12_startupmanager.exe no specs net.exe no specs fwrules.exe no specs realtimeprotector.exe iwsasc.exe no specs pubmonitor.exe uninstallpromote.exe display.exe net1.exe no specs net.exe no specs net1.exe no specs autosweep.exe no specs iwsasc.exe no specs browserprotect.exe asc.exe monitor.exe suo12_startupmanager.exe no specs ascantivirusfix.exe smboottime.exe iwsasc.exe no specs asctray.exe ascfeature.exe no specs autoupdate.exe ascfeature.exe iwsasc.exe no specs register.exe iwsasc.exe no specs iwsasc.exe no specs vulnerabilityfix_1908.exe iwsasc.exe no specs iwsasc.exe no specs iexplore.exe iexplore.exe iwsasc.exe no specs autocare.exe iwsasc.exe no specs iwsasc.exe no specs iwsasc.exe no specs iobitliveupdate.exe browsercleaner.exe iwsasc.exe no specs startupinfo.exe iwsasc.exe no specs ascantivirusfix.exe reminder.exe cmd.exe no specs ipconfig.exe no specs display.exe actioncenterdownloader.exe cmd.exe no specs cmd.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs net.exe no specs net1.exe no specs iobit uninstaller.exe iobit uninstaller.tmp iushrun.exe sun12_systemcontrol.exe monitordisk.exe bcdedit.exe no specs iush.exe crrestore.exe ppuninstaller.exe regsvr32.exe regsvr32.exe iuservice.exe smboottime.exe svchost.exe sun12_systemcontrol.exe bcdedit.exe no specs smboottime.exe uninstallpromote.exe iush.exe iobituninstaler.exe uninstallmonitor.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
320"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll"C:\Windows\System32\regsvr32.exe
iush.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
324"C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCFeature.exe" /av /userC:\Program Files\IObit\Advanced SystemCare Ultimate\ASCFeature.exeASC.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit ASCFeature
Exit code:
0
Version:
13.0.0.1
Modules
Images
c:\program files\iobit\advanced systemcare ultimate\ascfeature.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\advanced systemcare ultimate\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
324"C:\Program Files\IObit\Advanced SystemCare Ultimate\IWsASC.exe" /onoutC:\Program Files\IObit\Advanced SystemCare Ultimate\IWsASC.exeASCAvWsc.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Exit code:
0
Modules
Images
c:\program files\iobit\advanced systemcare ultimate\asc.exe
c:\windows\system32\wldap32.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\msctf.dll
c:\program files\iobit\advanced systemcare ultimate\maddisasm_.bpl
c:\program files\iobit\advanced systemcare ultimate\madexcept_.bpl
c:\windows\system32\winspool.drv
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\iobit\advanced systemcare ultimate\vcl120.bpl
c:\windows\system32\iertutil.dll
408"C:\Program Files\IObit\Advanced SystemCare Ultimate\BrowserProtect.exe" /TurnOnC:\Program Files\IObit\Advanced SystemCare Ultimate\BrowserProtect.exe
Setup.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Browser Protector
Exit code:
0
Version:
12.0.1.202
Modules
Images
c:\program files\iobit\advanced systemcare ultimate\browserprotect.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\advanced systemcare ultimate\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
460"C:\Program Files\IObit\Advanced SystemCare Ultimate\IWsASC.exe" /onoutC:\Program Files\IObit\Advanced SystemCare Ultimate\IWsASC.exeASCAvWsc.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Exit code:
0
Modules
Images
c:\program files\iobit\advanced systemcare ultimate\iwsasc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
552"C:\Program Files\IObit\IObit Uninstaller\iush.exe" /if "C:\Program Files\IObit\IObit Uninstaller" /dtC:\Program Files\IObit\IObit Uninstaller\iush.exe
IObit Uninstaller.tmp
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit Uninstaller
Exit code:
0
Version:
9.0.0.3
Modules
Images
c:\program files\iobit\iobit uninstaller\iush.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
564"C:\Users\admin\Downloads\asc-ultimate-setup.exe" /VerySilent /DIR="C:\Program Files\IObit\Advanced SystemCare Ultimate\" /UNINSTALL /INSTALLER /NORESTART /TASKS="desktopicon" /CreateTaskbarC:\Users\admin\Downloads\asc-ultimate-setup.exe
Setup.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Advanced SystemCare Ultimate 12
Exit code:
0
Version:
12.3.0.159
Modules
Images
c:\users\admin\downloads\asc-ultimate-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
708C:\Windows\system32\net1 start AdvancedSystemCareService12C:\Windows\system32\net1.exenet.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Net Command
Exit code:
2
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\net1.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
752"C:\Program Files\IObit\Advanced SystemCare Ultimate\smBootTime.exe" /AddAutoRun /2 /49004F0062006900740055006E00530076007200 /43003A005C00500072006F006700720061006D002000460069006C00650073005C0049004F006200690074005C0049004F00620069007400200055006E0069006E007300740061006C006C00650072005C004900550053006500720076006900630065002E00650078006500 /49004F00620069007400200055006E0069006E007300740061006C006C006500720020005300650072007600690063006500C:\Program Files\IObit\Advanced SystemCare Ultimate\smBootTime.exe
ASCService.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Startup Boot Time
Exit code:
0
Version:
12.0.0.73
Modules
Images
c:\program files\iobit\advanced systemcare ultimate\smboottime.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\advanced systemcare ultimate\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
756"C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe" /SetC:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exeIObitUninstaler.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
UninstallerMonitor
Exit code:
0
Version:
9.0.2.25
Total events
11 839
Read events
10 277
Write events
1 501
Delete events
61

Modification events

(PID) Process:(3428) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:3552-13213097120681000
Value:
259
(PID) Process:(3552) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3552) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3552) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3552) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3552) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3552) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3552) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(3552) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(3552) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
287
Suspicious files
128
Text files
2 045
Unknown types
264

Dropped files

PID
Process
Filename
Type
3552chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
MD5:
SHA256:
3552chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF169aed.TMP
MD5:
SHA256:
3552chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\78fc762f-f63c-4e6d-9452-e65bb676f72e.tmp
MD5:
SHA256:
3552chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
MD5:
SHA256:
852svchost.exeC:\Windows\appcompat\programs\RecentFileCache.bcftxt
MD5:
SHA256:
3552chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
3552chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF169aed.TMPtext
MD5:
SHA256:
3552chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF169aed.TMPtext
MD5:
SHA256:
3552chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5:
SHA256:
3552chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
56
TCP/UDP connections
76
DNS requests
33
Threats
43

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1216
AutoUpdate.exe
GET
93.184.221.133:80
http://update.iobit.com/infofiles/ascultimate12/update-trial.upt
US
whitelisted
1216
AutoUpdate.exe
GET
93.184.221.133:80
http://update.iobit.com/infofiles/ascultimate12/update-trial.upt
US
whitelisted
1216
AutoUpdate.exe
GET
93.184.221.133:80
http://update.iobit.com/infofiles/ascultimate12/update-trial.upt
US
whitelisted
2916
chrome.exe
GET
302
172.217.22.78:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
515 b
whitelisted
2240
UninstallPromote.exe
GET
200
54.221.231.53:80
http://ascstats.iobit.com/install_v3.php?operate=1&user=1&app=av12&ver=12.3.0.159&pr=iobit&system=61&type=5&lang=en-US&geo=1033&insur=other
US
text
19 b
whitelisted
2392
ASC.exe
POST
200
93.184.221.133:80
http://download.iobit.com/news/av/v12/av12newstrial.dat
US
text
7.58 Kb
whitelisted
1216
AutoUpdate.exe
GET
200
93.184.221.133:80
http://download.iobit.com/bitdefender/updatepath.ini
US
text
54 b
whitelisted
1216
AutoUpdate.exe
GET
206
93.184.221.133:80
http://update.iobit.com/infofiles/ascultimate12/update-trial.upt
US
txt
2.20 Kb
whitelisted
1216
AutoUpdate.exe
GET
206
93.184.221.133:80
http://download.iobit.com/bitdefender/updatepath.ini
US
text
54 b
whitelisted
1216
AutoUpdate.exe
GET
200
93.184.221.133:80
http://bitdefenders.iobit.com/av32bit/versions.id
US
xml
1.22 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2916
chrome.exe
93.184.221.133:80
update.iobit.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
2916
chrome.exe
172.217.18.99:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2916
chrome.exe
172.217.23.141:443
accounts.google.com
Google Inc.
US
whitelisted
2916
chrome.exe
216.58.207.36:443
www.google.com
Google Inc.
US
whitelisted
2916
chrome.exe
172.217.18.3:443
ssl.gstatic.com
Google Inc.
US
whitelisted
2916
chrome.exe
216.58.205.238:443
clients2.google.com
Google Inc.
US
whitelisted
2916
chrome.exe
172.217.21.225:443
clients2.googleusercontent.com
Google Inc.
US
whitelisted
2916
chrome.exe
172.217.22.78:80
redirector.gvt1.com
Google Inc.
US
whitelisted
2916
chrome.exe
173.194.165.188:80
r6---sn-4g5e6nls.gvt1.com
Google Inc.
US
whitelisted
2916
chrome.exe
172.217.16.195:443
www.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
update.iobit.com
  • 93.184.221.133
whitelisted
clientservices.googleapis.com
  • 172.217.18.99
whitelisted
accounts.google.com
  • 172.217.23.141
shared
www.google.com
  • 216.58.207.36
malicious
ssl.gstatic.com
  • 172.217.18.3
whitelisted
clients2.google.com
  • 216.58.205.238
whitelisted
clients2.googleusercontent.com
  • 172.217.21.225
whitelisted
redirector.gvt1.com
  • 172.217.22.78
whitelisted
r6---sn-4g5e6nls.gvt1.com
  • 173.194.165.188
whitelisted
www.gstatic.com
  • 172.217.16.195
whitelisted

Threats

PID
Process
Class
Message
2916
chrome.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2240
UninstallPromote.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.AdvancedSystemCare
2392
ASC.exe
A Network Trojan was detected
AV TROJAN Bancos Variant C2 Checkin 2
1216
AutoUpdate.exe
A Network Trojan was detected
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
1216
AutoUpdate.exe
A Network Trojan was detected
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
1216
AutoUpdate.exe
A Network Trojan was detected
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
1216
AutoUpdate.exe
A Network Trojan was detected
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
1216
AutoUpdate.exe
A Network Trojan was detected
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
1216
AutoUpdate.exe
A Network Trojan was detected
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
1216
AutoUpdate.exe
A Network Trojan was detected
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Process
Message
Setup.exe
************** Win32MinorVersion: 1
Setup.exe
C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare\
Setup.exe
********** FLanguageName: English
Setup.exe
FormCreate: 1
Setup.exe
GetDownloadPath: 1
Setup.exe
GetDownloadPath: 2
Setup.exe
CheckDiskSpace: 1
Setup.exe
CheckDiskSpace: 2
Setup.exe
CheckDiskSpace: 3
Setup.exe
CheckDiskSpace: 5
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://update.iobit.com/dl/asc-ultimate-setup.exe