| URL: | http://update.iobit.com/dl/advanced-systemcare-setup.exe |
| Full analysis: | https://app.any.run/tasks/ed662754-914c-4fcd-9740-b6455f6704df |
| Verdict: | Malicious activity |
| Threats: | Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security. |
| Analysis date: | March 14, 2019, 14:41:55 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MD5: | FD12ED257E35A5198B1044A758A5BC9F |
| SHA1: | 44C2069BD6276A3219B2CF0A77155CF983003DE8 |
| SHA256: | D9D5F219291EB8F55D338257BAC47021242907156C665D7B63C126D0AB406435 |
| SSDEEP: | 3:N1KLQRAMzPpITPHvA:CUnsXA |
MALICIOUS
Application was dropped or rewritten from another process
- asc-trial-setup.exe (PID: 3580)
- asc-trial-setup.exe (PID: 3964)
- Setup.exe (PID: 788)
- asc-trial-setup.exe (PID: 2184)
- DiskDefrag.exe (PID: 3612)
- BrowserProtect.exe (PID: 2440)
- ASC.exe (PID: 3548)
- AutoSweep.exe (PID: 2328)
- ASCTray.exe (PID: 2404)
- ASCInit.exe (PID: 3200)
- ASCService.exe (PID: 3428)
- ASCFeature.exe (PID: 3660)
- AutoUpdate.exe (PID: 3312)
- Display.exe (PID: 2212)
- ASCFeature.exe (PID: 2316)
- LocalLang.exe (PID: 3040)
- Monitor.exe (PID: 2312)
- RealTimeProtector.exe (PID: 3016)
- RealTimeProtector.exe (PID: 940)
- ASCDownload.exe (PID: 3104)
- UninstallPromote.exe (PID: 2836)
- smBootTime.exe (PID: 1140)
- smBootTime.exe (PID: 2720)
- startupInfo.exe (PID: 4084)
- AutoCare.exe (PID: 2172)
- startupInfo.exe (PID: 2692)
- Suo12_StartupManager.exe (PID: 3892)
- Suo12_StartupManager.exe (PID: 2056)
- Suo12_StartupManager.exe (PID: 924)
- Suo12_StartupManager.exe (PID: 2704)
- Suo12_StartupManager.exe (PID: 3920)
- smBootTime.exe (PID: 2824)
- startupInfo.exe (PID: 2740)
- register.exe (PID: 3888)
- MonitorDisk.exe (PID: 2168)
- IObitLiveUpdate.exe (PID: 904)
- display.exe (PID: 3172)
- ASCDownload.exe (PID: 3940)
- AutoCare.exe (PID: 3152)
- AutoUpdate.exe (PID: 3308)
- RealTimeProtector.exe (PID: 2064)
- Register.exe (PID: 2528)
Loads the Task Scheduler COM API
- Suo12_StartupManager.exe (PID: 3892)
- ASCInit.exe (PID: 3200)
- smBootTime.exe (PID: 2824)
- Setup.exe (PID: 788)
- ASC.exe (PID: 3548)
- smBootTime.exe (PID: 2720)
- Suo12_StartupManager.exe (PID: 924)
Loads dropped or rewritten executable
- ASCService.exe (PID: 3428)
- RealTimeProtector.exe (PID: 3016)
- RealTimeProtector.exe (PID: 940)
- smBootTime.exe (PID: 1140)
- regsvr32.exe (PID: 1044)
- Register.exe (PID: 2528)
- ASCInit.exe (PID: 3200)
- RealTimeProtector.exe (PID: 2064)
- BrowserProtect.exe (PID: 2440)
- smBootTime.exe (PID: 2824)
- ASC.exe (PID: 3548)
- Monitor.exe (PID: 2312)
- smBootTime.exe (PID: 2720)
- startupInfo.exe (PID: 4084)
- Display.exe (PID: 2212)
- AutoSweep.exe (PID: 2328)
- ASCTray.exe (PID: 2404)
- ASCFeature.exe (PID: 3660)
- Suo12_StartupManager.exe (PID: 3892)
- ASCFeature.exe (PID: 2316)
- Suo12_StartupManager.exe (PID: 3920)
- Suo12_StartupManager.exe (PID: 2704)
- Suo12_StartupManager.exe (PID: 924)
- Suo12_StartupManager.exe (PID: 2056)
- UninstallPromote.exe (PID: 2836)
- Setup.exe (PID: 788)
- AutoUpdate.exe (PID: 3312)
- startupInfo.exe (PID: 2692)
- AutoCare.exe (PID: 2172)
- IObitLiveUpdate.exe (PID: 904)
- startupInfo.exe (PID: 2740)
- register.exe (PID: 3888)
- MonitorDisk.exe (PID: 2168)
- AutoCare.exe (PID: 3152)
- AutoUpdate.exe (PID: 3308)
- display.exe (PID: 3172)
Changes the autorun value in the registry
- ASCInit.exe (PID: 3200)
Registers / Runs the DLL via REGSVR32.EXE
- ASCInit.exe (PID: 3200)
Actions looks like stealing of personal data
- ASC.exe (PID: 3548)
SUSPICIOUS
Executable content was dropped or overwritten
- asc-trial-setup.exe (PID: 3964)
- opera.exe (PID: 2984)
- asc-trial-setup.exe (PID: 3580)
- asc-trial-setup.exe (PID: 2184)
- asc-trial-setup.tmp (PID: 3864)
- asc-trial-setup.tmp (PID: 2572)
- ASCInit.exe (PID: 3200)
- Monitor.exe (PID: 2312)
Reads the Windows organization settings
- asc-trial-setup.tmp (PID: 3864)
- asc-trial-setup.tmp (PID: 2572)
Reads Windows owner or organization settings
- asc-trial-setup.tmp (PID: 3864)
- asc-trial-setup.tmp (PID: 2572)
Creates files in the program directory
- Setup.exe (PID: 788)
- ASCInit.exe (PID: 3200)
- Suo12_StartupManager.exe (PID: 3892)
- ASCService.exe (PID: 3428)
- smBootTime.exe (PID: 2824)
- Suo12_StartupManager.exe (PID: 2704)
- UninstallPromote.exe (PID: 2836)
- ASC.exe (PID: 3548)
- BrowserProtect.exe (PID: 2440)
- Monitor.exe (PID: 2312)
- Display.exe (PID: 2212)
- AutoUpdate.exe (PID: 3312)
- ASCDownload.exe (PID: 3104)
- IObitLiveUpdate.exe (PID: 904)
- AutoUpdate.exe (PID: 3308)
- Suo12_StartupManager.exe (PID: 924)
Creates files in the user directory
- ASCUpgrade.exe (PID: 2968)
- Suo12_StartupManager.exe (PID: 3892)
- ASCInit.exe (PID: 3200)
- asc-trial-setup.tmp (PID: 2572)
- Register.exe (PID: 2528)
- ASCService.exe (PID: 3428)
- ASC.exe (PID: 3548)
- ASCTray.exe (PID: 2404)
Writes to a desktop.ini file (may be used to cloak folders)
- ASCInit.exe (PID: 3200)
Application launched itself
- RealTimeProtector.exe (PID: 3016)
- startupInfo.exe (PID: 4084)
Starts CMD.EXE for commands execution
- ASCInit.exe (PID: 3200)
- ASC.exe (PID: 3548)
Removes files from Windows directory
- ASCService.exe (PID: 3428)
- Suo12_StartupManager.exe (PID: 2056)
- ASC.exe (PID: 3548)
Starts SC.EXE for service management
- cmd.exe (PID: 3160)
Creates files in the Windows directory
- ASCService.exe (PID: 3428)
- Monitor.exe (PID: 2312)
Creates COM task schedule object
- regsvr32.exe (PID: 1044)
Reads Environment values
- Monitor.exe (PID: 2312)
Low-level read access rights to disk partition
- Monitor.exe (PID: 2312)
Check for Java to be installed
- ASC.exe (PID: 3548)
Searches for installed software
- ASC.exe (PID: 3548)
- ASCService.exe (PID: 3428)
Uses IPCONFIG.EXE to discover IP address
- cmd.exe (PID: 1888)
Reads Microsoft Outlook installation path
- ASC.exe (PID: 3548)
Reads Internet Cache Settings
- ASC.exe (PID: 3548)
Reads default file associations for system extensions
- ASC.exe (PID: 3548)
INFO
Creates files in the user directory
- opera.exe (PID: 2984)
Application was dropped or rewritten from another process
- asc-trial-setup.tmp (PID: 2352)
- asc-trial-setup.tmp (PID: 3864)
- asc-trial-setup.tmp (PID: 2572)
- ASCUpgrade.exe (PID: 2968)
- ASCUpgrade.exe (PID: 3548)
- ASCUpgrade.exe (PID: 3000)
Loads dropped or rewritten executable
- asc-trial-setup.tmp (PID: 2572)
- asc-trial-setup.tmp (PID: 3864)
Dropped object may contain Bitcoin addresses
- Suo12_StartupManager.exe (PID: 3892)
- asc-trial-setup.tmp (PID: 2572)
- ASC.exe (PID: 3548)
Creates a software uninstall entry
- asc-trial-setup.tmp (PID: 2572)
Creates files in the program directory
- asc-trial-setup.tmp (PID: 2572)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
99
Monitored processes
55
Malicious processes
27
Suspicious processes
15
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 284 | ipconfig /flushdns | C:\Windows\system32\ipconfig.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: IP Configuration Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 788 | "C:\Users\admin\AppData\Local\Temp\is-0S9OC.tmp\Installer\Setup.exe" /InnoSetup "C:\Users\admin\AppData\Local\Opera\Opera\temporary_downloads\asc-trial-setup.exe" | C:\Users\admin\AppData\Local\Temp\is-0S9OC.tmp\Installer\Setup.exe | asc-trial-setup.tmp | ||||||||||||
User: admin Company: IObit Integrity Level: HIGH Description: Advanced SystemCare Installer Exit code: 0 Version: 12.1.0.386 Modules
| |||||||||||||||
| 792 | C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801} | C:\Windows\system32\DllHost.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 904 | "C:\Program Files\IObit\Advanced SystemCare\IObitLiveUpdate.exe" /srvupt | C:\Program Files\IObit\Advanced SystemCare\IObitLiveUpdate.exe | ASCService.exe | ||||||||||||
User: admin Company: IObit Integrity Level: HIGH Description: Product Updater Exit code: 0 Version: 3.0.0.4744 Modules
| |||||||||||||||
| 924 | "C:\Program Files\IObit\Advanced SystemCare\Suo12_StartupManager.exe" /base | C:\Program Files\IObit\Advanced SystemCare\Suo12_StartupManager.exe | — | startupInfo.exe | |||||||||||
User: admin Company: IObit Integrity Level: HIGH Description: Manage startup items Exit code: 0 Version: 12.0.0.125 Modules
| |||||||||||||||
| 940 | "C:\Program Files\IObit\Advanced SystemCare\RealTimeProtector.exe" /Run | C:\Program Files\IObit\Advanced SystemCare\RealTimeProtector.exe | RealTimeProtector.exe | ||||||||||||
User: admin Company: IObit Integrity Level: HIGH Description: Real-time Protector Exit code: 0 Version: 12.0.0.239 Modules
| |||||||||||||||
| 1044 | "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll" | C:\Windows\System32\regsvr32.exe | — | ASCInit.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1140 | "C:\Program Files\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /1 /41006400760061006E006300650064002000530079007300740065006D004300610072006500200031003200 /220043003A005C00500072006F006700720061006D002000460069006C00650073005C0049004F006200690074005C0041006400760061006E006300650064002000530079007300740065006D0043006100720065005C0041005300430054007200610079002E00650078006500220020002F004100750074006F00 /48004B00450059005F00430055005200520045004E0054005F0055005300450052005C0053004F004600540057004100520045005C004D006900630072006F0073006F00660074005C00570069006E0064006F00770073005C00430075007200720065006E007400560065007200730069006F006E005C00520075006E005C00 | C:\Program Files\IObit\Advanced SystemCare\smBootTime.exe | ASCService.exe | ||||||||||||
User: admin Company: IObit Integrity Level: HIGH Description: Startup Boot Time Exit code: 0 Version: 12.0.0.62 Modules
| |||||||||||||||
| 1888 | "C:\Windows\System32\cmd.exe" /c ipconfig /flushdns | C:\Windows\System32\cmd.exe | — | ASC.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 2056 | "C:\Program Files\IObit\Advanced SystemCare\Suo12_StartupManager.exe" /boottime | C:\Program Files\IObit\Advanced SystemCare\Suo12_StartupManager.exe | — | ASCService.exe | |||||||||||
User: SYSTEM Company: IObit Integrity Level: SYSTEM Description: Manage startup items Exit code: 0 Version: 12.0.0.125 Modules
| |||||||||||||||
Total events
33 250
Read events
30 237
Write events
760
Delete events
2 253
Modification events
| (PID) Process: | (2984) opera.exe | Key: | HKEY_CURRENT_USER\Software\Opera Software |
| Operation: | write | Name: | Last CommandLine v2 |
Value: C:\Program Files\Opera\opera.exe http://update.iobit.com/dl/advanced-systemcare-setup.exe | |||
| (PID) Process: | (2984) opera.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (2984) opera.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
| (PID) Process: | (2984) opera.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | AutoDetect |
Value: 1 | |||
| (PID) Process: | (3864) asc-trial-setup.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
| (PID) Process: | (3864) asc-trial-setup.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | AutoDetect |
Value: 1 | |||
| (PID) Process: | (788) Setup.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\IObit\Advanced SystemCare |
| Operation: | write | Name: | insur |
Value: other | |||
| (PID) Process: | (2572) asc-trial-setup.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
| (PID) Process: | (2572) asc-trial-setup.tmp | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | AutoDetect |
Value: 1 | |||
| (PID) Process: | (2572) asc-trial-setup.tmp | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\IObit\ASC |
| Operation: | write | Name: | InstallFinished |
Value: 0 | |||
Executable files
136
Suspicious files
62
Text files
884
Unknown types
34
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2984 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr9F92.tmp | — | |
MD5:— | SHA256:— | |||
| 2984 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opr9F93.tmp | — | |
MD5:— | SHA256:— | |||
| 2984 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprA001.tmp | — | |
MD5:— | SHA256:— | |||
| 2984 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\14RVROPFAHSFD9NQZAQ3.temp | — | |
MD5:— | SHA256:— | |||
| 2984 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000X.tmp | — | |
MD5:— | SHA256:— | |||
| 2984 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr26E0.tmp | — | |
MD5:— | SHA256:— | |||
| 2984 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr3624.tmp | — | |
MD5:— | SHA256:— | |||
| 2984 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\temporary_downloads\asc-trial-setup.exe | — | |
MD5:— | SHA256:— | |||
| 2984 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\autosave.win | text | |
MD5:— | SHA256:— | |||
| 2984 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr0000Y.tmp | executable | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
17
TCP/UDP connections
22
DNS requests
13
Threats
9
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2984 | opera.exe | GET | — | 93.184.221.133:80 | http://update.iobit.com/dl/advanced-systemcare-setup.exe | US | — | — | whitelisted |
3892 | Suo12_StartupManager.exe | POST | — | 50.16.231.110:80 | http://ascstats.iobit.com/startup/proportion.php | US | — | — | whitelisted |
3892 | Suo12_StartupManager.exe | POST | — | 50.16.231.110:80 | http://ascstats.iobit.com/startup/get_desc.php | US | — | — | whitelisted |
3312 | AutoUpdate.exe | GET | 206 | 93.184.221.133:80 | http://update.iobit.com/infofiles/asc12/update-trial.upt | US | binary | 1.83 Kb | whitelisted |
904 | IObitLiveUpdate.exe | GET | 206 | 93.184.221.133:80 | http://update.iobit.com/infofiles/iobitliveupdate/update.ept | US | binary | 13.6 Kb | whitelisted |
3312 | AutoUpdate.exe | GET | 206 | 93.184.221.133:80 | http://update.iobit.com/infofiles/asc12/update-trial.upt | US | txt | 1.83 Kb | whitelisted |
904 | IObitLiveUpdate.exe | GET | 206 | 93.184.221.133:80 | http://update.iobit.com/infofiles/iobitliveupdate/update.ept | US | binary | 13.6 Kb | whitelisted |
3920 | Suo12_StartupManager.exe | POST | 200 | 50.16.231.110:80 | http://ascstats.iobit.com/startup/get_desc.php | US | text | 7.84 Kb | whitelisted |
3312 | AutoUpdate.exe | GET | 206 | 93.184.221.133:80 | http://update.iobit.com/infofiles/asc12/update-trial.upt | US | hir | 1.82 Kb | whitelisted |
2984 | opera.exe | GET | 200 | 93.184.220.29:80 | http://crl3.digicert.com/DigiCertGlobalRootCA.crl | US | der | 581 b | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
2984 | opera.exe | 82.145.215.40:443 | certs.opera.com | Opera Software AS | — | whitelisted |
2984 | opera.exe | 93.184.221.133:80 | update.iobit.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2984 | opera.exe | 185.26.182.93:80 | sitecheck2.opera.com | Opera Software AS | — | whitelisted |
3892 | Suo12_StartupManager.exe | 50.16.231.110:80 | ascstats.iobit.com | Amazon.com, Inc. | US | malicious |
2984 | opera.exe | 128.140.224.121:443 | softpedia-secure-download.com | T-Mobile Czech Republic a.s. | RO | unknown |
3312 | AutoUpdate.exe | 93.184.221.133:80 | update.iobit.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3920 | Suo12_StartupManager.exe | 50.16.231.110:80 | ascstats.iobit.com | Amazon.com, Inc. | US | malicious |
2316 | ASCFeature.exe | 54.243.143.103:80 | ascstats.iobit.com | Amazon.com, Inc. | US | malicious |
904 | IObitLiveUpdate.exe | 93.184.221.133:80 | update.iobit.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2836 | UninstallPromote.exe | 23.23.140.35:80 | ascstats.iobit.com | Amazon.com, Inc. | US | malicious |
DNS requests
Domain | IP | Reputation |
|---|---|---|
update.iobit.com |
| whitelisted |
sitecheck2.opera.com |
| whitelisted |
certs.opera.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
softpedia-secure-download.com |
| unknown |
crl3.digicert.com |
| whitelisted |
ascstats.iobit.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
2984 | opera.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
788 | Setup.exe | A Network Trojan was detected | ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) |
788 | Setup.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.AdvancedSystemCare |
2836 | UninstallPromote.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.AdvancedSystemCare |
3312 | AutoUpdate.exe | A Network Trojan was detected | ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) |
3312 | AutoUpdate.exe | A Network Trojan was detected | ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) |
3312 | AutoUpdate.exe | A Network Trojan was detected | ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) |
3312 | AutoUpdate.exe | A Network Trojan was detected | ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) |
3312 | AutoUpdate.exe | A Network Trojan was detected | ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) |
Process | Message |
|---|---|
Setup.exe | ************** Win32MinorVersion: 1 |
Setup.exe | C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare\ |
Setup.exe | ********** FLanguageName: English |
Setup.exe | GetDownloadPath: 2 |
Setup.exe | CheckDiskSpace: 1 |
Setup.exe | CheckDiskSpace: 2 |
Setup.exe | CheckDiskSpace: 3 |
Setup.exe | CheckDiskSpace: 5 |
Setup.exe | CheckDiskSpace: 5 |
Setup.exe | GetDownloadPath: 3 |