URL:

https://www.iobit.com/en/driver-booster-pro.php

Full analysis: https://app.any.run/tasks/4fccc2c5-0ad6-4751-99a5-cb574d128232
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: November 18, 2023, 12:21:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
evasion
Indicators:
SHA1:

AE7A35F86615B1F1CB0A65915F1A592A5ECCEB0A

SHA256:

E72BCB222392A18950A75C2ABC21C38B697919040954A87186564AE70A3FC654

SSDEEP:

3:N8DSLgz1BX6BbV:2OLghBXWbV

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • driver_booster_setup.exe (PID: 2792)
      • driver_booster_setup.exe (PID: 2252)
      • driver_booster_setup.tmp (PID: 2120)
      • driver_booster_setup.exe (PID: 3708)
      • HWiNFO.exe (PID: 3724)
      • driver_booster_setup.tmp (PID: 3628)
      • IObitDownloader.exe (PID: 1988)
      • AutoUpdate.exe (PID: 3652)
      • iTopSetup.exe (PID: 3256)
      • IDRSetup.exe (PID: 1944)
      • ugin.exe (PID: 3512)
      • IDRSetup.tmp (PID: 2484)
      • iTopSetup.tmp (PID: 3144)
      • Autoupdate.exe (PID: 1276)
      • atud.exe (PID: 3424)
      • ASCSetup.exe (PID: 2004)
      • ASCInit.exe (PID: 1880)
      • ASCSetup.tmp (PID: 2108)
      • Monitor.exe (PID: 2600)
      • AutoUpdate.exe (PID: 3132)
      • bf.exe (PID: 2868)

    • Steals credentials from Web Browsers

      • CareScan.exe (PID: 4020)
      • iTopVPN.exe (PID: 1884)
      • smBootTimebase.exe (PID: 2904)

    • Actions looks like stealing of personal data

      • CareScan.exe (PID: 4020)
      • smBootTimebase.exe (PID: 2904)
      • ASCService.exe (PID: 2496)
      • PPUninstaller.exe (PID: 3480)
      • iTopVPN.exe (PID: 1884)
      • ASC.exe (PID: 2136)

    • Creates a writable file the system directory

      • drvinst.exe (PID: 3516)
      • smBootTimebase.exe (PID: 2904)

    • Application was injected by another process

      • explorer.exe (PID: 1388)

    • Runs injected code in another process

      • icop32.exe (PID: 2100)
      • ICONPIN32.exe (PID: 3940)

    • Registers / Runs the DLL via REGSVR32.EXE

      • ASCInit.exe (PID: 1880)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • driver_booster_setup.tmp (PID: 2120)
      • driver_booster_setup.tmp (PID: 3628)
      • iTopSetup.tmp (PID: 3144)
      • IDRSetup.tmp (PID: 2484)
      • ASCSetup.tmp (PID: 2108)

    • Reads the Internet Settings

      • driver_booster_setup.tmp (PID: 2120)
      • driver_booster_setup.tmp (PID: 3628)
      • CareScan.exe (PID: 4020)
      • setup.exe (PID: 3012)
      • ChangeIcon.exe (PID: 3676)
      • AUpdate.exe (PID: 3256)
      • DriverBooster.exe (PID: 3648)
      • iTopSetup.tmp (PID: 3144)
      • IObitDownloader.exe (PID: 1988)
      • IDRSetup.tmp (PID: 2484)
      • IdrInit.exe (PID: 2960)
      • ugin.exe (PID: 3512)
      • iTopVPN.exe (PID: 1884)
      • iTopDataRecovery.exe (PID: 2320)
      • ASCSetup.tmp (PID: 2108)
      • ASCInit.exe (PID: 1880)
      • Setup.exe (PID: 3784)
      • ASC.exe (PID: 2136)
      • ASCFeature.exe (PID: 3704)
      • AutoUpdate.exe (PID: 3132)
      • IObitLiveUpdate.exe (PID: 608)

    • Searches for installed software

      • setup.exe (PID: 3012)
      • CareScan.exe (PID: 4020)
      • InstStat.exe (PID: 1604)
      • DriverBooster.exe (PID: 3648)
      • iTopVPN.exe (PID: 1884)
      • ASCSetup.tmp (PID: 2108)
      • smBootTimebase.exe (PID: 2904)
      • PrivacyShield.exe (PID: 2516)
      • UninstallInfo.exe (PID: 712)
      • smBootTime.exe (PID: 4020)
      • ASCService.exe (PID: 2496)
      • PPUninstaller.exe (PID: 3480)
      • Setup.exe (PID: 3784)
      • Monitor.exe (PID: 2600)
      • ASC.exe (PID: 2136)
      • BrowserProtect.exe (PID: 1612)
      • smBootTime.exe (PID: 4080)
      • AutoUpdate.exe (PID: 3132)
      • ASCTray.exe (PID: 2648)
      • smBootTime.exe (PID: 2932)
      • bf.exe (PID: 2868)
      • Display.exe (PID: 2888)
      • smBootTime.exe (PID: 2860)
      • IObitLiveUpdate.exe (PID: 608)

    • Reads the Windows owner or organization settings

      • driver_booster_setup.tmp (PID: 2120)
      • driver_booster_setup.tmp (PID: 3628)
      • iTopSetup.tmp (PID: 3144)
      • IDRSetup.tmp (PID: 2484)
      • ASCSetup.tmp (PID: 2108)
      • smBootTime.exe (PID: 4020)
      • ASC.exe (PID: 2136)
      • smBootTime.exe (PID: 4080)
      • smBootTime.exe (PID: 2932)
      • smBootTime.exe (PID: 2860)

    • Process drops SQLite DLL files

      • driver_booster_setup.tmp (PID: 3628)
      • iTopSetup.tmp (PID: 3144)
      • IDRSetup.tmp (PID: 2484)
      • ASCSetup.tmp (PID: 2108)

    • Drops 7-zip archiver for unpacking

      • driver_booster_setup.tmp (PID: 3628)

    • Drops a system driver (possible attempt to evade defenses)

      • HWiNFO.exe (PID: 3724)
      • iTopSetup.tmp (PID: 3144)
      • ugin.exe (PID: 3512)
      • ASCSetup.tmp (PID: 2108)
      • Monitor.exe (PID: 2600)

    • Reads Microsoft Outlook installation path

      • CareScan.exe (PID: 4020)

    • The process verifies whether the antivirus software is installed

      • CareScan.exe (PID: 4020)
      • iTopVPN.exe (PID: 1884)

    • The process executes via Task Scheduler

      • NoteIcon.exe (PID: 3504)

    • Reads security settings of Internet Explorer

      • DriverBooster.exe (PID: 3648)
      • ASCVER.exe (PID: 1756)

    • Checks Windows Trust Settings

      • DriverBooster.exe (PID: 3648)
      • drvinst.exe (PID: 3516)
      • ASCVER.exe (PID: 1756)

    • Reads settings of System Certificates

      • DriverBooster.exe (PID: 3648)
      • ASCVER.exe (PID: 1756)

    • Adds/modifies Windows certificates

      • setup.exe (PID: 3012)

    • Checks for Java to be installed

      • DriverBooster.exe (PID: 3648)
      • ASC.exe (PID: 2136)

    • Process requests binary or script from the Internet

      • AutoUpdate.exe (PID: 3652)
      • DriverBooster.exe (PID: 3648)
      • IObitDownloader.exe (PID: 1988)
      • Autoupdate.exe (PID: 1276)
      • AutoUpdate.exe (PID: 3132)

    • Executes as Windows Service

      • VSSVC.exe (PID: 2812)
      • IDRService.exe (PID: 3604)
      • ASCService.exe (PID: 2496)

    • Uses TASKKILL.EXE to kill process

      • iTopSetup.tmp (PID: 3144)

    • Creates files in the driver directory

      • drvinst.exe (PID: 3516)

    • Starts CMD.EXE for commands execution

      • IDRSetup.tmp (PID: 2484)
      • ugin.exe (PID: 3512)
      • iTopVPN.exe (PID: 1884)
      • ASCInit.exe (PID: 1880)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 2560)
      • cmd.exe (PID: 2108)
      • cmd.exe (PID: 3464)
      • cmd.exe (PID: 4076)
      • cmd.exe (PID: 3036)
      • cmd.exe (PID: 3760)
      • cmd.exe (PID: 2680)
      • cmd.exe (PID: 3704)
      • cmd.exe (PID: 3280)
      • cmd.exe (PID: 2424)
      • cmd.exe (PID: 1812)
      • cmd.exe (PID: 1128)
      • cmd.exe (PID: 544)

    • Application launched itself

      • ugin.exe (PID: 3512)
      • RealTimeProtector.exe (PID: 3420)

    • Process uses IPCONFIG to clear DNS cache

      • cmd.exe (PID: 4088)

    • Checks for external IP

      • UninstallInfo.exe (PID: 2520)
      • unpr.exe (PID: 1592)

    • Connects to unusual port

      • iTopVPN.exe (PID: 1884)

    • Write to the desktop.ini file (may be used to cloak folders)

      • ASCInit.exe (PID: 1880)

  • INFO

    • Checks supported languages

      • wmpnscfg.exe (PID: 3592)
      • driver_booster_setup.exe (PID: 2792)
      • driver_booster_setup.tmp (PID: 3784)
      • driver_booster_setup.exe (PID: 2252)
      • driver_booster_setup.tmp (PID: 2120)
      • setup.exe (PID: 3012)
      • driver_booster_setup.exe (PID: 3708)
      • driver_booster_setup.tmp (PID: 3628)
      • CareScan.exe (PID: 4020)
      • SetupHlp.exe (PID: 3808)
      • HWiNFO.exe (PID: 3724)
      • RttHlp.exe (PID: 556)
      • InstStat.exe (PID: 1604)
      • DriverBooster.exe (PID: 3648)
      • SetupHlp.exe (PID: 1640)
      • IObitDownloader.exe (PID: 1988)
      • Manta.exe (PID: 2940)
      • AutoUpdate.exe (PID: 3652)
      • ChangeIcon.exe (PID: 3676)
      • NoteIcon.exe (PID: 3504)
      • Manta.exe (PID: 3372)
      • Manta.exe (PID: 4080)
      • RttHlp.exe (PID: 3464)
      • NoteIcon.exe (PID: 4036)
      • AUpdate.exe (PID: 3256)
      • RttHlp.exe (PID: 2680)
      • FaultFixes.exe (PID: 1728)
      • SetupHlp.exe (PID: 304)
      • FaultFixes.exe (PID: 2128)
      • DBDownloader.exe (PID: 1696)
      • Manta.exe (PID: 316)
      • Manta.exe (PID: 3396)
      • Manta.exe (PID: 4020)
      • Manta.exe (PID: 2628)
      • Manta.exe (PID: 1160)
      • Manta.exe (PID: 2624)
      • iTopSetup.exe (PID: 3256)
      • iTopSetup.tmp (PID: 3144)
      • ugin.exe (PID: 1840)
      • ChangeIcon.exe (PID: 3476)
      • ugin.exe (PID: 1832)
      • DpInstX32.exe (PID: 2080)
      • drvinst.exe (PID: 3516)
      • IDRSetup.tmp (PID: 2484)
      • ugin.exe (PID: 3396)
      • IDRSetup.exe (PID: 1944)
      • ugin.exe (PID: 3512)
      • iTopVPN.exe (PID: 3568)
      • ullc.exe (PID: 1628)
      • iTopInsur.exe (PID: 3352)
      • IdrInit.exe (PID: 2960)
      • iTopInsur.exe (PID: 752)
      • UninstallInfo.exe (PID: 2520)
      • icop32.exe (PID: 2100)
      • LocalLang.exe (PID: 3956)
      • ICONPIN32.exe (PID: 3940)
      • ugin.exe (PID: 3904)
      • IDRService.exe (PID: 3604)
      • iTopVPN.exe (PID: 1884)
      • unpr.exe (PID: 1592)
      • ugin.exe (PID: 2392)
      • ugin.exe (PID: 3984)
      • atud.exe (PID: 3424)
      • aud.exe (PID: 3800)
      • iTopDataRecovery.exe (PID: 2320)
      • aud.exe (PID: 3944)
      • Autoupdate.exe (PID: 1276)
      • ChangeIcon.exe (PID: 3092)
      • iTopVPNMini.exe (PID: 3108)
      • AUpdate.exe (PID: 2948)
      • AUpdate.exe (PID: 2100)
      • RttHlp.exe (PID: 3516)
      • Newfts.exe (PID: 3584)
      • ScanWinUpd.exe (PID: 3492)
      • ASCSetup.exe (PID: 2004)
      • ASCSetup.tmp (PID: 2108)
      • ASCUpgrade.exe (PID: 3652)
      • ASCUpgrade.exe (PID: 2484)
      • LocalLang.exe (PID: 3204)
      • ASCInit.exe (PID: 1880)
      • smBootTimebase.exe (PID: 2904)
      • ASCService.exe (PID: 2496)
      • UninstallInfo.exe (PID: 712)
      • PrivacyShield.exe (PID: 2516)
      • BrowserCleaner.exe (PID: 1904)
      • Setup.exe (PID: 3784)
      • PPUninstaller.exe (PID: 3480)
      • RealTimeProtector.exe (PID: 3420)
      • smBootTime.exe (PID: 4020)
      • RealTimeProtector.exe (PID: 680)
      • DiskDefrag.exe (PID: 3360)
      • ASC.exe (PID: 2136)
      • ProductStat3.exe (PID: 2680)
      • BrowserProtect.exe (PID: 1612)
      • Monitor.exe (PID: 2600)
      • ASCFeature.exe (PID: 1360)
      • smBootTime.exe (PID: 4080)
      • RealTimeProtector.exe (PID: 2056)
      • ASCTray.exe (PID: 2648)
      • ASCVER.exe (PID: 1756)
      • ProductStat3.exe (PID: 3200)
      • AutoUpdate.exe (PID: 3132)
      • ASCFeature.exe (PID: 3704)
      • ProductStat3.exe (PID: 1988)
      • Display.exe (PID: 2888)
      • smBootTime.exe (PID: 2932)
      • AutoSweep.exe (PID: 1876)
      • smBootTime.exe (PID: 2860)
      • bf.exe (PID: 2868)
      • AutoCare.exe (PID: 3492)
      • IObitLiveUpdate.exe (PID: 608)
      • ProductStat3.exe (PID: 2380)
      • startupInfo.exe (PID: 3224)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3592)
      • explorer.exe (PID: 3248)
      • msedge.exe (PID: 1416)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3592)
      • driver_booster_setup.tmp (PID: 3784)
      • setup.exe (PID: 3012)
      • driver_booster_setup.tmp (PID: 2120)
      • driver_booster_setup.tmp (PID: 3628)
      • CareScan.exe (PID: 4020)
      • HWiNFO.exe (PID: 3724)
      • SetupHlp.exe (PID: 3808)
      • InstStat.exe (PID: 1604)
      • DriverBooster.exe (PID: 3648)
      • IObitDownloader.exe (PID: 1988)
      • SetupHlp.exe (PID: 1640)
      • AutoUpdate.exe (PID: 3652)
      • ChangeIcon.exe (PID: 3676)
      • Manta.exe (PID: 3372)
      • NoteIcon.exe (PID: 4036)
      • NoteIcon.exe (PID: 3504)
      • AUpdate.exe (PID: 3256)
      • FaultFixes.exe (PID: 1728)
      • FaultFixes.exe (PID: 2128)
      • SetupHlp.exe (PID: 304)
      • Manta.exe (PID: 1160)
      • Manta.exe (PID: 316)
      • Manta.exe (PID: 4020)
      • DBDownloader.exe (PID: 1696)
      • Manta.exe (PID: 3396)
      • ChangeIcon.exe (PID: 3476)
      • Manta.exe (PID: 2628)
      • Manta.exe (PID: 2624)
      • iTopSetup.tmp (PID: 3144)
      • ugin.exe (PID: 1840)
      • ugin.exe (PID: 1832)
      • DpInstX32.exe (PID: 2080)
      • drvinst.exe (PID: 3516)
      • ugin.exe (PID: 3396)
      • IDRSetup.tmp (PID: 2484)
      • ugin.exe (PID: 3512)
      • iTopVPN.exe (PID: 3568)
      • iTopInsur.exe (PID: 3352)
      • IdrInit.exe (PID: 2960)
      • iTopInsur.exe (PID: 752)
      • UninstallInfo.exe (PID: 2520)
      • ugin.exe (PID: 3904)
      • ugin.exe (PID: 3984)
      • IDRService.exe (PID: 3604)
      • unpr.exe (PID: 1592)
      • iTopVPN.exe (PID: 1884)
      • ugin.exe (PID: 2392)
      • atud.exe (PID: 3424)
      • aud.exe (PID: 3944)
      • iTopDataRecovery.exe (PID: 2320)
      • aud.exe (PID: 3800)
      • Autoupdate.exe (PID: 1276)
      • AUpdate.exe (PID: 2948)
      • ChangeIcon.exe (PID: 3092)
      • iTopVPNMini.exe (PID: 3108)
      • AUpdate.exe (PID: 2100)
      • ScanWinUpd.exe (PID: 3492)
      • Newfts.exe (PID: 3584)
      • ASCSetup.tmp (PID: 2108)
      • ASCUpgrade.exe (PID: 2484)
      • ASCInit.exe (PID: 1880)
      • ASCUpgrade.exe (PID: 3652)
      • ASCService.exe (PID: 2496)
      • smBootTimebase.exe (PID: 2904)
      • PrivacyShield.exe (PID: 2516)
      • smBootTime.exe (PID: 4020)
      • UninstallInfo.exe (PID: 712)
      • PPUninstaller.exe (PID: 3480)
      • RealTimeProtector.exe (PID: 3420)
      • RealTimeProtector.exe (PID: 680)
      • Setup.exe (PID: 3784)
      • Monitor.exe (PID: 2600)
      • ASC.exe (PID: 2136)
      • BrowserProtect.exe (PID: 1612)
      • smBootTime.exe (PID: 4080)
      • ASCTray.exe (PID: 2648)
      • RealTimeProtector.exe (PID: 2056)
      • ASCVER.exe (PID: 1756)
      • ASCFeature.exe (PID: 3704)
      • AutoUpdate.exe (PID: 3132)
      • smBootTime.exe (PID: 2932)
      • bf.exe (PID: 2868)
      • smBootTime.exe (PID: 2860)
      • AutoCare.exe (PID: 3492)
      • IObitLiveUpdate.exe (PID: 608)

    • The process uses the downloaded file

      • chrome.exe (PID: 1892)
      • chrome.exe (PID: 3440)
      • chrome.exe (PID: 1640)
      • chrome.exe (PID: 2004)
      • chrome.exe (PID: 1948)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 3592)
      • driver_booster_setup.tmp (PID: 3628)
      • SetupHlp.exe (PID: 3808)
      • DriverBooster.exe (PID: 3648)
      • NoteIcon.exe (PID: 3504)
      • AUpdate.exe (PID: 3256)
      • AutoUpdate.exe (PID: 3652)
      • drvinst.exe (PID: 3516)
      • DpInstX32.exe (PID: 2080)
      • iTopVPN.exe (PID: 3568)
      • ugin.exe (PID: 3512)
      • icop32.exe (PID: 2100)
      • ICONPIN32.exe (PID: 3940)
      • unpr.exe (PID: 1592)
      • aud.exe (PID: 3944)
      • atud.exe (PID: 3424)
      • aud.exe (PID: 3800)
      • iTopVPN.exe (PID: 1884)
      • iTopVPNMini.exe (PID: 3108)
      • AUpdate.exe (PID: 2100)
      • AUpdate.exe (PID: 2948)
      • ScanWinUpd.exe (PID: 3492)
      • Autoupdate.exe (PID: 1276)
      • ASCInit.exe (PID: 1880)
      • PrivacyShield.exe (PID: 2516)
      • smBootTimebase.exe (PID: 2904)
      • smBootTime.exe (PID: 4020)
      • UninstallInfo.exe (PID: 712)
      • PPUninstaller.exe (PID: 3480)
      • Monitor.exe (PID: 2600)
      • ASC.exe (PID: 2136)
      • Setup.exe (PID: 3784)
      • ASCTray.exe (PID: 2648)
      • RealTimeProtector.exe (PID: 2056)
      • smBootTime.exe (PID: 4080)
      • ASCVER.exe (PID: 1756)
      • AutoUpdate.exe (PID: 3132)
      • ASCFeature.exe (PID: 3704)
      • smBootTime.exe (PID: 2932)
      • bf.exe (PID: 2868)
      • smBootTime.exe (PID: 2860)
      • AutoCare.exe (PID: 3492)

    • Create files in a temporary directory

      • driver_booster_setup.exe (PID: 2792)
      • driver_booster_setup.exe (PID: 2252)
      • driver_booster_setup.tmp (PID: 2120)
      • setup.exe (PID: 3012)
      • driver_booster_setup.exe (PID: 3708)
      • HWiNFO.exe (PID: 3724)
      • CareScan.exe (PID: 4020)
      • driver_booster_setup.tmp (PID: 3628)
      • iTopSetup.exe (PID: 3256)
      • iTopSetup.tmp (PID: 3144)
      • DriverBooster.exe (PID: 3648)
      • DpInstX32.exe (PID: 2080)
      • IDRSetup.exe (PID: 1944)
      • IDRSetup.tmp (PID: 2484)
      • explorer.exe (PID: 1388)
      • ICONPIN32.exe (PID: 3940)
      • icop32.exe (PID: 2100)
      • SecEdit.exe (PID: 3000)
      • SecEdit.exe (PID: 1848)
      • ASCSetup.exe (PID: 2004)
      • ASCSetup.tmp (PID: 2108)
      • iTopVPN.exe (PID: 1884)
      • IObitLiveUpdate.exe (PID: 608)

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 3440)

    • Creates files in the program directory

      • setup.exe (PID: 3012)
      • driver_booster_setup.tmp (PID: 3628)
      • CareScan.exe (PID: 4020)
      • RttHlp.exe (PID: 556)
      • InstStat.exe (PID: 1604)
      • SetupHlp.exe (PID: 3808)
      • DriverBooster.exe (PID: 3648)
      • IObitDownloader.exe (PID: 1988)
      • ChangeIcon.exe (PID: 3676)
      • Manta.exe (PID: 2940)
      • AutoUpdate.exe (PID: 3652)
      • Manta.exe (PID: 3372)
      • iTopSetup.tmp (PID: 3144)
      • IDRSetup.tmp (PID: 2484)
      • ugin.exe (PID: 3396)
      • iTopVPN.exe (PID: 3568)
      • ugin.exe (PID: 3512)
      • iTopInsur.exe (PID: 3352)
      • UninstallInfo.exe (PID: 2520)
      • ugin.exe (PID: 2392)
      • IDRService.exe (PID: 3604)
      • unpr.exe (PID: 1592)
      • atud.exe (PID: 3424)
      • iTopDataRecovery.exe (PID: 2320)
      • iTopVPN.exe (PID: 1884)
      • AUpdate.exe (PID: 2100)
      • Autoupdate.exe (PID: 1276)
      • Newfts.exe (PID: 3584)
      • ASCSetup.tmp (PID: 2108)
      • ASCInit.exe (PID: 1880)
      • ASCService.exe (PID: 2496)
      • smBootTimebase.exe (PID: 2904)
      • smBootTime.exe (PID: 4020)
      • PrivacyShield.exe (PID: 2516)
      • UninstallInfo.exe (PID: 712)
      • Setup.exe (PID: 3784)
      • ASC.exe (PID: 2136)
      • ProductStat3.exe (PID: 2680)
      • BrowserProtect.exe (PID: 1612)
      • ASCVER.exe (PID: 1756)
      • AutoUpdate.exe (PID: 3132)
      • Display.exe (PID: 2888)
      • bf.exe (PID: 2868)
      • AutoSweep.exe (PID: 1876)
      • AutoCare.exe (PID: 3492)
      • IObitLiveUpdate.exe (PID: 608)
      • startupInfo.exe (PID: 3224)

    • Application launched itself

      • chrome.exe (PID: 3440)
      • msedge.exe (PID: 2116)
      • msedge.exe (PID: 1416)

    • Creates files or folders in the user directory

      • setup.exe (PID: 3012)
      • driver_booster_setup.tmp (PID: 3628)
      • InstStat.exe (PID: 1604)
      • CareScan.exe (PID: 4020)
      • DriverBooster.exe (PID: 3648)
      • FaultFixes.exe (PID: 1728)
      • AUpdate.exe (PID: 3256)
      • ugin.exe (PID: 1840)
      • DpInstX32.exe (PID: 2080)
      • iTopVPN.exe (PID: 3568)
      • IDRSetup.tmp (PID: 2484)
      • iTopInsur.exe (PID: 3352)
      • explorer.exe (PID: 1388)
      • iTopSetup.tmp (PID: 3144)
      • iTopVPN.exe (PID: 1884)
      • atud.exe (PID: 3424)
      • Autoupdate.exe (PID: 1276)
      • iTopVPNMini.exe (PID: 3108)
      • ScanWinUpd.exe (PID: 3492)
      • ASCSetup.tmp (PID: 2108)
      • ASCInit.exe (PID: 1880)
      • ASCService.exe (PID: 2496)
      • BrowserCleaner.exe (PID: 1904)
      • Setup.exe (PID: 3784)
      • PPUninstaller.exe (PID: 3480)
      • ASCTray.exe (PID: 2648)
      • ASC.exe (PID: 2136)
      • Display.exe (PID: 2888)
      • ASCFeature.exe (PID: 3704)

    • Reads Microsoft Office registry keys

      • CareScan.exe (PID: 4020)

    • Reads mouse settings

      • CareScan.exe (PID: 4020)

    • Reads CPU info

      • DriverBooster.exe (PID: 3648)

    • Checks proxy server information

      • AUpdate.exe (PID: 3256)
      • DriverBooster.exe (PID: 3648)
      • ASCFeature.exe (PID: 3704)
      • AutoUpdate.exe (PID: 3132)

    • Process checks are UAC notifies on

      • iTopVPN.exe (PID: 1884)

    • Process checks Internet Explorer phishing filters

      • iTopVPN.exe (PID: 1884)

    • Creates a software uninstall entry

      • ASCSetup.tmp (PID: 2108)

    • Dropped object may contain TOR URL's

      • ASCSetup.tmp (PID: 2108)

    • Reads Environment values

      • ASCInit.exe (PID: 1880)
      • Monitor.exe (PID: 2600)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
264
Monitored processes
195
Malicious processes
41
Suspicious processes
2

Behavior graph

Click at the process to see the details
start inject chrome.exe chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs wmpnscfg.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs driver_booster_setup.exe no specs driver_booster_setup.tmp no specs driver_booster_setup.exe driver_booster_setup.tmp no specs chrome.exe no specs chrome.exe no specs setup.exe explorer.exe no specs driver_booster_setup.exe no specs driver_booster_setup.tmp no specs hwinfo.exe no specs carescan.exe setuphlp.exe no specs rtthlp.exe no specs inststat.exe driverbooster.exe msedge.exe no specs msedge.exe no specs iobitdownloader.exe setuphlp.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs manta.exe msedge.exe no specs msedge.exe autoupdate.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs changeicon.exe noteicon.exe rtthlp.exe no specs manta.exe manta.exe noteicon.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs faultfixes.exe no specs setuphlp.exe no specs faultfixes.exe no specs rtthlp.exe aupdate.exe msedge.exe no specs manta.exe msedge.exe no specs msedge.exe no specs manta.exe manta.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs dbdownloader.exe manta.exe manta.exe changeicon.exe manta.exe msedge.exe no specs msedge.exe no specs vssvc.exe no specs itopsetup.exe no specs itopsetup.tmp no specs SPPSurrogate no specs ugin.exe no specs taskkill.exe no specs ugin.exe no specs dpinstx32.exe no specs drvinst.exe no specs idrsetup.exe no specs idrsetup.tmp cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs ugin.exe no specs ullc.exe ugin.exe itopvpn.exe cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs locallang.exe itopinsur.exe idrinit.exe itopinsur.exe uninstallinfo.exe icop32.exe ugin.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs sc.exe no specs cmd.exe no specs iconpin32.exe ugin.exe no specs sc.exe no specs idrservice.exe unpr.exe itopvpn.exe ugin.exe no specs atud.exe aud.exe aud.exe explorer.exe itopdatarecovery.exe cmd.exe no specs ipconfig.exe no specs autoupdate.exe aupdate.exe aupdate.exe changeicon.exe itopvpnmini.exe scanwinupd.exe no specs rtthlp.exe no specs newfts.exe secedit.exe no specs secedit.exe no specs ascsetup.exe no specs ascsetup.tmp no specs ascupgrade.exe no specs ascupgrade.exe locallang.exe no specs ascinit.exe ascservice.exe smboottimebase.exe cmd.exe no specs sc.exe no specs uninstallinfo.exe regsvr32.exe no specs browsercleaner.exe no specs privacyshield.exe SPPSurrogate no specs smboottime.exe setup.exe ppuninstaller.exe realtimeprotector.exe diskdefrag.exe no specs realtimeprotector.exe browserprotect.exe asc.exe monitor.exe productstat3.exe no specs ascfeature.exe no specs productstat3.exe no specs smboottime.exe realtimeprotector.exe asctray.exe ascver.exe no specs autoupdate.exe ascfeature.exe smboottime.exe productstat3.exe no specs display.exe bf.exe autosweep.exe no specs smboottime.exe autocare.exe iobitliveupdate.exe productstat3.exe no specs startupinfo.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
292"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll"C:\Windows\System32\regsvr32.exeASCInit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
304"C:\Program Files\IObit\Driver Booster\11.1.0\SetupHlp.exe" /afterupgradeC:\Program Files\IObit\Driver Booster\11.1.0\SetupHlp.exeDriverBooster.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Driver Booster Setup Helper
Exit code:
0
Version:
11.5.0.17
Modules
Images
c:\program files\iobit\driver booster\11.1.0\setuphlp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\driver booster\11.1.0\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
316"C:\Program Files\IObit\Driver Booster\11.1.0\Manta.exe" /CommStat /DoCommStat /Code="A101" /Days=0C:\Program Files\IObit\Driver Booster\11.1.0\Manta.exe
DriverBooster.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Manta
Exit code:
0
Version:
11.2.0.11
Modules
Images
c:\program files\iobit\driver booster\11.1.0\manta.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\driver booster\11.1.0\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
328"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3828 --field-trial-handle=1320,i,1871623617768946740,17042593783255310976,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
544"C:\Windows\System32\cmd.exe" /c SC description AdvancedSystemCareService17 "Advanced SystemCare Service"C:\Windows\System32\cmd.exeASCInit.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
556"C:\Program Files\IObit\Driver Booster\11.1.0\RttHlp.exe" /winstdateC:\Program Files\IObit\Driver Booster\11.1.0\RttHlp.exeSetupHlp.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
IObit RttHlp
Exit code:
0
Version:
11.0.0.0
Modules
Images
c:\program files\iobit\driver booster\11.1.0\rtthlp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\driver booster\11.1.0\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
588"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6b58f598,0x6b58f5a8,0x6b58f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
608"C:\Program Files\IObit\Advanced SystemCare\IObitLiveUpdate.exe" /srvuptC:\Program Files\IObit\Advanced SystemCare\IObitLiveUpdate.exe
ASCService.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Product Updater
Exit code:
0
Version:
3.0.0.5320
Modules
Images
c:\program files\iobit\advanced systemcare\iobitliveupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
668"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1328,i,14169453316222352325,315719863060413312,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
680sc delete windivertC:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
A tool to aid in developing services for WindowsNT
Exit code:
1060
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
157 467
Read events
156 217
Write events
1 125
Delete events
125

Modification events

(PID) Process:(3440) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3440) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3440) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3440) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(1388) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:writeName:CheckSetting
Value:
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000F6D6788197A75D498472ACE88906AC8D000000000200000000001066000000010000200000007F0C5AFCF1AE7F71286A81A9B86E67A7BE47980777E154AD953E683E2064784E000000000E8000000002000020000000C547D0854BEA52CCDED7859B79990A863903B335001ED826D40C3D8E323F237F30000000DF0FBC24E15CFF4FE438F74D8486DFB808CBF3EC9160BD0CF16731298F2800053F0DC9D2737FB85ABF81EDB882A089A94000000011BAC043EAAF96F8497DEE93A36C7829C97427DA018BC7750377DAC2CC3CE4D64139784732F789D57202D54D80C3AAC2B4B5EE990B65AEF23416199647916AD4
(PID) Process:(3440) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3440) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(3440) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(3440) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(3440) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid_installdate
Value:
0
Executable files
731
Suspicious files
474
Text files
1 140
Unknown types
0

Dropped files

PID
Process
Filename
Type
3440chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF16714c.TMP
MD5:
SHA256:
3440chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3440chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:513218482935B0D388C0A990D868387A
SHA256:8E39CBAAF4AACC3A01AFA74EA8C30FB24FE69A22B8B30728AFB1614FD68809D9
3440chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old~RF167321.TMPtext
MD5:56C75810BDDDD686D123E6E36F56E012
SHA256:3D51A6EF85A51056E1A379D795F55C84A321EC2000DD69F5D70ABA038C61522E
3440chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF16714c.TMPtext
MD5:D5C9ECBD2DCA29D89266782824D7AF99
SHA256:D22D1243ACC064A30823180D0E583C853E9395367C78C2AD9DE59A463904F702
3440chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Variationsbinary
MD5:961E3604F228B0D10541EBF921500C86
SHA256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
3440chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF167871.TMP
MD5:
SHA256:
3440chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
3440chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldtext
MD5:B806171F9E7C87423595645872D869B0
SHA256:851A8D533BEBF6A69C5518375396E97463302C1E2031D04F8EB5851C5C82CEB9
3440chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOG.old~RF1687f1.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
160
TCP/UDP connections
645
DNS requests
131
Threats
176

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3012
setup.exe
GET
152.199.20.140:80
http://update.iobit.com/infofiles/db/rmd/install_cfg_n.zlb
unknown
unknown
1988
IObitDownloader.exe
GET
152.199.20.140:80
http://update.iobit.com/infofiles/db/rmd/freeware-db.upt
unknown
unknown
3012
setup.exe
GET
206
152.199.20.140:80
http://update.iobit.com/infofiles/db/rmd/install_cfg_n.zlb
unknown
binary
60.0 Kb
unknown
3012
setup.exe
GET
206
152.199.20.140:80
http://update.iobit.com/infofiles/db/rmd/install_cfg_n.zlb
unknown
binary
60.0 Kb
unknown
1604
InstStat.exe
GET
200
52.55.155.234:80
http://stats.iobit.com/install.php?operate=1&user=1&app=db11&ver=11.1.0.26&pr=iobit&system=61&type=1&lang=en-US&geo=1033&insur=other
unknown
text
19 b
unknown
3012
setup.exe
GET
200
152.199.20.140:80
http://update.iobit.com/dl/img/inst/logo_asc.png
unknown
image
4.10 Kb
unknown
3012
setup.exe
GET
200
52.55.155.234:80
http://stats.iobit.com/multi_app_new.php?action=get-token
unknown
text
24 b
unknown
3012
setup.exe
GET
206
152.199.20.140:80
http://update.iobit.com/infofiles/db/rmd/install_cfg_n.zlb
unknown
binary
60.0 Kb
unknown
3012
setup.exe
GET
200
152.199.20.140:80
http://update.iobit.com/infofiles/ac/appver-ac.upt
unknown
text
849 b
unknown
3012
setup.exe
GET
200
152.199.20.140:80
http://update.iobit.com/infofiles/itop/itopav.upt
unknown
text
336 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
3440
chrome.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3500
chrome.exe
142.250.181.237:443
accounts.google.com
GOOGLE
US
unknown
3500
chrome.exe
54.145.102.116:443
www.iobit.com
AMAZON-AES
US
unknown
3500
chrome.exe
172.217.18.10:443
fonts.googleapis.com
GOOGLE
US
whitelisted
3500
chrome.exe
152.199.20.140:443
codes.iobit.com
EDGECAST
US
unknown
3500
chrome.exe
172.64.147.188:443
kit.fontawesome.com
CLOUDFLARENET
US
unknown

DNS requests

Domain
IP
Reputation
accounts.google.com
  • 142.250.181.237
shared
www.iobit.com
  • 54.145.102.116
  • 54.159.249.19
  • 52.6.162.138
whitelisted
fonts.googleapis.com
  • 172.217.18.10
  • 142.250.185.234
whitelisted
codes.iobit.com
  • 152.199.20.140
whitelisted
kit.fontawesome.com
  • 172.64.147.188
  • 104.18.40.68
whitelisted
fonts.gstatic.com
  • 142.250.186.163
  • 142.250.186.35
whitelisted
ka-f.fontawesome.com
  • 172.67.139.119
  • 104.21.26.223
whitelisted
www.googletagmanager.com
  • 172.217.18.104
  • 142.250.185.200
whitelisted
bat.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
www.google-analytics.com
  • 172.217.16.206
  • 142.250.185.142
whitelisted

Threats

PID
Process
Class
Message
3012
setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3012
setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3012
setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3012
setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3012
setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3012
setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3012
setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3012
setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3012
setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3012
setup.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Process
Message
setup.exe
[DBInstaller] : + FormCreate
setup.exe
doFinshedEvent_Freeware 0
setup.exe
Order: itop
setup.exe
Chk_ver_max
setup.exe
Chk_ver_min
setup.exe
CheckLicense
setup.exe
chk_arch
setup.exe
ProductVersion: 11.1.0.26
setup.exe
CheckUninstallVersion Chk_reg_unver:
setup.exe
chk_os_ver 110;100;63;62;61
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.iobit.com/en/driver-booster-pro.php