File name:

SystemMechanicStd_DM.exe

Full analysis: https://app.any.run/tasks/9dd6874c-fc0a-473e-b225-4e26cb5bb8aa
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 10, 2023, 14:06:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

397926927BCA55BE4A77839B1C44DE6E

SHA1:

E10F3434EF3021C399DBBA047832F02B3C898DBD

SHA256:

4F07E1095CC915B2D46EB149D1C3BE14F3F4B4BD2742517265947FD23BDCA5A7

SSDEEP:

98304:fD8Txkkxu60wIO3Fv2W+oekubm6RBUZctukdazmSsMqwDc2bISfz1:6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Drops the executable file immediately after the start

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Registers / Runs the DLL via REGSVR32.EXE

      • iolo.exe (PID: 2888)

    • Steals credentials from Web Browsers

      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 836)

    • Actions looks like stealing of personal data

      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • iolo.exe (PID: 2888)

  • SUSPICIOUS

    • Reads the Internet Settings

      • SystemMechanicStd_DM.exe (PID: 3264)
      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 900)
      • activebridge.exe (PID: 1460)

    • Searches for installed software

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)

    • Reads settings of System Certificates

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • activebridge.exe (PID: 1460)
      • ioloTrayApp.exe (PID: 900)

    • Process drops SQLite DLL files

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Creates files in the driver directory

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Drops a system driver (possible attempt to evade defenses)

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Process drops legitimate windows executable

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Reads Microsoft Outlook installation path

      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 900)

    • Reads Internet Explorer settings

      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 900)

    • Starts CMD.EXE for commands execution

      • iolo.exe (PID: 2888)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 3832)
      • cmd.exe (PID: 3628)
      • cmd.exe (PID: 3396)
      • cmd.exe (PID: 1884)
      • cmd.exe (PID: 2920)
      • cmd.exe (PID: 2812)
      • cmd.exe (PID: 680)
      • cmd.exe (PID: 3276)
      • cmd.exe (PID: 3832)
      • cmd.exe (PID: 1356)
      • cmd.exe (PID: 2072)
      • cmd.exe (PID: 2624)
      • cmd.exe (PID: 2900)
      • cmd.exe (PID: 1004)

  • INFO

    • Create files in a temporary directory

      • SystemMechanicStd_DM.exe (PID: 3264)
      • iolo.exe (PID: 2888)
      • LBGovernor.exe (PID: 3960)

    • Creates files in the program directory

      • SystemMechanicStd_DM.exe (PID: 3264)
      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • activebridge.exe (PID: 1460)

    • Checks supported languages

      • SystemMechanicStd_DM.exe (PID: 3264)
      • wmpnscfg.exe (PID: 1852)
      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • nfregdrv.exe (PID: 1868)
      • incinerator.exe (PID: 3972)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • LBGovernor.exe (PID: 3960)
      • activebridge.exe (PID: 1460)

    • Reads the computer name

      • SystemMechanicStd_DM.exe (PID: 3264)
      • wmpnscfg.exe (PID: 1852)
      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • nfregdrv.exe (PID: 1868)
      • incinerator.exe (PID: 3972)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • LBGovernor.exe (PID: 3960)
      • activebridge.exe (PID: 1460)

    • Checks proxy server information

      • SystemMechanicStd_DM.exe (PID: 3264)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 900)

    • Reads the machine GUID from the registry

      • SystemMechanicStd_DM.exe (PID: 3264)
      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • activebridge.exe (PID: 1460)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1852)
      • msedge.exe (PID: 2028)

    • Creates files or folders in the user directory

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 836)
      • regsvr32.exe (PID: 2128)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • activebridge.exe (PID: 1460)

    • Reads Environment values

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • incinerator.exe (PID: 3972)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • activebridge.exe (PID: 1460)

    • Reads product name

      • incinerator.exe (PID: 3972)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • activebridge.exe (PID: 1460)

    • Application launched itself

      • msedge.exe (PID: 3560)
      • msedge.exe (PID: 2028)

    • Reads the time zone

      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • activebridge.exe (PID: 1460)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:01:31 20:12:04+01:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 3523584
InitializedDataSize: 1331200
UninitializedDataSize: -
EntryPoint: 0x35d560
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 3.0.2.5
ProductVersionNumber: 3.0.2.5
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: iolo technologies, LLC
FileDescription: 11A12794-499E-4FA0-A281-A9A9AA8B2685
FileVersion: 3.0.2.5
InternalName: -
LegalCopyright: Copyright 1998-2017 iolo technologies, LLC. All rights reserved.
LegalTrademarks: -
OriginalFileName: -
ProductName: iolo Download Manager
ProductVersion: 3.0.2.5
Comments: Copyright 1998-2017 iolo technologies, LLC. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
126
Monitored processes
68
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start systemmechanicstd_dm.exe wmpnscfg.exe no specs systemmechanic_5488cb36-be62-4606-b07b-2ee938868bd1.exe no specs systemmechanic_5488cb36-be62-4606-b07b-2ee938868bd1.exe nfregdrv.exe no specs incinerator.exe no specs netsh.exe no specs msedge.exe no specs msedge.exe no specs iolo.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs iolotrayapp.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs regsvr32.exe no specs iolotrayapp.exe msedge.exe no specs msedge.exe no specs iolotrayapp.exe lbgovernor.exe no specs activebridge.exe cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
284"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4200 --field-trial-handle=1324,i,8503313347205278193,13480057987983590694,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
296"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1212 --field-trial-handle=1324,i,8503313347205278193,13480057987983590694,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
476"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1324,i,8503313347205278193,13480057987983590694,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
556"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4180 --field-trial-handle=1324,i,8503313347205278193,13480057987983590694,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
680"C:\Windows\System32\cmd.exe" /c netsh int tcp set global rss=enabledC:\Windows\System32\cmd.exeiolo.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
752"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4116 --field-trial-handle=1324,i,8503313347205278193,13480057987983590694,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
836"C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe" C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe
iolo.exe
User:
admin
Company:
RealDefense LLC
Integrity Level:
HIGH
Description:
ioloTrayApp
Exit code:
0
Version:
23.7.2.70
Modules
Images
c:\program files\iolo technologies\system mechanic\iolotrayapp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
900"C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe" C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe
iolo.exe
User:
admin
Company:
RealDefense LLC
Integrity Level:
HIGH
Description:
ioloTrayApp
Exit code:
0
Version:
23.7.2.70
Modules
Images
c:\program files\iolo technologies\system mechanic\iolotrayapp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
944netsh int ipv4 set glob defaultcurhoplimit=64C:\Windows\System32\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
952"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x61a9f598,0x61a9f5a8,0x61a9f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
37 818
Read events
36 733
Write events
1 024
Delete events
61

Modification events

(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005A010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1988) SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(1988) SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1868) nfregdrv.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\GroupOrderList
Operation:writeName:PNP_TDI
Value:
080000000500000001000000020000000300000004000000060000000700000008000000
(PID) Process:(1988) SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
122
Suspicious files
180
Text files
67
Unknown types
0

Dropped files

PID
Process
Filename
Type
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\msalruntime_x86.dllexecutable
MD5:E33A853CC890EDBF755A826C8D6B69EF
SHA256:944B610EC6F6DB40B659E40765BCCF3DC13977AFA9B1761A347B388FA6959C03
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\WebView2Loader.dllexecutable
MD5:1AC210F528167000E98D9084A433D589
SHA256:98F248F90877695B24B68E89CEF35F5691937BBC798F39C06D72E8920138D0D7
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\log4net.dllexecutable
MD5:DF13D37280B87A94E4FDA6DB5C1F2F03
SHA256:B17EA1C52078A05533093DF8993D79A7CBD87EC11CA83CFD93D286DD2D352B27
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Incinerator.exeexecutable
MD5:3341FC07A1620B35FF45B298DF71DC61
SHA256:F2BB6A4AA49E6BC154C9984C5EE82B5E9A3C1AB95BF6AAB9F61DE6C895A026EC
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Microsoft.Expression.Effects.dllexecutable
MD5:18DB3E02D95A16FD502C7C091C0361D9
SHA256:34843CFEA24B713B1B5FD9A93C61D7C6D3FA320DBB84DF60D9D48C5560C79452
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Microsoft.Expression.Drawing.xmlxml
MD5:2629649DDCF3B7BE1E3CE5BD0D5C932E
SHA256:D9B69F8924C08EB7923B92E86B43661138EF83869D28EB50208C4B93E63BCC84
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Microsoft.Practices.Prism.dllexecutable
MD5:2A532749F77D7EF8C54798B5C5D4105F
SHA256:F1043059A9A6630D152BB6A56EFFB3F1E295546AB4CF791487762571866B740F
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Microsoft.Expression.Interactions.dllexecutable
MD5:3034CC0D5CF3731ED90153AA616F3F59
SHA256:63CD5E8A60D77D1007352538A4285C60C0C3EFB9C771035589105A284E4F63A9
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Microsoft.Practices.Prism.MefExtensions.dllexecutable
MD5:1C4B7B8B9CD1C6672016FE5220C6F41F
SHA256:51B59720C5AEFEF16BC277E8AA4810DA540EA3C976A44D4A42AB0FE3A3915ABC
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Microsoft.Practices.Prism.Interactivity.dllexecutable
MD5:2C4026891162CA400E69AD7F3C746B88
SHA256:2690F68234057E01A0E0AF4490ECEE4A7206B11D91443336C0780DEB9896943F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
100
DNS requests
119
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3264
SystemMechanicStd_DM.exe
POST
200
20.157.87.45:80
http://svc.iolo.com/__svc/sbv/DownloadManager.ashx
unknown
text
256 b
unknown
868
svchost.exe
HEAD
200
169.150.247.34:80
http://download.iolo.net/sm/23/11A12794-499E-4FA0-A281-A9A9AA8B2685/23.7.2.70/SystemMechanic.exe
unknown
unknown
868
svchost.exe
GET
200
169.150.247.34:80
http://download.iolo.net/sm/23/11A12794-499E-4FA0-A281-A9A9AA8B2685/23.7.2.70/SystemMechanic.exe
unknown
executable
56.1 Mb
unknown
3264
SystemMechanicStd_DM.exe
POST
200
20.157.87.45:80
http://svc.iolo.com/__svc/sbv/DownloadManager.ashx
unknown
text
256 b
unknown
2888
iolo.exe
GET
200
138.199.37.225:80
http://download.iolo.net/sm/profiles/default/profiles.dat
unknown
compressed
60.9 Kb
unknown
2888
iolo.exe
GET
200
89.187.169.47:80
http://download.iolo.net/sm/supertuds/default/tud.dat
unknown
compressed
293 Kb
unknown
2888
iolo.exe
GET
200
89.187.169.3:80
http://download.iolo.net/sm/supertuds/default/deceptors.dat
unknown
compressed
240 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
3264
SystemMechanicStd_DM.exe
20.157.87.45:80
svc.iolo.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
868
svchost.exe
169.150.247.34:80
download.iolo.net
GB
unknown
1988
SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
20.9.155.148:443
westus2-2.in.applicationinsights.azure.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1988
SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
20.190.22.230:443
iolo.azure-api.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2888
iolo.exe
138.199.37.225:80
download.iolo.net
Datacamp Limited
DE
unknown
2028
msedge.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
svc.iolo.com
  • 20.157.87.45
unknown
download.iolo.net
  • 169.150.247.34
  • 138.199.37.225
  • 89.187.169.47
  • 89.187.169.3
whitelisted
westus2-2.in.applicationinsights.azure.com
  • 20.9.155.148
  • 20.9.155.145
unknown
iolo.azure-api.net
  • 20.190.22.230
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.iolo.com
  • 52.31.93.31
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.31.251.109
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
assets.iolo.com
  • 169.150.247.38
unknown

Threats

PID
Process
Class
Message
868
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2888
iolo.exe
Attempted Administrator Privilege Gain
AV EXPLOIT Potential ZIP file exploiting CVE-2023-36413
2 ETPRO signatures available at the full report
Process
Message
SystemMechanicStd_DM.exe
-> No proxy. Direct connection
SystemMechanicStd_DM.exe
PerformGetOrPost : Attempting a POST on http://svc.iolo.com/__svc/sbv/DownloadManager.ashx.
SystemMechanicStd_DM.exe
IsValidCommunication : Result := True.
SystemMechanicStd_DM.exe
PerformGetOrPost : Attempting a POST on http://svc.iolo.com/__svc/sbv/DownloadManager.ashx.
SystemMechanicStd_DM.exe
-> No proxy. Direct connection
SystemMechanicStd_DM.exe
IsValidCommunication : Result := True.
SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
Telemetry track event installation
iolo.exe
iolo.exe InitializeToolkit enter False
iolo.exe
Log enabled 0
ioloTrayApp.exe
Log enabled 0
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SystemMechanicStd_DM.exe