File name:

SystemMechanicStd_DM.exe

Full analysis: https://app.any.run/tasks/9dd6874c-fc0a-473e-b225-4e26cb5bb8aa
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 10, 2023, 14:06:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

397926927BCA55BE4A77839B1C44DE6E

SHA1:

E10F3434EF3021C399DBBA047832F02B3C898DBD

SHA256:

4F07E1095CC915B2D46EB149D1C3BE14F3F4B4BD2742517265947FD23BDCA5A7

SSDEEP:

98304:fD8Txkkxu60wIO3Fv2W+oekubm6RBUZctukdazmSsMqwDc2bISfz1:6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Steals credentials from Web Browsers

      • ioloTrayApp.exe (PID: 836)
      • iolo.exe (PID: 2888)

    • Actions looks like stealing of personal data

      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 900)

    • Registers / Runs the DLL via REGSVR32.EXE

      • iolo.exe (PID: 2888)

    • Drops the executable file immediately after the start

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

  • SUSPICIOUS

    • Reads the Internet Settings

      • SystemMechanicStd_DM.exe (PID: 3264)
      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 900)
      • activebridge.exe (PID: 1460)

    • Searches for installed software

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)

    • Process drops legitimate windows executable

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Creates files in the driver directory

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Process drops SQLite DLL files

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Drops a system driver (possible attempt to evade defenses)

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Reads settings of System Certificates

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • activebridge.exe (PID: 1460)
      • ioloTrayApp.exe (PID: 900)

    • Reads Microsoft Outlook installation path

      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 900)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)

    • Reads Internet Explorer settings

      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 900)

    • Starts CMD.EXE for commands execution

      • iolo.exe (PID: 2888)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 3396)
      • cmd.exe (PID: 1884)
      • cmd.exe (PID: 3832)
      • cmd.exe (PID: 3628)
      • cmd.exe (PID: 2624)
      • cmd.exe (PID: 2072)
      • cmd.exe (PID: 3276)
      • cmd.exe (PID: 2920)
      • cmd.exe (PID: 680)
      • cmd.exe (PID: 2812)
      • cmd.exe (PID: 1356)
      • cmd.exe (PID: 1004)
      • cmd.exe (PID: 3832)
      • cmd.exe (PID: 2900)

  • INFO

    • Creates files in the program directory

      • SystemMechanicStd_DM.exe (PID: 3264)
      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • activebridge.exe (PID: 1460)

    • Checks supported languages

      • SystemMechanicStd_DM.exe (PID: 3264)
      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • wmpnscfg.exe (PID: 1852)
      • incinerator.exe (PID: 3972)
      • nfregdrv.exe (PID: 1868)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • LBGovernor.exe (PID: 3960)
      • activebridge.exe (PID: 1460)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1852)
      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • nfregdrv.exe (PID: 1868)
      • SystemMechanicStd_DM.exe (PID: 3264)
      • iolo.exe (PID: 2888)
      • incinerator.exe (PID: 3972)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • LBGovernor.exe (PID: 3960)
      • activebridge.exe (PID: 1460)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1852)
      • msedge.exe (PID: 2028)

    • Reads the machine GUID from the registry

      • SystemMechanicStd_DM.exe (PID: 3264)
      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • activebridge.exe (PID: 1460)

    • Checks proxy server information

      • SystemMechanicStd_DM.exe (PID: 3264)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 900)

    • Create files in a temporary directory

      • SystemMechanicStd_DM.exe (PID: 3264)
      • iolo.exe (PID: 2888)
      • LBGovernor.exe (PID: 3960)

    • Creates files or folders in the user directory

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 836)
      • regsvr32.exe (PID: 2128)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • activebridge.exe (PID: 1460)

    • Reads Environment values

      • SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe (PID: 1988)
      • iolo.exe (PID: 2888)
      • incinerator.exe (PID: 3972)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • activebridge.exe (PID: 1460)

    • Reads product name

      • iolo.exe (PID: 2888)
      • incinerator.exe (PID: 3972)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 2060)
      • ioloTrayApp.exe (PID: 900)
      • activebridge.exe (PID: 1460)

    • Reads the time zone

      • iolo.exe (PID: 2888)
      • ioloTrayApp.exe (PID: 836)
      • ioloTrayApp.exe (PID: 900)
      • ioloTrayApp.exe (PID: 2060)
      • activebridge.exe (PID: 1460)

    • Application launched itself

      • msedge.exe (PID: 2028)
      • msedge.exe (PID: 3560)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:01:31 20:12:04+01:00
ImageFileCharacteristics: Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 3523584
InitializedDataSize: 1331200
UninitializedDataSize: -
EntryPoint: 0x35d560
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 3.0.2.5
ProductVersionNumber: 3.0.2.5
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: iolo technologies, LLC
FileDescription: 11A12794-499E-4FA0-A281-A9A9AA8B2685
FileVersion: 3.0.2.5
InternalName: -
LegalCopyright: Copyright 1998-2017 iolo technologies, LLC. All rights reserved.
LegalTrademarks: -
OriginalFileName: -
ProductName: iolo Download Manager
ProductVersion: 3.0.2.5
Comments: Copyright 1998-2017 iolo technologies, LLC. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
126
Monitored processes
68
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start systemmechanicstd_dm.exe wmpnscfg.exe no specs systemmechanic_5488cb36-be62-4606-b07b-2ee938868bd1.exe no specs systemmechanic_5488cb36-be62-4606-b07b-2ee938868bd1.exe nfregdrv.exe no specs incinerator.exe no specs netsh.exe no specs msedge.exe no specs msedge.exe no specs iolo.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs iolotrayapp.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs regsvr32.exe no specs iolotrayapp.exe msedge.exe no specs msedge.exe no specs iolotrayapp.exe lbgovernor.exe no specs activebridge.exe cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs netsh.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs netsh.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
284"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4200 --field-trial-handle=1324,i,8503313347205278193,13480057987983590694,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
296"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1212 --field-trial-handle=1324,i,8503313347205278193,13480057987983590694,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
476"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1324,i,8503313347205278193,13480057987983590694,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
556"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4180 --field-trial-handle=1324,i,8503313347205278193,13480057987983590694,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
680"C:\Windows\System32\cmd.exe" /c netsh int tcp set global rss=enabledC:\Windows\System32\cmd.exeiolo.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
752"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4116 --field-trial-handle=1324,i,8503313347205278193,13480057987983590694,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
836"C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe" C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe
iolo.exe
User:
admin
Company:
RealDefense LLC
Integrity Level:
HIGH
Description:
ioloTrayApp
Exit code:
0
Version:
23.7.2.70
Modules
Images
c:\program files\iolo technologies\system mechanic\iolotrayapp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
900"C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe" C:\Program Files\iolo technologies\System Mechanic\ioloTrayApp.exe
iolo.exe
User:
admin
Company:
RealDefense LLC
Integrity Level:
HIGH
Description:
ioloTrayApp
Exit code:
0
Version:
23.7.2.70
Modules
Images
c:\program files\iolo technologies\system mechanic\iolotrayapp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
944netsh int ipv4 set glob defaultcurhoplimit=64C:\Windows\System32\netsh.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
952"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x61a9f598,0x61a9f5a8,0x61a9f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
37 818
Read events
36 733
Write events
1 024
Delete events
61

Modification events

(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005A010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3264) SystemMechanicStd_DM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1988) SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(1988) SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1868) nfregdrv.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\GroupOrderList
Operation:writeName:PNP_TDI
Value:
080000000500000001000000020000000300000004000000060000000700000008000000
(PID) Process:(1988) SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
122
Suspicious files
180
Text files
67
Unknown types
0

Dropped files

PID
Process
Filename
Type
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\ProgramData\iolo technologies\logs\bootstrap.logtext
MD5:9A23C823C480650A8B4BED8BA46944B1
SHA256:B312081784C3D9521D1126CE8D68679AC096F38DF201ACC9D19623F24DB4A2E9
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Microsoft.Expression.Interactions.dllexecutable
MD5:3034CC0D5CF3731ED90153AA616F3F59
SHA256:63CD5E8A60D77D1007352538A4285C60C0C3EFB9C771035589105A284E4F63A9
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Users\admin\AppData\Local\Microsoft\ApplicationInsights\47dcca04762a106e6b55dd88274558025456a143c2b1d8c4b4388b40b1f29722\2drcopxu.24hbinary
MD5:93B885ADFE0DA089CDF634904FD59F71
SHA256:6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
3264SystemMechanicStd_DM.exeC:\ProgramData\iolo\logs\WSComm.logtext
MD5:CE8CE000E32BB2D8465FDAC5264E2247
SHA256:2B7FED4C68A861F6E392F7DCFBF7333ABADB44C3E654C6CB1900E28B50EBDFAB
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Microsoft.mshtml.dllexecutable
MD5:A94A1EA53A0D6503478EC489086063AB
SHA256:5B7F75626CD157174842A35930FFFCA9A7F28B7D78FC7CA27ABB08BBDEFE244F
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Microsoft.Practices.Prism.MefExtensions.dllexecutable
MD5:1C4B7B8B9CD1C6672016FE5220C6F41F
SHA256:51B59720C5AEFEF16BC277E8AA4810DA540EA3C976A44D4A42AB0FE3A3915ABC
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\defrag.dllexecutable
MD5:22644C789E27747E12480F0AA415A961
SHA256:1872157E08B029E06A0458572D57447940DB2DDC5ACCA57C214F105D3B0FE96D
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Incinerator.exeexecutable
MD5:3341FC07A1620B35FF45B298DF71DC61
SHA256:F2BB6A4AA49E6BC154C9984C5EE82B5E9A3C1AB95BF6AAB9F61DE6C895A026EC
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\Incinerator.dllexecutable
MD5:0CBBA4C63669E7000FA7701EEC0A442C
SHA256:EFEEDB0BE7FB388C2AD3E0FA8B2F2A5E1D299009A7AB3059710B0ABC456B0886
1988SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exeC:\Program Files\iolo technologies\System Mechanic\log4net.dllexecutable
MD5:DF13D37280B87A94E4FDA6DB5C1F2F03
SHA256:B17EA1C52078A05533093DF8993D79A7CBD87EC11CA83CFD93D286DD2D352B27
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
100
DNS requests
119
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3264
SystemMechanicStd_DM.exe
POST
200
20.157.87.45:80
http://svc.iolo.com/__svc/sbv/DownloadManager.ashx
unknown
text
256 b
unknown
868
svchost.exe
HEAD
200
169.150.247.34:80
http://download.iolo.net/sm/23/11A12794-499E-4FA0-A281-A9A9AA8B2685/23.7.2.70/SystemMechanic.exe
unknown
unknown
868
svchost.exe
GET
200
169.150.247.34:80
http://download.iolo.net/sm/23/11A12794-499E-4FA0-A281-A9A9AA8B2685/23.7.2.70/SystemMechanic.exe
unknown
executable
56.1 Mb
unknown
3264
SystemMechanicStd_DM.exe
POST
200
20.157.87.45:80
http://svc.iolo.com/__svc/sbv/DownloadManager.ashx
unknown
text
256 b
unknown
2888
iolo.exe
GET
200
89.187.169.47:80
http://download.iolo.net/sm/supertuds/default/tud.dat
unknown
compressed
293 Kb
unknown
2888
iolo.exe
GET
200
138.199.37.225:80
http://download.iolo.net/sm/profiles/default/profiles.dat
unknown
compressed
60.9 Kb
unknown
2888
iolo.exe
GET
200
89.187.169.3:80
http://download.iolo.net/sm/supertuds/default/deceptors.dat
unknown
compressed
240 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
3264
SystemMechanicStd_DM.exe
20.157.87.45:80
svc.iolo.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
868
svchost.exe
169.150.247.34:80
download.iolo.net
GB
unknown
1988
SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
20.9.155.148:443
westus2-2.in.applicationinsights.azure.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1988
SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
20.190.22.230:443
iolo.azure-api.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2888
iolo.exe
138.199.37.225:80
download.iolo.net
Datacamp Limited
DE
unknown
2028
msedge.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
svc.iolo.com
  • 20.157.87.45
unknown
download.iolo.net
  • 169.150.247.34
  • 138.199.37.225
  • 89.187.169.47
  • 89.187.169.3
whitelisted
westus2-2.in.applicationinsights.azure.com
  • 20.9.155.148
  • 20.9.155.145
unknown
iolo.azure-api.net
  • 20.190.22.230
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.iolo.com
  • 52.31.93.31
unknown
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
nav-edge.smartscreen.microsoft.com
  • 20.31.251.109
whitelisted
data-edge.smartscreen.microsoft.com
  • 20.105.95.163
whitelisted
assets.iolo.com
  • 169.150.247.38
unknown

Threats

PID
Process
Class
Message
868
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2888
iolo.exe
Attempted Administrator Privilege Gain
AV EXPLOIT Potential ZIP file exploiting CVE-2023-36413
2 ETPRO signatures available at the full report
Process
Message
SystemMechanicStd_DM.exe
-> No proxy. Direct connection
SystemMechanicStd_DM.exe
PerformGetOrPost : Attempting a POST on http://svc.iolo.com/__svc/sbv/DownloadManager.ashx.
SystemMechanicStd_DM.exe
IsValidCommunication : Result := True.
SystemMechanicStd_DM.exe
PerformGetOrPost : Attempting a POST on http://svc.iolo.com/__svc/sbv/DownloadManager.ashx.
SystemMechanicStd_DM.exe
-> No proxy. Direct connection
SystemMechanicStd_DM.exe
IsValidCommunication : Result := True.
SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
Telemetry track event installation
iolo.exe
iolo.exe InitializeToolkit enter False
iolo.exe
Log enabled 0
ioloTrayApp.exe
Log enabled 0
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SystemMechanicStd_DM.exe