Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SystemMechanic_Ultimate_Defense (1).exe
|
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\iolo technologies\logs\bootstrap.log
|
ASCII text, with CRLF line terminators
|
dropped
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Users\user\Desktop\SystemMechanic_Ultimate_Defense (1).exe
|
"C:\Users\user\Desktop\SystemMechanic_Ultimate_Defense (1).exe"
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://scripts.sil.org/OFLThis
|
unknown
|
||
|
https://github.com/itfoundry/Poppins)&&&&z
|
unknown
|
||
|
https://github.com/itfoundry/Poppins)
|
unknown
|
||
|
https://monitor.azure.com//.default
|
unknown
|
||
|
https://github.com/itfoundry/Poppins)&&&&v
|
unknown
|
||
|
https://snapshot.monitor.azure.com/&
|
unknown
|
||
|
https://api.iolo.net/ent/v2
|
unknown
|
||
|
https://www.iolo.com/company/legal/eula/
|
unknown
|
||
|
https://www.newtonsoft.com/json
|
unknown
|
||
|
https://scripts.sil.org/OFLhttps://indiantypefoundry.comNinad
|
unknown
|
||
|
https://www.iolo.com/company/legal/sales-policy/
|
unknown
|
||
|
http://download.iolo.net/phoenix360/MalwareKillerSetup.exe
|
unknown
|
||
|
http://download.iolo.net/phoenix360/SystemMechanic_PRO.exeHq
|
unknown
|
||
|
http://www.iolo.com/products/byepass/activation/Hq
|
unknown
|
||
|
https://support.iolo.com/support/solutions/articles/44001781185?
|
unknown
|
||
|
http://www.codeplex.com/prism
|
unknown
|
||
|
https://taskscheduler.codeplex.com/
|
unknown
|
||
|
https://www.iolo.com/company/legal/privacy/?
|
unknown
|
||
|
http://download.iolo.net/phoenix360/MalwareKillerSetup.exeHq
|
unknown
|
||
|
http://www.codeplex.com/CompositeWPF
|
unknown
|
||
|
https://support.iolo.com/support/solutions/articles/44001781185
|
unknown
|
||
|
https://scripts.sil.org/OFL
|
unknown
|
||
|
https://taskscheduler.codeplex.com/H
|
unknown
|
||
|
https://westus2-2.in.applicationinsights.azure.com/;LiveEndpoint=https://westus2.livediagnostics.mon
|
unknown
|
||
|
http://compositewpf.codeplex.com/
|
unknown
|
||
|
https://www.iolo.com/company/legal/sales-policy/?
|
unknown
|
||
|
https://scripts.sil.org/OFLX8
|
unknown
|
||
|
https://dc.services.visualstudio.com/Jhttps://rt.services.visualstudio.com/Fhttps://profiler.monitor
|
unknown
|
||
|
http://dejavu.sourceforge.net/wiki/index.php/Licensehttp://dejavu.sourceforge.net/wiki/index.php/Lic
|
unknown
|
||
|
https://webhooklistenersfunc.azurewebsites.net/api/lookup/constella-dark-web-alerts
|
unknown
|
||
|
https://indiantypefoundry.com
|
unknown
|
||
|
https://download.avira.com/download/
|
unknown
|
||
|
http://www.codeplex.com/prism#Microsoft.Practices.Prism.ViewModel
|
unknown
|
||
|
https://github.com/JamesNK/Newtonsoft.Json
|
unknown
|
||
|
http://dejavu.sourceforge.net
|
unknown
|
||
|
http://download.iolo.net/phoenix360/PrivacyGuardianSetup.exe
|
unknown
|
||
|
https://www.iolo.com/company/legal/privacy/
|
unknown
|
||
|
https://github.com/microsoft/ApplicationInsights-dotnet/issues/2560
|
unknown
|
||
|
http://download.iolo.net/ds/4/en/images/dsUSB.imaRealDefense
|
unknown
|
||
|
https://rt.services.visualstudio.com/l
|
unknown
|
||
|
http://dejavu.sourceforge.nethttp://dejavu.sourceforge.netFonts
|
unknown
|
||
|
https://iolo.comH42652B74-0AD8-4B60-B8FD-69ED38F7666B
|
unknown
|
||
|
http://james.newtonking.com/projects/json
|
unknown
|
||
|
http://www.iolo.com/products/byepass/welcome/?utm_source=bp&utm_medium=product&p=d59cc353-e8e4-4f42-
|
unknown
|
||
|
https://profiler.monitor.azure.com/l
|
unknown
|
||
|
http://www.iolo.com/products/byepass/activation/
|
unknown
|
||
|
https://dc.services.visualstudio.com/f
|
unknown
|
||
|
https://github.com/Microsoft/ApplicationInsights-dotnetw
|
unknown
|
||
|
https://dc.services.visualstudio.com/api/profiles/
|
unknown
|
||
|
https://api.iolo.net/ent/staging
|
unknown
|
||
|
https://github.com/Microsoft/ApplicationInsights-dotnet
|
unknown
|
||
|
http://svc.iolo.com/__svc/sbv/Uninstall.ashx
|
unknown
|
||
|
https://www.newtonsoft.com/jsonschema
|
unknown
|
||
|
http://download.iolo.net/phoenix360/SystemMechanic_PRO.exe
|
unknown
|
||
|
https://github.com/itfoundry/Poppins)&&&&l
|
unknown
|
||
|
https://www.nuget.org/packages/Newtonsoft.Json.Bson
|
unknown
|
||
|
https://www.iolo.com/company/legal/eula/?
|
unknown
|
||
|
https://github.com/itfoundry/Poppins)&&&&s
|
unknown
|
||
|
http://dejavu.sourceforge.net/wiki/index.php/License
|
unknown
|
||
|
https://github.com/itfoundry/Poppins)&&&&r
|
unknown
|
||
|
http://download.iolo.net/phoenix360/PrivacyGuardianSetup.exeHq
|
unknown
|
||
|
https://github.com/itfoundry/Poppins)&&&&o
|
unknown
|
||
|
https://github.com/itfoundry/Poppins)&&&&m
|
unknown
|
There are 53 hidden URLs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
1FA7AF92000
|
unkown
|
page readonly
|
|
|
|
1FA1A520000
|
trusted library section
|
page read and write
|
|
|
|
1FA1A390000
|
trusted library section
|
page read and write
|
|
|
|
1FA7E192000
|
unkown
|
page readonly
|
|
|
|
1FA7AF90000
|
unkown
|
page readonly
|
||
|
1FA1E940000
|
heap
|
page read and write
|
||
|
7FFD9B764000
|
trusted library allocation
|
page read and write
|
||
|
1FA7D792000
|
unkown
|
page readonly
|
||
|
1FA7EB28000
|
heap
|
page read and write
|
||
|
1FA20A30000
|
heap
|
page execute and read and write
|
||
|
7FF4B969B000
|
trusted library allocation
|
page execute read
|
||
|
7FF4B96A0000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA01F77000
|
trusted library allocation
|
page read and write
|
||
|
1FA1A410000
|
heap
|
page read and write
|
||
|
7FFD9BA97000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E86F000
|
heap
|
page read and write
|
||
|
1FA1A1C0000
|
trusted library section
|
page read and write
|
||
|
1FA1E8FE000
|
heap
|
page read and write
|
||
|
7FFD9B990000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E943000
|
heap
|
page read and write
|
||
|
1FA7EE50000
|
heap
|
page read and write
|
||
|
7FFD9B9E9000
|
trusted library allocation
|
page read and write
|
||
|
1FA1A357000
|
heap
|
page read and write
|
||
|
1FA7EA40000
|
heap
|
page read and write
|
||
|
1FA1AAA0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B880000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA1E706000
|
heap
|
page read and write
|
||
|
7E357FD000
|
stack
|
page read and write
|
||
|
1FA7AF90000
|
unkown
|
page readonly
|
||
|
7FFD9B912000
|
trusted library allocation
|
page read and write
|
||
|
1FA1ECB0000
|
trusted library section
|
page readonly
|
||
|
1FA01990000
|
heap
|
page execute and read and write
|
||
|
1FA1A361000
|
heap
|
page read and write
|
||
|
1FA7EE70000
|
heap
|
page read and write
|
||
|
7FFD9B9E0000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E9B4000
|
heap
|
page read and write
|
||
|
7FFD9B98D000
|
trusted library allocation
|
page read and write
|
||
|
1FA1A29E000
|
heap
|
page read and write
|
||
|
7FFD9BA30000
|
trusted library allocation
|
page read and write
|
||
|
1FA1ABB0000
|
trusted library allocation
|
page read and write
|
||
|
1FA0180E000
|
heap
|
page read and write
|
||
|
7FFD9B780000
|
trusted library allocation
|
page read and write
|
||
|
1FA1AA70000
|
trusted library section
|
page read and write
|
||
|
1FA1E4DB000
|
heap
|
page read and write
|
||
|
1FA1E94A000
|
heap
|
page read and write
|
||
|
1FA1E451000
|
heap
|
page read and write
|
||
|
1FA019F0000
|
heap
|
page read and write
|
||
|
1FA1E473000
|
heap
|
page read and write
|
||
|
1FA1A2DA000
|
heap
|
page read and write
|
||
|
1FA01910000
|
trusted library allocation
|
page read and write
|
||
|
1FA19A30000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E6A1000
|
heap
|
page read and write
|
||
|
7FFD9B902000
|
trusted library allocation
|
page read and write
|
||
|
1FA1A35B000
|
heap
|
page read and write
|
||
|
7FFD9B784000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E93B000
|
heap
|
page read and write
|
||
|
1FA1E5AA000
|
heap
|
page read and write
|
||
|
7FFD9B820000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B952000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B7BC000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9BA60000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E516000
|
heap
|
page read and write
|
||
|
7FFD9B9D0000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA40000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B92E000
|
trusted library allocation
|
page read and write
|
||
|
7FF4B9693000
|
trusted library allocation
|
page execute read
|
||
|
1FA1A36A000
|
heap
|
page read and write
|
||
|
7FF4B9694000
|
trusted library allocation
|
page readonly
|
||
|
7FFD9B9B7000
|
trusted library allocation
|
page read and write
|
||
|
1FA019E0000
|
trusted library section
|
page read and write
|
||
|
1FA1A2F9000
|
heap
|
page read and write
|
||
|
7FFD9B920000
|
trusted library allocation
|
page read and write
|
||
|
1FA7EA20000
|
heap
|
page read and write
|
||
|
7E351AB000
|
stack
|
page read and write
|
||
|
1FA1A46D000
|
heap
|
page read and write
|
||
|
7E35DF4000
|
stack
|
page read and write
|
||
|
1FA1E45A000
|
heap
|
page read and write
|
||
|
1FA1E435000
|
heap
|
page read and write
|
||
|
7FFD9B93E000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E60D000
|
heap
|
page read and write
|
||
|
7FFD9B770000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B934000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E417000
|
heap
|
page read and write
|
||
|
7FFD9BA5A000
|
trusted library allocation
|
page read and write
|
||
|
7FF4B969F000
|
trusted library allocation
|
page execute read
|
||
|
1FA7EBB0000
|
heap
|
page read and write
|
||
|
1FA7EAC8000
|
heap
|
page read and write
|
||
|
1FA1A1F0000
|
heap
|
page read and write
|
||
|
1FA1A300000
|
heap
|
page read and write
|
||
|
1FA1E762000
|
heap
|
page read and write
|
||
|
1FA1ABA0000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E6EB000
|
heap
|
page read and write
|
||
|
1FA1AB70000
|
trusted library allocation
|
page read and write
|
||
|
1FA7EA60000
|
heap
|
page read and write
|
||
|
7FFD9B95A000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B760000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E47C000
|
heap
|
page read and write
|
||
|
7FFD9B940000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E6E8000
|
heap
|
page read and write
|
||
|
1FA1E78A000
|
heap
|
page read and write
|
||
|
1FA11A1C000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E421000
|
heap
|
page read and write
|
||
|
1FA1E525000
|
heap
|
page read and write
|
||
|
7FF4B9697000
|
trusted library allocation
|
page execute read
|
||
|
1FA1E60A000
|
heap
|
page read and write
|
||
|
7FFD9BA00000
|
trusted library allocation
|
page read and write
|
||
|
1FA7EE55000
|
heap
|
page read and write
|
||
|
1FA1E6C8000
|
heap
|
page read and write
|
||
|
7FF4B9683000
|
trusted library allocation
|
page execute read
|
||
|
1FA1E713000
|
heap
|
page read and write
|
||
|
1FA7EB2B000
|
heap
|
page read and write
|
||
|
1FA7EAFE000
|
heap
|
page read and write
|
||
|
7FFD9BA80000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E765000
|
heap
|
page read and write
|
||
|
1FA1E50C000
|
heap
|
page read and write
|
||
|
1FA11A01000
|
trusted library allocation
|
page read and write
|
||
|
1FA11AD9000
|
trusted library allocation
|
page read and write
|
||
|
7FF4B969E000
|
trusted library allocation
|
page readonly
|
||
|
1FA1A276000
|
heap
|
page read and write
|
||
|
1FA1AB50000
|
trusted library allocation
|
page read and write
|
||
|
1FA7B992000
|
unkown
|
page readonly
|
||
|
1FA1E6FE000
|
heap
|
page read and write
|
||
|
1FA1E874000
|
heap
|
page read and write
|
||
|
1FA7C392000
|
unkown
|
page readonly
|
||
|
7FFD9B777000
|
trusted library allocation
|
page read and write
|
||
|
1FA1A35E000
|
heap
|
page read and write
|
||
|
1FA1E610000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E5ED000
|
heap
|
page read and write
|
||
|
1FA1E6E4000
|
heap
|
page read and write
|
||
|
1FA1A453000
|
heap
|
page read and write
|
||
|
1FA1A286000
|
heap
|
page read and write
|
||
|
7FFD9BA20000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA7EB01000
|
heap
|
page read and write
|
||
|
1FA7CD92000
|
unkown
|
page readonly
|
||
|
7E35BFB000
|
stack
|
page read and write
|
||
|
7FF4B9695000
|
trusted library allocation
|
page execute read
|
||
|
7FF4B9692000
|
trusted library allocation
|
page readonly
|
||
|
1FA1E70E000
|
heap
|
page read and write
|
||
|
1FA7E93A000
|
unkown
|
page readonly
|
||
|
7FFD9B846000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA1E6D9000
|
heap
|
page read and write
|
||
|
7FF4B9681000
|
trusted library allocation
|
page execute read
|
||
|
7E35CFB000
|
stack
|
page read and write
|
||
|
7FFD9B773000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E665000
|
heap
|
page read and write
|
||
|
1FA1E427000
|
heap
|
page read and write
|
||
|
7FFD9BA10000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E87C000
|
heap
|
page read and write
|
||
|
1FA1E5FA000
|
heap
|
page read and write
|
||
|
1FA1ED44000
|
trusted library allocation
|
page read and write
|
||
|
1FA11A88000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E6DD000
|
heap
|
page read and write
|
||
|
1FA1A370000
|
heap
|
page read and write
|
||
|
1FA01913000
|
trusted library allocation
|
page read and write
|
||
|
1FA1A329000
|
heap
|
page read and write
|
||
|
1FA1A770000
|
trusted library section
|
page read and write
|
||
|
1FA1AB80000
|
trusted library allocation
|
page read and write
|
||
|
1FA019D0000
|
trusted library section
|
page read and write
|
||
|
1FA1E68F000
|
heap
|
page read and write
|
||
|
7FFD9B76D000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA1E6F0000
|
heap
|
page read and write
|
||
|
1FA1E6BB000
|
heap
|
page read and write
|
||
|
1FA1A1F3000
|
heap
|
page read and write
|
||
|
7FF4B9698000
|
trusted library allocation
|
page readonly
|
||
|
1FA7EA10000
|
heap
|
page read and write
|
||
|
1FA1A448000
|
heap
|
page read and write
|
||
|
1FA1AE40000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E46A000
|
heap
|
page read and write
|
||
|
7E35EF0000
|
stack
|
page read and write
|
||
|
1FA1A336000
|
heap
|
page read and write
|
||
|
1FA1E6E1000
|
heap
|
page read and write
|
||
|
1FA1E499000
|
heap
|
page read and write
|
||
|
1FA1A2E1000
|
heap
|
page read and write
|
||
|
7FFD9B970000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B78B000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA1E8B2000
|
heap
|
page read and write
|
||
|
1FA1E854000
|
heap
|
page read and write
|
||
|
1FA1E6C0000
|
heap
|
page read and write
|
||
|
7FF4B969A000
|
trusted library allocation
|
page readonly
|
||
|
7FFD9B9A0000
|
trusted library allocation
|
page read and write
|
||
|
1FA20A50000
|
trusted library allocation
|
page read and write
|
||
|
1FA1AB60000
|
trusted library allocation
|
page read and write
|
||
|
1FA1A359000
|
heap
|
page read and write
|
||
|
7E356FE000
|
stack
|
page read and write
|
||
|
1FA1E56C000
|
heap
|
page read and write
|
||
|
1FA1A32E000
|
heap
|
page read and write
|
||
|
7FFD9B810000
|
trusted library allocation
|
page read and write
|
||
|
7FF4B9699000
|
trusted library allocation
|
page execute read
|
||
|
1FA1A36E000
|
heap
|
page read and write
|
||
|
7FFD9BA70000
|
trusted library allocation
|
page read and write
|
||
|
1FA01A01000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B980000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E410000
|
heap
|
page read and write
|
||
|
7FFD9BA78000
|
trusted library allocation
|
page read and write
|
||
|
1FA1A2D2000
|
heap
|
page read and write
|
||
|
1FA1E6E6000
|
heap
|
page read and write
|
||
|
1FA01970000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E620000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B9F0000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B996000
|
trusted library allocation
|
page read and write
|
||
|
7FF4B9691000
|
trusted library allocation
|
page execute read
|
||
|
1FA1E97F000
|
heap
|
page read and write
|
||
|
1FA1E5B8000
|
heap
|
page read and write
|
||
|
1FA1A270000
|
heap
|
page read and write
|
||
|
1FA017D0000
|
trusted library allocation
|
page read and write
|
||
|
1FA01934000
|
heap
|
page execute and read and write
|
||
|
7FFD9B92B000
|
trusted library allocation
|
page read and write
|
||
|
1FA1A1D0000
|
trusted library section
|
page read and write
|
||
|
1FA1A29B000
|
heap
|
page read and write
|
||
|
7FFD9B910000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B90B000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA50000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E640000
|
heap
|
page read and write
|
||
|
7FFD9B81C000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA1A2F4000
|
heap
|
page read and write
|
||
|
1FA1E630000
|
heap
|
page read and write
|
||
|
7FFD9B9C0000
|
trusted library allocation
|
page read and write
|
||
|
1FA1E86D000
|
heap
|
page read and write
|
||
|
1FA017F0000
|
trusted library allocation
|
page read and write
|
||
|
1FA1A432000
|
heap
|
page read and write
|
||
|
7FFD9B987000
|
trusted library allocation
|
page read and write
|
||
|
1FA1AB90000
|
trusted library allocation
|
page read and write
|
||
|
1FA1A1B0000
|
trusted library section
|
page read and write
|
||
|
7E359FD000
|
stack
|
page read and write
|
||
|
1FA7EAC0000
|
heap
|
page read and write
|
||
|
7FF4B9682000
|
trusted library allocation
|
page readonly
|
||
|
7FFD9B763000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FF4B9680000
|
trusted library allocation
|
page readonly
|
||
|
1FA1ED62000
|
trusted library allocation
|
page read and write
|
||
|
1FA019A0000
|
trusted library section
|
page read and write
|
||
|
7FFD9B77D000
|
trusted library allocation
|
page execute and read and write
|
||
|
7FFD9B930000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9BA90000
|
trusted library allocation
|
page read and write
|
||
|
7FFD9B960000
|
trusted library allocation
|
page execute and read and write
|
||
|
1FA1A465000
|
heap
|
page read and write
|
||
|
1FA01930000
|
heap
|
page execute and read and write
|
||
|
1FA1E4A4000
|
heap
|
page read and write
|
||
|
1FA1E71B000
|
heap
|
page read and write
|
||
|
1FA1E41A000
|
heap
|
page read and write
|
||
|
7FFD9B816000
|
trusted library allocation
|
page read and write
|
||
|
7FF4B9696000
|
trusted library allocation
|
page readonly
|
||
|
7E35FFB000
|
stack
|
page read and write
|
||
|
1FA11A21000
|
trusted library allocation
|
page read and write
|
||
|
1FA7EE75000
|
heap
|
page read and write
|
||
|
1FA1E70C000
|
heap
|
page read and write
|
||
|
1FA1A420000
|
heap
|
page read and write
|
There are 236 hidden memdumps, click here to show them.