General Info

File name

IDoserPremiumSetup.exe

Full analysis
https://app.any.run/tasks/f621bea9-41b8-4852-b855-021bd23fede3
Verdict
Malicious activity
Analysis date
6/12/2019, 05:04:06
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

da4416afe409d5ee5ff1588f66534fdd

SHA1

3184e3b73c68e97b02791f6c56d986c98e3ae3f0

SHA256

9b91a426c323e22eb3cb82cb42b7a77fc8a70deb354cf7ad68b2c23477cd99f5

SSDEEP

196608:rDggsP9ZgWLsdqzI+zOwps7z+kukwrRdk5rAhMp3JZ:rDKejqceOwcStkw05rAsz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • IDoser.exe (PID: 3604)
  • IDoserPremiumSetup.exe (PID: 3640)
Application was dropped or rewritten from another process
  • IDoser.exe (PID: 3604)
Check for Java to be installed
  • iexplore.exe (PID: 2292)
Reads Environment values
  • IDoser.exe (PID: 3604)
Creates files in the user directory
  • IDoser.exe (PID: 3604)
Modifies the open verb of a shell class
  • IDoser.exe (PID: 3604)
Starts Internet Explorer
  • IDoserPremiumSetup.exe (PID: 3640)
Creates a software uninstall entry
  • IDoserPremiumSetup.exe (PID: 3640)
Creates files in the program directory
  • IDoserPremiumSetup.exe (PID: 3640)
Executable content was dropped or overwritten
  • IDoserPremiumSetup.exe (PID: 3640)
Reads Internet Cache Settings
  • iexplore.exe (PID: 2292)
  • iexplore.exe (PID: 3032)
Creates files in the user directory
  • iexplore.exe (PID: 3032)
Changes settings of System certificates
  • iexplore.exe (PID: 3032)
Changes internet zones settings
  • iexplore.exe (PID: 2292)
Application launched itself
  • iexplore.exe (PID: 2292)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 3032)
Reads internet explorer settings
  • iexplore.exe (PID: 3032)
Dropped object may contain Bitcoin addresses
  • IDoser.exe (PID: 3604)
  • IDoserPremiumSetup.exe (PID: 3640)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2010:04:10 14:19:31+02:00
PEType:
PE32
LinkerVersion:
9
CodeSize:
25600
InitializedDataSize:
431104
UninitializedDataSize:
16896
EntryPoint:
0x354b
OSVersion:
5
ImageVersion:
6
SubsystemVersion:
5
Subsystem:
Windows GUI
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
10-Apr-2010 12:19:31
Detected languages
English - United States
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E0
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
10-Apr-2010 12:19:31
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x000063A2 0x00006400 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.48045
.rdata 0x00008000 0x000018F2 0x00001A00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.88829
.data 0x0000A000 0x0006669C 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 1.42988
.ndata 0x00071000 0x00131000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x001A2000 0x00017C68 0x00017E00 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 7.73194
Resources
1

2

3

4

5

103

105

106

107

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
42
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

+
drop and start start idoserpremiumsetup.exe no specs idoserpremiumsetup.exe idoser.exe iexplore.exe iexplore.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3460
CMD
"C:\Users\admin\AppData\Local\Temp\IDoserPremiumSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\IDoserPremiumSetup.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\idoserpremiumsetup.exe
c:\systemroot\system32\ntdll.dll

PID
3640
CMD
"C:\Users\admin\AppData\Local\Temp\IDoserPremiumSetup.exe"
Path
C:\Users\admin\AppData\Local\Temp\IDoserPremiumSetup.exe
Indicators
Parent process
––
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Version
Modules
Image
c:\users\admin\appdata\local\temp\idoserpremiumsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsd521d.tmp\userinfo.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsd521d.tmp\nsdialogs.dll
c:\windows\system32\comdlg32.dll
c:\users\admin\appdata\local\temp\nsd521d.tmp\system.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\i-doser premium\idoser.exe
c:\program files\i-doser premium\uninstall.exe
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\netutils.dll

PID
3604
CMD
"C:\Program Files\I-Doser Premium\IDoser.exe"
Path
C:\Program Files\I-Doser Premium\IDoser.exe
Indicators
Parent process
IDoserPremiumSetup.exe
User
admin
Integrity Level
HIGH
Version:
Company
Description
IDoser
Version
5.0.*
Modules
Image
c:\program files\i-doser premium\idoser.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\mscorlib\225759bb87c854c0fff27b1d84858c21\mscorlib.ni.dll
c:\windows\system32\cryptbase.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system\52cca48930e580e3189eac47158c20be\system.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.core\55560c2014611e9119f99923c9ebdeef\system.core.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\32512bd09e2231f6eebb15fc17e3ad79\windowsbase.ni.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\416ba33cb980d07643e82c4c45bd5786\presentationcore.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\da36abbea6ef456f432434d4d8d835c1\presentationframework.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\clrjit.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.runt73a1fc9d#\647f9e8a4465888d8348c3f66611c463\system.runtime.remoting.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xaml\6d09f865a22e2f903b74476769e1b76a\system.xaml.ni.dll
c:\windows\system32\dwrite.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll
c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.configuration\46957030830964165644b52b0696c5d9\system.configuration.ni.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.xml\d86b080a37c60a872c82b912a2a63dac\system.xml.ni.dll
c:\windows\microsoft.net\framework\v4.0.30319\nlssorting.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\i-doser premium\sbagen.dll
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatiod51afaa5#\01bed42723486eb478a5b3e2557173db\presentationframework.classic.ni.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\audioses.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\system.drawing\646b4b01cb29986f8e076aa65c9e9753\system.drawing.ni.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio49d6fefe#\33d15f16d20849f7c46d19b7bc7f4273\presentationframework-systemxml.ni.dll
c:\windows\system32\msctfui.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationtypes\7e77d1835b49fa80598b5c47eaedccfc\uiautomationtypes.ni.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecsext.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\mscms.dll
c:\windows\system32\icm32.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\assembly\nativeimages_v4.0.30319_32\uiautomationprovider\419dd31edfefd1c8923b38e8c9ce3e89\uiautomationprovider.ni.dll

PID
2292
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
IDoserPremiumSetup.exe
User
admin
Integrity Level
HIGH
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\lpk.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\url.dll
c:\windows\system32\propsys.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mlang.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\linkinfo.dll

PID
3032
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2292 CREDAT:79873
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\schannel.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\jscript.dll
c:\windows\system32\macromed\flash\flash32_26_0_0_131.ocx
c:\windows\system32\dsound.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\dinput8.dll

Registry activity

Total events
851
Read events
732
Write events
118
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\I-Doser
Install_Dir
C:\Program Files\I-Doser Premium
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\I-Doser
Edition
Premium
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I-Doser
DisplayName
I-Doser Premium
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I-Doser
UninstallString
"C:\Program Files\I-Doser Premium\Uninstall.exe"
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I-Doser
QuietUninstallString
"C:\Program Files\I-Doser Premium\Uninstall.exe" /S
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I-Doser
Publisher
I-Doser.com
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I-Doser
InstallLocation
"C:\Program Files\I-Doser Premium"
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I-Doser
DisplayIcon
"C:\Program Files\I-Doser Premium\IDoser.exe"
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I-Doser
DisplayVersion
5.0
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I-Doser
EstimatedSize
4825
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I-Doser
NoModify
1
3640
IDoserPremiumSetup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I-Doser
NoRepair
1
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.drg
IDoser.DoseFile
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IDoser.DoseFile\shell\open\command
"C:\Program Files\I-Doser Premium\IDoser.exe" "%1"
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IDoser.DoseFile\DefaultIcon
C:\Program Files\I-Doser Premium\IDoser.exe,0
3604
IDoser.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
IDoser.exe
3604
IDoser.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3604
IDoser.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration
Speaker Configuration
4
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASAPI32
EnableFileTracing
0
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASAPI32
EnableConsoleTracing
0
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASAPI32
FileTracingMask
4294901760
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASAPI32
ConsoleTracingMask
4294901760
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASAPI32
MaxFileSize
1048576
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASAPI32
FileDirectory
%windir%\tracing
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASMANCS
EnableFileTracing
0
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASMANCS
EnableConsoleTracing
0
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASMANCS
FileTracingMask
4294901760
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASMANCS
ConsoleTracingMask
4294901760
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASMANCS
MaxFileSize
1048576
3604
IDoser.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IDoser_RASMANCS
FileDirectory
%windir%\tracing
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\AdminActive
{D05E6D7B-8CBE-11E9-A370-5254004A04AF}
0
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
1
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307060003000C00030004002700F700
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
1
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307060003000C00030004002700F700
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
D0322894CB20D501
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
2A952A94CB20D501
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Path
C:\Users\admin\Favorites\Links\Suggested Sites.url
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
FeedUrl
https://ieonline.microsoft.com/#ieslice
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayName
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
ErrorState
0
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0
DisplayMask
0
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Path
C:\Users\admin\Favorites\Links\Web Slice Gallery.url
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
Handler
{B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
FeedUrl
http://go.microsoft.com/fwlink/?LinkId=121315
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayName
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
ErrorState
0
2292
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1
DisplayMask
0
3032
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019032320190324
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
1
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307060003000C00030004002700A301
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
24
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
1
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307060003000C00030004002700C201
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
97
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
1
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307060003000C000300040027002002
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
104
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000072000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3032
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3032
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3032
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Blob
0400000001000000100000009414777E3E5EFD8F30BD41B0CFE7D0300F0000000100000014000000BF4D2C390BBF0AA3A2B7EA2DC751011BF5FD422E090000000100000068000000306606082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030806082B06010505070309060A2B0601040182370A030406082B0601050507030606082B0601050507030706082B060105050802020B000000010000005C00000047006F006F0067006C00650020005400720075007300740020005300650072007600690063006500730020002D00200047006C006F00620061006C005300690067006E00200052006F006F0074002000430041002D005200320000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E1400000001000000140000009BE20757671C1EC06A06DE59B49A2DDFDC19862E1D000000010000001000000073621E116224668780B2D2BEE454E52E03000000010000001400000075E0ABB6138512271C04F85FDDDE38E4B7242EFE190000000100000010000000A8827A3CBD2D87D783B59B8062C87E9A2000000001000000BE030000308203BA308202A2A003020102020B0400000000010F8626E60D300D06092A864886F70D0101050500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3036313231353038303030305A170D3231313231353038303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100A6CF240EBE2E6F28994542C4AB3E21549B0BD37F8470FA12B3CBBF875FC67F86D3B2305CD6FDADF17BDCE5F86096099210F5D053DEFB7B7E7388AC52887B4AA6CA49A65EA8A78C5A11BC7A82EBBE8CE9B3AC962507974A992A072FB41E77BF8A0FB5027C1B96B8C5B93A2CBCD612B9EB597DE2D006865F5E496AB5395E8834ECBC780C0898846CA8CD4BB4A07D0C794DF0B82DCB21CAD56C5B7DE1A02984A1F9D39449CB24629120BCDD0BD5D9CCF9EA270A2B7391C69D1BACC8CBE8E0A0F42F908B4DFBB0361BF6197A85E06DF26113885C9FE0930A51978A5ACEAFABD5F7AA09AA60BDDCD95FDF72A960135E0001C94AFA3FA4EA070321028E82CA03C29B8F0203010001A3819C308199300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604149BE20757671C1EC06A06DE59B49A2DDFDC19862E30360603551D1F042F302D302BA029A0278625687474703A2F2F63726C2E676C6F62616C7369676E2E6E65742F726F6F742D72322E63726C301F0603551D230418301680149BE20757671C1EC06A06DE59B49A2DDFDC19862E300D06092A864886F70D01010505000382010100998153871C68978691ECE04AB8440BAB81AC274FD6C1B81C4378B30C9AFCEA2C3C6E611B4D4B29F59F051D26C1B8E983006245B6A90893B9A9334B189AC2F887884EDBDD71341AC154DA463FE0D32AAB6D5422F53A62CD206FBA2989D7DD91EED35CA23EA15B41F5DFE564432DE9D539ABD2A2DFB78BD0C080191C45C02D8CE8F82DA4745649C505B54F15DE6E44783987A87EBBF3791891BBF46F9DC1F08C358C5D01FBC36DB9EF446D7946317E0AFEA982C1FFEFAB6E20C450C95F9D4D9B178C0CE501C9A0416A7353FAA550B46E250FFB4C18F4FD52D98E69B1E8110FDE88D8FB1D49F7AADE95CF2078C26012DB25408C6AFC7E4238406412F79E81E1932E
3032
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Type
1
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Count
1
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore
Time
E307060003000C000300040028006803
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CachePrefix
:2019061220190613:
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheLimit
8192
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheOptions
11
3032
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019061220190613
CacheRepair
0
3032
iexplore.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-500\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.modified.timestamp
1535457888987
3032
iexplore.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-500\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.roaming.profile
false
3032
iexplore.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-500\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.version
8
3032
iexplore.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-500\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.expired.version
11.92.2
3032
iexplore.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-500\Software\AppDataLow\Software\JavaSoft\DeploymentProperties
deployment.browser.path
C:\Program Files\Internet Explorer\iexplore.exe

Files activity

Executable files
8
Suspicious files
3
Text files
46
Unknown types
23

Dropped files

PID
Process
Filename
Type
3640
IDoserPremiumSetup.exe
C:\Users\admin\AppData\Local\Temp\nsd521D.tmp\UserInfo.dll
executable
MD5: d16e06c5de8fb8213a0464568ed9852f
SHA256: 728472ba312ae8af7f30d758ab473e0772477a68fcd1d2d547dafe6d8800d531
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\IDoser.exe
executable
MD5: 630b4939d6232d37ee16a81dfd460565
SHA256: a10943b60ebd5919e5c340303249878881e8f7158bff2fb3a3c037a1c1c76db5
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\SbaGen.dll
executable
MD5: 3ee76d93d90e07f67a47b5660aa577bf
SHA256: 2ea846d0ebef6f521a5909da92e46e7ee5181fe88c5c3ffb61310b6683178b2f
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\lame_enc.dll
executable
MD5: 83d6e37130f8f0f2d9829f528e53dd5d
SHA256: a2e312305ec6ba7ad2e65c5b6141326247c27dd1af6789ac3498e958d685ee85
3640
IDoserPremiumSetup.exe
C:\Users\admin\AppData\Local\Temp\dotNetFx40_Web_Setup.exe
executable
MD5: 53406e9988306cbd4537677c5336aba4
SHA256: fa1afff978325f8818ce3a559d67a58297d9154674de7fd8eb03656d93104425
3640
IDoserPremiumSetup.exe
C:\Users\admin\AppData\Local\Temp\nsd521D.tmp\System.dll
executable
MD5: 959ea64598b9a3e494c00e8fa793be7e
SHA256: 03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b
3640
IDoserPremiumSetup.exe
C:\Users\admin\AppData\Local\Temp\nsd521D.tmp\nsDialogs.dll
executable
MD5: f7b92b78f1a00a872c8a38f40afa7d65
SHA256: 2bee549b2816ba29f81c47778d9e299c3a364b81769e43d5255310c2bd146d6e
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Uninstall.exe
executable
MD5: c766182fd0169485a54e481dd1c64a00
SHA256: 685d05ce27ad89222f2f35eb7643e30e85cdac04827807fcfd13e0a9fb4a5bf9
3032
iexplore.exe
C:\Users\Administrator\NTUSER.DAT.LOG1
log
MD5: 9071be5abe13b8a14fa0a11fa6a9bd8e
SHA256: da0a2763ab12e232d520dd548eed26d3bd7535150f4395cc5fa13a673fa35442
3032
iexplore.exe
C:\Users\admin\AppData\Local\Temp\JavaDeployReg.log
text
MD5: 0fdd1083316f3d3b699f155094086024
SHA256: 6fbfed9c3bf104b30123db94dd24f79d0fa34ca75b20a3964eda8c2c8eeda5f0
3032
iexplore.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat
hiv
MD5: 29dc662b7c02668620f583b84a9ad2f9
SHA256: d11a08296f3edd50b70103d4fb65d089a23f25b7bb440e5e2ddbefb915ef5b99
3032
iexplore.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
log
MD5: edaebae2bc15aecf13481c175c82f242
SHA256: 4820d0aababef289f3be3d004a695c570f3a70165cd21d14f09a89f864bd1865
2292
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFD73C38CF66F695C7.TMP
––
MD5:  ––
SHA256:  ––
2292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D05E6D7C-8CBE-11E9-A370-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{D7C11643-8CBE-11E9-A370-5254004A04AF}.dat
binary
MD5: 7fb9dbc6a92f6afb221a82ca10682ac6
SHA256: a2669ddf5f91002c34d18121af112ede7d1f20da3ab9b9e06ccbb88af9bf9062
2292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{D7C11642-8CBE-11E9-A370-5254004A04AF}.dat
binary
MD5: 719556c40063b41bc0b0adbb0a41c531
SHA256: d52da7c050c6a427fe779a55359be33dfeb226ad7d7d42c361d1fc2c847d2cd2
2292
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF50AA9E1F5B9C8635.TMP
––
MD5:  ––
SHA256:  ––
2292
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DFB040ACA5EF78F3AE.TMP
––
MD5:  ––
SHA256:  ––
3604
IDoser.exe
C:\Users\admin\AppData\Roaming\IDoser\cache\410.cache
image
MD5: 4a13a47c072ef7acffd66acfff49e6bd
SHA256: 597acb619919c6a4afcdd10a46bde14c2db200697845116dc3b5dc593999d750
3604
IDoser.exe
C:\Users\admin\AppData\Roaming\IDoser\cache\411.cache
image
MD5: 35631244fa633850c079805d923505ba
SHA256: 1a85e522642ca541fa3573e0dd6959c2ee321528c17a6220c9392820cefa4977
3604
IDoser.exe
C:\Users\admin\AppData\Roaming\IDoser\cache\408.cache
image
MD5: e30c17a9f3467a78aed9b2b5c047e594
SHA256: bcc4de4a4f9ca4415fae5203261d519cbef52d098ea26d3bd3375b3188d1d68a
3604
IDoser.exe
C:\Users\admin\AppData\Roaming\IDoser\cache\409.cache
image
MD5: c2b9983667aac25fd2e02718f6756d07
SHA256: 13febe6e059e5c522e93e2f8f4e3b6fc0652f80b231e76b44eb64afad313d174
3604
IDoser.exe
C:\Users\admin\AppData\Roaming\IDoser\cache\406.cache
image
MD5: e1328a28731dedae2792ecb8aeabce7a
SHA256: 49c93364c8eda4bafc1e347e22b161a701019bf593e1a6b5ca8f6a3f6630a061
3604
IDoser.exe
C:\Users\admin\AppData\Roaming\IDoser\cache\407.cache
image
MD5: 216d5dfd8afd1b2e1f2685de024d9f49
SHA256: 860e7be37c1fcae4cd290d05986f53c584357e2b7b8183e0fbddde8b2caf1bef
3604
IDoser.exe
C:\Users\admin\AppData\Roaming\IDoser\whatsnew.xml
xml
MD5: 8baa3cd35424f05cf25dff1c5df86e4a
SHA256: 656b536f8df2f6cb5cdbf345de5242073f58cffbe59e955767add81fd0ec2a62
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061220190613\index.dat
dat
MD5: 02c41f345df040903b9372722badec04
SHA256: 034f5fb9ff1ecf913e60dd47f1338a7bf8546e74e175c1537b3e39e7527762ce
3032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
text
MD5: 8ece6991453ab76e7b4cd08978ec0dc0
SHA256: b58cb743c9b91e879bcd03ae64e83ab2292b69c30c2d85e603ef24aa2b7f142c
3032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
––
MD5:  ––
SHA256:  ––
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\pic[1].jpg
image
MD5: 1f1062da37b1b7907ec057aac1f9d463
SHA256: 96d7e5064c2e20003cb0bdc93e057ee0e84cc46dcdbb90e074e82feb284be71e
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\analytics[1].js
text
MD5: 80e9f663857fe3a4f3b2826ec5ab4377
SHA256: 8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\js[1]
text
MD5: b01d10eb7784f1ba5bf2d1f20673be85
SHA256: 2be0b17feed68cc1d899e47f3af9a1bc24e2442e1330acc7f49ec32a0cf2d71a
3032
iexplore.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
dat
MD5: 5b52e9969e93e6b6dc33c44ca6f93425
SHA256: 359eca93c982ebfcc52954f3d82f343d2bf11baca6c4fef650b84f50f830bfcb
3032
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ourtoolbar_com[1].htm
html
MD5: f274b3e7653d0111022a696009df2a75
SHA256: beeeab563f4542a0fe94dda6ba0293e4624fe89a8175a8eb1e68963af62d94e8
3604
IDoser.exe
C:\Users\admin\Documents\Dose Files\S_Angel.drg
text
MD5: e2c158667e42ac01030f1061f21afae8
SHA256: 0c371639319d0115f6d52795c8e339a7795bf26d407e0ca7818d0b999296cb08
3604
IDoser.exe
C:\Users\admin\Documents\Dose Files\F_Roast.drg
text
MD5: 86361f9017123404164cd5bc973da9bf
SHA256: 0cd25f5db8333490572e18767d104fed8b9aa56a13f7f388d320890d64dd30eb
3604
IDoser.exe
C:\Users\admin\Documents\Dose Files\Content.drg
text
MD5: 2a498993ba94817dc55f1bac34f44c3b
SHA256: 77121a8e7c489a0b90db026ee7b2dd538d7f227a21d34c989ec60120933be50b
3604
IDoser.exe
C:\Users\admin\Documents\Dose Files\Beta.drg
text
MD5: 2fe9b6f7ed4c889fdb66e0649c7f76d9
SHA256: 2880d82d107ea71d404eb2457f7c9dc2e51bf01ef89d468b1bd141ea1e0cdfe2
3604
IDoser.exe
C:\Users\admin\Documents\Dose Files\Alert+.drg
text
MD5: 706a71ea44bbc3ecd7f5fa52b7219ef9
SHA256: 437ddfc4214eb454f9cfdeb041077d3525a0993c4cd5d0ae8c5ff10917057be9
3604
IDoser.exe
C:\Users\admin\Documents\Dose Files\Alcohol.drg
text
MD5: 30ef7cbbda9fee9f90f2389dac712373
SHA256: 0662b6194050eff73de0cf58d789e01cab270baf529092cc0f0450c365cca41d
2292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].png
image
MD5: 9fb559a691078558e77d6848202f6541
SHA256: 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
2292
iexplore.exe
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
––
MD5:  ––
SHA256:  ––
2292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
––
MD5:  ––
SHA256:  ––
2292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini
ini
MD5: 4a3deb274bb5f0212c2419d3d8d08612
SHA256: 2842973d15a14323e08598be1dfb87e54bf88a76be8c7bc94c56b079446edf38
3640
IDoserPremiumSetup.exe
C:\Users\admin\AppData\Local\Temp\nsd521C.tmp
––
MD5:  ––
SHA256:  ––
3640
IDoserPremiumSetup.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-Doser Premium\Uninstall I-Doser Premium.lnk
lnk
MD5: 71f4757c79cad7df10a0d3e09da06091
SHA256: dd906d08e02c3ef05575a9978e580f263f6af42feba560ed247c05dcb7ce9c30
3640
IDoserPremiumSetup.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-Doser Premium\I-Doser Premium.lnk
lnk
MD5: 7347eaf479c6cbf46f7dfe91a8fa2309
SHA256: 428864185118eeada2f1140bfc09b760785929b347fa90caed645f5a488ac2b4
3640
IDoserPremiumSetup.exe
C:\Users\Public\Desktop\I-Doser Premium.lnk
lnk
MD5: ff6a8db1c9450afa11160225fc5a8156
SHA256: 53178fd1feb5f18eca86b9e721a2ec3cb0ef71294b3a2fa79089df3e0a57ba6d
2292
iexplore.exe
C:\Users\Administrator\NTUSER.DAT
hiv
MD5: 213d90bec1e1ad7d7ee74d1c48b0b63d
SHA256: 5035160d8e9ba41ca1725e795265471a83d3be10ff8885e46457d90901700241
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\MP3 Backgrounds\Sadness.mp3
mp3
MD5: 3ca1a89054f005b06841c5ed13bdc6c2
SHA256: 14a3384ee66fdc55ec36b115004333c5588acc467e1d0e9e1c68dedb4faecf77
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\MP3 Backgrounds\Paddington.mp3
mp3
MD5: 55c059c561f3f30eb029a619da4dd511
SHA256: 0ea7647982e85e0cad2c274bb355fa8439df0c36e14970089b78580926e140cd
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\MP3 Backgrounds\Melhancoly.mp3
mp3
MD5: addce545a8851da112433f2f7a4594d6
SHA256: bdbfd0e904adcad4498cc1a6808302bf929b32c4d7c65e2974d4983c0ff9dd7c
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\MP3 Backgrounds\Peaceful.mp3
mp3
MD5: 5f6e3cc951f25724caef4862f98b6391
SHA256: df20896602f79f5c22730a68fbf6010df89a3ea4ece337fe64fee18cf7b33fba
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\MP3 Backgrounds\Next Galaxy.mp3
mp3
MD5: 3190ddfed3bb5f5af992a0fc52a26bb9
SHA256: cd349f8448820c3b568de0589731453ec51267e3e502834f42d4e4382184fa11
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\MP3 Backgrounds\In The Desert.mp3
mp3
MD5: e2a5a69c6068ae386c435577e8a8e88b
SHA256: e90a2aca8fcf6ecfdbf10122cf41c338f0e65e5e9504b1b462ebd5dc285e6cd5
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\MP3 Backgrounds\Electronic Ballet.mp3
mp3
MD5: 5983d44255585132ede86de1787a36fe
SHA256: e3424c2980a1e0bf48a6599ed1363b3a14982d53f100d43a8041fcda96a48cb9
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\MP3 Backgrounds\Long Breath.mp3
mp3
MD5: 4015892cfa2b6973a8c64f9ba35299d5
SHA256: d1b012970e4a32909e2fe83e62574d52a2f655d5ad39da1c88c360839f6f7a52
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\MP3 Backgrounds\Autumn.mp3
mp3
MD5: 2b1ddec9dceb2f53e6e25b6555934c9c
SHA256: 593c31204ee56795014696cf05e9bb3b037c991347c4e0312b3432a7cd6505aa
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\MP3 Backgrounds\Deep Space.mp3
mp3
MD5: de6e22b01708781c3d43f90bb5c2981f
SHA256: e4d683c1296540f9963776d7d74d12d3eb5f56bbd2fdb1fe8d4fa83811e1ef6c
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\F_Roast.drg
text
MD5: 3e774b575b5ab93af42628ab93810dcf
SHA256: 13e3062ce707330d7ee5955dbabdfd86f4549cfc183661943f34fe18bb5d544a
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\Beta.drg
text
MD5: 14f0ba7a5331f9c7ad75d36eebc7123d
SHA256: 220281f7f988911d7ebb3d9ef4bf64d80376085314244257cef68444c9ad5451
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\S_Angel.drg
text
MD5: 4984c7f13d41f16f9ab176356b4d788c
SHA256: 1e92c523ddf3e0b55e29d34f437a8595c7f8989f594b40b31045edbbcdac014d
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\Alert+.drg
text
MD5: 747330e171bfaaece47b46115c7dca8c
SHA256: 125d7dad1ae760e771c131c2d3664258661a59f1e039d8fa6ec60232049cc411
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Twilight Blue.xaml
html
MD5: eb46accf45535ee740329291d3ee180d
SHA256: 740181f2dde5b443d021907b703fb3385acafcf5a28735dd812fad9f8182849e
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\Content.drg
text
MD5: 04e137d0043e4c05e66577fce2bed4bc
SHA256: 16825eda5feba7586beed1446ef13bea03da192536d73d46f439ac5c1e8eb963
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Whistler Blue.xaml
text
MD5: 4f2e4e95e3539aed9ab73e6efaf7e9c9
SHA256: 5e0ee89cbe88c804d3f044637990fe84473db28f00ff0c3142c5fa1628512c74
3640
IDoserPremiumSetup.exe
C:\Users\admin\Documents\Dose Files\Alcohol.drg
text
MD5: bb2aed9a552d69734db67673b1b72569
SHA256: d7a0d2604ebdf43558fb55cf921f1f6d0ec48b613500fe6993dd00037f725f1d
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Rainier Purple.xaml
html
MD5: 4513a5c123a2dc33a10a103abb4d0ffe
SHA256: 578a08581a957846893a2f78e7fdefdb54f4111182a4a8921c6459a56add0b95
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Rainier Radial Blue.xaml
html
MD5: 2aceb9011c5676bb9aea3bbb4cd9bf33
SHA256: e25c333ecf4055bcc5249ef33c10acb76d2ca057a7238e0828e3c9b139b5bcab
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Shiny Red.xaml
text
MD5: b46e7b01852bfc20a7ee1d5cb3067c74
SHA256: 86cba090e2ce59652ce0b7b6b7ebc7fddc7ef8ae377dd4e6b4e280d9b0183020
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Shiny Blue.xaml
text
MD5: 95f24dfe143ed8386a16ecb2ec05c6f1
SHA256: 7c23b2e280a8f5cb25333bbf176a8d2e5e2af3a26b7d50c7b5c35fd8abed5f50
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Expression Light.xaml
html
MD5: 17f8f6af69ed7e092c85ae7b7fd61cab
SHA256: 2e1e8243611709de06e27a2b2a0cd68e77212cdf61f020a0009e8c2e585abace
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Shiny Dark Purple.xaml
text
MD5: 714ab39894fbc74c7340336b87af95cc
SHA256: e5ac613d4a069f5de2b96025e7b7d3b81bc6a474429206aa61727895a9ed592d
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Rainier Orange.xaml
html
MD5: 2dac6ea2ed7ed99ec7cbeb61374e397f
SHA256: c4b3e64ac94e0f1b9aab44c746625c9b90172b51c51aaf77ffc3d9aaa31740df
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Shiny Dark Teal.xaml
text
MD5: 28081f9a96e23bc264f01c85a0e536e0
SHA256: 88d8180796baf31cee1868ef540e6bdec6272672a262b7b85ca86d654b709b27
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Expression Dark.xaml
html
MD5: 245b82f6e6d5ef635e5cd7c9604bcbfc
SHA256: 3f56daa98ce83f8a310bceb3ce084d8ad6582353f2844071e26def9e06832c71
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\whatsnew.jpg
image
MD5: 1e812d8ef51fe81ea33582db2000c436
SHA256: 61a9db101e6d03066a6b2a29d4c4c96eac43f2bc235a44dcc58c3d72295cd4bf
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Bureau Blue.xaml
text
MD5: a4f14adfa00c931f4d167cea0786eea7
SHA256: ac9024b42acd860a156776fb19f0687e52907e874b4ebdeb32a357349a6ca348
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Bureau Black.xaml
text
MD5: b094e6d7cb4cbb90b59b2b3527ef88e2
SHA256: 46bfefd985b472dc4825bc769c9c969a2857aa5cdc6513a8d3ce857f12b167fd
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\SbaGen.zip
compressed
MD5: 3ed890a10d087feae92eb229f74a5160
SHA256: 380c449219598c6f09ea1c490d989255465c944d1f2ea85d583fab0bbcf95508
2292
iexplore.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat
hiv
MD5: 29dc662b7c02668620f583b84a9ad2f9
SHA256: d11a08296f3edd50b70103d4fb65d089a23f25b7bb440e5e2ddbefb915ef5b99
3640
IDoserPremiumSetup.exe
C:\Program Files\I-Doser Premium\Skins\Bubble Creme.xaml
html
MD5: 69b408150f769b24930684b6da9253f3
SHA256: 99f6972ca7087e9a60b70113fe214144979f41325b2af4851ed5b058c49ac132
2292
iexplore.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
log
MD5: edaebae2bc15aecf13481c175c82f242
SHA256: 4820d0aababef289f3be3d004a695c570f3a70165cd21d14f09a89f864bd1865
2292
iexplore.exe
C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D05E6D7B-8CBE-11E9-A370-5254004A04AF}.dat
––
MD5:  ––
SHA256:  ––
2292
iexplore.exe
C:\Users\admin\AppData\Local\Temp\~DF2A2361019FC07107.TMP
––
MD5:  ––
SHA256:  ––
3604
IDoser.exe
C:\Users\admin\AppData\Roaming\IDoser\cache\412.cache
image
MD5: d8f6f6aef99377d0034149bc62f4f8f7
SHA256: 931144296c193f0280d14a4c22181360320c1064bd226518457c4ff5b3261471
3640
IDoserPremiumSetup.exe
C:\Users\admin\AppData\Local\Temp\nsd521D.tmp\modern-wizard.bmp
image
MD5: cbe40fd2b1ec96daedc65da172d90022
SHA256: 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
3032
iexplore.exe
C:\Users\Administrator\NTUSER.DAT
hiv
MD5: 213d90bec1e1ad7d7ee74d1c48b0b63d
SHA256: 5035160d8e9ba41ca1725e795265471a83d3be10ff8885e46457d90901700241
2292
iexplore.exe
C:\Users\Administrator\NTUSER.DAT.LOG1
log
MD5: 9071be5abe13b8a14fa0a11fa6a9bd8e
SHA256: da0a2763ab12e232d520dd548eed26d3bd7535150f4395cc5fa13a673fa35442

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
13
TCP/UDP connections
13
DNS requests
6
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
3032 iexplore.exe GET 302 216.146.46.11:80 http://idosercom.ourtoolbar.com/ US
html
shared
2292 iexplore.exe GET 200 204.79.197.200:80 http://www.bing.com/favicon.ico US
image
whitelisted
3032 iexplore.exe GET 200 52.216.145.98:80 http://www.ourtoolbar.com/ US
html
unknown
3032 iexplore.exe GET 200 52.216.145.98:80 http://www.ourtoolbar.com/pic.jpg US
image
unknown
3032 iexplore.exe GET 404 52.216.145.98:80 http://www.ourtoolbar.com/favicon.ico US
html
unknown
3604 IDoser.exe GET 200 64.50.176.93:80 http://www.i-doser.com/pcapp_whatsnew/whatsnew.xml US
xml
unknown
3604 IDoser.exe GET 200 64.50.176.93:80 http://www.i-doser.com/pcapp_whatsnew/whatsnew_freedoses.jpg US
image
unknown
3604 IDoser.exe GET 200 64.50.176.93:80 http://www.i-doser.com/pcapp_whatsnew/whatsnew_premiumupgrade.jpg US
image
unknown
3604 IDoser.exe GET –– 64.50.176.93:80 http://www.i-doser.com/pcapp_whatsnew/whatsnew_newsletter.jpg US
––
––
unknown
3604 IDoser.exe GET 200 64.50.176.93:80 http://www.i-doser.com/pcapp_whatsnew/whatsnew_youtube.jpg US
image
unknown
3604 IDoser.exe GET 200 64.50.176.93:80 http://www.i-doser.com/pcapp_whatsnew/whatsnew_merch.jpg US
image
unknown
3604 IDoser.exe GET 200 64.50.176.93:80 http://www.i-doser.com/pcapp_whatsnew/whatsnew_mobile.jpg US
image
unknown
3604 IDoser.exe GET 200 64.50.176.93:80 http://www.i-doser.com/pcapp_whatsnew/whatsnew_saleofcentury.jpg US
image
unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
3032 iexplore.exe 216.146.46.11:80 Dynamic Network Services, Inc. US unknown
2292 iexplore.exe 204.79.197.200:80 Microsoft Corporation US whitelisted
3032 iexplore.exe 52.216.145.98:80 Amazon.com, Inc. US unknown
3032 iexplore.exe 216.58.208.40:443 Google Inc. US whitelisted
3032 iexplore.exe 172.217.16.174:443 Google Inc. US whitelisted
3604 IDoser.exe 64.50.176.93:80 Lunar Pages US unknown

DNS requests

Domain IP Reputation
idosercom.ourtoolbar.com 216.146.46.11
216.146.46.10
unknown
www.bing.com 204.79.197.200
13.107.21.200
whitelisted
www.ourtoolbar.com 52.216.145.98
unknown
www.googletagmanager.com 216.58.208.40
whitelisted
www.google-analytics.com 172.217.16.174
whitelisted
www.i-doser.com 64.50.176.93
unknown

Threats

No threats detected.

Debug output strings

No debug info.