Malware Analysis Report

2025-01-18 22:05

Sample ID 240503-dtsshsdf7w
Target Internet Download Manager 6.42.9.exe
SHA256 465369bb238689209abe44f7dec3582eff3d7d05a6603b19b1323a4901355c36
Tags
adware bootkit discovery evasion persistence spyware stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

465369bb238689209abe44f7dec3582eff3d7d05a6603b19b1323a4901355c36

Threat Level: Likely malicious

The file Internet Download Manager 6.42.9.exe was found to be: Likely malicious.

Malicious Activity Summary

adware bootkit discovery evasion persistence spyware stealer trojan

Drops file in Drivers directory

Reads user/profile data of web browsers

Registers COM server for autorun

Executes dropped EXE

Loads dropped DLL

Writes to the Master Boot Record (MBR)

Drops Chrome extension

Installs/modifies Browser Helper Object

Checks whether UAC is enabled

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: LoadsDriver

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Runs net.exe

Modifies Internet Explorer settings

Modifies registry class

Modifies data under HKEY_USERS

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Runs .reg file with regedit

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Uses Task Scheduler COM API

Kills process with taskkill

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-03 03:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-03 03:18

Reported

2024-05-03 03:24

Platform

win11-20240419-en

Max time kernel

326s

Max time network

326s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42.9.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\idmwfp.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\idmwfp.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\idmwfp.sys C:\Windows\system32\DrvInst.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\Rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMGetAll64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMShellExt64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMShellExt64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMGetAll64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMShellExt64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMShellExt64.dll" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" C:\Windows\system32\regsvr32.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Drops Chrome extension

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.42.8.2_0\manifest.json C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6525c2b4-4306-e44e-b24d-1a7e151baa75} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6525c2b4-4306-e44e-b24d-1a7e151baa75}\SETB314.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6525c2b4-4306-e44e-b24d-1a7e151baa75}\SETB325.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf C:\Windows\system32\DrvInst.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6525c2b4-4306-e44e-b24d-1a7e151baa75}\SETB315.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6525c2b4-4306-e44e-b24d-1a7e151baa75}\idmwfp.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6525c2b4-4306-e44e-b24d-1a7e151baa75}\idmwfp.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp64.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6525c2b4-4306-e44e-b24d-1a7e151baa75}\SETB314.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6525c2b4-4306-e44e-b24d-1a7e151baa75}\idmwfp64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp64.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6525c2b4-4306-e44e-b24d-1a7e151baa75}\SETB315.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6525c2b4-4306-e44e-b24d-1a7e151baa75}\SETB325.tmp C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-TFEUN.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\is-MT6AI.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Buttons_Toolbar\is-KLI6V.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Koushik_tb\is-SJB14.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-3Q2RP.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-EJC2H.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Bronze_Shapes_Toolbar\is-0EEJO.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\ThL-Toolbar_bmps\is-7EQDE.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\is-O1FUF.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File opened for modification C:\Program Files (x86)\Internet Download Manager\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\is-3C7EL.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-L3S0C.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\BilsOrbit\is-16CT1.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\is-OLMI0.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-B49Q0.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\is-V9LFB.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Dtu_Style\BITMAP\is-BUPP0.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11\is-T96SQ.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Dtu_Style\BITMAP\is-PCL80.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz_2016\is-JPEV4.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File opened for modification C:\Program Files (x86)\Internet Download Manager\idmfsa.dll C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Dtu_Style\BITMAP\is-RJHCB.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Cubic3D_Toolbar\is-T05MJ.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Cubic3D_Toolbar\is-2B1JR.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Painted_Stickers_Toolbar\is-6K209.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\is-CH2HH.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\is-P8P64.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-F5O1E.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-NIURU.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\is-O0UKI.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File opened for modification C:\Program Files (x86)\Internet Download Manager\libssl.dll C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-8UA91.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz_2016\is-1LHR9.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\BITMAP\is-UA8LB.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\is-PN334.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\is-HIVVV.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\is-JSHL1.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\is-66TJ4.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Kavian\is-D0QMJ.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\is-MAHDQ.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-E8T7P.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Helvet_3D_Dark\is-73PCC.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Mac\is-PCN5N.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\BITMAP\is-HR7R6.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\is-UBD2N.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-QEPT4.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\is-N8FRO.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\BITMAP\is-N3SQU.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\is-3VUB1.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-LPELQ.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\is-ALAU2.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\is-RFQ9P.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Helvet_3D_Light\is-JDM8E.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\is-9FDV9.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\is-30IAF.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Helvet_3D_Light\is-IKGHU.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\is-1HM5J.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\is-5011C.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File opened for modification C:\Program Files (x86)\Internet Download Manager\Languages\idm_ru.chm C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\is-OI8N0.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\Helvet_3D_Dark\is-VUDPM.tmp C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File opened for modification C:\Program Files (x86)\Internet Download Manager\scheduler.chm C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
File opened for modification C:\Program Files (x86)\Internet Download Manager\idman.chm C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\ = "C:\\Program Files (x86)\\Internet Download Manager\\IEGetAll.htm" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM\contexts = "243" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppName = "idmBroker.exe" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Program Files (x86)\\Internet Download Manager\\IEExt.htm" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133591800043339858" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor\CurVer C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj\ = "IDMIEHlprObj Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\idmBroker.OptionsReader\CurVer\ = "idmBroker.OptionsReader.1" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ = "IDMHelperLinksStorage Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\TypeLib\ = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C950922F-897A-4E13-BA38-66C8AF2E0BF7} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj\CurVer\ = "IDMIECC.IDMIEHlprObj.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.VLinkProcessor\CurVer\ = "DownlWithIDM.VLinkProcessor.1" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr.1\ = "IDMDwnlMgr Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib\ = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID\ = "DownlWithIDM.IDMDwnlMgr.1" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage\CLSID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\NumMethods\ = "15" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\TypeLib\ = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage\ = "IDMHelperLinksStorage Class" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj.1\CLSID\ = "{0055C089-8582-441B-A0BF-17B458C2A3A8}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\ProxyStubClsid32 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID\ = "IDMIECC.IDMIEHlprObj" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor\ = "LinkProcessor Class" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr\CLSID\ = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Idmfsa.IDMEFSAgent\CLSID\ = "{0F947660-8606-420A-BAC6-51B84DD22A47}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMGetAll.IDMAllLinksProcessor\CurVer\ = "IDMGetAll.IDMAllLinksProcessor.1" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage.1\ = "IDMHelperLinksStorage Class" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID\ = "DownlWithIDM.LinkProcessor" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor\CurVer\ = "DownlWithIDM.LinkProcessor.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\Programmable C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID\ = "IDMIECC.IDMIEHlprObj.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\idmfsa.dll" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\idmBroker.OptionsReader.1\CLSID\ = "{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor\CurVer\ = "DownlWithIDM.V2LinkProcessor.1" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{0F947660-8606-420A-BAC6-51B84DD22A47} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC69364C-34D7-4225-B16F-8595C743C775} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMGetAll.IDMAllLinksProcessor.1\CLSID\ = "{5312C54E-A385-46B7-B200-ABAF81B03935}" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\TypeLib C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A
N/A N/A C:\Windows\SysWOW64\regedit.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\taskkill.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3132 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42.9.exe C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp
PID 3132 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42.9.exe C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp
PID 3132 wrote to memory of 3340 N/A C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42.9.exe C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp
PID 3340 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 1144 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 4172 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 1688 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 3452 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\system32\regsvr32.exe
PID 3340 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\system32\regsvr32.exe
PID 3340 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 2312 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 2312 wrote to memory of 2300 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 2312 wrote to memory of 2300 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 3340 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 400 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 400 wrote to memory of 72 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 400 wrote to memory of 72 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 3340 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3732 wrote to memory of 2124 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 3732 wrote to memory of 2124 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 3340 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 3688 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 4848 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3340 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\cmd.exe
PID 3340 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\cmd.exe
PID 3340 wrote to memory of 1076 N/A C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp C:\Windows\SysWOW64\cmd.exe
PID 1076 wrote to memory of 444 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 444 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 444 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 924 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 924 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 924 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 4716 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 4716 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 4716 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 2284 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 4612 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 4612 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 4612 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 1036 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 1036 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 1036 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 2556 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 2556 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 2556 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 2252 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe
PID 1076 wrote to memory of 2252 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\regini.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42.9.exe

"C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42.9.exe"

C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp

"C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp" /SL5="$60064,14771080,64512,C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42.9.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\idmfsa.dll"

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\idmantypeinfo.tlb"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s /u "C:\Program Files (x86)\Internet Download Manager\IDMShellExt.dll"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\cleanup.bat" install"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\regini.exe

regini "permdel.txt"

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\SOFTWARE\Wow6432Node\Internet Download Manager" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKLM\SOFTWARE\Internet Download Manager" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\DownloadManager" /v "FName" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\DownloadManager" /v "LName" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\DownloadManager" /v "Email" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\DownloadManager" /v "Serial" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\DownloadManager" /v "LstCheck" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\DownloadManager" /v "CheckUpdtVM" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\DownloadManager" /v "scansk" /F

C:\Windows\SysWOW64\reg.exe

reg delete "HKCU\Software\DownloadManager" /v "tvfrdt" /F

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\settings.reg"

C:\Windows\SysWOW64\Rundll32.exe

"Rundll32.exe" "C:\Program Files (x86)\Internet Download Manager\KGIDM.dll" GEN

C:\Program Files (x86)\Internet Download Manager\Uninstall.exe

"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv

C:\Windows\system32\RUNDLL32.EXE

"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{ad3bcc6a-0393-c24f-b4ba-14c70ce13f98}\idmwfp.inf" "9" "4fc2928b3" "000000000000014C" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\Internet Download Manager"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "0000000000000164" "WinSta0\Default"

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files (x86)\Internet Download Manager\idmBroker.exe

"C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /f /im IDMan.exe

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\rname.reg"

C:\Windows\SysWOW64\regedit.exe

"C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\settings.reg"

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /f /im IDMan.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html

C:\Program Files (x86)\Internet Download Manager\Uninstall.exe

"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1908 -parentBuildID 20240401114208 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c087a76-56ce-4630-a291-0542692728f1} 2352 "\\.\pipe\gecko-crash-server-pipe.2352" gpu

C:\Windows\system32\RUNDLL32.EXE

"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf

C:\Windows\system32\DrvInst.exe

DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "0000000000000160" "WinSta0\Default"

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db0571d-3d5f-4bfc-b9cd-d20e83d9b40b} 2352 "\\.\pipe\gecko-crash-server-pipe.2352" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3340 -childID 1 -isForBrowser -prefsHandle 3332 -prefMapHandle 3328 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdfa073f-3ded-4ac2-87ec-8ecb48ce191a} 2352 "\\.\pipe\gecko-crash-server-pipe.2352" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2740 -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 3628 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0e97c68-f987-4713-85cb-468d8a3ce3e7} 2352 "\\.\pipe\gecko-crash-server-pipe.2352" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4252 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4200 -prefMapHandle 4248 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3d122b1-ccd7-48bf-9f96-a65c77a189a7} 2352 "\\.\pipe\gecko-crash-server-pipe.2352" utility

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5408 -prefMapHandle 5396 -prefsLen 31077 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7707c60-d87b-40fd-abf3-3820a2cb9c9b} 2352 "\\.\pipe\gecko-crash-server-pipe.2352" tab

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3232 -childID 4 -isForBrowser -prefsHandle 3336 -prefMapHandle 5576 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93de0826-5d3a-4c20-8c94-9bf9904af871} 2352 "\\.\pipe\gecko-crash-server-pipe.2352" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 5 -isForBrowser -prefsHandle 3548 -prefMapHandle 5392 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1dad6f9-5e63-4463-8dfe-1a801ae49f95} 2352 "\\.\pipe\gecko-crash-server-pipe.2352" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 6 -isForBrowser -prefsHandle 3392 -prefMapHandle 3380 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5ecf733-d0b8-4cd5-98ed-f5069582e03d} 2352 "\\.\pipe\gecko-crash-server-pipe.2352" tab

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe

"C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe"

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://lrepacks.net/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xac,0x10c,0x7ffc6e703cb8,0x7ffc6e703cc8,0x7ffc6e703cd8

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1812,7127630129213918680,6997794904296431414,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1992 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1812,7127630129213918680,6997794904296431414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1812,7127630129213918680,6997794904296431414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2400 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,7127630129213918680,6997794904296431414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1812,7127630129213918680,6997794904296431414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1812,7127630129213918680,6997794904296431414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3788 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1812,7127630129213918680,6997794904296431414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4120 /prefetch:8

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1812,7127630129213918680,6997794904296431414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4336 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1812,7127630129213918680,6997794904296431414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4956 /prefetch:8

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1812,7127630129213918680,6997794904296431414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3892 /prefetch:8

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

"C:\Program Files (x86)\Internet Download Manager\IDMan.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc806dcc40,0x7ffc806dcc4c,0x7ffc806dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1928 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1964 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2196 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4140,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3080 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3680,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4496 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3684,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4772 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4760,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4484,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4684,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5128 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5224,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5352 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5192,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3444,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Internet Download Manager\Uninstall.exe

"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv

C:\Windows\system32\RUNDLL32.EXE

"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf

C:\Windows\system32\DrvInst.exe

DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "0000000000000154" "WinSta0\Default"

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5416,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3492 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2232,i,18445305383595887990,2415683626913510974,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5252 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 www.internetdownloadmanager.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 44.233.67.78:443 shavar.services.mozilla.com tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 169.61.27.133:443 secure.internetdownloadmanager.com tcp
US 169.61.27.133:443 secure.internetdownloadmanager.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
AT 13.32.110.34:443 addons.mozilla.org tcp
N/A 127.0.0.1:50952 tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
N/A 127.0.0.1:50961 tcp
LV 5.44.221.96:443 lrepacks.net tcp
LV 5.44.221.96:443 lrepacks.net tcp
LV 5.44.221.96:443 lrepacks.net tcp
LV 5.44.221.96:443 lrepacks.net tcp
LV 5.44.221.96:443 lrepacks.net tcp
LV 5.44.221.96:443 lrepacks.net tcp
NL 193.200.64.24:443 receivedachest.com tcp
LV 5.44.221.96:443 lrepacks.net tcp
GB 172.217.16.238:443 clients2.google.com tcp
NL 139.45.197.236:443 waitheja.net tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
NL 139.45.195.8:443 my.rtmark.net tcp
GB 142.250.187.234:443 content-autofill.googleapis.com tcp
NL 193.200.65.68:443 clpeachcod.com tcp
US 172.67.193.52:443 tzegilo.com tcp
NL 139.45.197.236:443 waitheja.net tcp
NL 139.45.195.254:443 fleraprt.com tcp
NL 139.45.195.254:443 fleraprt.com tcp
LV 5.44.221.96:443 lrepacks.net tcp
US 8.8.8.8:53 254.195.45.139.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.110:443 apis.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com tcp
GB 172.217.16.238:443 clients2.google.com tcp
GB 142.250.178.19:443 locate.measurementlab.net tcp
US 169.61.27.133:443 secure.internetdownloadmanager.com tcp
US 104.20.171.77:443 www.thinkbroadband.com tcp
US 104.20.171.77:443 www.thinkbroadband.com tcp
US 104.18.30.234:443 app.termly.io tcp
US 104.18.30.234:443 app.termly.io udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 104.18.30.234:443 app.termly.io udp
US 216.239.32.36:443 region1.google-analytics.com tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk tcp
BE 64.233.167.156:443 stats.g.doubleclick.net tcp
GB 216.58.204.67:443 www.google.co.uk udp
GB 142.250.178.4:443 www.google.com tcp
GB 80.249.99.148:8080 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:8080 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:8080 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:8080 ipv4.download.thinkbroadband.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
US 169.61.27.132:80 speedtest.internetdownloadmanager.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp
GB 80.249.99.148:80 ipv4.download.thinkbroadband.com tcp

Files

memory/3132-0-0x0000000000400000-0x0000000000417000-memory.dmp

memory/3132-2-0x0000000000401000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-DA4RI.tmp\Internet Download Manager 6.42.9.tmp

MD5 4a6c1b37772b488d1bdff1eb6e589118
SHA1 e89a6b43b8fb61f988779c0bc3bd421090424d53
SHA256 109e48992f332ddde3f2ff8ea6459f11eff3d7968dab4951dc96ed7507f1bbf6
SHA512 132ff049d9d2d2dca20084f4fa1b3ebf059ccfbc0c5b0b29fabf78543896fb9e18d0dd2255f6bbbd5c637d5c6d405fd07ebd247c77bf751e0d8758cd8eda73cb

memory/3340-11-0x0000000000400000-0x00000000004F7000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\ISTask.dll

MD5 86a1311d51c00b278cb7f27796ea442e
SHA1 ac08ac9d08f8f5380e2a9a65f4117862aa861a19
SHA256 e916bdf232744e00cbd8d608168a019c9f41a68a7e8390aa48cfb525276c483d
SHA512 129e4b8dd2665bcfc5e72b4585343c51127b5d027dbb0234291e7a197baeca1bab5ed074e65e5e8c969ee01f9f65cc52c9993037416de9bfff2f872e5aeba7ec

memory/3340-17-0x0000000006A20000-0x0000000006A36000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\VclStylesInno.dll

MD5 b0ca93ceb050a2feff0b19e65072bbb5
SHA1 7ebbbbe2d2acd8fd516f824338d254a33b69f08d
SHA256 0e93313f42084d804b9ac4be53d844e549cfcaf19e6f276a3b0f82f01b9b2246
SHA512 37242423e62af30179906660c6dbbadca3dc2ba9e562f84315a69f3114765bc08e88321632843dbd78ba1728f8d1ce54a4edfa3b96a9d13e540aee895ae2d8e2

memory/3340-23-0x0000000006C50000-0x0000000006F6A000-memory.dmp

memory/3340-29-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-34-0x00000000070F0000-0x00000000070F1000-memory.dmp

memory/3340-61-0x0000000007180000-0x0000000007181000-memory.dmp

memory/3340-84-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-78-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-83-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-82-0x00000000071F0000-0x00000000071F1000-memory.dmp

memory/3340-80-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-79-0x00000000071E0000-0x00000000071E1000-memory.dmp

memory/3340-77-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-76-0x00000000071D0000-0x00000000071D1000-memory.dmp

memory/3340-75-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-74-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-73-0x00000000071C0000-0x00000000071C1000-memory.dmp

memory/3340-72-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-71-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-65-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-64-0x0000000007190000-0x0000000007191000-memory.dmp

memory/3340-63-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-62-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-60-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-59-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-58-0x0000000007170000-0x0000000007171000-memory.dmp

memory/3340-57-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-56-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-55-0x0000000007160000-0x0000000007161000-memory.dmp

memory/3340-54-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-53-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-52-0x0000000007150000-0x0000000007151000-memory.dmp

memory/3340-51-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-50-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-49-0x0000000007140000-0x0000000007141000-memory.dmp

memory/3340-46-0x0000000007130000-0x0000000007131000-memory.dmp

memory/3340-45-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-44-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-43-0x0000000007120000-0x0000000007121000-memory.dmp

memory/3340-42-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-41-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-40-0x0000000007110000-0x0000000007111000-memory.dmp

memory/3340-37-0x0000000007100000-0x0000000007101000-memory.dmp

memory/3340-81-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-69-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-70-0x00000000071B0000-0x00000000071B1000-memory.dmp

memory/3340-68-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-67-0x00000000071A0000-0x00000000071A1000-memory.dmp

memory/3340-66-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-33-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-32-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-31-0x00000000070E0000-0x00000000070E1000-memory.dmp

memory/3340-30-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-48-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-47-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-39-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-38-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-36-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-25-0x00000000070C0000-0x00000000070C1000-memory.dmp

memory/3340-35-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-28-0x00000000070D0000-0x00000000070D1000-memory.dmp

memory/3340-27-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-26-0x0000000006F70000-0x00000000070B0000-memory.dmp

memory/3340-87-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3340-88-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3340-89-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3340-96-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3340-638-0x0000000000400000-0x00000000004F7000-memory.dmp

memory/3340-631-0x0000000000400000-0x00000000004F7000-memory.dmp

C:\Program Files (x86)\Internet Download Manager\Toolbar\Dtu_Style\BITMAP\is-4N2RA.tmp

MD5 ba719a75e732983a2d8b8dea9ff30689
SHA1 20aba6eb01e1c42e41c1d9d69a1eb195abd549fa
SHA256 a4074e72a20dec596c7b2fac2cc9627b6e63791338b91ab2498edc8b7734b27e
SHA512 2a7d9651f3456161c3ab22507c55bf611720462b1ffb07d9fe153485d0eb5776ed1a80d0c218d044b500b517df0d175a1e3c4e96805202dcd303bbb7b4330861

C:\Program Files (x86)\Internet Download Manager\Toolbar\Dtu_Style\BITMAP\is-1J9M9.tmp

MD5 2f5d1b790c9c03cc6ef5307152968777
SHA1 8dec1b02422ef420b5c800d79e694b0e46945613
SHA256 3632362bec45e376123658a94b535e545a854c27832c6e6f88df964a86f2e725
SHA512 a14adac3f8b600b11c9885217f820b30e4b25c34e7cdd6415c5588d3b19cff3cca6e7aaf2ea4973f7d86e3b9ebae413b28c42b6c447a5e63600163ea550c4ed6

C:\Program Files (x86)\Internet Download Manager\Toolbar\Dtu_Style\BITMAP\is-T3CMR.tmp

MD5 cb6d5420e9d24c5538d7cd823400c637
SHA1 f44456ba46ea814088fa34431d1317a712228996
SHA256 d738939b930117bb322e5b528fe41c1267104ef0334880be7acd14a9bbc9b29a
SHA512 a555c250e43b5a2c4781ddd56fc6f08a91c5ca3bd7b296e6ecf4c3097e7106b11700a8d8e8ba95648649c3baa55e3fc76951537cd1ee3038229d34d5716f88dd

C:\Program Files (x86)\Internet Download Manager\Toolbar\Dtu_Style\BITMAP\is-L869F.tmp

MD5 c24ea7add05d2d9d213b68d7f13f52c8
SHA1 e912a4f657e4d4ca104f802803011ce6c4cf8ad8
SHA256 ebf6c327ada56a4cb4a69120c51f053ab06e8a210860888e5d9584e74a518e46
SHA512 173a1b8068cc1fc2b3a0ff944d369593070601ef6d30eb6b93a41cffdb75315001339e22c45351d28d7d54c16f438074ec67965ed6f5824853f53c2c1c273d6f

C:\Program Files (x86)\Internet Download Manager\Toolbar\Dtu_Style\BITMAP\is-362BA.tmp

MD5 92cc9dac3a2f3d45592e6451b0e26195
SHA1 892f92519835df8ddc0cce3c2b87da3eab44d452
SHA256 d75cb499868df1ce6d3f256ac47b45771a2d0d6c6619328c409ad56b9d9e0205
SHA512 0fd61ec5cfc6ef2f08c1e31c460827da1ae29e3b0520999550becff67bfe0c6cbe05b24b441391009573905ea71da5157f96a80b6bd19ba9d2087f24c63d8698

C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Bronze_Shapes_Toolbar\is-KP2GD.tmp

MD5 4bf0efca68bff7af5da40a9e109a8d68
SHA1 a8f2dd1f97a9dc8821f799fdb45a72bc9fdf2d2e
SHA256 d6026c1fb28dacea812c4beb1851d432612de954d9ee67d1f3bd591dc644edbf
SHA512 2119d0581b5f61eab03f09499c3f4480764a3297e0e7806386e68c821c9c5b2815c5746cfd644d13d6d756945ac668522f8723dba763cd4f7425de7874af57de

C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Bronze_Shapes_Toolbar\is-0EEJO.tmp

MD5 f579f38d10b999cf8ee068a7a9cd4e49
SHA1 835ec7527ef00a37e93dc97f3c0d3528dbc7333b
SHA256 4eb8ff2ada51737686c65f83857b60403e2f8f7e7e3bbc0bc23ff38754474e60
SHA512 b454824b175629ccd1e0d0a62eaeeb7af69fbee32826d5fea39997f4e450c197fb735da1391936142990ad793ac340eabd6ac828a51f7d474a953ce015b4d3d6

C:\Program Files (x86)\Internet Download Manager\Toolbar\Helvet_3D_Light\is-JDM8E.tmp

MD5 f169301ad2bb62a7bfb63b4fed84bee9
SHA1 1cc64c46f7b7e185362a31ff020bb92e131bd56c
SHA256 46a1a0cac18c5369b69c12f6739c4ad7f3c07a693b164c489a65b7b394a1b328
SHA512 833b910a619dda54035f13eeb94edd0e06ce7122762010a392818864e48c9527a6cf1a7fb5740dd8be8e927ac2efdc40345696f5c329e8163edd217457fea632

C:\Program Files (x86)\Internet Download Manager\Toolbar\Helvet_3D_Light\is-QSFC2.tmp

MD5 d434414170264e41e2c1eaa41d242704
SHA1 e81e68db2db64ef7e4ae7cbfe056c73f1f019ca3
SHA256 9b7a789c5f088cd1c17d1b5110abb82830818fe9c15b89643d6dcde3e3267e63
SHA512 68e4b37f3651e8e5e4a0f9e4944db0fd02b94eea601e9539e08a6be2c23c0f36cdf3ee9e1a65f79cee17e4741435cb16a72d8688730c5069e1033e5147815647

C:\Program Files (x86)\Internet Download Manager\Toolbar\Helvet_3D_Light\is-TPNB7.tmp

MD5 b854409cf6c473296c17acca5d4b3aee
SHA1 b41ae6a8d831096b6cf47a25b084af0a768f9ab9
SHA256 4a54c62e75b0c3d124655204d1e189cff1f12baeeebb4a9942bcd1b7b416210c
SHA512 5912589ee7c27ca4fe77b97dcd1b8e9ad56a34886ff053a6159bf1ee7cad5458f5f99d39c186c4c1b3aad73e82d1710b86bc0fab49d8862d0135c0694ac10c8f

C:\Program Files (x86)\Internet Download Manager\Toolbar\Helvet_3D_Light\is-IKGHU.tmp

MD5 df1042f9fbcbd8106103b2fb966a073b
SHA1 7c84fa9d039d17a27eddb0b392f60afbda01ff9c
SHA256 3f6f6b0f19fff7251f539e75dab0e39163af65280d43a7d8d241a3348ed04809
SHA512 26414c441746e22a7057f64285142330ed6b0ebdc95c694de0790aa1e577f90a875639aef9f1337398f677c0380798125dd73b11fb5e07c30d252ca3506bf38c

C:\Program Files (x86)\Internet Download Manager\Toolbar\Helvet_3D_Light\is-AJRKM.tmp

MD5 06bcaad3d4adb2902ad7b25bdde4feb8
SHA1 545a8d360e02c9fe0ac4ba4f00cd2fcf6fd56aea
SHA256 76d7cb8059b4c9fb5948e8d428fd9571214f399986b4cd3a3ae9bdf32c77638d
SHA512 26fff7fa68fe6098d9361fc4cb7255fcbda88f3d9d3c71997a158bac9c6b6b1d85ade43fb10106e115bfce66600436b6e74b00059498cc7a6b265398e75462e1

C:\Program Files (x86)\Internet Download Manager\Toolbar\PT LIGHT\is-D583C.tmp

MD5 fd1afb95a1c2b91f358befcdcf46fe20
SHA1 24753bd9e266c688aa2c5c8612eec1deb44c754c
SHA256 4a6880a580b1eda105ea70b2b815855ec6507c3419ff8a90d893c10bf563652b
SHA512 4953137cb1716a5b4e8179a9e582af21259c576501222cf172b31304c142ab871926c8e187447d4b113c6eee0156afbff4cc76c540fffe17b4e51836e21f5c36

C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\BITMAP\is-0JM6D.tmp

MD5 349068e195a8126123437b2062e70920
SHA1 2920fee331c54e9102ec0acad2ecc95a4b516fcf
SHA256 b18e40529e5428531c6243072e4f735087e419c02b7a4f95dea87d7a96b87be1
SHA512 b5e9cf1993bce064e48299e7750a269123bb6e1b07bcc2598a81877509e2d6cc011341f46dd51b18e6bce1ad08666a9c25fa838a9d99021598c8058990ca105c

C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\BITMAP\is-BPSPE.tmp

MD5 89e66e0bf99b9c86a9fcd71e1b3095e3
SHA1 4add1ebffc7ab1f8745fd18d9058a04a032454b6
SHA256 20c3bfea40854a4ff0017b6857a9df967e5387c391bf293f5bd745f4c5b5167b
SHA512 1f42fd2b9d270024c376c9a4c255491e2f51da3c7904e29edadead175ecc555efdc205ae2e38ca1eef3b45c73cb3d127b7caf4c7bede944b2c52d5dd06ac244d

C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\BITMAP\is-SR8HA.tmp

MD5 f3edea40718be6979ef4aaa6319e140b
SHA1 ff0db7c6ef388adfa5d7f246c15d5b0b4d71b863
SHA256 0d5c2d3336e80011aede7fcb2418ad4fd4b86379d9fe777325d301beebadd4b4
SHA512 52f0c03c24df06fc5beefa47c829eb12d2da8d67a0b59b2454d6ffdd8585c0307ed7879a39e940f697d180a27c9e04eed663b2670f67df66cdd668346d10cb0e

C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\BITMAP\is-R03P7.tmp

MD5 c6647c55a052ba5651c1167466ec82a1
SHA1 d0ce62f432d2ad300b556fa9ab1e45d01b242e75
SHA256 ebd59efbf6e29b8f66192c49eb66d456d1e70e994f7be21372edf14b41b5804b
SHA512 3357c71afc4ea93779a3743cf1575ac4aeb2a9a9c05478f6b22e7a3ef633d8dc61ca76585c582cb9875ef06191e04d9f80f26230d77f34f2ba9f393b623286c8

C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\BITMAP\is-7V19U.tmp

MD5 9c76daf8ba483ee558bce348e4d8a88b
SHA1 d7cc996e8d91611fb4f40d118fd24fc53bb41992
SHA256 f9c14db70fece40ff7afa6d313342e589402f0d2cb8edd1e763514947d5deea7
SHA512 9d622bb0f2e57d0e0a02fd0897cab22e0595a58d140d3a1a31db10fb28995fc9cfa081d7abf885e9d9228efa1d0535fa57e2c5a203433f97d5e6cf8bed7177b9

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

MD5 62795ae7719665941123918a7236f85b
SHA1 9725d01b2df81c214863d48800206f2ce6738a39
SHA256 103f0e8b96baaf9fc5f80e9f07f3a0a1c3ff4d0b3cdcb1bd72bfbfc3d4404854
SHA512 50218417034336e028505943457c6f8402d4eb4f079894f0e8354f1e18b6f7f29a9ebbe58cb2a69b2e03c704c30a98f8bb4a8a09c6885bb759bb6c11acf43ccd

C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll

MD5 b94d0711637b322b8aa1fb96250c86b6
SHA1 4f555862896014b856763f3d667bce14ce137c8b
SHA256 38ac192d707f3ec697dd5fe01a0c6fc424184793df729f427c0cf5dfab6705fe
SHA512 72cdb05b4f45e9053ae2d12334dae412e415aebd018568c522fa5fe0f94dd26c7fe7bb81ccd8d6c7b5b42c795b3207dffa6345b8db24ce17beb601829e37a369

C:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll

MD5 d04845fab1c667c04458d0a981f3898e
SHA1 f30267bb7037a11669605c614fb92734be998677
SHA256 33a8a6b9413d60a38237bafc4c331dfebf0bf64f8057abc335b4a6a6b95c9381
SHA512 ccd166dbe9aaba3795963af7d63b1a561de90153c2eaefb12f3e9f9ddebd9b1f7861ee76f45b4ef19d41ca514f3796e98b3c3660596730be8d8eb9e1048ef59e

C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

MD5 23efcfffee040fdc1786add815ccdf0a
SHA1 0d535387c904eba74e3cb83745cb4a230c6e0944
SHA256 9a9989644213043f2cfff177b907ef2bdd496c2f65803d8f158eae9034918878
SHA512 cf69ed7af446a83c084b3bd4b0a3dbb5f013d93013cd7f2369fc8a075fe05db511cfe6b6afdef78026f551b53ad0cb7c786193c579b7f868dd0840b53dbb5e9f

C:\Program Files (x86)\Internet Download Manager\idmfsa.dll

MD5 235f64226fcd9926fb3a64a4bf6f4cc8
SHA1 8f7339ca7577ff80e3df5f231c3c2c69f20a412a
SHA256 6f0ed0a7a21e73811675e8a13d35c7daa6309214477296a07fe52a3d477578ad
SHA512 9c6be540cffb43211e464656c16cb0f6f88fb7224087b690ca910acbd433eaf5479508f088b6e6b5437dd260923e26dd928a861db6a3ce76607ad9e77628262d

C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll

MD5 a3c44204992e307d121df09dd6a1577c
SHA1 9482d8ffda34904b1dfd0226b374d1db41ca093d
SHA256 48e5c5916f100880e68c9e667c4457eb0065c5c7ab40fb6d85028fd23d3e4838
SHA512 f700cf7accab0333bc412f68cdcfb25d68c693a27829bc38a655d52cb313552b59f9243fc51357e9dccd92863deecb529cc68adbc40387aad1437d625fd577f1

C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll

MD5 13c99cbf0e66d5a8003a650c5642ca30
SHA1 70f161151cd768a45509aff91996046e04e1ac2d
SHA256 8a51ece1c4c8bcb8c56ca10cb9d97bff0dfe75052412a8d8d970a5eb6933427b
SHA512 f3733ef2074f97768c196ad662565b28e9463c2c8cf768166fed95350b21c2eb6845d945778c251093c00c65d7a879186843eb334a8321b9956738d9257ce432

C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll

MD5 597164da15b26114e7f1136965533d72
SHA1 9eeaa7f7de2d04415b8c435a82ee7eea7bbf5c8a
SHA256 117abaeb27451944c72ffee804e674046c58d769bd2e940c71e66edec0725bd1
SHA512 7a2d31a1342286e1164f80c6da3a9c07418ebeafb9b4d5b702c0f03065ee26949da22193eb403c8aeec012b6f1c5ff21179104943943302972492fcdccc850d9

C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

MD5 e032a50d2cf9c5bf6ff602c1855d5a08
SHA1 f1292134eaad69b611a3d7e99c5a317c191468aa
SHA256 d0c6d455d067e8717efe2cfb9bdcbeae27b48830fe77e9d45c351fbfb164716d
SHA512 77099b44e4822b4a556b4ea6417cf0a131ffb5ee65c3f7537ab4cdc9939f806b15d21972ea4d14a0d95cf946013b9997a9127d798016f68bcd957bbffdab6c11

C:\Program Files (x86)\Internet Download Manager\idmantypeinfo.tlb

MD5 60adb0ad984d5c3a4289ced459913963
SHA1 f8508d53a8d9d46e7e437a9f9c04dbfaf4d69519
SHA256 d421d11ef7cf2b766ca6fbc8e837912b2100339c686d48ca56f650649f7b9343
SHA512 2ca09a3b971218fc7116871d854a44e1c1a7abb16afca73bcbfa1e92fda1b8cf82e9b93c3dbc7b4e0efb9e31874b8ac592f151b08428bf1281a8a8d977e3a3fb

C:\Program Files (x86)\Internet Download Manager\IDMShellExt.dll

MD5 8ebbfdc893b3449ce9940e078e8a87ea
SHA1 def9a44b6901f33b0d6d06963a4b60bfa4327ae0
SHA256 211930e13a1270450388be5ca4e8a049f71710c53bc3983772e3613224190812
SHA512 b4cb33739f928d3e17eff33bf0692d49f446637bcbd1bdbdd243120c3e46537b254e62668cddc50bfccb9d52f8bde57b1bb45a26cb5dcec1e101bebaec703b5d

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\cleanup.bat

MD5 0bb8f20436afb6421dd5bfe3cdcb4f94
SHA1 37b066245155d552cd1fa3c77f62d12a102ed29d
SHA256 cc424e1b87501bde3d757e1ef3426fe4bdee47860928783131812aafee310ff1
SHA512 d616cbbdfacb5157ce80b36fcbe8bec862dc5e52ccf7b49d4ef8d503967229a2f69fa73916236022ae5f2a57e5e63a568c90ae1b80b081ffeb34c49ec3e7f28e

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 ce6923e0a128befb893ed1faa54f769c
SHA1 b8358e796fdc5ad6e7a067fbd0a63fe693cb7187
SHA256 8b52d569c6890ca059af3c52e8d429fe1fde3daa863442b52bd4285b32e21d16
SHA512 74419ffdab82185155ad9a6357934e0aaeb0716d96c6f9a07d8af13ae933b2ce32971a2249a22e6b97117afdd6489f265309f512375810a447bb3d953008e2bf

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 3cb81b8859026c88f5d02bf3d43fce36
SHA1 803f3c07e4c5a8052585f49bceff27c7992a91fd
SHA256 849a8c5d827f0affa97c0d2bd03004fa6ebf13f093f9bf40c65ee7ea1cdd4cba
SHA512 b38690c0ce1bd4a2234199131eaee70397001562524403123001a65f0e9ebb18ba8f8e71be721d2e1e130d08f60151ac56502ed808fccedf07b5867e1f70a495

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 de0ed02198404d5269901d49492b22d1
SHA1 0bc04e509ccc9894efacd9bf9409c1283183805f
SHA256 12c9004fb10709eecdf946f6696adeaf8f5e9f29c4f75d1ad262e28acc54f056
SHA512 1f07de5c45531ad15383a7e050c31becbdc8d7cf8946bda138c33374219e93b443c81976edf36171368adca2fade47a6f47788184974011b9c46f34eb2f755d8

C:\Program Files (x86)\Internet Download Manager\IDMNetMon64.dll

MD5 5345fabd49deafd284269de1fd003742
SHA1 07d9dc8a998a7c9cb5b2ff2c03d1465dc5d6466b
SHA256 ee42dbcc43db64aca668f6f27d6ddc857a38a1bfc3d29dac4a5171852a77e31c
SHA512 9c4465416dc1440cf25543b250579bfd754d63b6a2b3a0f3056bd6aefc77593d158c81139f988ca8b098722ba4908654c47495497ae101feb047989a58769090

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 a2aa721ab315822cc2be546c2aba2fa3
SHA1 31b722fb31f99124acc6c2fad3de0230442f9622
SHA256 fc312eb9a166cc33265535013cf667b34ed3802913990d1284dd0232603ff939
SHA512 1ec90d0adda9621af120bb3c938b1850a88f536e2d24dd8dfa49f7547ab7f8a849b8558946a2f5573c1fb9ef07247cb916ab92cfbd35a3340b03c52515c6606b

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 8f6e07c45b55e50ffb72ece18c6a7065
SHA1 769fbc22d6012588953eda668fb8d84dcd371957
SHA256 03a8814526deb1f3bcb7d30a8e4a3281629c248fa648ff7994a2fa3f795c3be4
SHA512 38ac4a8967b78edd73de0dbf8b958f88eeaeee9431d879140648ffea190ed3535ea0c87414880877eda3f5378ca2ccb65d97c5640aaade84bf3610f0c25c3e15

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 0d3b2b46b4e8c57f52dbc1785e4c2073
SHA1 2d6af4ff10d801ce0764228cff6eb74500deab3b
SHA256 be612790b8a20f236f6ae2b0eccff6ca40c372b4fff07d7cb74abcb1ebb33fb0
SHA512 7c429d3dc246eca25b9a2062fe6c71e5fbb16c3044e488a1fc96779489bb285bca8bb997e876c86de37955dcaeb6770a20cc69d128c0cdd15477a421cf828931

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 07c561166c14286951b2311ebbb4f257
SHA1 845fd8afaaec23fb0ebdf17d32d04af9b6fe54fc
SHA256 18571d1dccad4ea0ea2c6bb9c2bb7d376e92ac19df32a9b0f63032ef98cf0580
SHA512 e5a9000beb40878a88122e94c8795d4ea8f4341000d8f179fe8eaad1acb61b2d91fb97267b4addc01373d9e652dc45d50281c50f6ed95488660cad3f7eb22991

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 6d765aba13850775974f7c54abe60905
SHA1 e036c6b7253d15d633ab19599d9e21722fb058d7
SHA256 1be47b4a7508928c9079054985752b1891e835c6dc2ebe453d05d82d95902d1e
SHA512 8db3f7d99a69410e85af5e1f154d4bca217010f551e6ed9eef75d06927e8abf6ae33fae0db959a8457292883f24c8ea5dbd721b8f3afe52d6c8f4d7a663ba5d1

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 49e568c0843caff61b0c83bfa456159b
SHA1 3c803c7c3a9fc2b2f0ae9c630e0ac7a2081cc184
SHA256 6e654a55102c29b4ac61d4482b28a03e57206675e25850a68a0b7bd94a215af9
SHA512 b214f0798f70c5d59e06030e70467db9109ce919bfa40da22bdcd96464dff8c191f23d2c78af77abf83ea397e4008e2a254b1ce6f02415e61e968df73fd85d55

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 694a6c5aad01abbfbcfad5ed9dfd5c2f
SHA1 4b78abd6b5a759bdd1fd198b6709dd1a78821873
SHA256 765d39516932b0cfc57b7a3fb6c5cf57718999008a99b0608f8ce4dc2de0d16b
SHA512 18a55ff497a4aabca908a024be5cc4f33094fc1a9816caa7fcdf562a8a0989d59d8a1c99e3bad2bff03d29c6d09381f3661723d742a22bb90dc2dfb3f2a3774d

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 8e2d27200cee957f8287bb3975490fbe
SHA1 514d1e8af2b9b8f9cb0cb97b8bef28e463577c27
SHA256 836a4a27c5a9cc6365bec8c64bc8ecf85bbbaa2b9419bf3643758e20b0654040
SHA512 e5ddfeb38e776b19d7e3872d976a527ddb601d09e332150a90a29a5435a08b0f6723e11251f985fc5fa0650bb6f91b3396902f842cfcd42063d2aaf7354f74af

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 15154b8758eac9c5ddda2b0202396116
SHA1 c774f7eeeafcc0f0b9ee3ff3a0a310747592ff53
SHA256 79ebba395cb9643e387fc21c689287dd344e654e18ca08045714ebb189509f54
SHA512 af4f2c65676789205a6798e689baa88744e47e8651943b48e88716823975fba72c8c6fca519d91c87cdd9ab701440aa8291d6616c68503bae742410113682c3b

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 27ad61809e5a7a5f04828ed2d0fb0453
SHA1 c8c120c72200182ab9324348dcf1da5904cc871e
SHA256 b6bfba427a97f037d4e31fabac70b19361b9b1d8005d4be9f037a95c1f6ac180
SHA512 43145afece933ebf9d08902bdbcd3a4089769128228e2a68ea7b2ee6c3b5eaefbf63d04364a162bebac5dc789ff290754942cf465907c3c4f69e1216635f0b87

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 f751f8b9874b58e2dad83692513879fd
SHA1 622d6cd13f6cbb9a1bd1a8ee9dd86fec5408dae3
SHA256 02d22562137c78c4f567dccc33ed93b69e528de241d1fb58f6a651877bfe1a50
SHA512 44be14da23c036f419e166f3c6550453965451c2915060ad641ee65746e90c7a9538bbb043810fa33048c026479a0f306d98cf91e6340ea072f0007e0b393611

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 ba9c8e90697ce5cb03dbabf3f03f487b
SHA1 ab2db7698b10312f7d451799444aeaf667dab027
SHA256 d034a3d22ee3ef6e7ab9c655b2205d0812773c728affbb3f5ce709003467f401
SHA512 d67ef6ffa3caeed966059b66101e2c8009ba4d538006d73fcdc481b1324836f8b9508fca50f3e71d8c36058a5c8e134ea24cac8ff280464c514985eee03378ed

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 f5d12b3e033b24968a308802dc89fa1a
SHA1 6d2d3ad51fed46a69a9de572d8aecdf3de844664
SHA256 60a7ae9304343a73bb8a3d86ec0628091baba76cd52ea0944ff79b38e2c15b5c
SHA512 a8873bad7c47ed8d9ab0a7c697c761159448e8ffcea716062402ea79881fb35058ea5044c482894852413d666a282b5139f77b0b6bfd55d49580ffca162b213d

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 a6efacf9817b2161908cc71f3e1a0b65
SHA1 47d4c0c2cbe4267bc6ab01ed6b682ce119ff21fc
SHA256 bb7a268a9de71f82f1749747129429be5e28824990c171655f73abe35b6f4f9a
SHA512 9b160685af10b1120599b24c00fc22b3e609146beea6ef1e47179e3d5dd8e08bd900fa88e762f0b95d7f9a5037046238953d79dc01a0468aeb6e71a4d3b90879

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 3190970ad64b32a58fec7013abf92b48
SHA1 55b92971f9df9ee1e9f624c028cafbb848541e28
SHA256 012c9ebb62f2c9604d3e1bcc1a89136b39b9da06d09cc22e099bc4dddd5b8cea
SHA512 93eccb34c4ffd675f809099683b4fcb39bdf158a9c75d8ff93c6820f0bf8e6342cdd15749171351e8b188e6f25b5dcf2fd001c57d99dde2078de39e358122f43

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 3d649694bee2a458403b83d8601f1b9b
SHA1 24968d1713f1282d322deb384f58456a61ee6353
SHA256 166f067c6160e0bb227fe85ac6e7f9ca1d62e5e17b74b3c7a6e8960b976dd1cc
SHA512 65af621ddb030d141cb2da4a91768a66c9aae43d4fb2560278e75665f02513892ea9240a0a1f10d0fd9505ee6f0aeada6ba9aa96921987a971fc46665537d487

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 0e3fad69e864996c57757c5269091134
SHA1 3e0d9689f1df8d4ab0bb643fcbff9c1e53c9f611
SHA256 0df968f9e90c5e09885002a71b5e13b3f4b2f9f333e08de78d2fec54c127dd17
SHA512 d1400221a66b92bde9ce4baeabe338e4f67b96d9788674c1ca0f81ddf83d443556f9da16c52e4301156da02d3b1a5592ed395230495ee96bf9d664d8eee87da7

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 05715f67b807f5ad45e1f4cbf1c7f44a
SHA1 3179636b5bb9d0b186e592f00349f61a35544057
SHA256 98e759579c554f9359fe14b22451eba19bd10e20d88d640df1d82ac85ccc7872
SHA512 45296e1fa87407d2aebd694541d6f26c96530b0ae59f28546a6758099bc504faae271d7644d76002978a203ab5271d50fdce5efab8141589159c05b8e2f49086

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 df8c3eec62a5f61e7eb0e9da9615ffb6
SHA1 6a8727b8b9292b5032ea02ea8b92d628022719f5
SHA256 4b1595ce9b6c2de99ca0afbe71de2fc985624b42aa2a921e602edcdcb50b6183
SHA512 79edb5f0c3c746501012c8449d30f357f0195e4fcf4f30b3f69e86d0a9ce2392f7c988917a4c441bebf5b3de7bc4840f66e4d2950a2f81fd55d18d6ec70b9152

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 3b8a65a81bbee5dca8dad4b3abbae915
SHA1 70ace1a66c28b136763ce42fc18cda933d326b19
SHA256 cac42e45141aa585f9466f4b15922d12329e6df3ec170fba1f04897cadad7907
SHA512 6a60034a38aeb004cf23878eb2efe80ed46688e1fb8511a5c7a82fc9cad491b3b39bb5e160d9b040a3833c7a448c26a9c01698aa210e6c7422cd02032a005547

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 66afcae1cb00ac3aedf8bb4606e6f7ac
SHA1 d8c1de68177e3ce8ae3e778cf082cd6d23a751d0
SHA256 56118699f039be0839f9f41170693186f3ef1013be5ddd426896d9606adff4c9
SHA512 1358be6b31b3d64d59063c9b741efcc872f0f7a81e0580133a8e7c9f2b921d15edc6c35c6dd9d57512513890eb0f9c9e3c8ffbf8a50aa469c39fe58b5b5ef318

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 f65059de0eca81e802f1fbc78e721af8
SHA1 ff81e16d33900c392628d0b1040304b57e5c8cb7
SHA256 58eaf64c0fd09fb79e41cf9c0acaec77a511042d11ab7516ef173e57739e91f2
SHA512 9964e826f6d68faa67f5ce0824e25129f9a195822a06cfbaf57fed46b6c50a6951379b8542a0d2713cedf6fcdfa35e0e170d1290a22bf040392c7f5adccb314d

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 80457dce4d534415077dee2b2eef358e
SHA1 c8b1a406a09a63397c12200682e23c5250da2288
SHA256 130683aa2e6f73f32ac45d35d09f595aad8b8c4e24ba0561e6f26f8273a4c2a3
SHA512 b08b1f846675ded1eebb8fa49dde43f9bdef48c30364cdd1500e97bd1e2920d63641755410de15dc5c1a0c50abe6dd6c511e60f60cb62dc88038d5d25463da3b

C:\Users\Admin\AppData\Local\Temp\is-Q59EQ.tmp\permdel.txt

MD5 9f527ea82c251ea04b3f18cefa1965b3
SHA1 340e6f86c405ab939aff26733e9c576e7ef60457
SHA256 566fbf7f1bb00b5ad4a41541b1f1537ed7388d67485cf6eb2b5df2ecd05f3cd9
SHA512 de4d32bde404ed999ff037d108521af8a4ae4dc81b78a08ff91350bcd5645474e38bfd1be1482bbdb4540853a8425d6af8bff770c5d651c8d8d49f36c572eb78

memory/4612-1125-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{ad3bcc6a-0393-c24f-b4ba-14c70ce13f98}\SETB2C5.tmp

MD5 7d55ad6b428320f191ed8529701ac2fa
SHA1 515c36115e6eba2699afbf196ae929f56dc8fe4c
SHA256 753a1386e7b37ee313db908183afe7238f1a2aec5e6c1e59e9c11d471b6aaa8d
SHA512 a260aae4ff4f064b10388d88bb0cb9ea547ed0bc02c88dc1770935207e0429471d8cd60fcc5f9ee51ecd34767bf7d44c75ea6fbe427c39cc4114aad25100f40d

C:\Users\Admin\AppData\Local\Temp\{ad3bcc6a-0393-c24f-b4ba-14c70ce13f98}\idmwfp.cat

MD5 d5e0819228c5c2fbee1130b39f5908f3
SHA1 ce83de8e675bfbca775a45030518c2cf6315e175
SHA256 52818c67be219bc3b05c58b40e51b99a65c2f4bcafe38a995610b4ec10928def
SHA512 bb397004f2256db781385de3e7e7b7993be8fbb2cb701ead99a7878c2bcca6c9ae4a7aa61c329aeeb6711c8c74081e971e85af38af6b32b58888c932fd51d218

C:\Users\Admin\AppData\Local\Temp\{ad3bcc6a-0393-c24f-b4ba-14c70ce13f98}\SETB2C7.tmp

MD5 f8f346d967dcb225c417c4cf3ab217a0
SHA1 daca3954f2a882f220b862993b0d5ddf0f207e34
SHA256 a54e0ac05254a464180e30f21a6b26651e7495427353bba9c246ba1d2388e7cc
SHA512 760c2914f3e937a2a3443a032cf74b68b6d24d082d0f50d65058a0fd87d8eeab229fb8d3105e442f0b3b0b2f3824439981951266425512e51e7ff36669a652fa

memory/4612-1188-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Program Files (x86)\Internet Download Manager\idmcchandler2.dll

MD5 36b618f848d6dda620bf0b151eacf02d
SHA1 fce4b8bacd1b764c01051603e6548f8b458ee2b8
SHA256 1450146b904919474ef6d528b20a672a33a32afc4a1e40f69d515b523d72fa19
SHA512 b5cbadaa41ac4cfd634c6a7546a4d25116ea33b88f9d5136f2b8982299f3dc50b18b01b0afde4efa4a0fa28b48d539a4039196d9a983c43b4b4cd8395ec4d31b

C:\Program Files (x86)\Internet Download Manager\idmcchandler2_64.dll

MD5 5012ea14f13dd58ffeb14553824d8ebb
SHA1 416009ed1d66d9e19e6a5d0e45f90923892c94e1
SHA256 59ac02f5a0644bf56b7ad7e2b48fc8f89083f8cfe12a0a93f63163a5573a876f
SHA512 d86880353c24cff8580b799afcbe3e5319a2d454bb72fdad37f950d4470b51b3adf46e685bcae49111de6864543d5a51a6849e804cd32e292cabdb6d9c443617

memory/2016-1222-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\pending_pings\b67eec86-d680-47a0-accd-8a848e7a6dbf

MD5 2baae39e24dd14056c3626ef7cf60d14
SHA1 e43ec44b82f948a5ec368e1220276275d7a0519d
SHA256 362a8531721ef74663c60330e0f7f25756b7988e38d5664f526499cb1453dd5a
SHA512 815c473f3a8209bda56058b4ee0630a0263f8bdce9d407cb106bd1e7a24a38be03453c5ad5d8bd7b920618117502e68d8689b831d07e395cea747a1d309d5b21

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\pending_pings\3167b498-2998-4f7f-a44e-9f126355aeaf

MD5 634d4ddff81eea92f1649d33c162c8d9
SHA1 6c809ed0c890b5c7c1e0b2542db9c50a1b6011c6
SHA256 94059eef2f475dabf80ca35e4b40b12559356618bf4112ea6c8bb4a0862943d4
SHA512 fa54bea1a45d75c6d0a18ca445ff8547cee31bd2ad0158366ec4f6243516b2315d58ad2d9e82d6561716f330023953969ea331bb0c6a2586baeab2f987e49766

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\db\data.safe.tmp

MD5 6e355468d12a937ddfc1e0f5196cf8d5
SHA1 fd4fc15fc13b98e45b1681b49986be109769cf9d
SHA256 b74f9a08d8c749d892c8cf77332ccbffddccd12e9c544b2c59b0db51945325ae
SHA512 c80e6837fb7c1202d53a48b5349eeb78126292a69d93eb662a2a2a42cc239968067ea4c43b470c83d48ed187d54010a2f5b58b7ce55f9b41eab6bcbfba85325a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\db\data.safe.tmp

MD5 0b85426eb7e7e214989e8f37cb876a50
SHA1 0a73e018fc39c9b2843bc2289cb207ef5a65315d
SHA256 3264ca2f1a74b385febb0701a8f936ef5af135b8fbe247374b790bc96aa9232b
SHA512 fbb483711474fcc375cbdb775751dcdf45952115765eedbbc27a788a164d1dc6b19e45263417d071143a0c9bba4d064c25bbd87641d84b67ab01ee3ac3035c13

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\AlternateServices.bin

MD5 f670d0d783f79d3c10a29956a620daaa
SHA1 7f5f6606daf6c8e9ae25306a88ea54819eecf22b
SHA256 78dbdf0461a5958c213592d0cd20d18a3886501a0905da44b36830c2644038cd
SHA512 3ee9f91a448daf89077c4dbd4dfc8200a65295a2f0328a06af31ee64a3fe8921f6f5f121ef74e14ffb034cda8872b0959345e1f5fb1019bccb72e74dee2ffa70

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\db\data.safe.tmp

MD5 a9ab32c5ace8d226f2d9829509735b79
SHA1 436a49acc2e822373fca215fa5861a63709077fa
SHA256 b8c772ffba0a22d5fbfea7c5316db474427d97542c51b343c1e2b35caf1d412c
SHA512 801ffaf705655adc0e2321958c67337e45e35f4b5d73093aeb93e4d887de955a6685801e43e3e26fb972ffb1a0637f754ff06992ddcfb6d3f07d8874c209fc03

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\sessionCheckpoints.json

MD5 29ce37dc02c78bbe2e5284d350fae004
SHA1 bab97d5908ea6592aef6b46cee1ded6f34693fa2
SHA256 1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693
SHA512 53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\prefs-1.js

MD5 1782dd196968d79a9845378c00809a49
SHA1 44c6cf401f4dd5a5d47d6565d361bd2cbe2acb0a
SHA256 926e1f9e885c427724f76b74beed3523c6a7152a818739c703f1a900862d0475
SHA512 25847c0613579de63e7d2cca39cd838939db3f7988c7804d163b6e5709f4afe5a99a7e26a7f7c1a540db2fe931b3abbf1d5799a00edab34ac926a6324fa9b541

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\oil2g1jl.default-release\datareporting\glean\db\data.safe.tmp

MD5 f03eee2c7b740b15a59a92ca938a740c
SHA1 436a52773d15caa28e1543566728eb263dfe3d0d
SHA256 4180b00291d2bb6babb0d2621dc89c4df9fbb9f39efc7b603207e9ad10880712
SHA512 ae32bb4437af89b98a53fbf1e7d3378ffe4c17a39c92c7db7ea0bab729844c742dd6e4cae7f3d2a1455f0b4cb00d53c4102ac29bcbefc97a543cce828ab818ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b5710c39b3d1cd6dd0e5d30fbe1146d6
SHA1 bf018f8a3e87605bfeca89d5a71776bfc8de0b47
SHA256 770d04df1484883a18accb258ecfa407d328c32c0ccbd8866c1203c5dfb4981f
SHA512 0f868e4ce284984662d8f0ff6e76f1a53e074a7223122a75efa7bb90d0204bc59bee4b36c215d219a03707c642e13f5efce0c3c57f46659a0cb1e7fd2f4d3cf1

memory/3340-1687-0x0000000000400000-0x00000000004F7000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 8d5e555f6429eb64461265a024abf016
SHA1 05a5dca6408d473d82fe45ebc8e4843653ad55af
SHA256 0344fd65882ba51695a10e1312e65f08d58afca83771c9d545e181829d6b5ed1
SHA512 be5edfdcda1ba0db9fbab48ee1b643f1b03821e24048892d18033094fec14171035179e987a08dd91a1c25d91d9256837a4105f6765afd225a868f3e95050b8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a148adf579780085acda3c3bad551e2e
SHA1 0fc67be5958f616ecfdd24b10f0ac5f64d764fb7
SHA256 2b18f688e2dd205e90345688e5713a8a6a4f0c0d74fb5984a2c369279ecc7db8
SHA512 738ccfda6cb9fdc18388a4f0e7e45774d3ebbe6cdc54d00513cbac81537908bd7a6d1801c13d4508affe41cea6ff06b8df7186ec4d25b5559820ea51c06ad1c2

C:\Users\Admin\AppData\Local\Temp\scoped_dir2764_493629874\IDMEdgeExt.crx

MD5 eb5bbcebb1efb56f963e1587dc07194a
SHA1 c5a828cc48bbd55a28226e1415452bbcb7699faa
SHA256 88ee51cb2d1f12d2619d3a58d374dc3b01a963435cddc2baa7c9cfefae41038b
SHA512 60ebfdafd956e24f0a845c65d6ca46ff81c3d08c39b20c18bf39089211929512881f95da92a205cc75daabb78d3af17522ea1438d53aebf0406d689bbfad1910

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\images\logoTonec.gif

MD5 6e4056f446760596daedaf491677dc79
SHA1 d9feefea1026f3dbd4291c89e8ecacf3063c35f0
SHA256 4a7aa9148bffa220e01ea106dfaec432a42d8d55005ada6b6f47bc058dcc6a50
SHA512 b6e9e7dd8ae7f4f42930897749cb51a3533f3917d833ac5742c55321e1cefede5207065c5f8029a484a5daeab6b1ccb671a86cc637b99c4d0edc0ee82b6552c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\images\logo48.png

MD5 db62e2d1fd58479a202a2960ec34324d
SHA1 de520c26686c91afcb761affcf86871ad64df325
SHA256 4212312c4f644bea0df9c087b050b1498ce4ba0d6638f17b9fc6de7c6989208a
SHA512 1ad847586ba0b8a2ec8868662f39b9064897f7a0a0713a29fff403b45c07a657f1c91378c6b625ed35e67446da7bb575282292a95e3a773450573d929fcb1935

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\images\logo32x.png

MD5 db77f12d007d66dc85410708e9322101
SHA1 f9a197b8212607080e8f20c2a19d03aa25a849a0
SHA256 16181b64e00841b68cf605a5e39d7fd56e24499825b404fe4fb3b477e56e84e8
SHA512 b4abc4b6c20b59a12a656d63bd5d0b3cc96f2e152bb143fa913fe667511cdd66382b62b959436d5f5a1511fa3bc1957eb9e4a61729b008ff5aba8286c8a8fde8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\images\logo32.png

MD5 bb9aea32e19d24434a230266ddfb57a7
SHA1 8415ba204fa39963bae23dd55e92f2189d814b7d
SHA256 10f14189da507005bafa0493783b56a8494782c6accf553edb706a26e771491e
SHA512 d1076f1edee2f9626243297dd3c255d707ca95d81d2fcaccbd43432b9bc3a26712943fdbff1f4f1bdca5a0b66bd9de91867753fda8bd889e6d98df6ef7c445bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\images\logo16x.png

MD5 d08e20877841e7e4ea062ce36be215f3
SHA1 5cfcdd563622c8e26d6bfbec4d2288a698a78235
SHA256 feb1f8ba850388cde225fc9d9a9bc6f27ce84eb399d3bf8b7422e0cb31ae467a
SHA512 fee0ae9e1c0b4adbd5d2e2bd9581d2df6cb290ff2f29d0f09636bb8fdb0c044d82b5488b3d58169cc2a23282bfb0713e82545da5a9709f39cce6b75d62b53c92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\images\logo16.png

MD5 1d87ff5077134df7cec7aa8e93773348
SHA1 e0273177937d5a5a31c3f7d5b3de67d6b7928fca
SHA256 c44c37dc5c69959f778dae6eb3732bb10b25e2500dcd2a015932b1cce9989de2
SHA512 1961570758e34df0b2e922196b8ec9d19c59d2ec8d1824f581332dbaff4ab2f849be9a9f67062db24553003a234c9b5f9a139bf736d023f6c3f169b10de117e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\images\logo128.png

MD5 427ccebefe1fb4d54646bf943ad425c8
SHA1 0265f9dc3877e047342e93b82b29f51b41207bc1
SHA256 335ea79ef3140c7d63cd43cd525162bb96191e68001e9cebfa5b697af6b1f371
SHA512 4b605dbc51565b56570f2b9b1821ccdfbcf672def2d358f4a0373cc4d98747d617381c85fbda41b57d67756cd0dada058a4c9013d729990589a568c753de05e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\images\headTitle.gif

MD5 e9af99a1872673931704fb5f3fb92594
SHA1 7cb8514946c779b1769bb30ec43c7ee67e010053
SHA256 46a531f88a1e5682b4f5f5eab6003a3e12e9bdaeb95e1d0421fc2f4c6553cecf
SHA512 1ef67094db4c3872d581b7de7676cec9749cc9d55f24bbfc97aebfd79c5614c7628d3646eff15e93b6cc186a0877a487583f83bfcea5459d7a8f5ebec9a2d189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\images\headBkgd.gif

MD5 60a7f0b520cf9984e66fcc2daeaa91d7
SHA1 217b1e8b0238f60ffc498e4d370d9032a4060919
SHA256 a022ded24e2e2b5e8c0388109f4617647b72a9a06540f438b0243985aa3fc43e
SHA512 a5ed7a0b109735610cffbddccabd0a376e26e823a73e4e23269a1b784cc1e0409f4a8ef092292b85ab92dee8c0c0df1158c7082d91653edefe9435c0a3e11654

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\ar\messages.json

MD5 316729234a3ac2cd022c7e14afa21bf2
SHA1 29a4ac4e32d413a7976ba43de7119274f78e9468
SHA256 5973951d6113e9419f006895978465117f0ce04b13bb0a40c97c37c403b9d6d1
SHA512 ccb898b4f7ae09456d3149b0b49ac46eaee34199f99faaf7d76265c815e67f279b6c285304dfbfa4544eea547a1a2c25d7f9241a63abba3dd1aae7e7036a3f2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\de\messages.json

MD5 a37cdfdbd6e8681688e8881a58450e0d
SHA1 5d4396cc85db229a957cb9f251f307f70b344af0
SHA256 3c3560309e09d5cd91d53a946c943f7e4322e825cb16de27c4d5d1c050319d36
SHA512 9a25b11b53c512b06d57a74a15c62d9099606a805f6408841f542c1c383192f69a980243ba373958528fe713c8f03ec380cd39e47c30a4ed9f11fe6d206953e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\en\messages.json

MD5 b8e6bcbcf876da1bb693d8dfe401034a
SHA1 1d23b94d68d06be519579fcf21b19e77f3b8218e
SHA256 4bde9375572bea04b287d9811d02ab5cc93ae8f2118f6b803275899644bb5dc4
SHA512 598bf44814f4a8edc8de7402c81e7aa0e92e3922c92deea913035974f573ccaa2b192b412c3fd0cf78d2f03e916aa3929421837b09ee2e2fc45b366e2319be5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\es\messages.json

MD5 ad5865b4f0521ba33c9f1d407206604a
SHA1 8511009ecf4b6ea05c9bbba7b40f2105e5a8792b
SHA256 dfa2def6ebbf1ccf735edafa507bce95ed624ecccd91717949e96f58d40898db
SHA512 f2c3203a4c25a892e8dae509ffd4913600032a45d4e79a4545bd3f3d21da4b9fe87d690af27d96634012cfa6b402f5d7ee1684accd6019f815a144fccf714315

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\fa\messages.json

MD5 124c759a6b544aeaa3ddccaae1f664da
SHA1 b8e862bb661481505f739d6ea9be26ebd323cc5c
SHA256 70145621753a3149757fcc320c567ddccc61f1ceb833720acdadc4fb09c6253c
SHA512 2fcbef0627320765e4d4574732bfa7ce11c3ea16acc25d4940dc1db2a58c0064fc052e7c05c83643f2bc9b7fda6fd140ffd9e6d4228be9ae731a2b54871d2faf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\fr\messages.json

MD5 4c2fd7bd9cb993c04431f837fdbe5625
SHA1 4ba7a6db75aa09463c4ef1f7d3bc99577f536cf0
SHA256 8b1136aa83c0958c70b5a97494be380807a1cf5e45662d2d0c74b7073075bc9f
SHA512 e6f6520f9e00f3278bb0d9fa2df091625d484845abf04fabeecfea53d1fd37e222ec4fceb9591ea0f872fb97ee531256dd09172f898c65997563d0a9a3df5984

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\he\messages.json

MD5 031e9d83ceb124f494825619516a366d
SHA1 4452f54252ba866a0fe967b3993facf878312a19
SHA256 b41d5287c8d6b1bad251235e16ed223ad31fd008990d9359ad50358d77a5991d
SHA512 740027bfc6009acf759f48bd103785b39cdf85d3c0dc42dce21e287d8866fad95ab02a0057fccc5431663cb5024a9ab5ff7456094a78f4d48a2c080720a59840

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\it\messages.json

MD5 6574bc8ded7edf138849067b429884d9
SHA1 b9d505181b3d1859ba539398404a803cd43aad44
SHA256 df620776b2f3b24c1f189f281524741894608d49bfbfe1dd7a7ad438e1f74498
SHA512 db9c84d6800ec13fce9395c8945a13d971a2c3b6442c069ea866a3e3389df33104b73b28e1a316d9a8c07c6f2beb73db6cfcd05df854c209570b880b2d46e45b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\nl\messages.json

MD5 86b261d778578167451c624dc1059433
SHA1 b7a4733f71798f2dc16d7ccdc1ef8698d6e44ae5
SHA256 8e4959947f9781f8aaf253049b60ee0ba341571a745fd20c6a6c0033ca7991d9
SHA512 82ea33b09bf5753d2f0e8b9f3fccd92d4ac10d6031d485d6b5ff64f5b33f8687eccd24e72afb10b2d4b669f07e8baf8ca37fce7d78865615962864690bc5d69e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\pl\messages.json

MD5 5fa7badad40df7eb7c06ad09236b5879
SHA1 a34bf283d450b24859c4440cc96845af01775991
SHA256 7162e18acd5f67a3e321fcde0dc75290c7c73c551732d733c74e377bf46fcc75
SHA512 9c5e6a4afbae3a2900e6bb1f1a555ceb9f576609aa7f0355b186038e7c50544f2e165bacf7f192a9ce2629f0bd6ad8b63997317b6050c5af5c023bcde7bb1a03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\pt\messages.json

MD5 d2d89ca6b8ae9de14095638a7bb5420b
SHA1 3218700dc976a1d4b8d573e3cc058e2e17ac7912
SHA256 d1bb1e348b413035ddd754e1dd8fb5fac215ad8bcb6c91bda2e80ff738725e59
SHA512 2582b7af7f486bd9f61eb73d152daac7a95a2f7c1113d6304abf00454225dec8d5dfc5203cab4875dd5d46b67b711d63afe4a7d6cd9d8207f9c917c7fa483153

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\ru\messages.json

MD5 0ac84c85f1d33150420cd13c867638d2
SHA1 606f4710a91315a624fec867dd610ba367a6ff54
SHA256 140208963c850e7d3d5e4ec7099f56c866e32a16894432f28ff873f431f4f95b
SHA512 a5f8ab879999550fb636bfe8fe36f471108086cafd821d23b944f5ae1974f4a7f0922cb7e25ec1982f86a1d8666ef86862bf7422ef5584bcc2c6541ee560f3c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\th\messages.json

MD5 e83a81a3231e50662ddfef250df24419
SHA1 4a78cbf15b850f666b78b49f530aba05ebfd0d69
SHA256 e306358b32d1211dcbe7cc76768ef253810a97637bb6543b97c8e2a77154afa0
SHA512 16d47906e1403847fe9ceb14352b022f9b8859f65ed25e7198e5efaabb5d41911f2843eb3438128052c434da390118994629c40486975e01c0f9bd6b794a5c50

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\tr\messages.json

MD5 ceb790fba4deef44621daf55db59ccca
SHA1 cbebd28e055eb0f6f7dabb43f216da66f7f9126f
SHA256 fc7d9163f43427466fcca3e616a1a79bd0cb106ef4feb351d3d69c3a756d47fd
SHA512 f5920994902b693d5cc702c8f0dba359a6b5a4856e3f6cb46e06bd844f9d7b26e2fbe315abd4b55f873b8e0c3b2ab9ade99bdb3f5c169a5a35642fbf0e051137

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\vn\messages.json

MD5 5ea23e07638b34e63349b05bc9beeab9
SHA1 58fc80e95eea688a1ce7d8102037e9b269f830c7
SHA256 7ea73da3bd6130c6384e3e6fef25254dde6553a2977ab6e2793fc79ba137f672
SHA512 87b5333609446d7c54ddfb54d8de1fe2b46d4b106625c2edcb29589e8bc62d314031d17e7675c0c0f037d33c79a938588b098a63a521b0fe463d986eb8663535

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\zh_cn\messages.json

MD5 80cc71a810cb0428522ed833dd77033c
SHA1 8546622a02e78a963e3db81d4d12408ebf1e16a8
SHA256 3b24da8301abaf61b184f29b58d6f6b90191419e7eda40e292bb4594bbd46915
SHA512 e2e1c1aa0ba9a349847a96b745756bfe725e32d17994bba6cdc142c1d990bec19d23b708914bef428f4f11c49f9442c710f3205b7773ddd1b3f212d548aebb3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_locales\zh_tw\messages.json

MD5 80edc084829b7dddf5e573df1a786073
SHA1 78bc2089cefa71df213d0dd9ab4959c86ab242a2
SHA256 718af7b40e4238fd2f836a532fcd7e991e15ba4edba7feb6ac3ed851937c7c57
SHA512 485d35cd72cb4d1db095b9e82f1dcdf47026ca6b114c0abff2aa1dd228219679d0090e315b3fe80af25c98e3aafda44f0e3000e4167e50ce8ed91b4b85859014

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\_metadata\verified_contents.json

MD5 3362fb6e073cf2e9385a3c46959caee8
SHA1 54c918aff70f30756421f04afb7adb6ff910ea2a
SHA256 aa52b9eea4d9dfc3568745a1dc69db1a939de8d7c03180ac65a1e9606ff55cb7
SHA512 3e0f075ed06c6a12cffeb9b869f912a5b4000c0f34bcec5a7094bc510926df56eb7a513629d822eed7f6085463f1270c7ceb73ef05b5440d8810efe08135aadb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\welcome.js

MD5 062a825e6c487370fff1cbf455fe5c3b
SHA1 feca60e69f21b8f5c13ad5cff6812ff211fcfbf9
SHA256 ed9b0f5afa38d5ecf3ad2e4f28adbb37a97219bddebcabee8808d4b4bb91fabf
SHA512 f3086c951f70177d9744426e402d7289208de442ffa233d603bd6ccef5ad54cd1226db9f7d7259921e49d6aea6a9ebefa989076a42fc14dd2701ec87a636b6b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\welcome.html

MD5 10c353e38104dca78317ab4ac634032c
SHA1 227cd9d0347d6f0f19462e4291c9c945e06cb441
SHA256 eccb095eb043b1ab896876d293615d086e5fd7c0bbe553791b63761610a154a1
SHA512 28f38aff66b5e3e2b1cb363cbbac4fa46b55c82b09c9e32f763b8c9bfcaf512da602df83e68bba427cd3143b54c0f17afd470e5dbc95a043f4ac391b9d639f9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\manifest.json

MD5 5bc0831300dcd8c02dbbe8adb7ef6b5f
SHA1 ac06188a096d3b35e041e0e2f48fc2a4fbfbd369
SHA256 fe0e84f33aaa7549a85309c2ae52c14e7170c6d0de78dcf4f5f5035d5c78a699
SHA512 6d0fc1057850874d8b685415ee96ab62ab32617590ff58bbdba96ca5373f0ed56ed8fbef07987dc6678d4ef406ed13a8de12326aa52536370cab508bbb25fbb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\document.js

MD5 3b67cd7dd1b8c86a56e557db6431575f
SHA1 3029b95766c302a48d72a0c585d63380a24d2ec2
SHA256 486a44bf682a3ce4d25d89051dbd4c7af95cbc5d1fb4ec4aef0c7cf606efe2af
SHA512 ecb76d5ff543c37499365b8dddf3558e32486f5cc300fa057bf7ec280b169bad60663c679648d26d9d1b8f13bf1ce3d85cb919434f0a09b9e9704cbfb34b75e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\debug.js

MD5 2d114b6c8f72048ab789b63ea5ce81bc
SHA1 8494ac32138a4d666bef650c608565567c2bb8a6
SHA256 6f636c81bfd121cbfad707499276c6ed3f8f20cc2af22adadfb59a8b56bbf410
SHA512 60ae7267c6605c287ab3aeb79c98427f9a3d6d017529aacb27dc7c68a8f6bccc62507759d0d9a6ae4773d277c8d9d1a819adea7badf279eb4671d8cf15055732

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\captured.html

MD5 f35b53a857b516423ef2411e797fd966
SHA1 3b2261a6c72ab5325b8b6dc644154c0bb9cffcec
SHA256 2c387e39ab78ab8f283d623a16b946285cda96daf1ea86e20bc4baad68cfc49f
SHA512 10b0a8bfc957f6be3c3e54b3672938c7ec00dabe098ff751d4b36424dc76a2dcf1ccc02fc281e6d7d308376ad1288642125c8374cfff9511bc140b687c5dca55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\Temp\scoped_dir2764_1112959123\CRX_INSTALL\background.js

MD5 f4632c71080d62c1a5e8012f4e0d6c8e
SHA1 50d464721c585a0c7c47667ca2b2e53752588ba0
SHA256 d52c121b9f04df1fdbfb39e5f76197d1c76c280e8f49ce8b0bbde6e27485b4b4
SHA512 d50e244f242ff662cb3a496d15d1c08851958d059077a49f9a9a989a2629fbf47f236a3f905bf85068c674507935379acc0b4544569e1a30959388de1b911bda

C:\Users\Admin\AppData\Local\Temp\scoped_dir2764_493629874\CRX_INSTALL\content.js

MD5 3db5de1863bceb86acf3058c7b3ffc5b
SHA1 3fd08f5b25bdc00a89a60a5659153908639d1801
SHA256 a98cd0541844554eabe0c459a229e8af2bf244cbdfe5461b304055473cc47067
SHA512 77339a948a5ad772d770d878106f8ba538a87c012161f14ed084e71a87df6a415c47d5b2acb37fd2278b438dbdc098565c6b2e7279d210c3f19257336c22a549

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae2f010decca5a62a9fbe282bf2cf614
SHA1 4268a86319e0fcc098202111e8ea3b86bdce415d
SHA256 1a2d115fe4dabb8eae262b2433f7a46df33af0d2833bb3f375005b2d8565d570
SHA512 03701cc6c2d7c21b91b01c11a9087a44674ac88c4be9c93c6224f37aff2aa81f6b7e4c19033873774ecac6c3a8125271fbe509fdb873928489987216fe90656d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\47c02890-9682-4fa5-b780-a9f9b65c868e.tmp

MD5 138644d9bc458c489ebbf5c77940b289
SHA1 f406153f2d9f491fe90980ba0197ccb03a771862
SHA256 93f978a0c14159a37517ceb0d09c78da297f2127df96429f7a490bc72232b7e0
SHA512 3ef52eaf9218a346fb745a8c2299463e5f8fbd31d0a320cfb2c23b98f1a0f3601bb25a035ac5e1b14af344cd2a70934bd5fb3cd8c55f21e484a00d23c5994948

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 9af4489098ca2568cef06611f16d47a5
SHA1 2e06f423fedee3dec1c1de6b02a0aaf0fda3b81e
SHA256 78ae237dba33f661f13f9f9b5a649beeea1b4ef63836b9a91dabf340b59743bd
SHA512 bf17c3f21c1e06b15940a901a5773bc2134827c0efbab598e5d210363c793730c022ac205f0b2058818a17953d44f534f4ffa0e4cb8179cc64c7c6e9104f34c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5823371bab42064543250a063c1a060a
SHA1 2a3763a3bdece243af438428404194aa4c9bedb9
SHA256 761c6d93b98e63e0a7174492ec01e8584fa52a3c4c21417af800dc4e5e09d3fc
SHA512 762c1c98fbd64011ce8911ef55126793291ea348480eb87297271d94233a4ae90c1e51d0607b7274e1d48a4766e2d8efbcf0a7121a0434948917aaca17491dc6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f9071022a430ceef40f22d5a10e0e41b
SHA1 0e4af16672f00d9c282297c368045d51e0733b78
SHA256 be6c56d21b80f87cae04a8b2636f794cf523510e78435cec5ce3eee1af0336fe
SHA512 fa9e6fc178a6ca3bcef7243d71980aaafb3f2419d25c9eb0bc2a780c634a3750945e5fdcd9847209fac2fa4cf6486d9d66186e78753474363f659dae0656d515

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2a04fb58-46a5-4b50-89e9-6b897a61d3c1.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\scoped_dir1960_342780017\IDMGCExt.crx

MD5 91536191bada423aeddcfe918860e5e3
SHA1 3c860df8ec1754b0ecda036e38ff1b20977b7346
SHA256 448596128b87ed519e54c697db46cbee7eb6888988bb865bdc42a1c72fb60cd9
SHA512 0b089900efa11f1da0f1ad75ed92617275abe9970e31c953fe92d21b4933e0d4f7ebb185c145fba0c8ec8e71cb8e45abd114136529d1fb54085aced150e25685

C:\Users\Admin\AppData\Local\Temp\scoped_dir1960_342780017\CRX_INSTALL\_locales\en\messages.json

MD5 5bb644b3ec0ce71a634a74564b9fcf76
SHA1 1b06551fe5dadabe79f482b669394f12812e658d
SHA256 fb29434d9d4a9cd0089a6bec3e6bf16b47d2cf13e46671722530fbdf2e4a121e
SHA512 23acb95cb22876b4d6771d8443f32713aba4cfd55fbabd07b2d91ebe368d6d1dec6f2f7ec16513c138185a903b9c2be198e3ea1dfed66eabb6af5bad71cc46cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1960_877597157\CRX_INSTALL\_metadata\verified_contents.json

MD5 4a005baacf018f7d9d3d6abcf9bfe5c6
SHA1 3ac50eda8625caaa11da5b81aa16381c03a730c4
SHA256 cd4abdede576f0f52549b8eb334a388a27d08ad7b0c883db65f902a8c69c27a7
SHA512 1e0a2bd1232624b2f7ed2520f3959cce9a236c91e00bcc926e4d67717740614758fff784ee96872c934f446e3ad2bdf90314bcbc0c343f00343c1344ce6de0b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1960_877597157\CRX_INSTALL\images\logo48.png

MD5 6428039b339b3cd50f92887703571296
SHA1 53ee41fb6a2119931b69b58f7fe9b228fc707bbc
SHA256 dc3a19631b2ae4f35713ad12e4a74cf8782b77cc1373dbfa8f845e0bc14dd0a7
SHA512 6312ceed6cd7bd9e2121bbaf7f2894323043c423657e91863023d1efb5b6a3a4811b9c5e563d9265ab3aec0d06b9aba1eef7cc4500ea8b4760a650242b679ccf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1960_877597157\CRX_INSTALL\images\logo32.png

MD5 c5db346269e8bfaeeebf2a9c4de2a385
SHA1 d6ff911ca206bb87bd174b19dddb3bc7a0382a63
SHA256 d77726098f6b76e70b74446eb709b9ca17f211d91bbfd76886380f2b1686c6e4
SHA512 8c4a0d2de4c0425c6d884b8a7759e4ec01986cdbbc2e4bb3ed2c2c32df3a2cc00546a63dd295a2529a6223c3e6b237d8a118b9ad00e0162d798813571aad8e42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1960_877597157\CRX_INSTALL\images\logo128.png

MD5 9303af33dd162de94783558cced0175e
SHA1 70a49ea4dabaf8e653bb3fdbc039230c44fa443a
SHA256 81ea0b2363bd35019c95c1011c5e82842e97d8e96347819ba74b4d2b0660ff9f
SHA512 3bc07da5d5257ccd0b887e45bb3e916c74c9f48efd09973628801c5ac82cdfed3af8b2ad5e2e8a58191307200cb97d784da8cd6bddd604c6456e93809121cffa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir1960_877597157\CRX_INSTALL\manifest.json

MD5 0a65f266017a188e631d551210e4cd38
SHA1 e6ab1e4b4a1f8f28123802d0c23d0a919c606d41
SHA256 688133ea070d7aa601eb5e63f2f81619a0da60b379db1d3361c3aa5618de428e
SHA512 750bfd3b260d4fb45e93df0345077db91d68828b11cdb9cb1470ec9a6a2b240d7eaf319255fda034aa4c65b0d8d7266d7d261add0f1c20a330a5fee728bf48b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 44b3fedb9020dd440299d05612f72ccf
SHA1 4efe818d3ab9849697a75736d1575ec7b1e39cc7
SHA256 7cf5697d50ff84eeda1d2fc8a06523e8d4384ada7d352cdfc106407f994b6f6a
SHA512 93d3ff6aef1b2f4d1d1f1d7ce6a73a57e86f3b0a83716ac3ebaa7c9c9e9828685dbf06953aac92a942759ca577f90312a2d4800cf29f204ef999e95fa8776cb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 60ceb909fae75f2668908a2ebf1e34ab
SHA1 e6fdb781f3e932b6efbd858e7a5d1ea4ff5f844b
SHA256 1866d434de2a817e36fc7e8cf6bbbdec47c33020883b255ac777216aebb63081
SHA512 b85416102a5a82e862d70c894927e121a1c62438b82888752d9125caa2e53eed6df96ab72d79457d6311810c2032832c90b9e73e62b3a270144e4b4463efba90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5973e8f66def477fe88c0c2e486fe1f4
SHA1 f1ee6f8520583990ab2eccbbd98fe1b9ee8e0394
SHA256 6bbe6c3038c56c4d07ae180541b2acb1862fb2a182193229e21cf2d157ead5ac
SHA512 7efdb993f56eb3f7230b957691f51ec435fd7bdc05611d8e62f0c9c71daf9a13ae78285d18c5c5d383dc567788535de3abb2905ade8e9d23d8aa18bf35afc8b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 693b9b0bca451b2f777d9609ee5f0529
SHA1 578ad1209827e070c7189ec350e58ea1d5430019
SHA256 1b2eb91704f312761b5f195baa9034516aa2e26b9b2cb9c24ce8f88fcdbdf901
SHA512 fe49601174c1d09ad910079e51e4863ab4d374956e75e2dcd38d1b5445677021c617b6207da5978da925e76cebbfb208fc85b36f87ce3daa36cc100611da3b46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 4134a5d2a7343daf55a39aab1748624b
SHA1 c86e98b2dedaf6b71a4119308f5b0f239ea29c5a
SHA256 bcfc0b843f92cbdc6def281fd28e079437ef04e741746029ff1ac41e781a889e
SHA512 32acd5eb5366091a9531844b29eac134b89ba153f991bbfaba13613fb25bf78149b2d03e91bfd89c8c5d30f9d97deadad4086c662edb6b1e201a84255b4b3f19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aba8d3f432415c2e661713456ec42eb5
SHA1 1e373ea0b77e57e24ee807959ec19cef950a7b4d
SHA256 6cf6ee834fffe1094108dcf7e936877b678fb2c079401b2f4873ec53644ec9ab
SHA512 29c39f1910c175b4aee94a33b5fde4e2eb551797d348296b2e0eeb1ef6426854589a058ab8a38e37f4d8cc4974619a24f728f62c32fdd9c70a7bfe100a2a3d30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 528b852297456ff5b04a6fe3ccca37f8
SHA1 b9b2eff4974856c805f607183b7e30e8cbef9e95
SHA256 2a9881dfff4eea05ebaf9d07c9cedc3c741f82ed753ddc1ad595c013551a96fb
SHA512 672a64aaa6d4da9bc4aea5795fa63262d0c14f4d5acb5f42fa80b647c0a8bed385d8f9705d3e6caf537cd8e84e4f217559a32c5bac7ab42d4fcf218b821a2a10

memory/5168-2877-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 18e23a919c7e10f4ca7dc15de546880f
SHA1 2dfccde6a962939dc9ebc8e2457a74d6d31b78ef
SHA256 40725290172dc4b813079ef670c30dba2ecdce7ae3659c7a46031b6967f34027
SHA512 6f2e62499bd6be7b3187377a26bfd11afe127a32ab7f53645400df7e51b83ef5723919b8d76df3f200a354a5838bfc70963cc9b466390dce31ce4c4a1c9b3143

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 767520ab5e37fa9143f15052816ea7a6
SHA1 3577aa17ad14819319e5c2c1dac2be042dacf420
SHA256 ba4c4977228f4dca3c5ad5473beec3c04c967b0fb6e2c83d499bdd44d525880d
SHA512 72ef48744ca7e7fe69970340bc25f1f2866563e3932920514dcac8c29fb73c160ad9408a579ce5b6f88f9e28e084a740ace1ccd63be764f9e6d5479071be801a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 611374b30d71d4147dedcef83f93759a
SHA1 a20cd2e19acab5a8111cff5784f4e6e6030bfc67
SHA256 f4cb0b81b1f2722a988f82c3913ca2e91b92803935cf1b3779e82d1e2b40d269
SHA512 2c8d5f672a39db8100a38148b73425ae10fd71d17c166bc7ce2446541a404d79184619677023bf74820094b356dda56efa2b9afebd522b80ca500f1d95ebdbcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ffad6655c1d93a9c0aa3a07067efebb
SHA1 b8a4b1eae1b5256e29e23057da33ebe63a5863d5
SHA256 50fc846ca70fc742c9ceb999b8abda634f786ca90b6e73c7029ea4a6ccc18ca8
SHA512 d31f488c565a25b674c638b47bc3dd5d4affd5ec7557299d6c3a77e63c5de4f1657d1660f1f47e0b725e9b5463dda227a8d758ab1f1e197b0a68085d1d694fe4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3d824f37bfb35c51052af47e050bfbc5
SHA1 0e363d8e5622e9d494987cdf24bac11353f3d49e
SHA256 afbfb4d37349e1111e8a0681ac54a91f8566058a9f90040c85417f28e445df0a
SHA512 26f965e316a2c34fca810251fdcbcf29088e38ccccf88bddc51d2205e69a04aed7df5cdb3ccdc3964360563b03d3814df6927f1c114751cfcfee6091db9e2f44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 38e9b8230b586aa1cf5c26b3dfae9732
SHA1 62b4769d3a81f98b63088905bf0ce87267352a28
SHA256 39332642ad7b7d827f284a7c6870ffb92586d5a6cc5000b56879c700f3a2d264
SHA512 ed4e11b60f3f1068bdad9a96398991197f440d7aa353f420fae5d0e5e8faa561e2cd687bf0c7c0419e67c4ddecf4cde44b4f4da16b2f626a621dc1f0d9dcee08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 beb5631cf7c6979ea7d16574dc1d448a
SHA1 9137855ecc7f8c193082b3f307da5eb8efa210ad
SHA256 5d0aa461b56e6bb871590f4ca5cba772b1730af3fbd7ae300b3436976d15a3f3
SHA512 81181d0dd1d15d8b97a6a64b7734f63b2b597d539c47c2f3b7e0198f4585dc7749827de7dffa7e5d491017d191c734b97e6731e5b19d421f9ced66e2a6e8d4a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35435bb3559ea324f6fee34fab7c47d9
SHA1 497523cd431b1ca0756de54312c4c3574b01f157
SHA256 523e1946678cf220abfdda3c2adc184a0b26ac9303acbe524d0ab991e7fd9556
SHA512 e07f6c01632b2e3eacca0932c29e3c13fa9dfc786823413a2db82070b9d81821a002ede75d7085cb000de1ca1b25efd5c521072885ff049671dbe672055f3788

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b1282b490d4683a72ead4f3b6aecfb7f
SHA1 be4faba3e60355daf588727569a9ef4389d6bf0d
SHA256 766f2da46239156333878853552105325a469a674203b9d8d8d6a01a2ade60be
SHA512 ebb9e93fce9c6ebebb3219d70c4ecfacda08dc32cfc8e15d4d2f3ccfe4320e53559343b01d4d9bfd232098f84b6964ed3a9a28f802ee4f533d72ae806d9a63a3

C:\Users\Admin\AppData\Roaming\IDM\DwnlData\Admin\checkspeed_3\checkspeed_3.log

MD5 fd7dc36e1c36c7b0ffe26b96c6f84757
SHA1 abeb41848accd5c7708b9d4ff266c936a4488602
SHA256 3816480205f5ea3dee4fa105fb5eaee4a4af1dc8ad8dc7ced56d0f55db03b361
SHA512 2513242ebf685427d9657a4a36612193b54c26c5fc941efb555df390b9633ef3ebf1b86613b49f73eb65ab0e065a3687f1ac38345f745353681a898b3868a752

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb7461453542a34dc2526a8f2562adda
SHA1 b2f5198c2a8b39885317569d0be68dc4efd475ac
SHA256 35b2dfb97cbb3ea4082bb8ec7642bdccf26879e21748ea478da2ff658478b64b
SHA512 be6554d72b86511eb6c0bffc5ce9c53dd1f10f7ef7c3a9e509fb5887018563bd3c6ef40eba8c8b6737a20929bf179f54ead4da8be76c6623b9b21aee7b0e75ed

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e66d2d52d7188c58db86043e459b1ea
SHA1 b72571caac84e13e1db245631867d944350fda7e
SHA256 46227c43e2d34ef66ced5eab67d83efac5fba04fa11828fa7a8184478b6b1cd9
SHA512 bc7d20b9392ce3dfab82dec1bce3a2d4f03d5018cfd7897a302eda118dfb1bf7840dd8429df54286a77627ec4ce2adff1cc435dd5d164a81f5caa9ebdb3aaab7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9ffd2ce35727ac125f62d7cf1acccdd7
SHA1 053bf6eceff38a5ab5a68a0f77c05fead1f20c27
SHA256 70c4b8380497c5ab0eecf0d2b063190c3ab772a7f7c10d25c0e7fb487f8e20bc
SHA512 22c060b0ef551de49260cd5d10bc4da22aecf86995863ed0e13fa30b2d8bf145e92f74e12c0e7a6c4a951c1f47a4b55011b38727d64feeb9ff21192091c8148a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4eceafb22799b247a4507336b2e29ec4
SHA1 1086af62493e94324b09cde76a3f0ebdff5328c0
SHA256 fbcf0b0423d17b4a7407826774be110c395d1ebc58cbd3872c6ee01b349df30c
SHA512 bf9f373c5694848cbc93f84ec7fc001de7b3adc24cadf8bd52e9f38390f3f389582dc6442299596ef0ca206605ba97238e42a40b222ac690654e4053a3eab7e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31e7f7bb1ecaef33ecbe4edb40bcba64
SHA1 cd5afdc4eebbd1b1837caef397e616282aa914dc
SHA256 b4c947938df9e029b92ddbef780aca02e09009de57a4ceb564b9ca094f7af41c
SHA512 de68a1b27c63f659b30be0e2fe6e6369eed4653c4c78c504a69371946a8ec9b88623c4a5f974d85ebfcacc00ab33bcb7caa4fb0850b7085676115128543806c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 628e93ba00e75339651b563c3719c544
SHA1 139ad3cce7cf3019fe3d01fd7676de8f1080970b
SHA256 5c07f0fa21e65558eef74f1d77058e304b5860645e71efc0cedd71ae50808c6e
SHA512 e463a9cc76fc0069677f516e1d5f3ac29eef3b049b0bd6aaae67a1ea45fde4cc1d7aa23643c56ee1561f73a5f8113727de95e5055927cb6e64259abded86ed0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e0c3d81af807f4f8cd67322321677c6
SHA1 f24fda1a1ae22ddc07d42b57acb4a48a166cf017
SHA256 73ee02291c1d8ce33fd47820e8d7ca6ef4818d16d11af5063901bbdc2ec92c3c
SHA512 9143d7ecc0508f8e15f866b38ecc012eec276683f858e6dc2a432061cd538c62aad9b791ab9ff42b6b8d70d2184f50733e885a3f88c87022375244038797ca23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aeebb3a40d67d5d10d236736437c78f8
SHA1 fde4e33f91aea50d85353383b92d689eb8c42a4f
SHA256 40451c1d031eeb9740410a1ec88b345a7ade2eade5012f3ea85716c53c2d3a96
SHA512 4ede97185e2bdd531fafa3926109eee9a096b118c0c5ff8314dcd536bc46ed165a41981ae780e5b91e7e0bf115cd97897ba341c4d0722f7440952b7a778f5abd