Analysis Overview
SHA256
d4c4d48a220bf66e92299cd4a0890d6a492ed0cafae7ca112e4707ec6bfb9055
Threat Level: Shows suspicious behavior
The file Internet Download Manager 6.42 Build 10.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Registers COM server for autorun
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Checks installed software on the system
Installs/modifies Browser Helper Object
AutoIT Executable
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Modifies registry class
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-05 12:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-05 12:40
Reported
2024-06-05 12:43
Platform
win7-20240508-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\kur\IDM1.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Loads dropped DLL
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMGetAll64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
Checks installed software on the system
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Kinghaze\kur\IDM1.tmp | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_hi.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11\Windows 11-Small_Disabled.bmp | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_large_3.bmp | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_chn.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_gu.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_it.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_chn.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_dk.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11\Windows 11-Small_Normal.bmp | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_de.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMVMPrs.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMVMPrs64.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMGCExt59.crx | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\Office Flat-Small_Hot.bmp | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\grabber.chm | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmftype.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_hi.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_kr.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_es.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_be.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_th.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_cz.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmmkb.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IEExt.htm | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_th.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_vn.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_bg.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmantypeinfo.tlb | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmtdi64.sys | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ar.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_th.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmwfp32.sys | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_ba.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat Dark\Office Flat Dark-Large_Hot.bmp | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_pl.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_kr.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_jp.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_es.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ptbr.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_mn.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmfsa.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_chn2.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_fa.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_hu.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_az.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_be.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_iw.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\openssl-license.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_sk.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\Office Flat-Small_Disabled.bmp | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_sr.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_tr.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ge.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\libssl.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_ar.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppName = "IDMan.exe" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\Policy = "3" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppName = "idmBroker.exe" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\Elevation\Enabled = "1" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0 | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage.1\CLSID | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\idmBroker.OptionsReader\CurVer | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID\ = "IDMGetAll.IDMAllLinksProcessor" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj\CurVer | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\ = "IDMIECC 1.0 Type Library" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID\ = "IDMIECC.IDMHelperLinksStorage.1" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor\CLSID\ = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32 | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor\CLSID | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.VLinkProcessor\CLSID\ = "{CDD67718-A430-4AB9-A939-83D9074B0038}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}\ = "ICIDMLinkTransmitter2" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\TypeLib\Version = "1.0" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}\TypeLib | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\TypeLib | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ = "IIDMEFSAgent" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ = "IDMAllLinksProcessor Class" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32 | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr.1\ = "IDMDwnlMgr Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32\ = "\"C:\\Program Files (x86)\\Internet Download Manager\\idmBroker.exe\"" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0 | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\ = "IIDMHelperLinksStorage" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor.1\ = "V2LinkProcessor Class" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\idmfsa.dll" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{0F947660-8606-420A-BAC6-51B84DD22A47} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\TypeLib\Version = "1.0" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\TypeLib\ = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID\ = "DownlWithIDM.VLinkProcessor" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor\CurVer\ = "DownlWithIDM.V2LinkProcessor.1" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\FLAGS | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.VLinkProcessor.1\ = "VLinkProcessor Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\ = "V2LinkProcessor Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0 | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.VLinkProcessor.1 | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage\ = "IDMHelperLinksStorage Class" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}\TypeLib | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor\CLSID\ = "{4764030F-2733-45B9-AE62-3D1F4F6F2861}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0 | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\TypeLib\Version = "1.0" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0 | C:\Kinghaze\kur\IDM1.tmp | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\whoami.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Kinghaze\kur\IDM1.tmp | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42 Build 10.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42 Build 10.exe
"C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42 Build 10.exe"
C:\Kinghaze\Kur.exe
"C:\Kinghaze\Kur.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Kinghaze\Fixer.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c whoami /user /fo list
C:\Windows\SysWOW64\whoami.exe
whoami /user /fo list
C:\Windows\SysWOW64\reg.exe
reg query HKU\S-1-5-19
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMan.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IEMonitor.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMGrHlp.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "idmBroker.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMMsgHost.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "MediumILStart.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMIntegrator64.exe" /F
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Internet Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Internet Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Internet Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Wow6432Node\Internet Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\Internet Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\Internet Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Wow6432Node\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\DownloadManager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\DownloadManager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\DownloadManager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Wow6432Node\DownloadManager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Wow6432Node\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Wow6432Node\DownloadManager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Wow6432Node\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\DownloadManager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\DownloadManager"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\DownloadManager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM" /ve /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM" /v "MData" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM" /v "Model" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM" /v "Therad" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU" /ve /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU" /v "MData" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU" /v "Model" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU" /v "Therad" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "FName" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "LName" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "Email" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "Serial" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "CheckUpdtVM" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "tvfrdt" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "LstCheck" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "scansk" /f
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\Software\Wow6432Node\Internet Download Manager" /v "LstCheck" /t REG_SZ /d "12/12/60" /f
C:\Windows\SysWOW64\reg.exe
reg import none.reg
C:\Windows\SysWOW64\reg.exe
reg import none.reg
C:\Windows\SysWOW64\reg.exe
reg import none.reg
C:\Windows\SysWOW64\reg.exe
reg import none.reg
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMan.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IEMonitor.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMGrHlp.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "idmBroker.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMMsgHost.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "MediumILStart.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMIntegrator64.exe" /F
C:\Kinghaze\kur\IDM1.tmp
C:\Kinghaze\kur\IDM1.tmp -d "C:\Kinghaze\kur\" -skdlgs
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
"C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr /onsilentsetup
Network
Files
\Kinghaze\Kur.exe
| MD5 | f13cdf6118ba395dd85622da49e5a844 |
| SHA1 | 3bd306d5da3e946d3e74acbc2c1069dcf7c8f38b |
| SHA256 | f4e88f5253f3135162e6e4017220da0f3cadefba93b6a2162be2d52d3fef716d |
| SHA512 | efd0a129c84578be72574065652fc4049daf3d11b9a19a09b7e22391826464135c89776e610b57911693c298ddd4a7bed90bea3a1294032a8c09d2c0c98c9fea |
C:\Kinghaze\Fixer.bat
| MD5 | 78abe55d9c080e77673d3606084638fe |
| SHA1 | 4e3d110f5b74274a6c03057a4935d7283aad095d |
| SHA256 | d97ce135813a9518da60b431010d1ca9a2c6da619e5c8b33aeae841eda75a1f2 |
| SHA512 | 8ca6da899001022cf5e9bca41c765d5d2bd3cb09c2ab24588ba70ae261a095ad09bc460b9b3a583e312d10dd8ea35597c0bcbfb4e13e18a3d23decd6db220b96 |
C:\Kinghaze\none.reg
| MD5 | b0c6e428ed305e3746e3d645dde25dce |
| SHA1 | da343144b6373eff688c3a862f570c13875b18c6 |
| SHA256 | d84682d9f64af201e8f640f76c22a1428beac567ff2ea5abfe4f5eb48c124759 |
| SHA512 | bdb491175beca4bf38e9b568471067e8e5d0122763fdd28c86f8e145001695387ff2dd4b61c585d2ca002bdee1c50fe1e458cd947eacf49eb16349eec2580dad |
C:\Kinghaze\none.reg
| MD5 | a103a85812072ea02a496104a725fef6 |
| SHA1 | 2abdb0806cadf925ef75698eac175077927b46d8 |
| SHA256 | e2793c8f43097756e0934b0c9fe2d045ea7958641edfffb26bf1423d28f06ec1 |
| SHA512 | 6fb81f25f018acfaff9377b9e03af4c10468032c0bb3ef7091e1e2d7f1ddf506ea880bfd5703a6d2f2872028bcde8e397eb40515ea88525b7bc825bbc6b5eddc |
C:\Kinghaze\none.reg
| MD5 | 2eb780a891db359c76e4c72938682270 |
| SHA1 | 43b592fb9fbea66e1f1f0be76fff8fbb7955ea01 |
| SHA256 | d7e77186324b6932810f55bb6f7bda9d858f750ed37f3bbc105078eec5f535bf |
| SHA512 | 3d8ed6cbfa788d32a9966ed1a8bcc637cf018be59d6505d9fb475b1dd09e5b9a561719a29b37ad8483aed782fd4f28223740d6ba67487ad35cb65104bc1b1c86 |
C:\Kinghaze\none.reg
| MD5 | 824bee3a1f58353f6d37aae8a1655c19 |
| SHA1 | 0fba0b6ecbc1ba561d233b5afff2e3825f7018f6 |
| SHA256 | 5956cbc6871c2ae460ba6b85d6b6933b38cfbc67c4fed7b3e1cb0cd7e2fb8cc5 |
| SHA512 | acc23eb623bcdf494a7db88e0facd7f0cdfe73dd14b579df277177287699201e17cd1babdde5cd7075f3489eafac53b395a3ce7a38155bb22f516ad70facc9cd |
C:\Kinghaze\kur\IDM1.tmp
| MD5 | 1229943ec58e8bd8cf3b1673dcbd4760 |
| SHA1 | 65d8b26a4b9b5762241f7d5393101f8b43065298 |
| SHA256 | ff3ce8900cc246ab15bbf6e2b418c08de39845735f47b724a59765ffeed66643 |
| SHA512 | fc2f5d4ee2e2498b0df5bcb6cef355dc8a11e37eed58dd88b0a306648639b47a3e5a4ea758c0911f9dd8e93c51f0c90938ca64f985a5c5dd8e5f62d946df6f42 |
C:\Kinghaze\kur\IDM0.tmp
| MD5 | 72f74dff454c0699064affb0c83f2c4d |
| SHA1 | 11a6509ae5863a5b7a6fcfa1694068591ae831fd |
| SHA256 | 5d33c887646e950545772f37bb8a3518b1929b435655303d9dd22d5f936a5cd1 |
| SHA512 | ff328f1a87a2a64bdd6ae1a3e98e11517ba7c455cb4b02f4f956b0909e9432db15a8faeebf19cd8117ea5eaf8b4b47169969e1bca6952e7e362bf2f2a5b2f7e8 |
C:\Kinghaze\kur\IDM100.tmp
| MD5 | 09959ee223c5d34c82f1efb8bc8233cb |
| SHA1 | 2b320bbc34583a3dd2129ffc161e0ec3cc643c3f |
| SHA256 | 1fdb0d5b31e080084c82e0b773dafc7860fa860938b8baef6a4d7f5bde659f73 |
| SHA512 | 318246f0b01adce2028236f509f636d98dfe7166035470d06835c3ee0d3c634d3678b88f22bc510fdf1e5356c8d16ba1373b7c374c936ac03ce43f0a754050e4 |
C:\Kinghaze\kur\IDM114.tmp
| MD5 | 10d9220ea4e455276734e884e830a0d2 |
| SHA1 | 7c8dbbde28f5a2d7624f67fa487cb4a4f099b875 |
| SHA256 | e691ebadd8c6e7a07d9c8c931f4760f9aadd2b151019e4f17a76a1665057c9cb |
| SHA512 | 92e864d4eaba57046eb85da311f888290975752f9e0542452d4d486a7d5fcf66f16a5ae89dfe7ab90a4ee9fa03065b88ad9540e487ac4b434878a955bc2ecc0e |
C:\Kinghaze\kur\IDM116.tmp
| MD5 | 315404dc4d8e2a26fef80989e5f43c86 |
| SHA1 | 759438c21cb50133e42ccbc96c7b3cf6ecc41c40 |
| SHA256 | 4fa3de0d3cc3c4bbba684124d895c0f9398b4bf53284d41fdfb4665a78364542 |
| SHA512 | 9a174ea7308814155bde3c61b12f926d15ffbbdd88af5fcc146209916bd6c4d896c09194191b4a1bd1947b2551cbd761183f2be7dabe4e523533307a2db389f9 |
C:\Kinghaze\kur\IDM115.tmp
| MD5 | 5a23c19a88c035283ca65506f213d1ec |
| SHA1 | 39d96b424c53a49aed3f90431e029a4d6507b953 |
| SHA256 | 0fcdc63880b2eca559d7840874b1fa06f614bc29950ac0698b9e5b0abda150fa |
| SHA512 | 96e1717c6331df7da438c02131fe04fa0358db6cdee08725428243bc52de32d7e513fc0869b61a740effa7dbde501d52ac1c83f691a40245a6060657bed6976f |
C:\Kinghaze\kur\IDM113.tmp
| MD5 | c0a6fb25175d79b6da9b9b8c390166c2 |
| SHA1 | 43bc5c4dad7e04206ed011e1f74618d2be53d788 |
| SHA256 | d464e8e7c84cb2fc62eacf932e841bbd73c3294a37812ccee7ffbbb9e01572a6 |
| SHA512 | c50205681d3069f7fd1518d34eb124e8cefee879131fb4ffd967b71ac920bab486148d86e94e2c00f251cc34aa8c00e38f8eb61d69b7cdb6518f59e298a3a8c0 |
C:\Kinghaze\kur\IDM146.tmp
| MD5 | e09fe7f45c2a3bad80df3f4bb9aaade8 |
| SHA1 | 6cc4e6cd8025ef4ef459f928a1cd2ee36b05e07e |
| SHA256 | 1487a8fd4a297f7f0ce0ea7f1a2e763c2a09da298bc44c6b5e6c313f99371737 |
| SHA512 | 1702f41db27964afe4c8b73b3ec413fd4d6ba5e5cf90f35684525c82a0f94a9c9560a96c688443267b4c8cfa97520df78dcb09faf4a744c3a0add2919fc3256e |
C:\Kinghaze\kur\IDM145.tmp
| MD5 | be8c4c2c966f631521d6011f2a5d1d17 |
| SHA1 | fb93a804ec43c5a884ff263e0d01f36a1fb0ccfa |
| SHA256 | 62bfa9561cf29b3164b35af5b33a108ef18e8b5b7455e583078410ec160be4fd |
| SHA512 | f88ddee42b203516bce4f978b12c207f7fe0ddadde6d16af03752f55dfd07a3c9ae0f09c73f61e07e33b2fcb96650453d6b833e6ef48cc55cdb8a71da3ea6907 |
C:\Kinghaze\kur\IDM144.tmp
| MD5 | c7d10a7918d11626fb6c317b581ed710 |
| SHA1 | 44093be676fcc8f2bb22c0307a714fef8fdbcc90 |
| SHA256 | 63474fcb3d23202a24c74ac8db3b796d60df16db0244f2e03e7fded58bd32c11 |
| SHA512 | 4707c58f44dea8bd093299bc2eebc049f51f0eb9e545f323ae1f667edb8b10f71f761d4fe050dd382fd6e9e09a0ae9aa370a2aed2c4ec586639fecb18235abf0 |
C:\Kinghaze\kur\IDM143.tmp
| MD5 | 978fb0de82e723d0ef481015df08c5c3 |
| SHA1 | e2d66b7e496d50ba0141cfbdbe2707de2605bc02 |
| SHA256 | 3a5c70182a4a31c860295ab2931c34661a3c894dc02623ae6e2a70c9c378bac0 |
| SHA512 | 543ecfa27b6c80d110a43526f66775fca7f0f83e6434f3ec8883ec449d1ca89e5f21725cc44c169cc1a3cfb6a31d5d2267c340f29abe820514c762874679178c |
C:\Kinghaze\kur\IDM142.tmp
| MD5 | d6734b8edef0f3434491fc88321725bd |
| SHA1 | 1aeed4691070759527b75ae9ecc14f805b0ebb17 |
| SHA256 | f91b4aa4e481982de15f6b9fe55da271d36d5fa7253d2ac338f8357636c93a27 |
| SHA512 | 03733165a8cf5f0ae4ac0879dbe54d17d390fbd847b3a92ad0aacd60d322602b2adf4f117f0ae4e88c038bcbd335e0d59bed2a11bbf96ac3cfe08211d3d0dc78 |
C:\Kinghaze\kur\IDM141.tmp
| MD5 | 803c8f0293943ff6787e4f916a16aa0c |
| SHA1 | af9e60099e484dfcd781122e50d5b98483d72031 |
| SHA256 | 912b486f50f6735b9d2c14f5bedfb79647f570e13bbef2354604d350fe1d313f |
| SHA512 | 884bd336608f68997cb4ee246d164e075c807a52ca73bf79605363e8a227bf66fb8df95400aec6fa3db70ddd0d7d79554ab8d8fee14254cdf9b075af897eaf91 |
C:\Kinghaze\kur\IDM140.tmp
| MD5 | cdf183bcf9119628d0b7581770b68a98 |
| SHA1 | e0efaad4c048cb4990132fc7c0fc41fd3efb2068 |
| SHA256 | 4d3333604aad2a4888a6c2b665f6e61212398b8cd57ededa9fe1c38770d91e99 |
| SHA512 | 9cc2728d33248a345d75789f666b69e5ca91c7ad9a851c750d667cc2d30e41d2dd53443d1c69d5c850b8fcf642e84132c13e128119b7f8085bc6d22906a0e7f0 |
C:\Kinghaze\kur\IDM14.tmp
| MD5 | bab7d123e1132b376f939f2347508a1f |
| SHA1 | aea9ceca475ae9a2c81409dcedd3ae86de3f3701 |
| SHA256 | c72c0897eb3f38d0e921fb7c4201631894ef53b6f07015be37f506074ad60978 |
| SHA512 | 469d028c9521b3844ddc9cf13efc2b14ca03e0c244b4ad7e7c7cc9853677d6ef8cfe9f04418781e7c7b76c77e7e53969b0f22e1bb6e7fa5ab19bdd3fd7509479 |
C:\Kinghaze\kur\IDM139.tmp
| MD5 | dd4d1be80410b373616be80700a3285c |
| SHA1 | 1b22d3d829b1defbcb2ebb299c76990d380537a2 |
| SHA256 | e549814b7eff8d22a2ab0df9fc4113b7a1e3e72316531eff7ec01db52af61468 |
| SHA512 | 45de677072f83ee8cf798804a477f4f14bebee399fa38dd845278f53252a56c22ace0fee5b8caee5c6958c0c5610e74af504b3c137122d9f26fd02d8de71db27 |
C:\Kinghaze\kur\IDM138.tmp
| MD5 | 522a37ff4a5c743361e3b3b76e9afff3 |
| SHA1 | 9c4713eed8aaa23a6e927494ac98c0cdec42ca27 |
| SHA256 | e2eb949fd81c262d9295487b7055d951df012c7c27f86289d736a51317e3ec60 |
| SHA512 | 51aa3a39d05cffbd1a0d9518ff5e277856dd217a0da97fa269e8572cef315c3d7ff43e948eb1af332ff382328f9a3865041040e75a6c5970d2082b031714f7e7 |
C:\Kinghaze\kur\IDM137.tmp
| MD5 | fb9b951d72ac353bcc165f9996489227 |
| SHA1 | 1104756597f7b0a3359fd863794c1616be0a9eee |
| SHA256 | 4eef1fc6605ccc0b825f875835cdac67748f735150f35fc01fab35f2a9429f8a |
| SHA512 | 21c7d1298ab6b2792f7738c8169d0357567beb0132a6697f9976eeecd722f3d87442d20989e372ca7639b122f37d5f3752bb7b5a9039fa8d8721c4290054589e |
C:\Kinghaze\kur\IDM136.tmp
| MD5 | a963affefd74a0016595f9353617104b |
| SHA1 | 343991f6cee65f079d77fe3c0332c86ebeb36a22 |
| SHA256 | 2e6a262ece276654637daf6469c025ec6bb1c9037cbcd2fa62dc7f7602da570e |
| SHA512 | ff386df8a08707040e0a8a62a02f63b34afdd5e47720ba51165b07c8b36297d39aaf0e40cd5bc756dd4a2a40aed8c0e036ec4e0142e7f8b05f737b82e04f0302 |
C:\Kinghaze\kur\IDM135.tmp
| MD5 | 47220123da512c99d58fcb0c4b9fba78 |
| SHA1 | 799c6f3e665076a4964585700f34904baeb2afe8 |
| SHA256 | 35469c7f7d4c6e877a0101091f39ab4dd5abe81b2f6ba200d2c12c3f51614ac3 |
| SHA512 | 5bae79a8e8bfa6c26a5449f06a2aafa7e3fe808f3bfe82fb38626364f4d41b551782113b4994a777609741d1381740c39f1f93996bdca9f55c565e2208a0432b |
C:\Kinghaze\kur\IDM134.tmp
| MD5 | 04f3a70d39778fe45f4f843c3a29f7fd |
| SHA1 | 58e9091c862d23253daf7d1a727772fc823569c4 |
| SHA256 | 83ee6eadcad35ba8f4940522b41091c99b9ff32a4f4ccbc5a87aeb9a7d434465 |
| SHA512 | ffc8c96e8f30816188720bf0572ebe17ec60f9091e8fac20f7d47be50d7835b69dd83be12bf4ec6bdb14c2027ae22bb51866b72cc72a8751f6d34d870a34a885 |
C:\Kinghaze\kur\IDM133.tmp
| MD5 | cd4d559e7a343abc6809f1105f442a47 |
| SHA1 | 3d39b94b666a201bcb32b7c924fc8f1eea35d9b6 |
| SHA256 | 808477c0017cd5fd61f23566cf4fad3510574576996b1452b433e36f32948358 |
| SHA512 | 4fe990969944c55dc0e312097c5149e75ff9fa79bf611c9f07faefec8cdbdd1ba8799938479c4320c5dc5e128e69cea59f9bf08eb644db73c5856f086d44beca |
C:\Kinghaze\kur\IDM132.tmp
| MD5 | 29408778a5c37f6c924e36cf28257c81 |
| SHA1 | 60fc728c252c93b9cac87fe0c4f7ce5239021cd8 |
| SHA256 | 0dcc35a27b2e96d641d0db051baa9792de6f8190cb6e274ffb2fe81b8750c4e3 |
| SHA512 | 75cd6fe03d22d4189cf1aec4e3d434261bb41c6fc68f994ded7a77043ee6110de3552d51922806436371390c2d0259be08790b9d9afa97a6792967eb006dc445 |
C:\Kinghaze\kur\IDM131.tmp
| MD5 | c6ebbfa4dfb862e634a1ed8a8a63f075 |
| SHA1 | 1322df337e2248923db109700333cf6c66993698 |
| SHA256 | 1425f4ee30f57ed854248fba10621f4aef9b40cf109a31f46bf635e252010113 |
| SHA512 | 861a6a66438bdb93d5fb2f905fd71c4e9ef90a09f9a052219fbfd54d542def22a7dc57077212d3cf23cbc8070fd4660ecd959eabf2e18359eaecbe3b77de40ea |
C:\Kinghaze\kur\IDM130.tmp
| MD5 | e06774c6313f4f5abdf60196cc0ebd59 |
| SHA1 | b58f03e232703141c96ab14983141c911b5527a7 |
| SHA256 | c32b8827748a47e157a19327d109b47ca63fac76e95e0774fd8a2f8a3c6d8918 |
| SHA512 | 937de03a7c017d34d195d23b1966956577ecd4726f6d4b31e911815aebd1dbca9d6989bea8e67e6e813e758310a82e73d6f289c33876cba18f7787b8b1b82a44 |
C:\Kinghaze\kur\IDM13.tmp
| MD5 | bada3a913ebd74c3e1f6a226caf33219 |
| SHA1 | 8bca7c405a9c383b804d8e39ba930da2724490a0 |
| SHA256 | f637a5cba06120ec6c298418510912548f46d2ca0d5d456aa1a7de15abc3292b |
| SHA512 | 0a46d09288807f44d065854ea71a0f8fb3c46375521edf64c011ffb8821e6ec80a2ccf4d50fa5eb56d6b6ee62f84b85f3e3e1233dc0c768d3da48bfb5e30e5b1 |
C:\Kinghaze\kur\IDM129.tmp
| MD5 | e3b62d3ce0e7156a52abb2a98eeaee60 |
| SHA1 | fb1d1d40886288b7db6a0d690ed3892ad36b511e |
| SHA256 | 225fdf1269be2b83549c9da018c1b340b4b4973b6dfcd576ed15424762e0b816 |
| SHA512 | 805c9cc75b21dc505bc035ad384764f342e11ddd4f527c081b9fd01051c7374066e9bd3bd83820032c69175db3adc8c3e6765e6afcbcfd929e6955f2d11d2ca1 |
C:\Kinghaze\kur\IDM128.tmp
| MD5 | 1d527897b893bc09ee34fd15ba6a16fd |
| SHA1 | 833cccb2e8fd6fe86682878edb61f503fdb8cc59 |
| SHA256 | 67d8c83b0f7dc40c8987cacaee984fa4646f6d72b9daaae0fe6885687c5e08e1 |
| SHA512 | 6b4cb8bdf5c5786eafa539f7104e98fcaa9645280309320b9c3f2cb1868f109f275befc7e188ce37ce199eed9152dc771d64069bbe00f28cedf7260479853a5d |
C:\Kinghaze\kur\IDM127.tmp
| MD5 | 05b97bb7a5cdd449c401d0bdb4b588e7 |
| SHA1 | 25ad746379f2b8c160f408b0944d5bba4006ecc5 |
| SHA256 | f3af82662cd90b90ce0680bbb1fb8a4b998d63d0baf9bba8170723f53de1650c |
| SHA512 | 644d9f4640d53de7879a16fd0589b12b11d7aad2bd91d014798b2c763890b66517a96c8ecf1df1588f5a2a4c6e5b800e067928dc21192c317769e28332932d38 |
C:\Kinghaze\kur\IDM126.tmp
| MD5 | 0df14c520291989038f242a4a39ae22b |
| SHA1 | 17ac0f3dcae8cf71b35e13702c3c03b987ac853b |
| SHA256 | dba25a49adb88f675db26d2dc7a0fa9d4a5db2326858cb9d2515f6f34b8e0b65 |
| SHA512 | 6d7f5e3ade351d094437d2d41a69b476cc5b3b600d8a3b841c16f1a7219999a6787221874e632dede324f940b50c283c4099e9239dbbbfc2d779e9a545042013 |
C:\Kinghaze\kur\IDM125.tmp
| MD5 | 96b1fe730f29f1ef43359f2728748a6b |
| SHA1 | e2cc85ae70fc6a75dd949a9238bf08c18a0bd53c |
| SHA256 | 0ac59422dc451304111e6b37283d92298345a377c66d72ca6e100a330261323d |
| SHA512 | 28369a28090f99e94d6e1d35906d5ccb4f4f24ba2ed0467fa1a7c3dafb1bfb7827a517314bbad3060cd55b646d463012deec986d9460f10e501ac437a200d8cd |
C:\Kinghaze\kur\IDM124.tmp
| MD5 | 3e5462e655fd43743f506865400a7f06 |
| SHA1 | 25f1d4ee7dde6170ba789b9d73125baf2466565d |
| SHA256 | 5163fb25c922618452c17f66cea4d2c70fb9f52346070a2c5852c7599357e556 |
| SHA512 | 6d395473b8e9799aa82a44079ad016c9fdd77903fc13d607a81616609238fe43836262e7c32c25a9d9b1c148e7778cc0a2484185799498d4c8d1ba79a7ff9e22 |
C:\Kinghaze\kur\IDM123.tmp
| MD5 | a6af356c272c8ca00a1642a3c36d96eb |
| SHA1 | 1777e2f786e15618ce0a814b9aa760751dff8ace |
| SHA256 | 7cbcd19ec17184459c2cacf7b5faa70b22625072f753e0061e9dfc358971d0cf |
| SHA512 | 5a9ca74af6bd16c9d9a45edfd3597c4bb806db558e39f3bc6fcc9b57f40e741b28bdfff10198212b4b0a7bb80c42f941eb2c70b50fd3250faf5f7431ceb2990a |
C:\Kinghaze\kur\IDM122.tmp
| MD5 | 4bf008f318e503c88ece49f612343f3b |
| SHA1 | f3c46f61bab50a55672c88432a62d1240e0128bc |
| SHA256 | e2222852811b0329b0509a907e91d3014cc2f04b14738f7b243c5a658c926d76 |
| SHA512 | 2c9ae78d40e2c0de27b8c984bbf0793ab82e563f04139571324d3b58d2a11223cb99a3733d40aea1a02d5d98a8fa626bd887a50be45946a7b6c68197b9aaca43 |
C:\Kinghaze\kur\IDM121.tmp
| MD5 | 0bad5ec5d39de002eb7c225e0d840f7f |
| SHA1 | 1c0874e9e8b218a7d70cde10cdfc8727113651a2 |
| SHA256 | db65ef51d8abda581c13994d13186e1efb3c16879e6475720c841d72d41ebe15 |
| SHA512 | 9ca1616bb941ccc3265c132a4e2585892a7ce4202f499a97e71b8f2d51d1bce5b3d9c88900a71a03b9c59e4c27345bcb454706304cdfe357dbae130906daad4f |
C:\Kinghaze\kur\IDM120.tmp
| MD5 | 4531c527534dab3a8350a7612a3555c2 |
| SHA1 | 0a252ddc3e80f58702d813abbd773c6123f1acf9 |
| SHA256 | 2ecb7d7069585538f7b3e3a0387ee5c61a80d2e693eae189850fccd80f27a640 |
| SHA512 | cfdfd7f255798f2641c7c48d3b9fb8c8d6d67d64a5e3e711acb180be082cb660552fee309b18c3f68fd823061efb43b1d587a8ee51c5677305bd7e03392c9ba3 |
C:\Kinghaze\kur\IDM12.tmp
| MD5 | bc005f4ca90e10e9d206f150bf9a0962 |
| SHA1 | 8d3b9a7556ae5abb36901b12205129177d8f9803 |
| SHA256 | 2d7bd6f8453c179516c5b322ae7bb95953c20cc7fba229750da0f3ae9da6e90d |
| SHA512 | 1e55273b28e170d88567b73a4d2d5e70b43611119bb42d9eed46e176d1d96b32a18e0114c2d9aa09077cd072053abed7677e95a7317e7b07ffa10a7ee65a5e2a |
C:\Kinghaze\kur\IDM119.tmp
| MD5 | 643ebbdb2adb8a68a2b0bf2cac93c409 |
| SHA1 | 8837f7433dea6eb6fd1e16fe6be86e38719ff802 |
| SHA256 | cc4d2f3698d5b48f3bcecf3a69019a1f26a0f59355a438bd12081398477f1c28 |
| SHA512 | 9fdbe69d5ca5e3684a592d71d8391715b45aa43621aa2e35d922349bd05c9edfcc0bb10c4658a68d754887c6f629e5e995e1bb7a789e6cb8d0e5026c4f8613c8 |
C:\Kinghaze\kur\IDM118.tmp
| MD5 | 8bd46f5c0acb4c9ddc611d026d310aba |
| SHA1 | d4df522bde9e84500196158b69e240882796ee8d |
| SHA256 | 08a1efef62568eb9623f4a3abe0823b617955c9655ff3cb4bdacc0d6f9f22be5 |
| SHA512 | 74ac1488d1ee91f114066ce3fa71799c555fa395794d7b540f35acdc63abe3f9bd08b6fb8d1c4e86cdce801d5e54a4def9db963e66b73ce834daefe59c4c75ad |
C:\Kinghaze\kur\IDM117.tmp
| MD5 | ed208c61433f450afe75a7694ff0c5ee |
| SHA1 | 8b0573310c6500274693208c43a247f568ea988e |
| SHA256 | e7b06895d5e65de7022cafbccc601926c428fe1d88feb47f74821210aba085ed |
| SHA512 | 2efb77aa59ff22fb9c237cf9f020bb1f8335eb312350ace6726cd6e0b56d5c2943ba92ccde45c7af08a36dd56de53a4fceeb6b7d5851cb4070d11103651ca136 |
C:\Kinghaze\kur\IDM112.tmp
| MD5 | 53856b10a9679bbda9c662e43b89f720 |
| SHA1 | 795cd86515ee49d82c9eea205d44bf53480a7461 |
| SHA256 | e1a4dea06f184be2357be4c72ac5315776f0dce251c0c7fa5f1fa927da69b9bc |
| SHA512 | 7980505abf123835284ce8eb6fe6261008f9368243afe2647a4ba40c4a63a74506fe555f268c791a5ce3ae7f21892f32ae8b5db2cbcd699a2b167b8418a01d7d |
C:\Kinghaze\kur\IDM111.tmp
| MD5 | a91988279340b7c8ad008fd9bc95ff63 |
| SHA1 | b86f9c6fb5126800ef9e40c0ab19b18e6cd2b3b0 |
| SHA256 | c44fd11a6973f028cff24b016e3cf0ea8af76c4f9f73c7848cbb0deed37218b9 |
| SHA512 | 34e5acdfeba556a7591ff4c42fe4434f26885d7589f506c3f27a614b26b24f73a0c069651d034971a21ae30c652e61752c83f4e8ac55154962a3b7ad283dab42 |
C:\Kinghaze\kur\IDM110.tmp
| MD5 | 3114bb1630e44cfbd48b09e0d6057c8f |
| SHA1 | 5caf14ce25509c9a16e5b8d4b44fe45413431eab |
| SHA256 | 1621fd14dd72dcce8bba2e7f46d656744d2975f8ad94b36d2ade01415f48022a |
| SHA512 | 41a952c13b7bfc7e3b4c224a0347dac21e663404e1387694c9bea02b1fa966f54ad1ed6424b7a51461f8dfa9dc111801e9e85251f7d2076f196db16274bfe787 |
C:\Kinghaze\kur\IDM11.tmp
| MD5 | e7a9f01178b8f6ceb1d02333d6916b4f |
| SHA1 | 464392660e07ec6d86241d3dd0b1617293d1568a |
| SHA256 | 92f60cda7a7395d5d4cace82c7270afac5d1b68a2b7714bb1510058fac23879f |
| SHA512 | 364cc91bba54d7f1c07aeb4faec98d7b9fff5b093dd6f6ce0574ecfdbf09a30e39dea1edf35a62d10b2d3f31d1927239911b4cf42932b0f50a80385590721249 |
C:\Kinghaze\kur\IDM109.tmp
| MD5 | 07a324e23bb33ce824a539cfa499bda0 |
| SHA1 | cd44930dc6619af7961d7dec1d3c9b9f5007472c |
| SHA256 | 9619f587e3ef863b7fd69650dcbc1d655d6062c3f73eaf52aca59754ad856b83 |
| SHA512 | f10c387fb7188f702654637ce057d2b0e090989fbfd2f6e63e27587cc35f4b7e0b068174d4e4b8475780828614cb200d84020de6dad6f1e8d4f178f6b13f6e3a |
C:\Kinghaze\kur\IDM108.tmp
| MD5 | 3da98a953bcbcc9f1e9d143542437c20 |
| SHA1 | 7e41d0b27f213a57e3d5ef0b1fff290b18e7f3e5 |
| SHA256 | 14d51e3b9f5e68e97ed01a6bb1c598e3e09f9e330a90dbe363d6659ac725f679 |
| SHA512 | c86bac296aa5d965307cc86c7a411756beecd7f188943fc8c3566fb020c6b03afd9a0f397f11a1d1fc3830b6269b17b0d91da268ed5c0afe2b59d5250d1085dc |
C:\Kinghaze\kur\IDM106.tmp
| MD5 | 97569d4e2f159b0cb1b203d510749104 |
| SHA1 | 1e3b830e91e676d2d3490a61450718906f99a0a5 |
| SHA256 | 58fd2d7b428640395d09778394231ee5aacc74726580c67a69020b698865b5c9 |
| SHA512 | 261094a9ff8a1f3b3e3c5a30af768dc0cceff691ddef41630fa49b2d516028795f467cbccf6ededb5bb769a2fc4f025923a7b18c1637b25a606a30ac1010e964 |
C:\Kinghaze\kur\IDM107.tmp
| MD5 | 21e7664f87e16ab82452d6f01713d54e |
| SHA1 | 7f7c2b25cae1a1f532affb378b1ff61d0c18f92c |
| SHA256 | 84c92bd8ae5a90294d836851385fbf054b7af4d78744f4542147ac436a2a2644 |
| SHA512 | 8681a9ca9aa8ad51dbe012cf05fd1b870444bc0dcef57b17cdc5be897445b5741c3be5daca514c43631a0195a78d64fc1e2b295129c406dd17acca3fe48908b3 |
C:\Kinghaze\kur\IDM105.tmp
| MD5 | 748c5590939571e92a7c16ac702a74ca |
| SHA1 | 9caac9b093d87aab8f87998d48ad98047f71bc53 |
| SHA256 | 9145cfe47d32cf3e45840ce0344da1d29810ef9d756ecddaebb803c59869e945 |
| SHA512 | cc5aefe77ebf1f447c16bf914e89f3ecd5a4b18495cbc0454d717130f0e66e9b8e5531114091bbc3c847ec7ce387bb3ed6746bd64afa7326a5eed21c995db5b6 |
C:\Kinghaze\kur\IDM104.tmp
| MD5 | e1c1ef12fd935e72f2e676a593ad8e68 |
| SHA1 | 405753d45f58aece3256eb252c85c83c22176b07 |
| SHA256 | da36c077ec7c96128d0e5ee5941fad1f779a58a33652d7190e814a75f8bc29ce |
| SHA512 | a90e65308906b2c7fcddeea58a124a7f94cbd9e1d835b45278cc7ea72d32fd92693c79439fd520d98edc13c89c945c61ca233b5976394f586d1f44b4ba8c6945 |
C:\Kinghaze\kur\IDM103.tmp
| MD5 | 16e2dab5d2473c59dea2b2bd316517e8 |
| SHA1 | 5836b13628657a592e24f40276b0992b43a063be |
| SHA256 | 07c8896550fbaa6e8fec792e15d240ded0bcffa258a928c1efd8542ff0385511 |
| SHA512 | b911182c2b560614f0c70a814845961bf1a464a7dcf4481b847a45d2bc265386fc9cfc3cb3a625a6ed8ba48e80d0553e44968a22fc1ff90eecd924ce494aceb7 |
C:\Kinghaze\kur\IDM102.tmp
| MD5 | a5f24e957e1c79ae5f0edd0bb932a3d0 |
| SHA1 | 83747040391424c024ea2f867f9f7daf953c2e33 |
| SHA256 | f02e6c6f71d07d992ff20f8e74a28aa5f89c8deb6244b796dc897529bae9edf6 |
| SHA512 | f77926b1efe6a448fcd60daa8c38a6a1c889bcbd5282997789c324f2968e14efcf4c70f1ce461de60013998f332cc255fc535dab74bd87699f194e6b3cf0a01f |
C:\Kinghaze\kur\IDM101.tmp
| MD5 | f50acf2f4af9ea575b643576f3a190ef |
| SHA1 | 515bcc8fd01726534a21039f3f124e2f5c7e461d |
| SHA256 | ea297e912d0cf36f2d973b9259bf8fabf622195d5481a11e7bd30967f213d950 |
| SHA512 | f9e6bd3c7fe1bd10946795c48cd4ab8c6f05930fcd904b9ec0840eeb664da9259935373ce91e45e62f5ce148131b5fb04223de465eaea12f928179965f060896 |
C:\Kinghaze\kur\IDM10.tmp
| MD5 | 648e7b2602158d2ff9197d664f59b28b |
| SHA1 | 6ff2653314ddad254ad252b1867d0925b30bb196 |
| SHA256 | 47937f8f34ba56718d4bd3b97bfd9e42468d6b7615c745b7841272a2e3d39e57 |
| SHA512 | c24d7059acf8d5a8ca5de77a165f95e4b6a685a62ddf8a3446ed465c4064d33a057c9f8e985bb73d41f1b0984cf8065c0c5d1a7e9123521d962befaf49edc3a0 |
memory/2232-457-0x0000000000400000-0x000000000042B000-memory.dmp
memory/2632-456-0x0000000000F60000-0x0000000000F8B000-memory.dmp
C:\Kinghaze\Kur\IDMSetup2.log
| MD5 | 95603374b9eb7270e9e6beca6f474427 |
| SHA1 | 2448e71bcdf4fdbe42558745a62f25ed0007ce62 |
| SHA256 | 4ff66e3c1e781d92abb757f537af13b1fb3fa167b86d330b7ed302728c7da53a |
| SHA512 | d3987f207ad05e142d864b3ffe4ff6758d22b56f75d60ebcd79e0c760cf27106d7ff74bfbc7569389710e50602d3359b4ab20ddc14fbafcf526478dc85bfe593 |
memory/2232-932-0x00000000020B0000-0x00000000020C0000-memory.dmp
memory/2232-931-0x00000000020B0000-0x00000000020C0000-memory.dmp
memory/2232-930-0x00000000020B0000-0x00000000020C0000-memory.dmp
memory/2232-929-0x00000000020B0000-0x00000000020C0000-memory.dmp
memory/2232-934-0x0000000000400000-0x000000000042B000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-05 12:40
Reported
2024-06-05 12:43
Platform
win10v2004-20240426-en
Max time kernel
91s
Max time network
145s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42 Build 10.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation | C:\Kinghaze\Kur.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\kur\IDM1.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Kinghaze\kur\IDM1.tmp | N/A |
| N/A | N/A | C:\Kinghaze\kur\IDM1.tmp | N/A |
| N/A | N/A | C:\Kinghaze\kur\IDM1.tmp | N/A |
| N/A | N/A | C:\Kinghaze\kur\IDM1.tmp | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMGetAll64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
Checks installed software on the system
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Kinghaze\kur\IDM1.tmp | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ug.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_iw.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmfc.dat | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_it.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_am.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\license.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ge.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_cht.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11\Windows 11-Large_Disabled.bmp | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_de.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_hu.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_fr.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_dk.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ru.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmindex.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmnmcl.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\Office Flat-Small_Normal.bmp | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat Dark\Office Flat Dark-Small_Normal.bmp | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_style_3.tbi | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmtdi32.sys | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_cht.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmftype.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_fa.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_sr.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\oldjsproxy.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat Dark | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat Dark\Office Flat Dark-Large_Disabled.bmp | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMFType.dat | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_sk.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_ru.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmwfp64.sys | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_pl.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_nl.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_tr.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_fi.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ar.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMVMPrs.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_fa.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ua.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IEExt.htm | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_pt.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11\Windows 11-Small_Normal.bmp | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_fa.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_large_3_hdpi15.bmp | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_cht.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat Dark.tbi | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_gr.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_id.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_sw.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Brotli-license.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmfsa.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmbrbtn.dll | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\Office Flat-Small_Disabled.bmp | C:\Kinghaze\Kur.exe | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_smallHot_3.bmp | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_bg.lng | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_ptbr.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\openssl-license.txt | C:\Kinghaze\kur\IDM1.tmp | N/A |
Enumerates physical storage devices
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppName = "IDMan.exe" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\Policy = "3" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppName = "idmBroker.exe" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\NumMethods\ = "13" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\VersionIndependentProgID\ = "DownlWithIDM.IDMDwnlMgr" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\ = "IIDMEFSAgent5" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMGetAll.IDMAllLinksProcessor\CurVer\ = "IDMGetAll.IDMAllLinksProcessor.1" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\TypeLib\ = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\ = "IDMan 1.0 Type Library" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\FLAGS\ = "0" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Control | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ = "VLinkProcessor Class" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169} | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Idmfsa.IDMEFSAgent\ = "IDMEFSAgent Class" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BC69364C-34D7-4225-B16F-8595C743C775}\TypeLib | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\ProxyStubClsid32\ = "{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\ = "IIDMEFSAgent5" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC.dll" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}\TypeLib\ = "{ECF21EAB-3AA8-4355-82BE-F777990001DD}" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ = "LinkProcessor Class" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}\TypeLib | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ProgID | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Control | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMGetAll.IDMAllLinksProcessor.1\CLSID | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr.1\ = "IDMDwnlMgr Class" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ = "IDMDwnlMgr Class" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version\ = "1.0" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor.1\ = "V2LinkProcessor Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94}\ = "IIDMIEHlprObj" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935} | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\ = "IIDMEFSAgent3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\TypeLib\ = "{ECF21EAB-3AA8-4355-82BE-F777990001DD}" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj.1 | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\TypeLib\Version = "1.0" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Idmfsa.IDMEFSAgent\CurVer\ = "Idmfsa.IDMEFSAgent.1" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\TypeLib\Version = "1.0" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\Programmable | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\NumMethods | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\Elevation | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\ProxyStubClsid32 | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC.dll" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj.1\ = "IDMIEHlprObj Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ = "IDMAllLinksProcessor Class" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ = "IIDMEFSAgent" | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\ProxyStubClsid32 | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib\ = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\Elevation\Enabled = "1" | C:\Kinghaze\kur\IDM1.tmp | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\whoami.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Kinghaze\kur\IDM1.tmp | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
| N/A | N/A | C:\Kinghaze\Kur.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42 Build 10.exe
"C:\Users\Admin\AppData\Local\Temp\Internet Download Manager 6.42 Build 10.exe"
C:\Kinghaze\Kur.exe
"C:\Kinghaze\Kur.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Kinghaze\Fixer.bat" "
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c whoami /user /fo list
C:\Windows\SysWOW64\whoami.exe
whoami /user /fo list
C:\Windows\SysWOW64\reg.exe
reg query HKU\S-1-5-19
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMan.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IEMonitor.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMGrHlp.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "idmBroker.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMMsgHost.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "MediumILStart.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMIntegrator64.exe" /F
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Internet Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Internet Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Internet Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Wow6432Node\Internet Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\Internet Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\Internet Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Wow6432Node\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\DownloadManager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\DownloadManager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\DownloadManager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM\Software\Wow6432Node\DownloadManager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
reg query "HKLM\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Wow6432Node\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\Wow6432Node\DownloadManager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
reg query "HKCU\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Wow6432Node\Download Manager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Wow6432Node\Download Manager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\DownloadManager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\DownloadManager"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\DownloadManager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager" /f
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
reg query "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager"
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM" /ve /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM" /v "MData" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM" /v "Model" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKLM" /v "Therad" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU" /ve /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU" /v "MData" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU" /v "Model" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU" /v "Therad" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "FName" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "LName" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "Email" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "Serial" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "CheckUpdtVM" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "tvfrdt" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "LstCheck" /f
C:\Windows\SysWOW64\reg.exe
REG DELETE "HKCU\Software\DownloadManager" /v "scansk" /f
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\Software\Wow6432Node\Internet Download Manager" /v "LstCheck" /t REG_SZ /d "12/12/60" /f
C:\Windows\SysWOW64\reg.exe
reg import none.reg
C:\Windows\SysWOW64\reg.exe
reg import none.reg
C:\Windows\SysWOW64\reg.exe
reg import none.reg
C:\Windows\SysWOW64\reg.exe
reg import none.reg
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMan.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IEMonitor.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMGrHlp.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "idmBroker.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMMsgHost.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "MediumILStart.exe" /F
C:\Windows\SysWOW64\taskkill.exe
taskkill /IM "IDMIntegrator64.exe" /F
C:\Kinghaze\kur\IDM1.tmp
C:\Kinghaze\kur\IDM1.tmp -d "C:\Kinghaze\kur\" -skdlgs
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
"C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr /onsilentsetup
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
Files
C:\Kinghaze\Kur.exe
| MD5 | f13cdf6118ba395dd85622da49e5a844 |
| SHA1 | 3bd306d5da3e946d3e74acbc2c1069dcf7c8f38b |
| SHA256 | f4e88f5253f3135162e6e4017220da0f3cadefba93b6a2162be2d52d3fef716d |
| SHA512 | efd0a129c84578be72574065652fc4049daf3d11b9a19a09b7e22391826464135c89776e610b57911693c298ddd4a7bed90bea3a1294032a8c09d2c0c98c9fea |
C:\Kinghaze\Fixer.bat
| MD5 | 78abe55d9c080e77673d3606084638fe |
| SHA1 | 4e3d110f5b74274a6c03057a4935d7283aad095d |
| SHA256 | d97ce135813a9518da60b431010d1ca9a2c6da619e5c8b33aeae841eda75a1f2 |
| SHA512 | 8ca6da899001022cf5e9bca41c765d5d2bd3cb09c2ab24588ba70ae261a095ad09bc460b9b3a583e312d10dd8ea35597c0bcbfb4e13e18a3d23decd6db220b96 |
C:\Kinghaze\none.reg
| MD5 | b0c6e428ed305e3746e3d645dde25dce |
| SHA1 | da343144b6373eff688c3a862f570c13875b18c6 |
| SHA256 | d84682d9f64af201e8f640f76c22a1428beac567ff2ea5abfe4f5eb48c124759 |
| SHA512 | bdb491175beca4bf38e9b568471067e8e5d0122763fdd28c86f8e145001695387ff2dd4b61c585d2ca002bdee1c50fe1e458cd947eacf49eb16349eec2580dad |
C:\Kinghaze\none.reg
| MD5 | a103a85812072ea02a496104a725fef6 |
| SHA1 | 2abdb0806cadf925ef75698eac175077927b46d8 |
| SHA256 | e2793c8f43097756e0934b0c9fe2d045ea7958641edfffb26bf1423d28f06ec1 |
| SHA512 | 6fb81f25f018acfaff9377b9e03af4c10468032c0bb3ef7091e1e2d7f1ddf506ea880bfd5703a6d2f2872028bcde8e397eb40515ea88525b7bc825bbc6b5eddc |
C:\Kinghaze\none.reg
| MD5 | 2eb780a891db359c76e4c72938682270 |
| SHA1 | 43b592fb9fbea66e1f1f0be76fff8fbb7955ea01 |
| SHA256 | d7e77186324b6932810f55bb6f7bda9d858f750ed37f3bbc105078eec5f535bf |
| SHA512 | 3d8ed6cbfa788d32a9966ed1a8bcc637cf018be59d6505d9fb475b1dd09e5b9a561719a29b37ad8483aed782fd4f28223740d6ba67487ad35cb65104bc1b1c86 |
C:\Kinghaze\none.reg
| MD5 | 824bee3a1f58353f6d37aae8a1655c19 |
| SHA1 | 0fba0b6ecbc1ba561d233b5afff2e3825f7018f6 |
| SHA256 | 5956cbc6871c2ae460ba6b85d6b6933b38cfbc67c4fed7b3e1cb0cd7e2fb8cc5 |
| SHA512 | acc23eb623bcdf494a7db88e0facd7f0cdfe73dd14b579df277177287699201e17cd1babdde5cd7075f3489eafac53b395a3ce7a38155bb22f516ad70facc9cd |
C:\Kinghaze\Kur\IDM1.tmp
| MD5 | 1229943ec58e8bd8cf3b1673dcbd4760 |
| SHA1 | 65d8b26a4b9b5762241f7d5393101f8b43065298 |
| SHA256 | ff3ce8900cc246ab15bbf6e2b418c08de39845735f47b724a59765ffeed66643 |
| SHA512 | fc2f5d4ee2e2498b0df5bcb6cef355dc8a11e37eed58dd88b0a306648639b47a3e5a4ea758c0911f9dd8e93c51f0c90938ca64f985a5c5dd8e5f62d946df6f42 |
memory/2676-457-0x0000000000400000-0x000000000042B000-memory.dmp
C:\Kinghaze\kur\IDM0.tmp
| MD5 | 72f74dff454c0699064affb0c83f2c4d |
| SHA1 | 11a6509ae5863a5b7a6fcfa1694068591ae831fd |
| SHA256 | 5d33c887646e950545772f37bb8a3518b1929b435655303d9dd22d5f936a5cd1 |
| SHA512 | ff328f1a87a2a64bdd6ae1a3e98e11517ba7c455cb4b02f4f956b0909e9432db15a8faeebf19cd8117ea5eaf8b4b47169969e1bca6952e7e362bf2f2a5b2f7e8 |
C:\Kinghaze\kur\IDM10.tmp
| MD5 | 648e7b2602158d2ff9197d664f59b28b |
| SHA1 | 6ff2653314ddad254ad252b1867d0925b30bb196 |
| SHA256 | 47937f8f34ba56718d4bd3b97bfd9e42468d6b7615c745b7841272a2e3d39e57 |
| SHA512 | c24d7059acf8d5a8ca5de77a165f95e4b6a685a62ddf8a3446ed465c4064d33a057c9f8e985bb73d41f1b0984cf8065c0c5d1a7e9123521d962befaf49edc3a0 |
C:\Kinghaze\kur\IDM101.tmp
| MD5 | f50acf2f4af9ea575b643576f3a190ef |
| SHA1 | 515bcc8fd01726534a21039f3f124e2f5c7e461d |
| SHA256 | ea297e912d0cf36f2d973b9259bf8fabf622195d5481a11e7bd30967f213d950 |
| SHA512 | f9e6bd3c7fe1bd10946795c48cd4ab8c6f05930fcd904b9ec0840eeb664da9259935373ce91e45e62f5ce148131b5fb04223de465eaea12f928179965f060896 |
C:\Kinghaze\kur\IDM115.tmp
| MD5 | 5a23c19a88c035283ca65506f213d1ec |
| SHA1 | 39d96b424c53a49aed3f90431e029a4d6507b953 |
| SHA256 | 0fcdc63880b2eca559d7840874b1fa06f614bc29950ac0698b9e5b0abda150fa |
| SHA512 | 96e1717c6331df7da438c02131fe04fa0358db6cdee08725428243bc52de32d7e513fc0869b61a740effa7dbde501d52ac1c83f691a40245a6060657bed6976f |
C:\Kinghaze\kur\IDM148.tmp
| MD5 | 98bf7188076a740e25e40ef44d22b991 |
| SHA1 | e0bd67e21b0b54e825a71e38cc08bd8f92eedf2a |
| SHA256 | 07423e982aae40e8c780e6fa0d7b69d3c2ec96d3c249cf641caa931dc23915c7 |
| SHA512 | 2dd53be9c1cedd3d43935f44177bcb4fe3e4fde79e7994659bc990e66c5ef2f3e382e828dbc48e9dbf78bb64cfbddd4d78e3d3e78108fd7dc4d1ea1fbeea8bf4 |
C:\Kinghaze\kur\IDM147.tmp
| MD5 | ad49287674f036ad7a272fff8e468b20 |
| SHA1 | d3e2e3ee5ea5bcef5b4fe0e6195004220850858f |
| SHA256 | 449f23660278b268ce198c7ca7c1988e5aac4aa18928c45282f4f75a89904b66 |
| SHA512 | 17bb5ef1eee005951b75d6e4ad5f4063c8dd43cd4984b794f322a98703e7ae2c85d29b91dd1b2b88149fd9ac9371d4ab54f0115f88c1693cbf8ed4deba2f73d4 |
C:\Kinghaze\kur\IDM122.tmp
| MD5 | 4bf008f318e503c88ece49f612343f3b |
| SHA1 | f3c46f61bab50a55672c88432a62d1240e0128bc |
| SHA256 | e2222852811b0329b0509a907e91d3014cc2f04b14738f7b243c5a658c926d76 |
| SHA512 | 2c9ae78d40e2c0de27b8c984bbf0793ab82e563f04139571324d3b58d2a11223cb99a3733d40aea1a02d5d98a8fa626bd887a50be45946a7b6c68197b9aaca43 |
C:\Kinghaze\kur\IDM146.tmp
| MD5 | e09fe7f45c2a3bad80df3f4bb9aaade8 |
| SHA1 | 6cc4e6cd8025ef4ef459f928a1cd2ee36b05e07e |
| SHA256 | 1487a8fd4a297f7f0ce0ea7f1a2e763c2a09da298bc44c6b5e6c313f99371737 |
| SHA512 | 1702f41db27964afe4c8b73b3ec413fd4d6ba5e5cf90f35684525c82a0f94a9c9560a96c688443267b4c8cfa97520df78dcb09faf4a744c3a0add2919fc3256e |
C:\Kinghaze\kur\IDM145.tmp
| MD5 | be8c4c2c966f631521d6011f2a5d1d17 |
| SHA1 | fb93a804ec43c5a884ff263e0d01f36a1fb0ccfa |
| SHA256 | 62bfa9561cf29b3164b35af5b33a108ef18e8b5b7455e583078410ec160be4fd |
| SHA512 | f88ddee42b203516bce4f978b12c207f7fe0ddadde6d16af03752f55dfd07a3c9ae0f09c73f61e07e33b2fcb96650453d6b833e6ef48cc55cdb8a71da3ea6907 |
C:\Kinghaze\kur\IDM144.tmp
| MD5 | c7d10a7918d11626fb6c317b581ed710 |
| SHA1 | 44093be676fcc8f2bb22c0307a714fef8fdbcc90 |
| SHA256 | 63474fcb3d23202a24c74ac8db3b796d60df16db0244f2e03e7fded58bd32c11 |
| SHA512 | 4707c58f44dea8bd093299bc2eebc049f51f0eb9e545f323ae1f667edb8b10f71f761d4fe050dd382fd6e9e09a0ae9aa370a2aed2c4ec586639fecb18235abf0 |
C:\Kinghaze\kur\IDM143.tmp
| MD5 | 978fb0de82e723d0ef481015df08c5c3 |
| SHA1 | e2d66b7e496d50ba0141cfbdbe2707de2605bc02 |
| SHA256 | 3a5c70182a4a31c860295ab2931c34661a3c894dc02623ae6e2a70c9c378bac0 |
| SHA512 | 543ecfa27b6c80d110a43526f66775fca7f0f83e6434f3ec8883ec449d1ca89e5f21725cc44c169cc1a3cfb6a31d5d2267c340f29abe820514c762874679178c |
C:\Kinghaze\kur\IDM142.tmp
| MD5 | d6734b8edef0f3434491fc88321725bd |
| SHA1 | 1aeed4691070759527b75ae9ecc14f805b0ebb17 |
| SHA256 | f91b4aa4e481982de15f6b9fe55da271d36d5fa7253d2ac338f8357636c93a27 |
| SHA512 | 03733165a8cf5f0ae4ac0879dbe54d17d390fbd847b3a92ad0aacd60d322602b2adf4f117f0ae4e88c038bcbd335e0d59bed2a11bbf96ac3cfe08211d3d0dc78 |
C:\Kinghaze\kur\IDM141.tmp
| MD5 | 803c8f0293943ff6787e4f916a16aa0c |
| SHA1 | af9e60099e484dfcd781122e50d5b98483d72031 |
| SHA256 | 912b486f50f6735b9d2c14f5bedfb79647f570e13bbef2354604d350fe1d313f |
| SHA512 | 884bd336608f68997cb4ee246d164e075c807a52ca73bf79605363e8a227bf66fb8df95400aec6fa3db70ddd0d7d79554ab8d8fee14254cdf9b075af897eaf91 |
C:\Kinghaze\kur\IDM140.tmp
| MD5 | cdf183bcf9119628d0b7581770b68a98 |
| SHA1 | e0efaad4c048cb4990132fc7c0fc41fd3efb2068 |
| SHA256 | 4d3333604aad2a4888a6c2b665f6e61212398b8cd57ededa9fe1c38770d91e99 |
| SHA512 | 9cc2728d33248a345d75789f666b69e5ca91c7ad9a851c750d667cc2d30e41d2dd53443d1c69d5c850b8fcf642e84132c13e128119b7f8085bc6d22906a0e7f0 |
C:\Kinghaze\kur\IDM14.tmp
| MD5 | bab7d123e1132b376f939f2347508a1f |
| SHA1 | aea9ceca475ae9a2c81409dcedd3ae86de3f3701 |
| SHA256 | c72c0897eb3f38d0e921fb7c4201631894ef53b6f07015be37f506074ad60978 |
| SHA512 | 469d028c9521b3844ddc9cf13efc2b14ca03e0c244b4ad7e7c7cc9853677d6ef8cfe9f04418781e7c7b76c77e7e53969b0f22e1bb6e7fa5ab19bdd3fd7509479 |
C:\Kinghaze\kur\IDM139.tmp
| MD5 | dd4d1be80410b373616be80700a3285c |
| SHA1 | 1b22d3d829b1defbcb2ebb299c76990d380537a2 |
| SHA256 | e549814b7eff8d22a2ab0df9fc4113b7a1e3e72316531eff7ec01db52af61468 |
| SHA512 | 45de677072f83ee8cf798804a477f4f14bebee399fa38dd845278f53252a56c22ace0fee5b8caee5c6958c0c5610e74af504b3c137122d9f26fd02d8de71db27 |
C:\Kinghaze\Kur\IDMSetup2.log
| MD5 | 95603374b9eb7270e9e6beca6f474427 |
| SHA1 | 2448e71bcdf4fdbe42558745a62f25ed0007ce62 |
| SHA256 | 4ff66e3c1e781d92abb757f537af13b1fb3fa167b86d330b7ed302728c7da53a |
| SHA512 | d3987f207ad05e142d864b3ffe4ff6758d22b56f75d60ebcd79e0c760cf27106d7ff74bfbc7569389710e50602d3359b4ab20ddc14fbafcf526478dc85bfe593 |
C:\Kinghaze\kur\IDM138.tmp
| MD5 | 522a37ff4a5c743361e3b3b76e9afff3 |
| SHA1 | 9c4713eed8aaa23a6e927494ac98c0cdec42ca27 |
| SHA256 | e2eb949fd81c262d9295487b7055d951df012c7c27f86289d736a51317e3ec60 |
| SHA512 | 51aa3a39d05cffbd1a0d9518ff5e277856dd217a0da97fa269e8572cef315c3d7ff43e948eb1af332ff382328f9a3865041040e75a6c5970d2082b031714f7e7 |
C:\Kinghaze\kur\IDM137.tmp
| MD5 | fb9b951d72ac353bcc165f9996489227 |
| SHA1 | 1104756597f7b0a3359fd863794c1616be0a9eee |
| SHA256 | 4eef1fc6605ccc0b825f875835cdac67748f735150f35fc01fab35f2a9429f8a |
| SHA512 | 21c7d1298ab6b2792f7738c8169d0357567beb0132a6697f9976eeecd722f3d87442d20989e372ca7639b122f37d5f3752bb7b5a9039fa8d8721c4290054589e |
C:\Kinghaze\kur\IDM136.tmp
| MD5 | a963affefd74a0016595f9353617104b |
| SHA1 | 343991f6cee65f079d77fe3c0332c86ebeb36a22 |
| SHA256 | 2e6a262ece276654637daf6469c025ec6bb1c9037cbcd2fa62dc7f7602da570e |
| SHA512 | ff386df8a08707040e0a8a62a02f63b34afdd5e47720ba51165b07c8b36297d39aaf0e40cd5bc756dd4a2a40aed8c0e036ec4e0142e7f8b05f737b82e04f0302 |
C:\Kinghaze\kur\IDM135.tmp
| MD5 | 47220123da512c99d58fcb0c4b9fba78 |
| SHA1 | 799c6f3e665076a4964585700f34904baeb2afe8 |
| SHA256 | 35469c7f7d4c6e877a0101091f39ab4dd5abe81b2f6ba200d2c12c3f51614ac3 |
| SHA512 | 5bae79a8e8bfa6c26a5449f06a2aafa7e3fe808f3bfe82fb38626364f4d41b551782113b4994a777609741d1381740c39f1f93996bdca9f55c565e2208a0432b |
C:\Kinghaze\kur\IDM134.tmp
| MD5 | 04f3a70d39778fe45f4f843c3a29f7fd |
| SHA1 | 58e9091c862d23253daf7d1a727772fc823569c4 |
| SHA256 | 83ee6eadcad35ba8f4940522b41091c99b9ff32a4f4ccbc5a87aeb9a7d434465 |
| SHA512 | ffc8c96e8f30816188720bf0572ebe17ec60f9091e8fac20f7d47be50d7835b69dd83be12bf4ec6bdb14c2027ae22bb51866b72cc72a8751f6d34d870a34a885 |
C:\Kinghaze\kur\IDM133.tmp
| MD5 | cd4d559e7a343abc6809f1105f442a47 |
| SHA1 | 3d39b94b666a201bcb32b7c924fc8f1eea35d9b6 |
| SHA256 | 808477c0017cd5fd61f23566cf4fad3510574576996b1452b433e36f32948358 |
| SHA512 | 4fe990969944c55dc0e312097c5149e75ff9fa79bf611c9f07faefec8cdbdd1ba8799938479c4320c5dc5e128e69cea59f9bf08eb644db73c5856f086d44beca |
C:\Kinghaze\kur\IDM132.tmp
| MD5 | 29408778a5c37f6c924e36cf28257c81 |
| SHA1 | 60fc728c252c93b9cac87fe0c4f7ce5239021cd8 |
| SHA256 | 0dcc35a27b2e96d641d0db051baa9792de6f8190cb6e274ffb2fe81b8750c4e3 |
| SHA512 | 75cd6fe03d22d4189cf1aec4e3d434261bb41c6fc68f994ded7a77043ee6110de3552d51922806436371390c2d0259be08790b9d9afa97a6792967eb006dc445 |
C:\Kinghaze\kur\IDM131.tmp
| MD5 | c6ebbfa4dfb862e634a1ed8a8a63f075 |
| SHA1 | 1322df337e2248923db109700333cf6c66993698 |
| SHA256 | 1425f4ee30f57ed854248fba10621f4aef9b40cf109a31f46bf635e252010113 |
| SHA512 | 861a6a66438bdb93d5fb2f905fd71c4e9ef90a09f9a052219fbfd54d542def22a7dc57077212d3cf23cbc8070fd4660ecd959eabf2e18359eaecbe3b77de40ea |
C:\Kinghaze\kur\IDM130.tmp
| MD5 | e06774c6313f4f5abdf60196cc0ebd59 |
| SHA1 | b58f03e232703141c96ab14983141c911b5527a7 |
| SHA256 | c32b8827748a47e157a19327d109b47ca63fac76e95e0774fd8a2f8a3c6d8918 |
| SHA512 | 937de03a7c017d34d195d23b1966956577ecd4726f6d4b31e911815aebd1dbca9d6989bea8e67e6e813e758310a82e73d6f289c33876cba18f7787b8b1b82a44 |
C:\Kinghaze\kur\IDM13.tmp
| MD5 | bada3a913ebd74c3e1f6a226caf33219 |
| SHA1 | 8bca7c405a9c383b804d8e39ba930da2724490a0 |
| SHA256 | f637a5cba06120ec6c298418510912548f46d2ca0d5d456aa1a7de15abc3292b |
| SHA512 | 0a46d09288807f44d065854ea71a0f8fb3c46375521edf64c011ffb8821e6ec80a2ccf4d50fa5eb56d6b6ee62f84b85f3e3e1233dc0c768d3da48bfb5e30e5b1 |
C:\Kinghaze\kur\IDM129.tmp
| MD5 | e3b62d3ce0e7156a52abb2a98eeaee60 |
| SHA1 | fb1d1d40886288b7db6a0d690ed3892ad36b511e |
| SHA256 | 225fdf1269be2b83549c9da018c1b340b4b4973b6dfcd576ed15424762e0b816 |
| SHA512 | 805c9cc75b21dc505bc035ad384764f342e11ddd4f527c081b9fd01051c7374066e9bd3bd83820032c69175db3adc8c3e6765e6afcbcfd929e6955f2d11d2ca1 |
C:\Kinghaze\kur\IDM128.tmp
| MD5 | 1d527897b893bc09ee34fd15ba6a16fd |
| SHA1 | 833cccb2e8fd6fe86682878edb61f503fdb8cc59 |
| SHA256 | 67d8c83b0f7dc40c8987cacaee984fa4646f6d72b9daaae0fe6885687c5e08e1 |
| SHA512 | 6b4cb8bdf5c5786eafa539f7104e98fcaa9645280309320b9c3f2cb1868f109f275befc7e188ce37ce199eed9152dc771d64069bbe00f28cedf7260479853a5d |
C:\Kinghaze\kur\IDM127.tmp
| MD5 | 05b97bb7a5cdd449c401d0bdb4b588e7 |
| SHA1 | 25ad746379f2b8c160f408b0944d5bba4006ecc5 |
| SHA256 | f3af82662cd90b90ce0680bbb1fb8a4b998d63d0baf9bba8170723f53de1650c |
| SHA512 | 644d9f4640d53de7879a16fd0589b12b11d7aad2bd91d014798b2c763890b66517a96c8ecf1df1588f5a2a4c6e5b800e067928dc21192c317769e28332932d38 |
C:\Kinghaze\kur\IDM126.tmp
| MD5 | 0df14c520291989038f242a4a39ae22b |
| SHA1 | 17ac0f3dcae8cf71b35e13702c3c03b987ac853b |
| SHA256 | dba25a49adb88f675db26d2dc7a0fa9d4a5db2326858cb9d2515f6f34b8e0b65 |
| SHA512 | 6d7f5e3ade351d094437d2d41a69b476cc5b3b600d8a3b841c16f1a7219999a6787221874e632dede324f940b50c283c4099e9239dbbbfc2d779e9a545042013 |
C:\Kinghaze\kur\IDM125.tmp
| MD5 | 96b1fe730f29f1ef43359f2728748a6b |
| SHA1 | e2cc85ae70fc6a75dd949a9238bf08c18a0bd53c |
| SHA256 | 0ac59422dc451304111e6b37283d92298345a377c66d72ca6e100a330261323d |
| SHA512 | 28369a28090f99e94d6e1d35906d5ccb4f4f24ba2ed0467fa1a7c3dafb1bfb7827a517314bbad3060cd55b646d463012deec986d9460f10e501ac437a200d8cd |
C:\Kinghaze\kur\IDM124.tmp
| MD5 | 3e5462e655fd43743f506865400a7f06 |
| SHA1 | 25f1d4ee7dde6170ba789b9d73125baf2466565d |
| SHA256 | 5163fb25c922618452c17f66cea4d2c70fb9f52346070a2c5852c7599357e556 |
| SHA512 | 6d395473b8e9799aa82a44079ad016c9fdd77903fc13d607a81616609238fe43836262e7c32c25a9d9b1c148e7778cc0a2484185799498d4c8d1ba79a7ff9e22 |
C:\Kinghaze\kur\IDM123.tmp
| MD5 | a6af356c272c8ca00a1642a3c36d96eb |
| SHA1 | 1777e2f786e15618ce0a814b9aa760751dff8ace |
| SHA256 | 7cbcd19ec17184459c2cacf7b5faa70b22625072f753e0061e9dfc358971d0cf |
| SHA512 | 5a9ca74af6bd16c9d9a45edfd3597c4bb806db558e39f3bc6fcc9b57f40e741b28bdfff10198212b4b0a7bb80c42f941eb2c70b50fd3250faf5f7431ceb2990a |
C:\Kinghaze\kur\IDM121.tmp
| MD5 | 0bad5ec5d39de002eb7c225e0d840f7f |
| SHA1 | 1c0874e9e8b218a7d70cde10cdfc8727113651a2 |
| SHA256 | db65ef51d8abda581c13994d13186e1efb3c16879e6475720c841d72d41ebe15 |
| SHA512 | 9ca1616bb941ccc3265c132a4e2585892a7ce4202f499a97e71b8f2d51d1bce5b3d9c88900a71a03b9c59e4c27345bcb454706304cdfe357dbae130906daad4f |
C:\Kinghaze\kur\IDM120.tmp
| MD5 | 4531c527534dab3a8350a7612a3555c2 |
| SHA1 | 0a252ddc3e80f58702d813abbd773c6123f1acf9 |
| SHA256 | 2ecb7d7069585538f7b3e3a0387ee5c61a80d2e693eae189850fccd80f27a640 |
| SHA512 | cfdfd7f255798f2641c7c48d3b9fb8c8d6d67d64a5e3e711acb180be082cb660552fee309b18c3f68fd823061efb43b1d587a8ee51c5677305bd7e03392c9ba3 |
C:\Kinghaze\kur\IDM12.tmp
| MD5 | bc005f4ca90e10e9d206f150bf9a0962 |
| SHA1 | 8d3b9a7556ae5abb36901b12205129177d8f9803 |
| SHA256 | 2d7bd6f8453c179516c5b322ae7bb95953c20cc7fba229750da0f3ae9da6e90d |
| SHA512 | 1e55273b28e170d88567b73a4d2d5e70b43611119bb42d9eed46e176d1d96b32a18e0114c2d9aa09077cd072053abed7677e95a7317e7b07ffa10a7ee65a5e2a |
C:\Kinghaze\kur\IDM119.tmp
| MD5 | 643ebbdb2adb8a68a2b0bf2cac93c409 |
| SHA1 | 8837f7433dea6eb6fd1e16fe6be86e38719ff802 |
| SHA256 | cc4d2f3698d5b48f3bcecf3a69019a1f26a0f59355a438bd12081398477f1c28 |
| SHA512 | 9fdbe69d5ca5e3684a592d71d8391715b45aa43621aa2e35d922349bd05c9edfcc0bb10c4658a68d754887c6f629e5e995e1bb7a789e6cb8d0e5026c4f8613c8 |
C:\Kinghaze\kur\IDM118.tmp
| MD5 | 8bd46f5c0acb4c9ddc611d026d310aba |
| SHA1 | d4df522bde9e84500196158b69e240882796ee8d |
| SHA256 | 08a1efef62568eb9623f4a3abe0823b617955c9655ff3cb4bdacc0d6f9f22be5 |
| SHA512 | 74ac1488d1ee91f114066ce3fa71799c555fa395794d7b540f35acdc63abe3f9bd08b6fb8d1c4e86cdce801d5e54a4def9db963e66b73ce834daefe59c4c75ad |
C:\Kinghaze\kur\IDM117.tmp
| MD5 | ed208c61433f450afe75a7694ff0c5ee |
| SHA1 | 8b0573310c6500274693208c43a247f568ea988e |
| SHA256 | e7b06895d5e65de7022cafbccc601926c428fe1d88feb47f74821210aba085ed |
| SHA512 | 2efb77aa59ff22fb9c237cf9f020bb1f8335eb312350ace6726cd6e0b56d5c2943ba92ccde45c7af08a36dd56de53a4fceeb6b7d5851cb4070d11103651ca136 |
C:\Kinghaze\kur\IDM116.tmp
| MD5 | 315404dc4d8e2a26fef80989e5f43c86 |
| SHA1 | 759438c21cb50133e42ccbc96c7b3cf6ecc41c40 |
| SHA256 | 4fa3de0d3cc3c4bbba684124d895c0f9398b4bf53284d41fdfb4665a78364542 |
| SHA512 | 9a174ea7308814155bde3c61b12f926d15ffbbdd88af5fcc146209916bd6c4d896c09194191b4a1bd1947b2551cbd761183f2be7dabe4e523533307a2db389f9 |
C:\Kinghaze\kur\IDM114.tmp
| MD5 | 10d9220ea4e455276734e884e830a0d2 |
| SHA1 | 7c8dbbde28f5a2d7624f67fa487cb4a4f099b875 |
| SHA256 | e691ebadd8c6e7a07d9c8c931f4760f9aadd2b151019e4f17a76a1665057c9cb |
| SHA512 | 92e864d4eaba57046eb85da311f888290975752f9e0542452d4d486a7d5fcf66f16a5ae89dfe7ab90a4ee9fa03065b88ad9540e487ac4b434878a955bc2ecc0e |
C:\Kinghaze\kur\IDM113.tmp
| MD5 | c0a6fb25175d79b6da9b9b8c390166c2 |
| SHA1 | 43bc5c4dad7e04206ed011e1f74618d2be53d788 |
| SHA256 | d464e8e7c84cb2fc62eacf932e841bbd73c3294a37812ccee7ffbbb9e01572a6 |
| SHA512 | c50205681d3069f7fd1518d34eb124e8cefee879131fb4ffd967b71ac920bab486148d86e94e2c00f251cc34aa8c00e38f8eb61d69b7cdb6518f59e298a3a8c0 |
C:\Kinghaze\kur\IDM112.tmp
| MD5 | 53856b10a9679bbda9c662e43b89f720 |
| SHA1 | 795cd86515ee49d82c9eea205d44bf53480a7461 |
| SHA256 | e1a4dea06f184be2357be4c72ac5315776f0dce251c0c7fa5f1fa927da69b9bc |
| SHA512 | 7980505abf123835284ce8eb6fe6261008f9368243afe2647a4ba40c4a63a74506fe555f268c791a5ce3ae7f21892f32ae8b5db2cbcd699a2b167b8418a01d7d |
C:\Kinghaze\kur\IDM111.tmp
| MD5 | a91988279340b7c8ad008fd9bc95ff63 |
| SHA1 | b86f9c6fb5126800ef9e40c0ab19b18e6cd2b3b0 |
| SHA256 | c44fd11a6973f028cff24b016e3cf0ea8af76c4f9f73c7848cbb0deed37218b9 |
| SHA512 | 34e5acdfeba556a7591ff4c42fe4434f26885d7589f506c3f27a614b26b24f73a0c069651d034971a21ae30c652e61752c83f4e8ac55154962a3b7ad283dab42 |
C:\Kinghaze\kur\IDM110.tmp
| MD5 | 3114bb1630e44cfbd48b09e0d6057c8f |
| SHA1 | 5caf14ce25509c9a16e5b8d4b44fe45413431eab |
| SHA256 | 1621fd14dd72dcce8bba2e7f46d656744d2975f8ad94b36d2ade01415f48022a |
| SHA512 | 41a952c13b7bfc7e3b4c224a0347dac21e663404e1387694c9bea02b1fa966f54ad1ed6424b7a51461f8dfa9dc111801e9e85251f7d2076f196db16274bfe787 |
C:\Kinghaze\kur\IDM11.tmp
| MD5 | e7a9f01178b8f6ceb1d02333d6916b4f |
| SHA1 | 464392660e07ec6d86241d3dd0b1617293d1568a |
| SHA256 | 92f60cda7a7395d5d4cace82c7270afac5d1b68a2b7714bb1510058fac23879f |
| SHA512 | 364cc91bba54d7f1c07aeb4faec98d7b9fff5b093dd6f6ce0574ecfdbf09a30e39dea1edf35a62d10b2d3f31d1927239911b4cf42932b0f50a80385590721249 |
C:\Kinghaze\kur\IDM109.tmp
| MD5 | 07a324e23bb33ce824a539cfa499bda0 |
| SHA1 | cd44930dc6619af7961d7dec1d3c9b9f5007472c |
| SHA256 | 9619f587e3ef863b7fd69650dcbc1d655d6062c3f73eaf52aca59754ad856b83 |
| SHA512 | f10c387fb7188f702654637ce057d2b0e090989fbfd2f6e63e27587cc35f4b7e0b068174d4e4b8475780828614cb200d84020de6dad6f1e8d4f178f6b13f6e3a |
C:\Kinghaze\kur\IDM108.tmp
| MD5 | 3da98a953bcbcc9f1e9d143542437c20 |
| SHA1 | 7e41d0b27f213a57e3d5ef0b1fff290b18e7f3e5 |
| SHA256 | 14d51e3b9f5e68e97ed01a6bb1c598e3e09f9e330a90dbe363d6659ac725f679 |
| SHA512 | c86bac296aa5d965307cc86c7a411756beecd7f188943fc8c3566fb020c6b03afd9a0f397f11a1d1fc3830b6269b17b0d91da268ed5c0afe2b59d5250d1085dc |
C:\Kinghaze\kur\IDM107.tmp
| MD5 | 21e7664f87e16ab82452d6f01713d54e |
| SHA1 | 7f7c2b25cae1a1f532affb378b1ff61d0c18f92c |
| SHA256 | 84c92bd8ae5a90294d836851385fbf054b7af4d78744f4542147ac436a2a2644 |
| SHA512 | 8681a9ca9aa8ad51dbe012cf05fd1b870444bc0dcef57b17cdc5be897445b5741c3be5daca514c43631a0195a78d64fc1e2b295129c406dd17acca3fe48908b3 |
C:\Kinghaze\kur\IDM106.tmp
| MD5 | 97569d4e2f159b0cb1b203d510749104 |
| SHA1 | 1e3b830e91e676d2d3490a61450718906f99a0a5 |
| SHA256 | 58fd2d7b428640395d09778394231ee5aacc74726580c67a69020b698865b5c9 |
| SHA512 | 261094a9ff8a1f3b3e3c5a30af768dc0cceff691ddef41630fa49b2d516028795f467cbccf6ededb5bb769a2fc4f025923a7b18c1637b25a606a30ac1010e964 |
C:\Kinghaze\kur\IDM105.tmp
| MD5 | 748c5590939571e92a7c16ac702a74ca |
| SHA1 | 9caac9b093d87aab8f87998d48ad98047f71bc53 |
| SHA256 | 9145cfe47d32cf3e45840ce0344da1d29810ef9d756ecddaebb803c59869e945 |
| SHA512 | cc5aefe77ebf1f447c16bf914e89f3ecd5a4b18495cbc0454d717130f0e66e9b8e5531114091bbc3c847ec7ce387bb3ed6746bd64afa7326a5eed21c995db5b6 |
C:\Kinghaze\kur\IDM104.tmp
| MD5 | e1c1ef12fd935e72f2e676a593ad8e68 |
| SHA1 | 405753d45f58aece3256eb252c85c83c22176b07 |
| SHA256 | da36c077ec7c96128d0e5ee5941fad1f779a58a33652d7190e814a75f8bc29ce |
| SHA512 | a90e65308906b2c7fcddeea58a124a7f94cbd9e1d835b45278cc7ea72d32fd92693c79439fd520d98edc13c89c945c61ca233b5976394f586d1f44b4ba8c6945 |
C:\Kinghaze\kur\IDM103.tmp
| MD5 | 16e2dab5d2473c59dea2b2bd316517e8 |
| SHA1 | 5836b13628657a592e24f40276b0992b43a063be |
| SHA256 | 07c8896550fbaa6e8fec792e15d240ded0bcffa258a928c1efd8542ff0385511 |
| SHA512 | b911182c2b560614f0c70a814845961bf1a464a7dcf4481b847a45d2bc265386fc9cfc3cb3a625a6ed8ba48e80d0553e44968a22fc1ff90eecd924ce494aceb7 |
C:\Kinghaze\kur\IDM102.tmp
| MD5 | a5f24e957e1c79ae5f0edd0bb932a3d0 |
| SHA1 | 83747040391424c024ea2f867f9f7daf953c2e33 |
| SHA256 | f02e6c6f71d07d992ff20f8e74a28aa5f89c8deb6244b796dc897529bae9edf6 |
| SHA512 | f77926b1efe6a448fcd60daa8c38a6a1c889bcbd5282997789c324f2968e14efcf4c70f1ce461de60013998f332cc255fc535dab74bd87699f194e6b3cf0a01f |
C:\Kinghaze\kur\IDM100.tmp
| MD5 | 09959ee223c5d34c82f1efb8bc8233cb |
| SHA1 | 2b320bbc34583a3dd2129ffc161e0ec3cc643c3f |
| SHA256 | 1fdb0d5b31e080084c82e0b773dafc7860fa860938b8baef6a4d7f5bde659f73 |
| SHA512 | 318246f0b01adce2028236f509f636d98dfe7166035470d06835c3ee0d3c634d3678b88f22bc510fdf1e5356c8d16ba1373b7c374c936ac03ce43f0a754050e4 |
memory/2676-934-0x0000000000400000-0x000000000042B000-memory.dmp