Analysis Overview
SHA256
216ea3eb67b5da3ecb21052d94595238b73d2a244075de254b63eecf68b51306
Threat Level: Likely malicious
The file IDM-6.39.zip was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Reads user/profile data of web browsers
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Installs/modifies Browser Helper Object
Checks whether UAC is enabled
Checks installed software on the system
Writes to the Master Boot Record (MBR)
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Checks processor information in registry
Runs .reg file with regedit
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: LoadsDriver
Suspicious use of SendNotifyMessage
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 19:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 19:28
Reported
2024-11-13 19:36
Platform
win10ltsc2021-20241023-en
Max time kernel
435s
Max time network
444s
Command Line
Signatures
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\DRIVERS\idmwfp.sys | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\idmwfp.sys | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETC819.tmp | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SETFB1F.tmp | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File created | C:\Windows\system32\DRIVERS\SETFB1F.tmp | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET6D38.tmp | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File created | C:\Windows\system32\DRIVERS\SET6D38.tmp | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\idmwfp.sys | C:\Windows\system32\RUNDLL32.EXE | N/A |
| File created | C:\Windows\system32\DRIVERS\SETC819.tmp | C:\Windows\system32\RUNDLL32.EXE | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Internet Download Manager\Uninstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Internet Download Manager\Uninstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Internet Download Manager\Uninstall.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\Uninstall.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\Uninstall.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\Uninstall.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\RUNDLL32.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe /onboot" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\RUNDLL32.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" | C:\Windows\system32\RUNDLL32.EXE | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Internet Download Manager\idmmzcc.xpi | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_ro.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_no.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_fa.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_it.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_sk.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_lao.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_sk.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_sr.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_ar.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_ru.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_pl.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_tr.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_uz.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_jp.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_bg.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmwfp64.sys | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ptbr.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_de.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_cht.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmcchandler7_64.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_sr.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_gr.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMVMPrs.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmwfp.inf | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ge.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_gr.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_it.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMGrHlp.exe | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmtdi32.sys | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ar.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmcchandler7.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMFType.dat | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_ru.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmvconv.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_de.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_fr.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_es.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_sw.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_az.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\defexclist.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMNetMon64.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_es.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_vn.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_cht.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_mm.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_nl.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMFType64.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_hu.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\IDMGCExt59.crx | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_pl.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\inst_al.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\idmmzcc7.dll | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\idm_jp.lng | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| File created | C:\Program Files (x86)\Internet Download Manager\Languages\tips_jp.txt | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Download Manager\Uninstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Download Manager\Uninstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Download Manager\Uninstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\runonce.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\runonce.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppName = "idmBroker.exe" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppName = "IDMan.exe" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Program Files (x86)\\Internet Download Manager\\IEExt.htm" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\Policy = "3" | C:\Program Files (x86)\Internet Download Manager\idmBroker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\ProgID | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\NumMethods | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ = "LinkProcessor Class" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Insertable | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage.1\ = "IDMHelperLinksStorage Class" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID\ = "IDMIECC.IDMHelperLinksStorage.1" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\TypeLib\ = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor\CurVer\ = "DownlWithIDM.V2LinkProcessor.1" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32 | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib\ = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Idmfsa.IDMEFSAgent\CLSID | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr\CLSID\ = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.VLinkProcessor\CLSID\ = "{CDD67718-A430-4AB9-A939-83D9074B0038}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Internet Download Manager" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor\CLSID\ = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMGetAll.dll" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\TypeLib\ = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib\ = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr\CurVer\ = "DownlWithIDM.IDMDwnlMgr.1" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor.1\Insertable | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID\ = "DownlWithIDM.LinkProcessor" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\ = "IDMan 1.0 Type Library" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor.1\CLSID | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\ProgID\ = "Idmfsa.IDMEFSAgent.1" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\Programmable | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\NumMethods\ = "13" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C950922F-897A-4E13-BA38-66C8AF2E0BF7} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor\CLSID\ = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\TypeLib | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib\ = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ = "IDMHelperLinksStorage Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID\ = "DownlWithIDM.VLinkProcessor" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID\ = "IDMGetAll.IDMAllLinksProcessor" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\NumMethods\ = "13" | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Runs .reg file with regedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\regedit.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Download Manager\IDMan.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\IDM-6.39.zip"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\IDM-6.39\README.md
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\IDM-6.39\" -an -ai#7zMap1918:118:7zEvent28312
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\IDM-6.39\IDM 6.39 Serial Key_2\" -spe -an -ai#7zMap29166:118:7zEvent26999
C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe
"C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe"
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
"C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp" -d "C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
"C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
C:\Windows\system32\RUNDLL32.EXE
"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe
"C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" -Embedding
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
C:\Windows\system32\RUNDLL32.EXE
"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Desktop\IDM-6.39\IDM 6.39 Serial Key_2\License - IDM 6.39 build 2\Key.reg"
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe"
C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
C:\Windows\system32\RUNDLL32.EXE
"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
C:\Windows\system32\runonce.exe
"C:\Windows\system32\runonce.exe" -r
C:\Windows\System32\grpconv.exe
"C:\Windows\System32\grpconv.exe" -o
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\net.exe
"C:\Windows\System32\net.exe" start IDMWFP
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start IDMWFP
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 172.165.61.93:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | test.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | secure.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | www.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror3.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | mirror5.internetdownloadmanager.com | udp |
| US | 8.8.8.8:53 | registeridm.com | udp |
| US | 169.61.27.133:80 | registeridm.com | tcp |
| US | 8.8.8.8:53 | 133.27.61.169.in-addr.arpa | udp |
| US | 169.61.27.133:80 | registeridm.com | tcp |
Files
C:\Users\Admin\Desktop\IDM-6.39\README.md
| MD5 | 1a3b17f33508f338b329017e814fb367 |
| SHA1 | 11cbc7476493beef545b508e163c68fc56b6cec4 |
| SHA256 | a08a33d867b0747b60dc53edd254d73fa9c94f243717a4ccef4af768a78bbeda |
| SHA512 | a41bc1cc72878ade0c3ef0b68ef1fb28bfdeae5a416c93fe55e7c721e722f9e3687dc3a4be51630affb3351661aafa9e385362d7bb3c25e0fd088a42e2a92ecb |
C:\Users\Admin\Desktop\IDM-6.39\IDM 6.39 Serial Key_2.zip
| MD5 | f3aa8e45cc4cd66ac4551efd6e60eb4b |
| SHA1 | 704d016e54ab918625024b97d590d31bb72b9183 |
| SHA256 | e02ae5bf2f98585c4074cbc1a756de0df7a6398e7319f37f56c9723aa4c5868a |
| SHA512 | 43ff92c5ebdf32b5b24a1db3ff3e196eddbd36765385127ffec9b90fbb4dbd0e97c41f0fde6ab1645a760bdb82174407b666cc427b671e373f63ecced154b8e9 |
C:\Users\Admin\Desktop\IDM-6.39\License - IDM 6.39 build 2\IDMan.exe
| MD5 | f07c6992c9459cb63cfd95dde9b0c229 |
| SHA1 | 68bb67aa8901ae9c56e7806e74c6fcef0549ea2e |
| SHA256 | 5444a6e519546932b4dc1275a27daf26ad68ec9aab2b79492762d9578bda6981 |
| SHA512 | 6819aa6c5b0fc39ae64da43cd08f57a50238270b652f466e2622bbfeb40619f6a6152dc1491b4126a778cbd6a4620d5234a542281efa1d3d6201caca9f047d6d |
C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe
| MD5 | ab11b8c921efca25a7d93e3cc11b43b2 |
| SHA1 | 2bbcf15b33bae06a42bdae53f1086cc15b940e8c |
| SHA256 | b13cd0063ad162e11715af4334e8a05644817bb61d4999e326c30121a012b844 |
| SHA512 | 3a574e0f9125540a3e95c52e7a08aa285859c06aa4a5558c35545313227a34fcd3145348fcea59cc83a83432f037d0ee985cf069d50ad770d68b3368592cbee1 |
memory/3940-22-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
| MD5 | 4560be1f497974ca52528a52786c8f34 |
| SHA1 | 14219c7e444fc2a8145f09cebea6886f02de0034 |
| SHA256 | fc805d03f73c28aaee359811e046ff9fd39febbc80fc6bf01843d5fca9104a74 |
| SHA512 | 922277f1c4e766230c6723d899d6f1d3616096b1923c1751fb856a0083727c9d3d5f1e48db6db88182dd5643d6686c6ca91b212c001a9aa536d997f9355aae0e |
memory/3740-25-0x0000000000400000-0x0000000000429000-memory.dmp
memory/3940-26-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log
| MD5 | 95603374b9eb7270e9e6beca6f474427 |
| SHA1 | 2448e71bcdf4fdbe42558745a62f25ed0007ce62 |
| SHA256 | 4ff66e3c1e781d92abb757f537af13b1fb3fa167b86d330b7ed302728c7da53a |
| SHA512 | d3987f207ad05e142d864b3ffe4ff6758d22b56f75d60ebcd79e0c760cf27106d7ff74bfbc7569389710e50602d3359b4ab20ddc14fbafcf526478dc85bfe593 |
C:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll
| MD5 | d04845fab1c667c04458d0a981f3898e |
| SHA1 | f30267bb7037a11669605c614fb92734be998677 |
| SHA256 | 33a8a6b9413d60a38237bafc4c331dfebf0bf64f8057abc335b4a6a6b95c9381 |
| SHA512 | ccd166dbe9aaba3795963af7d63b1a561de90153c2eaefb12f3e9f9ddebd9b1f7861ee76f45b4ef19d41ca514f3796e98b3c3660596730be8d8eb9e1048ef59e |
C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
| MD5 | 23efcfffee040fdc1786add815ccdf0a |
| SHA1 | 0d535387c904eba74e3cb83745cb4a230c6e0944 |
| SHA256 | 9a9989644213043f2cfff177b907ef2bdd496c2f65803d8f158eae9034918878 |
| SHA512 | cf69ed7af446a83c084b3bd4b0a3dbb5f013d93013cd7f2369fc8a075fe05db511cfe6b6afdef78026f551b53ad0cb7c786193c579b7f868dd0840b53dbb5e9f |
C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll
| MD5 | b94d0711637b322b8aa1fb96250c86b6 |
| SHA1 | 4f555862896014b856763f3d667bce14ce137c8b |
| SHA256 | 38ac192d707f3ec697dd5fe01a0c6fc424184793df729f427c0cf5dfab6705fe |
| SHA512 | 72cdb05b4f45e9053ae2d12334dae412e415aebd018568c522fa5fe0f94dd26c7fe7bb81ccd8d6c7b5b42c795b3207dffa6345b8db24ce17beb601829e37a369 |
C:\Program Files (x86)\Internet Download Manager\idmfsa.dll
| MD5 | 235f64226fcd9926fb3a64a4bf6f4cc8 |
| SHA1 | 8f7339ca7577ff80e3df5f231c3c2c69f20a412a |
| SHA256 | 6f0ed0a7a21e73811675e8a13d35c7daa6309214477296a07fe52a3d477578ad |
| SHA512 | 9c6be540cffb43211e464656c16cb0f6f88fb7224087b690ca910acbd433eaf5479508f088b6e6b5437dd260923e26dd928a861db6a3ce76607ad9e77628262d |
C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
| MD5 | e032a50d2cf9c5bf6ff602c1855d5a08 |
| SHA1 | f1292134eaad69b611a3d7e99c5a317c191468aa |
| SHA256 | d0c6d455d067e8717efe2cfb9bdcbeae27b48830fe77e9d45c351fbfb164716d |
| SHA512 | 77099b44e4822b4a556b4ea6417cf0a131ffb5ee65c3f7537ab4cdc9939f806b15d21972ea4d14a0d95cf946013b9997a9127d798016f68bcd957bbffdab6c11 |
C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll
| MD5 | 597164da15b26114e7f1136965533d72 |
| SHA1 | 9eeaa7f7de2d04415b8c435a82ee7eea7bbf5c8a |
| SHA256 | 117abaeb27451944c72ffee804e674046c58d769bd2e940c71e66edec0725bd1 |
| SHA512 | 7a2d31a1342286e1164f80c6da3a9c07418ebeafb9b4d5b702c0f03065ee26949da22193eb403c8aeec012b6f1c5ff21179104943943302972492fcdccc850d9 |
C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll
| MD5 | 13c99cbf0e66d5a8003a650c5642ca30 |
| SHA1 | 70f161151cd768a45509aff91996046e04e1ac2d |
| SHA256 | 8a51ece1c4c8bcb8c56ca10cb9d97bff0dfe75052412a8d8d970a5eb6933427b |
| SHA512 | f3733ef2074f97768c196ad662565b28e9463c2c8cf768166fed95350b21c2eb6845d945778c251093c00c65d7a879186843eb334a8321b9956738d9257ce432 |
C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
| MD5 | e2f17e16e2b1888a64398900999e9663 |
| SHA1 | 688d39cb8700ceb724f0fe2a11b8abb4c681ad41 |
| SHA256 | 97810e0b3838a7dca94d73a8b9e170107642b064713c084c231de6632cb68a9c |
| SHA512 | 8bde415db03463398e5e546a89c73fff9378f34f5c2854a7c24d7e6e58d5cdf7c52218cb3fc8f1b4052ce473bb522a2e7e2677781bcdec3216284f22d65fc40b |
memory/3740-443-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
| MD5 | c435e8053ad13261ebb1ee6affb14df7 |
| SHA1 | 3ceccd5295fb4e64f8d07474da0c79cc083a97df |
| SHA256 | 73746173fd77b545e1cf3f71905e5a744568d4ec034912eb196ea0010d3aef76 |
| SHA512 | c424052cf49411098dbf16e785498f677ae7caf5b8b7abe2300faef5118e62c5d3e2507d8d4ec515b4582dec3164b06e883f759f6ad3e260b31dfe39684bcc50 |
C:\Program Files (x86)\Internet Download Manager\idmvs.dll
| MD5 | 77c37aaa507b49990ec1e787c3526b94 |
| SHA1 | 677d75078e43314e76380658e09a8aabd7a6836c |
| SHA256 | 1c55021653c37390b3f4f519f7680101d7aaf0892aef5457fe656757632b2e10 |
| SHA512 | a9474cefe267b9f0c4e207a707a7c05d69ac571ae48bf174a49d2453b41cffd91aa48d8e3278d046df4b9ce81af8755e80f4fa8a7dacbf3b5a1df56f704417b2 |
C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
| MD5 | a3c44204992e307d121df09dd6a1577c |
| SHA1 | 9482d8ffda34904b1dfd0226b374d1db41ca093d |
| SHA256 | 48e5c5916f100880e68c9e667c4457eb0065c5c7ab40fb6d85028fd23d3e4838 |
| SHA512 | f700cf7accab0333bc412f68cdcfb25d68c693a27829bc38a655d52cb313552b59f9243fc51357e9dccd92863deecb529cc68adbc40387aad1437d625fd577f1 |
memory/2624-485-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files (x86)\Internet Download Manager\IDMNetMon64.dll
| MD5 | fdfc47a1086bd461e49a394442a74ea6 |
| SHA1 | 72fcec144605382d7c1c882204773d223b6fc2ed |
| SHA256 | 1011616fd21493f23dafd882cb1289f54c5155179ba6139559583303775b6f2a |
| SHA512 | 6537ba054eb8a218967151298d5372b1154af96d0bf6a21fdd0c2c18d996fcce6e3f2599de2d776262771e2b8f6f50ccc582835228312a1cc90f62dac5ce8969 |
memory/2624-491-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe
| MD5 | b6b81c3560d938728e8ac0f7d3847dcf |
| SHA1 | d17d2fbb6724c7aa77f722e45ddcbef15c9120e8 |
| SHA256 | 4e291c4e124b1962ae5f2de5f6bf7892f8a1eaa33a27fd167f547038b4508b2e |
| SHA512 | 2ebd1dd0a5af48fbfc2129b516d9f1d8eb65a2e895afabf9046804987d26fb889cf10549b0f688e4e0668131cf3489c5fb97129ac4354f8a17035c0ce10d532f |
C:\Users\Admin\AppData\Roaming\IDM\urlexclist.dat
| MD5 | 51134fb39707fe8946ce038941c282d9 |
| SHA1 | 4f5e51d89ae57df262b4d4527480afeb5893a576 |
| SHA256 | 6a7901a0117f5ad4f876545cd632f7f7ac3cd0f1df393bb59d23b1b72521fa92 |
| SHA512 | bcb40a6f6918458dff7bea1398752b0ec1a898aa88d4d8d4af0940971bdb6ea74dc6c456b77993eb27115e4a21f750cedf053ac467b71ab9138181d4ddb4ec54 |
C:\Users\Admin\AppData\Roaming\IDM\defextmap.dat
| MD5 | 2f8229a851620a235848fc2a18cb0984 |
| SHA1 | 58c4b056bab3db19202b72f0165a6baebbb9b37f |
| SHA256 | d86ffe5e9b0025d0305f70137e0930c1c4da76df6dc0f07585df48fc6f83798e |
| SHA512 | 20c8ebb8d7d3b697419cb3c0b136f0344c7f6ddb8bbe3e83300678d58e1823f323c3c6d8d045a0e44024375540dfb2759ecbc8ac42098341b3437468d97d6106 |
memory/2932-511-0x0000000000400000-0x0000000000429000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
| MD5 | defd92a5cdf548ed284bc04799eb874c |
| SHA1 | 68cc59c6d55ec1d38411f0eb748397bc038cfdf6 |
| SHA256 | a19524089cb3533a1174297d18e0d6b808c306d1146101f0e83491e681b15897 |
| SHA512 | 0f86232ced9925c99f04d455f7568f48bd7de66eda5afd487d103910e728492ba9df7a1bdd35e2eee800f0a713a578ffb70f0b8ffb2361f8fc4bf9f0ea6befb5 |
C:\Users\Admin\AppData\Roaming\IDM\Scheduler\s_1.dt
| MD5 | 2639455c21b61de370e5e4e500a9c008 |
| SHA1 | b68a4bc7c4b521a2544459e603fbe706027f4e4e |
| SHA256 | 6d059e9c4670699aaa1b1594917d1be5fe752517d7c7e505f227e8dd181dcebb |
| SHA512 | e7cf7fe5eebec79f70ed6b2fae0fdfe2c992fc240b0e6bc4a73e00aad01fdb1e13fd69a55b8b2a3b7a2c314c1ccbfc18284293f06ff5e875f0b64a86054db404 |
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
| MD5 | 7631c33878c331d7396679b0c391fca8 |
| SHA1 | 77ac7d3e4d50a67751b7577b4e284aaa7245733d |
| SHA256 | c8fd8860e9a05cc61684ca7a4fea22eda721e701ee717dc039f52312d8d21be6 |
| SHA512 | 4f7ca574794fcd5eddb1bb94919e63fb9ddf35dbd451b25ed30db0ba1b3ab3c373fd7f7d99794456c1ca0532a3b494c5ff85c1906936b504c787172326860892 |
C:\Program Files (x86)\Internet Download Manager\idmmkb.dll
| MD5 | 3fa3297cdd68032338b4d9472d81edc3 |
| SHA1 | 1567a974969eb1d18499759fea7621b592c157f2 |
| SHA256 | 8a10c135de47b2f143f97a5c472c2e4cc0256b278304803aeca5f419b0a00494 |
| SHA512 | e8fee218a8523e8e908c566c543c27da1de06e240e00a57f96039314cf8e8b4a99e6a9c20b201153d32991636f49dd878e548f3c6d6bbd791d8d98a7e9148748 |
C:\Program Files (x86)\Internet Download Manager\idmindex.dll
| MD5 | 09959ee223c5d34c82f1efb8bc8233cb |
| SHA1 | 2b320bbc34583a3dd2129ffc161e0ec3cc643c3f |
| SHA256 | 1fdb0d5b31e080084c82e0b773dafc7860fa860938b8baef6a4d7f5bde659f73 |
| SHA512 | 318246f0b01adce2028236f509f636d98dfe7166035470d06835c3ee0d3c634d3678b88f22bc510fdf1e5356c8d16ba1373b7c374c936ac03ce43f0a754050e4 |
C:\Program Files (x86)\Internet Download Manager\idmftype.dll
| MD5 | 48db4bfce6f3476dfa6602546f5fb5d4 |
| SHA1 | d2a8869bd5c5d3ab471197f2e19ae2cb7d9fabed |
| SHA256 | 3a47dbb1f86f2c51f3f8fb9c3a8b1309f5e182ab9af55179959104d262ce985d |
| SHA512 | a3e06c76d5c1617655210ed1784329546a5c87432e158d7164310eecdf2d608b94f27492789b84abf491a7844f7f4020f176672fb41c19534aa874260898cc5f |
C:\Users\Admin\Desktop\IDM-6.39\IDM 6.39 Serial Key_2\License - IDM 6.39 build 2\Key.reg
| MD5 | b92a5eb6160c9889f2ca70f00b0339b6 |
| SHA1 | ad93031ce58f1c6a75a079e73fa0e7eb9b463259 |
| SHA256 | f62aca0bd330bf8c0fc7c7a7a743277d004ad79edb8a4fad9ae13b40a30a2cf2 |
| SHA512 | 945c3a26396640b8df6141bdb8e3339328ef6e55da04879f2d53ce2d8a605c7dc55143b6a6c57b23836cc4cb3542b2d21fc557b2751473995b8a1bc8551ed5b9 |
memory/3988-544-0x0000000000400000-0x0000000000429000-memory.dmp