Malware Analysis Report

2024-12-07 03:03

Sample ID 241113-x6wjqaybnl
Target IDM-6.39.zip
SHA256 216ea3eb67b5da3ecb21052d94595238b73d2a244075de254b63eecf68b51306
Tags
adware bootkit discovery evasion persistence privilege_escalation spyware stealer trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

216ea3eb67b5da3ecb21052d94595238b73d2a244075de254b63eecf68b51306

Threat Level: Likely malicious

The file IDM-6.39.zip was found to be: Likely malicious.

Malicious Activity Summary

adware bootkit discovery evasion persistence privilege_escalation spyware stealer trojan

Drops file in Drivers directory

Reads user/profile data of web browsers

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Installs/modifies Browser Helper Object

Checks whether UAC is enabled

Checks installed software on the system

Writes to the Master Boot Record (MBR)

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Checks processor information in registry

Runs .reg file with regedit

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious behavior: LoadsDriver

Suspicious use of SendNotifyMessage

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 19:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 19:28

Reported

2024-11-13 19:36

Platform

win10ltsc2021-20241023-en

Max time kernel

435s

Max time network

444s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\IDM-6.39.zip"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\DRIVERS\idmwfp.sys C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\idmwfp.sys C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\SETC819.tmp C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\SETFB1F.tmp C:\Windows\system32\RUNDLL32.EXE N/A
File created C:\Windows\system32\DRIVERS\SETFB1F.tmp C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\SET6D38.tmp C:\Windows\system32\RUNDLL32.EXE N/A
File created C:\Windows\system32\DRIVERS\SET6D38.tmp C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\system32\DRIVERS\idmwfp.sys C:\Windows\system32\RUNDLL32.EXE N/A
File created C:\Windows\system32\DRIVERS\SETC819.tmp C:\Windows\system32\RUNDLL32.EXE N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe /onboot" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Internet Download Manager\idmmzcc.xpi C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_ro.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_no.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_fa.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_it.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_sk.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_lao.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_sk.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_sr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_ar.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_ru.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_pl.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_tr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_uz.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_jp.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_bg.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmwfp64.sys C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_ptbr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_de.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_cht.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmcchandler7_64.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_sr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_gr.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMVMPrs.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmwfp.inf C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_ge.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_gr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_it.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMGrHlp.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmtdi32.sys C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_ar.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmcchandler7.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMFType.dat C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_ru.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmvconv.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_de.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_fr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_es.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_sw.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_az.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\defexclist.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMNetMon64.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_es.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_vn.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_cht.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_mm.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_nl.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMFType64.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_hu.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMGCExt59.crx C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_pl.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_al.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmmzcc7.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_jp.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_jp.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppName = "idmBroker.exe" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppName = "IDMan.exe" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Program Files (x86)\\Internet Download Manager\\IEExt.htm" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-870806430-2618236806-3023919190-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\ProgID C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\NumMethods C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ = "LinkProcessor Class" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Insertable C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage.1\ = "IDMHelperLinksStorage Class" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID\ = "IDMIECC.IDMHelperLinksStorage.1" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\TypeLib\ = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0 C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\Programmable C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.V2LinkProcessor\CurVer\ = "DownlWithIDM.V2LinkProcessor.1" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib\ = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Idmfsa.IDMEFSAgent\CLSID C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\Programmable C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr\CLSID\ = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\RunAs = "Interactive User" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.VLinkProcessor\CLSID\ = "{CDD67718-A430-4AB9-A939-83D9074B0038}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Internet Download Manager" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor\CLSID\ = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMGetAll.dll" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\TypeLib\ = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib\ = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr\CurVer\ = "DownlWithIDM.IDMDwnlMgr.1" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor.1\Insertable C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID\ = "DownlWithIDM.LinkProcessor" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\ = "IDMan 1.0 Type Library" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor.1\CLSID C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\ProgID\ = "Idmfsa.IDMEFSAgent.1" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\Programmable C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\NumMethods\ = "13" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C950922F-897A-4E13-BA38-66C8AF2E0BF7} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor\CLSID\ = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\TypeLib C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib\ = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ = "IDMHelperLinksStorage Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID\ = "DownlWithIDM.VLinkProcessor" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID\ = "IDMGetAll.IDMAllLinksProcessor" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\NumMethods\ = "13" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Runs .reg file with regedit

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Runs net.exe

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\RUNDLL32.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\RUNDLL32.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1220 wrote to memory of 4924 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE
PID 1220 wrote to memory of 4924 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE
PID 3940 wrote to memory of 3740 N/A C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
PID 3940 wrote to memory of 3740 N/A C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
PID 3940 wrote to memory of 3740 N/A C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
PID 3740 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3740 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3740 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3740 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3740 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3740 wrote to memory of 4596 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 1020 wrote to memory of 4360 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 1020 wrote to memory of 4360 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 3740 wrote to memory of 100 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3740 wrote to memory of 100 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3740 wrote to memory of 100 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4596 wrote to memory of 1448 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 4596 wrote to memory of 1448 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 3740 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
PID 3740 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
PID 3740 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
PID 100 wrote to memory of 3224 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 100 wrote to memory of 3224 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 3740 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PID 3740 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PID 3740 wrote to memory of 1916 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PID 1916 wrote to memory of 3720 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1916 wrote to memory of 3720 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1916 wrote to memory of 3720 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1916 wrote to memory of 408 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1916 wrote to memory of 408 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1916 wrote to memory of 408 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1916 wrote to memory of 2676 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1916 wrote to memory of 2676 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1916 wrote to memory of 2676 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 408 wrote to memory of 2936 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 408 wrote to memory of 2936 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 3720 wrote to memory of 736 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 3720 wrote to memory of 736 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 1916 wrote to memory of 4624 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1916 wrote to memory of 4624 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1916 wrote to memory of 4624 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2676 wrote to memory of 2640 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 2676 wrote to memory of 2640 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 4624 wrote to memory of 4448 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 4624 wrote to memory of 4448 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 1916 wrote to memory of 2624 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
PID 1916 wrote to memory of 2624 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
PID 1916 wrote to memory of 2624 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
PID 2624 wrote to memory of 3760 N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe C:\Windows\system32\RUNDLL32.EXE
PID 2624 wrote to memory of 3760 N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe C:\Windows\system32\RUNDLL32.EXE
PID 3760 wrote to memory of 1884 N/A C:\Windows\system32\RUNDLL32.EXE C:\Windows\system32\runonce.exe
PID 3760 wrote to memory of 1884 N/A C:\Windows\system32\RUNDLL32.EXE C:\Windows\system32\runonce.exe
PID 1884 wrote to memory of 4488 N/A C:\Windows\system32\runonce.exe C:\Windows\System32\grpconv.exe
PID 1884 wrote to memory of 4488 N/A C:\Windows\system32\runonce.exe C:\Windows\System32\grpconv.exe
PID 2624 wrote to memory of 4300 N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe C:\Windows\SysWOW64\net.exe
PID 2624 wrote to memory of 4300 N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe C:\Windows\SysWOW64\net.exe
PID 2624 wrote to memory of 4300 N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe C:\Windows\SysWOW64\net.exe
PID 4300 wrote to memory of 2504 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 4300 wrote to memory of 2504 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 4300 wrote to memory of 2504 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2624 wrote to memory of 3872 N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe C:\Windows\SysWOW64\net.exe
PID 2624 wrote to memory of 3872 N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe C:\Windows\SysWOW64\net.exe
PID 2624 wrote to memory of 3872 N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe C:\Windows\SysWOW64\net.exe

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\IDM-6.39.zip"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\IDM-6.39\README.md

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\IDM-6.39\" -an -ai#7zMap1918:118:7zEvent28312

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\IDM-6.39\IDM 6.39 Serial Key_2\" -spe -an -ai#7zMap29166:118:7zEvent26999

C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe

"C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe"

C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp

"C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp" -d "C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Program Files (x86)\Internet Download Manager\idmBroker.exe

"C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Program Files (x86)\Internet Download Manager\Uninstall.exe

"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv

C:\Windows\system32\RUNDLL32.EXE

"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe

"C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" -Embedding

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files (x86)\Internet Download Manager\Uninstall.exe

"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv

C:\Windows\system32\RUNDLL32.EXE

"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"

C:\Windows\regedit.exe

"regedit.exe" "C:\Users\Admin\Desktop\IDM-6.39\IDM 6.39 Serial Key_2\License - IDM 6.39 build 2\Key.reg"

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

"C:\Program Files (x86)\Internet Download Manager\IDMan.exe"

C:\Program Files (x86)\Internet Download Manager\Uninstall.exe

"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv

C:\Windows\system32\RUNDLL32.EXE

"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.61.93:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 test.internetdownloadmanager.com udp
US 8.8.8.8:53 secure.internetdownloadmanager.com udp
US 8.8.8.8:53 www.internetdownloadmanager.com udp
US 8.8.8.8:53 mirror3.internetdownloadmanager.com udp
US 8.8.8.8:53 mirror5.internetdownloadmanager.com udp
US 8.8.8.8:53 registeridm.com udp
US 169.61.27.133:80 registeridm.com tcp
US 8.8.8.8:53 133.27.61.169.in-addr.arpa udp
US 169.61.27.133:80 registeridm.com tcp

Files

C:\Users\Admin\Desktop\IDM-6.39\README.md

MD5 1a3b17f33508f338b329017e814fb367
SHA1 11cbc7476493beef545b508e163c68fc56b6cec4
SHA256 a08a33d867b0747b60dc53edd254d73fa9c94f243717a4ccef4af768a78bbeda
SHA512 a41bc1cc72878ade0c3ef0b68ef1fb28bfdeae5a416c93fe55e7c721e722f9e3687dc3a4be51630affb3351661aafa9e385362d7bb3c25e0fd088a42e2a92ecb

C:\Users\Admin\Desktop\IDM-6.39\IDM 6.39 Serial Key_2.zip

MD5 f3aa8e45cc4cd66ac4551efd6e60eb4b
SHA1 704d016e54ab918625024b97d590d31bb72b9183
SHA256 e02ae5bf2f98585c4074cbc1a756de0df7a6398e7319f37f56c9723aa4c5868a
SHA512 43ff92c5ebdf32b5b24a1db3ff3e196eddbd36765385127ffec9b90fbb4dbd0e97c41f0fde6ab1645a760bdb82174407b666cc427b671e373f63ecced154b8e9

C:\Users\Admin\Desktop\IDM-6.39\License - IDM 6.39 build 2\IDMan.exe

MD5 f07c6992c9459cb63cfd95dde9b0c229
SHA1 68bb67aa8901ae9c56e7806e74c6fcef0549ea2e
SHA256 5444a6e519546932b4dc1275a27daf26ad68ec9aab2b79492762d9578bda6981
SHA512 6819aa6c5b0fc39ae64da43cd08f57a50238270b652f466e2622bbfeb40619f6a6152dc1491b4126a778cbd6a4620d5234a542281efa1d3d6201caca9f047d6d

C:\Users\Admin\Desktop\IDM-6.39\internet-download-manager-6-41-build-5.exe

MD5 ab11b8c921efca25a7d93e3cc11b43b2
SHA1 2bbcf15b33bae06a42bdae53f1086cc15b940e8c
SHA256 b13cd0063ad162e11715af4334e8a05644817bb61d4999e326c30121a012b844
SHA512 3a574e0f9125540a3e95c52e7a08aa285859c06aa4a5558c35545313227a34fcd3145348fcea59cc83a83432f037d0ee985cf069d50ad770d68b3368592cbee1

memory/3940-22-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp

MD5 4560be1f497974ca52528a52786c8f34
SHA1 14219c7e444fc2a8145f09cebea6886f02de0034
SHA256 fc805d03f73c28aaee359811e046ff9fd39febbc80fc6bf01843d5fca9104a74
SHA512 922277f1c4e766230c6723d899d6f1d3616096b1923c1751fb856a0083727c9d3d5f1e48db6db88182dd5643d6686c6ca91b212c001a9aa536d997f9355aae0e

memory/3740-25-0x0000000000400000-0x0000000000429000-memory.dmp

memory/3940-26-0x0000000000400000-0x000000000040C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

MD5 95603374b9eb7270e9e6beca6f474427
SHA1 2448e71bcdf4fdbe42558745a62f25ed0007ce62
SHA256 4ff66e3c1e781d92abb757f537af13b1fb3fa167b86d330b7ed302728c7da53a
SHA512 d3987f207ad05e142d864b3ffe4ff6758d22b56f75d60ebcd79e0c760cf27106d7ff74bfbc7569389710e50602d3359b4ab20ddc14fbafcf526478dc85bfe593

C:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll

MD5 d04845fab1c667c04458d0a981f3898e
SHA1 f30267bb7037a11669605c614fb92734be998677
SHA256 33a8a6b9413d60a38237bafc4c331dfebf0bf64f8057abc335b4a6a6b95c9381
SHA512 ccd166dbe9aaba3795963af7d63b1a561de90153c2eaefb12f3e9f9ddebd9b1f7861ee76f45b4ef19d41ca514f3796e98b3c3660596730be8d8eb9e1048ef59e

C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

MD5 23efcfffee040fdc1786add815ccdf0a
SHA1 0d535387c904eba74e3cb83745cb4a230c6e0944
SHA256 9a9989644213043f2cfff177b907ef2bdd496c2f65803d8f158eae9034918878
SHA512 cf69ed7af446a83c084b3bd4b0a3dbb5f013d93013cd7f2369fc8a075fe05db511cfe6b6afdef78026f551b53ad0cb7c786193c579b7f868dd0840b53dbb5e9f

C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll

MD5 b94d0711637b322b8aa1fb96250c86b6
SHA1 4f555862896014b856763f3d667bce14ce137c8b
SHA256 38ac192d707f3ec697dd5fe01a0c6fc424184793df729f427c0cf5dfab6705fe
SHA512 72cdb05b4f45e9053ae2d12334dae412e415aebd018568c522fa5fe0f94dd26c7fe7bb81ccd8d6c7b5b42c795b3207dffa6345b8db24ce17beb601829e37a369

C:\Program Files (x86)\Internet Download Manager\idmfsa.dll

MD5 235f64226fcd9926fb3a64a4bf6f4cc8
SHA1 8f7339ca7577ff80e3df5f231c3c2c69f20a412a
SHA256 6f0ed0a7a21e73811675e8a13d35c7daa6309214477296a07fe52a3d477578ad
SHA512 9c6be540cffb43211e464656c16cb0f6f88fb7224087b690ca910acbd433eaf5479508f088b6e6b5437dd260923e26dd928a861db6a3ce76607ad9e77628262d

C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

MD5 e032a50d2cf9c5bf6ff602c1855d5a08
SHA1 f1292134eaad69b611a3d7e99c5a317c191468aa
SHA256 d0c6d455d067e8717efe2cfb9bdcbeae27b48830fe77e9d45c351fbfb164716d
SHA512 77099b44e4822b4a556b4ea6417cf0a131ffb5ee65c3f7537ab4cdc9939f806b15d21972ea4d14a0d95cf946013b9997a9127d798016f68bcd957bbffdab6c11

C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll

MD5 597164da15b26114e7f1136965533d72
SHA1 9eeaa7f7de2d04415b8c435a82ee7eea7bbf5c8a
SHA256 117abaeb27451944c72ffee804e674046c58d769bd2e940c71e66edec0725bd1
SHA512 7a2d31a1342286e1164f80c6da3a9c07418ebeafb9b4d5b702c0f03065ee26949da22193eb403c8aeec012b6f1c5ff21179104943943302972492fcdccc850d9

C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll

MD5 13c99cbf0e66d5a8003a650c5642ca30
SHA1 70f161151cd768a45509aff91996046e04e1ac2d
SHA256 8a51ece1c4c8bcb8c56ca10cb9d97bff0dfe75052412a8d8d970a5eb6933427b
SHA512 f3733ef2074f97768c196ad662565b28e9463c2c8cf768166fed95350b21c2eb6845d945778c251093c00c65d7a879186843eb334a8321b9956738d9257ce432

C:\Program Files (x86)\Internet Download Manager\idmBroker.exe

MD5 e2f17e16e2b1888a64398900999e9663
SHA1 688d39cb8700ceb724f0fe2a11b8abb4c681ad41
SHA256 97810e0b3838a7dca94d73a8b9e170107642b064713c084c231de6632cb68a9c
SHA512 8bde415db03463398e5e546a89c73fff9378f34f5c2854a7c24d7e6e58d5cdf7c52218cb3fc8f1b4052ce473bb522a2e7e2677781bcdec3216284f22d65fc40b

memory/3740-443-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

MD5 c435e8053ad13261ebb1ee6affb14df7
SHA1 3ceccd5295fb4e64f8d07474da0c79cc083a97df
SHA256 73746173fd77b545e1cf3f71905e5a744568d4ec034912eb196ea0010d3aef76
SHA512 c424052cf49411098dbf16e785498f677ae7caf5b8b7abe2300faef5118e62c5d3e2507d8d4ec515b4582dec3164b06e883f759f6ad3e260b31dfe39684bcc50

C:\Program Files (x86)\Internet Download Manager\idmvs.dll

MD5 77c37aaa507b49990ec1e787c3526b94
SHA1 677d75078e43314e76380658e09a8aabd7a6836c
SHA256 1c55021653c37390b3f4f519f7680101d7aaf0892aef5457fe656757632b2e10
SHA512 a9474cefe267b9f0c4e207a707a7c05d69ac571ae48bf174a49d2453b41cffd91aa48d8e3278d046df4b9ce81af8755e80f4fa8a7dacbf3b5a1df56f704417b2

C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll

MD5 a3c44204992e307d121df09dd6a1577c
SHA1 9482d8ffda34904b1dfd0226b374d1db41ca093d
SHA256 48e5c5916f100880e68c9e667c4457eb0065c5c7ab40fb6d85028fd23d3e4838
SHA512 f700cf7accab0333bc412f68cdcfb25d68c693a27829bc38a655d52cb313552b59f9243fc51357e9dccd92863deecb529cc68adbc40387aad1437d625fd577f1

memory/2624-485-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files (x86)\Internet Download Manager\IDMNetMon64.dll

MD5 fdfc47a1086bd461e49a394442a74ea6
SHA1 72fcec144605382d7c1c882204773d223b6fc2ed
SHA256 1011616fd21493f23dafd882cb1289f54c5155179ba6139559583303775b6f2a
SHA512 6537ba054eb8a218967151298d5372b1154af96d0bf6a21fdd0c2c18d996fcce6e3f2599de2d776262771e2b8f6f50ccc582835228312a1cc90f62dac5ce8969

memory/2624-491-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe

MD5 b6b81c3560d938728e8ac0f7d3847dcf
SHA1 d17d2fbb6724c7aa77f722e45ddcbef15c9120e8
SHA256 4e291c4e124b1962ae5f2de5f6bf7892f8a1eaa33a27fd167f547038b4508b2e
SHA512 2ebd1dd0a5af48fbfc2129b516d9f1d8eb65a2e895afabf9046804987d26fb889cf10549b0f688e4e0668131cf3489c5fb97129ac4354f8a17035c0ce10d532f

C:\Users\Admin\AppData\Roaming\IDM\urlexclist.dat

MD5 51134fb39707fe8946ce038941c282d9
SHA1 4f5e51d89ae57df262b4d4527480afeb5893a576
SHA256 6a7901a0117f5ad4f876545cd632f7f7ac3cd0f1df393bb59d23b1b72521fa92
SHA512 bcb40a6f6918458dff7bea1398752b0ec1a898aa88d4d8d4af0940971bdb6ea74dc6c456b77993eb27115e4a21f750cedf053ac467b71ab9138181d4ddb4ec54

C:\Users\Admin\AppData\Roaming\IDM\defextmap.dat

MD5 2f8229a851620a235848fc2a18cb0984
SHA1 58c4b056bab3db19202b72f0165a6baebbb9b37f
SHA256 d86ffe5e9b0025d0305f70137e0930c1c4da76df6dc0f07585df48fc6f83798e
SHA512 20c8ebb8d7d3b697419cb3c0b136f0344c7f6ddb8bbe3e83300678d58e1823f323c3c6d8d045a0e44024375540dfb2759ecbc8ac42098341b3437468d97d6106

memory/2932-511-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl

MD5 defd92a5cdf548ed284bc04799eb874c
SHA1 68cc59c6d55ec1d38411f0eb748397bc038cfdf6
SHA256 a19524089cb3533a1174297d18e0d6b808c306d1146101f0e83491e681b15897
SHA512 0f86232ced9925c99f04d455f7568f48bd7de66eda5afd487d103910e728492ba9df7a1bdd35e2eee800f0a713a578ffb70f0b8ffb2361f8fc4bf9f0ea6befb5

C:\Users\Admin\AppData\Roaming\IDM\Scheduler\s_1.dt

MD5 2639455c21b61de370e5e4e500a9c008
SHA1 b68a4bc7c4b521a2544459e603fbe706027f4e4e
SHA256 6d059e9c4670699aaa1b1594917d1be5fe752517d7c7e505f227e8dd181dcebb
SHA512 e7cf7fe5eebec79f70ed6b2fae0fdfe2c992fc240b0e6bc4a73e00aad01fdb1e13fd69a55b8b2a3b7a2c314c1ccbfc18284293f06ff5e875f0b64a86054db404

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

MD5 7631c33878c331d7396679b0c391fca8
SHA1 77ac7d3e4d50a67751b7577b4e284aaa7245733d
SHA256 c8fd8860e9a05cc61684ca7a4fea22eda721e701ee717dc039f52312d8d21be6
SHA512 4f7ca574794fcd5eddb1bb94919e63fb9ddf35dbd451b25ed30db0ba1b3ab3c373fd7f7d99794456c1ca0532a3b494c5ff85c1906936b504c787172326860892

C:\Program Files (x86)\Internet Download Manager\idmmkb.dll

MD5 3fa3297cdd68032338b4d9472d81edc3
SHA1 1567a974969eb1d18499759fea7621b592c157f2
SHA256 8a10c135de47b2f143f97a5c472c2e4cc0256b278304803aeca5f419b0a00494
SHA512 e8fee218a8523e8e908c566c543c27da1de06e240e00a57f96039314cf8e8b4a99e6a9c20b201153d32991636f49dd878e548f3c6d6bbd791d8d98a7e9148748

C:\Program Files (x86)\Internet Download Manager\idmindex.dll

MD5 09959ee223c5d34c82f1efb8bc8233cb
SHA1 2b320bbc34583a3dd2129ffc161e0ec3cc643c3f
SHA256 1fdb0d5b31e080084c82e0b773dafc7860fa860938b8baef6a4d7f5bde659f73
SHA512 318246f0b01adce2028236f509f636d98dfe7166035470d06835c3ee0d3c634d3678b88f22bc510fdf1e5356c8d16ba1373b7c374c936ac03ce43f0a754050e4

C:\Program Files (x86)\Internet Download Manager\idmftype.dll

MD5 48db4bfce6f3476dfa6602546f5fb5d4
SHA1 d2a8869bd5c5d3ab471197f2e19ae2cb7d9fabed
SHA256 3a47dbb1f86f2c51f3f8fb9c3a8b1309f5e182ab9af55179959104d262ce985d
SHA512 a3e06c76d5c1617655210ed1784329546a5c87432e158d7164310eecdf2d608b94f27492789b84abf491a7844f7f4020f176672fb41c19534aa874260898cc5f

C:\Users\Admin\Desktop\IDM-6.39\IDM 6.39 Serial Key_2\License - IDM 6.39 build 2\Key.reg

MD5 b92a5eb6160c9889f2ca70f00b0339b6
SHA1 ad93031ce58f1c6a75a079e73fa0e7eb9b463259
SHA256 f62aca0bd330bf8c0fc7c7a7a743277d004ad79edb8a4fad9ae13b40a30a2cf2
SHA512 945c3a26396640b8df6141bdb8e3339328ef6e55da04879f2d53ce2d8a605c7dc55143b6a6c57b23836cc4cb3542b2d21fc557b2751473995b8a1bc8551ed5b9

memory/3988-544-0x0000000000400000-0x0000000000429000-memory.dmp