31c3916e3c7ef0fcb12712de4a1db3b6039d0fe24cc0a359d753bdd6a9a98e62

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_58787b73866266a13385c759fcf7d64c_icedid.exe
Size

14.1MB
MD5

58787b73866266a13385c759fcf7d64c
SHA1

4f9aa90968482a6ca920e3efef689c7ccc0b7b8b
SHA256

31c3916e3c7ef0fcb12712de4a1db3b6039d0fe24cc0a359d753bdd6a9a98e62
SHA512

2d2bcd71a565bdf0bab954b3743d1159bec8446f4160df826f9e29ccb784afc1a4a578a779a3877c0204c6b112c0e33fdf7c75bb8242d1e41998776be37dbcbc
SSDEEP

393216:mgU3tVjIXVkijEjE1Wxc/JyKiPGbRgx4gcG1O:M3t9ekij/1P/Jlgygcf

Score

10^/10

adware discovery execution persistence privilege_escalation spyware stealer upx

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://mirror2.internetdownloadmanager.com/idman641build18.exe?v=lt&filename=idman641build18.exe

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

powershell.exe

flow pid process

17 3092 powershell.exe
Downloads MZ/PE file
Drops file in Drivers directory 1 IoCs

Processes:

DrvInst.exe

description ioc process

File opened for modification C:\Windows\System32\drivers\idmwfp.sys DrvInst.exe

flow	pid	process
17	3092	powershell.exe

description	ioc	process
File opened for modification	C:\Windows\System32\drivers\idmwfp.sys	DrvInst.exe

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

IDMan.exepatch.exeFreeze.exeIDM1.tmpPatch Idm Silent.exebackup.sfx.exedownload.....exereset.exeFreeze.exereg.exebackup.sfx.exeUninstall.exereset.exedownload.....exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	IDMan.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	patch.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	Freeze.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	IDM1.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	Patch Idm Silent.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	backup.sfx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	download.....exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	reset.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	Freeze.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	reg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	backup.sfx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	Uninstall.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	reset.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	download.....exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 22 IoCs

Processes:

autorun.exeToolbar.exebackup.sfx.exereset.exeFreeze.exedownload.....exebackup.exeidman641build17.exeIDM1.tmpidmBroker.exeIDMan.exeUninstall.exePatch Idm Silent.exepatch.exereg.exeUnSigner.exeToolbar.exebackup.sfx.exereset.exeFreeze.exedownload.....exebackup.exe

pid	process
1272	autorun.exe
2716	Toolbar.exe
2176	backup.sfx.exe
4152	reset.exe
1652	Freeze.exe
2808	download.....exe
4788	backup.exe
3632	idman641build17.exe
312	IDM1.tmp
5076	idmBroker.exe
728	IDMan.exe
4500	Uninstall.exe
3672	Patch Idm Silent.exe
3412	patch.exe
1708	reg.exe
1232	UnSigner.exe
3864	Toolbar.exe
3800	backup.sfx.exe
3924	reset.exe
2124	Freeze.exe
1956	download.....exe
384	backup.exe

Loads dropped DLL 46 IoCs

Processes:

autorun.exebackup.exeMsiExec.exeMsiExec.exeIDM1.tmpregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeIDMan.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeMsiExec.exeMsiExec.exe

pid	process
1272	autorun.exe
4788	backup.exe
4788	backup.exe
4420	MsiExec.exe
4420	MsiExec.exe
4420	MsiExec.exe
4420	MsiExec.exe
4420	MsiExec.exe
4420	MsiExec.exe
4788	backup.exe
3240	MsiExec.exe
3240	MsiExec.exe
3240	MsiExec.exe
312	IDM1.tmp
312	IDM1.tmp
312	IDM1.tmp
312	IDM1.tmp
3992	regsvr32.exe
3232	regsvr32.exe
2108	regsvr32.exe
4908	regsvr32.exe
3960	regsvr32.exe
3092	regsvr32.exe
728	IDMan.exe
728	IDMan.exe
728	IDMan.exe
728	IDMan.exe
728	IDMan.exe
536	regsvr32.exe
4424	regsvr32.exe
2184	regsvr32.exe
4172	regsvr32.exe
3060	regsvr32.exe
4280	regsvr32.exe
4532	regsvr32.exe
1832	regsvr32.exe
3468
3468
3436	regsvr32.exe
4284	regsvr32.exe
3468
3360	MsiExec.exe
3360	MsiExec.exe
3360	MsiExec.exe
3360	MsiExec.exe
3632	MsiExec.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

Processes:

RUNDLL32.EXE

description ioc process

Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" RUNDLL32.EXE
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exepowershell.exe

pid process

3092 powershell.exe
3548 powershell.exe
6076 powershell.exe
5876

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o"	RUNDLL32.EXE

Drops desktop.ini file(s) 2 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\desktop.ini	msiexec.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\desktop.ini	msiexec.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

IDM1.tmp

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper"	IDM1.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1"	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper"	IDM1.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1"	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	IDM1.tmp

Drops file in System32 directory 16 IoCs

Processes:

DrvInst.exeDrvInst.exe

description	ioc	process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\SET343A.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\SET343A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\SET343B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\idmwfp.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp64.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\SET343B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\SET344C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\SET344C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\idmwfp.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\idmwfp64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp64.sys	DrvInst.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\Gajjar Tejas\IDM Backup Manager 1.0.0\install\85DAF51\ProgramFilesFolder\IDM Backup Manager\IDM Backup Manager.exe	upx
C:\Users\Admin\AppData\Local\Temp\UnSigner.exe	upx
behavioral2/memory/1232-1447-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/1232-1450-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/2852-2876-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/2716-4295-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/5832-5311-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

Toolbar.exeToolbar.exepatch.exeIDM1.tmpUnSigner.exewscript.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\ThL-Toolbar_bmps	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Z-Style_Large.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\PureFlat\PureFlat_Small_Hot.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\iOS_Line\iOS_Line-Large_Normal.BMP	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\SEO IDM Toolbar-small.BMP	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\IDMGrHlp.exe	patch.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Assassin's Creed III.tbi	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Black Smile.tbi	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue_Arrow_Disable.bmp	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Cubic3D_Toolbar\H3M_Cubic3D_Large_Normal.bmp	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM-Pro (Toolbar Theme)\IDM-Pro.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Koushik_Halder_Small_Disable.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\metro.tbi	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineD\Windows_10_LineD-Small_Normal.bmp	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\idmmkb.dll	IDM1.tmp
File created	C:\Program Files (x86)\Internet Download Manager\openssl-license.txt	IDM1.tmp
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\BR.BMP	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Painted_Stickers.tbi	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineD\Windows_10_LineD-Small_Normal.bmp	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Toolbar\Flat_Color\Flat_Color-Large_Hot.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineW	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineW\Windows_10_LineW-Small_Disabled.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\IDMan.exe	UnSigner.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Toolbar\Flat_Color\Flat_Color-Large_Normal.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Cubic3D_Toolbar\H3M_Cubic3D_Large_Normal.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat_Color\Flat_Color-Small_Hot.bmp	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\pokegohot.BMP	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11 IDM\Toolbar	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\BR.TBI	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Languages\idm_pl.lng	IDM1.tmp
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\kiti.bmp	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Akame_Ga_Kill\AkameHot.BMP	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Toolbar\Flat Color.tbi	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz_2016\Glyfz_2016-Small_Disabled.BMP	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Olive_Shapes_Toolbar\H3M_OS_Small_Hot.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Painted_Stickers_Toolbar\H3M_PS_Large_Hot.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Painted_Stickers_Toolbar\H3M_PS_Small_Hot.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Black\YasserDivar_Black.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Black	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz_2016	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\Office Flat-Small_Disabled.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Soccer Tooldar-Black.BMP	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Coloize IDM THEME	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Anime_Theme_IDM.tbi	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\IDMan.exe.BAK	wscript.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz_2016\Glyfz_2016-Small_Normal.BMP	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\metro.BMP	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Languages\template_inst.lng	IDM1.tmp
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Black\black.tbi	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\MosI3D_large_1.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Skin2\3d_smallHot_3.bmp	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Anime_Theme_IDM\AnimeHot.BMP	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Anime_Theme_IDM.tbi	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows10.tbi	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Languages\idm_mn.lng	IDM1.tmp
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\Black\black.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Bronze_Shapes_Toolbar\H3M_BS_Large_Hot.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Coloize IDM THEME\YasserDivar_Colorize.bmp	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue_Arrow_Hot.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\GUiMAGiNATION\GD.bmp	Toolbar.exe
File created	C:\Program Files (x86)\Internet Download Manager\Toolbar\ThL-Toolbar_bmps\ThL-Normal.bmp	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\black-Over.BMP	Toolbar.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Flat\YasserDivar_Flat_Hot.bmp	Toolbar.exe

Drops file in Windows directory 35 IoCs

Processes:

msiexec.exeDrvInst.exeRUNDLL32.EXEDrvInst.exesvchost.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\MSI7E5D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7F0A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDB8C.tmp	msiexec.exe
File created	C:\Windows\Installer\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}\icon.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}\ext.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE036.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDE8F.tmp	msiexec.exe
File created	C:\Windows\Installer\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}\SystemFoldermsiexec.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE086.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8092.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7FF5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDC39.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}	msiexec.exe
File opened for modification	C:\Windows\Installer\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}\SystemFoldermsiexec.exe	msiexec.exe
File created	C:\Windows\Installer\e57d9f9.msi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	RUNDLL32.EXE
File opened for modification	C:\Windows\Installer\MSIDB0E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDCA7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDD06.tmp	msiexec.exe
File created	C:\Windows\Installer\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}\ext.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\e57d9f5.msi	msiexec.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSIDD84.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}\icon.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDFE7.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\Installer\MSI8279.tmp	msiexec.exe
File created	C:\Windows\Installer\e57d9f5.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI81BC.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe

Launches sc.exe 8 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exe

pid process

1700 sc.exe
5924
452
1464 sc.exe
648 sc.exe
4516 sc.exe
3128 sc.exe
4532 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
1700	sc.exe
5924
452
1464	sc.exe
648	sc.exe
4516	sc.exe
3128	sc.exe
4532	sc.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

reg.exereg.exereg.exereg.exereg.exereg.exenet.exetaskkill.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exenet1.exenet.exereg.exereg.exereg.exenet1.exereg.exereg.exereg.exereg.exereg.exeMsiExec.exepatch.exeidmBroker.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exereg.exewscript.exereg.exereg.exereg.exereg.exereg.exereg.exeMsiExec.exereg.exereg.exereg.exereg.exereg.exenet.exereg.exereg.exeautorun.exereg.exenet1.exereg.exereg.exereg.exereg.exeregsvr32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	patch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	idmBroker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autorun.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Checks SCSI registry key(s) 3 TTPs 26 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exeDrvInst.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

runonce.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	runonce.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	runonce.exe

Delays execution with timeout.exe 8 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid process

3700 timeout.exe
384 timeout.exe
4648 timeout.exe
4208 timeout.exe
3624 timeout.exe
4036 timeout.exe
1304
5756
Kills process with taskkill 4 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exe

pid process

2000 taskkill.exe
1292 taskkill.exe
5324 taskkill.exe
5688

pid	process
3700	timeout.exe
384	timeout.exe
4648	timeout.exe
4208	timeout.exe
3624	timeout.exe
4036	timeout.exe
1304
5756

pid	process
2000	taskkill.exe
1292	taskkill.exe
5324	taskkill.exe
5688

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

Processes:

IDMan.exeIDM1.tmpidmBroker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager"	IDM1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe"	IDM1.tmp
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3"	IDM1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe"	IDMan.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3"	IDMan.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe"	IDMan.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3"	IDMan.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager"	IDMan.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243"	IDMan.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop	IDMan.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe"	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"	IDMan.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights	IDM1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager"	IDM1.tmp
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop	IDM1.tmp
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}	IDM1.tmp
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	IDM1.tmp
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppName = "IDMan.exe"	IDM1.tmp
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	idmBroker.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}	idmBroker.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	IDMan.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Low Rights	IDMan.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}	IDM1.tmp
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	IDMan.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM	IDMan.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Program Files (x86)\\Internet Download Manager\\IEExt.htm"	IDMan.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	IDMan.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager"	IDMan.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}	IDMan.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3"	IDM1.tmp
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}	IDM1.tmp
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	IDM1.tmp
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	IDM1.tmp
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Low Rights	idmBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager"	idmBroker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\Policy = "3"	idmBroker.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}	IDMan.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3"	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager"	IDM1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppName = "idmBroker.exe"	idmBroker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe"	IDM1.tmp
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\Policy = "3"	IDM1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager"	IDMan.exe

Modifies data under HKEY_USERS 55 IoCs

Processes:

DrvInst.exeMsiExec.exeMsiExec.exemsiexec.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\XML Config\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}\C:\Program Files (x86)\Gajjar Tejas\IDM Backup Manager\regid.1995-09.com.example_211ca459-f137-4f82-bc77-c55d42e10125.swidtag = "*"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\XML Config	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\XML Config	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\XML Config\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}	MsiExec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\XML Config\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}\C:\ProgramData\regid.1995-09.com.example\regid.1995-09.com.example_211ca459-f137-4f82-bc77-c55d42e10125.swidtag = "*"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Caphyon	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Caphyon\Advanced Installer\XML Config\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	MsiExec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Caphyon	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe

Modifies registry class 64 IoCs

Processes:

IDM1.tmpIDMan.exeregsvr32.exeregsvr32.exemsiexec.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeidmBroker.exereg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}\TypeLib\ = "{ECF21EAB-3AA8-4355-82BE-F777990001DD}"	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94}\ = "IIDMIEHlprObj"	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\FLAGS\ = "0"	IDM1.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib	IDMan.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}\ProxyStubClsid32	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID\ = "IDMIECC.IDMIEHlprObj.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-zip-compressed\Extension = ".ibf"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\ = "IIDMAllLinksProcessor"	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}	IDMan.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}\TypeLib	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib\ = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage.1\ = "IDMHelperLinksStorage Class"	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus\1\ = "131473"	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Idmfsa.IDMEFSAgent.1\ = "IDMEFSAgent Class"	IDM1.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor.1\CLSID\ = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32	IDMan.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\ = "IV2LinkProcessor"	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr\CLSID\ = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"	IDMan.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}\ProxyStubClsid32	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}\TypeLib	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\ = "IIDMEFSAgent2"	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDMGetAll.IDMAllLinksProcessor\ = "IDMAllLinksProcessor Class"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\Programmable	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj\CLSID\ = "{0055C089-8582-441B-A0BF-17B458C2A3A8}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID\ = "DownlWithIDM.V2LinkProcessor"	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\idmBroker.OptionsReader\ = "OptionsReader Class"	idmBroker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID	IDMan.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1"	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib\ = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\VersionIndependentProgID	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\ = "IDMan 1.0 Type Library"	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj.1\CLSID\ = "{0055C089-8582-441B-A0BF-17B458C2A3A8}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ = "IIDMEFSAgent"	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM.dll"	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"	IDM1.tmp
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32	IDMan.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr\CurVer	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32	IDMan.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus\ = "0"	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID\ = "DownlWithIDM.V2LinkProcessor"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj\CurVer\ = "IDMIECC.IDMIEHlprObj.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\TypeLib\Version = "1.0"	IDM1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\ProxyStubClsid32	IDM1.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\IDMIECC64.dll"	regsvr32.exe

Runs .reg file with regedit 4 IoCs

Processes:

regedit.exeregedit.exeregedit.exe

pid process

4932 regedit.exe
2748 regedit.exe
6136 regedit.exe
5180
Runs net.exe

pid	process
4932	regedit.exe
2748	regedit.exe
6136	regedit.exe
5180

Suspicious behavior: EnumeratesProcesses 29 IoCs

Processes:

powershell.exemsiexec.exeIDM1.tmpIDMan.exepowershell.exepowershell.exepowershell.exe

pid	process
3092	powershell.exe
3092	powershell.exe
3092	powershell.exe
4308	msiexec.exe
4308	msiexec.exe
4308	msiexec.exe
312	IDM1.tmp
312	IDM1.tmp
312	IDM1.tmp
312	IDM1.tmp
312	IDM1.tmp
312	IDM1.tmp
312	IDM1.tmp
312	IDM1.tmp
312	IDM1.tmp
312	IDM1.tmp
728	IDMan.exe
728	IDMan.exe
2804	powershell.exe
2804	powershell.exe
2804	powershell.exe
4392	powershell.exe
4392	powershell.exe
4392	powershell.exe
3548	powershell.exe
3548	powershell.exe
3548	powershell.exe
4308	msiexec.exe
4308	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

autorun.exe

pid process

1272 autorun.exe
Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid process

652
652
652
652
652
652

pid	process
652
652
652
652
652
652

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEpowershell.exemsiexec.exemsiexec.exe

description	pid	process
Token: 33	760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	760	AUDIODG.EXE
Token: SeDebugPrivilege	3092	powershell.exe
Token: SeShutdownPrivilege	2356	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2356	msiexec.exe
Token: SeSecurityPrivilege	4308	msiexec.exe
Token: SeCreateTokenPrivilege	2356	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2356	msiexec.exe
Token: SeLockMemoryPrivilege	2356	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2356	msiexec.exe
Token: SeMachineAccountPrivilege	2356	msiexec.exe
Token: SeTcbPrivilege	2356	msiexec.exe
Token: SeSecurityPrivilege	2356	msiexec.exe
Token: SeTakeOwnershipPrivilege	2356	msiexec.exe
Token: SeLoadDriverPrivilege	2356	msiexec.exe
Token: SeSystemProfilePrivilege	2356	msiexec.exe
Token: SeSystemtimePrivilege	2356	msiexec.exe
Token: SeProfSingleProcessPrivilege	2356	msiexec.exe
Token: SeIncBasePriorityPrivilege	2356	msiexec.exe
Token: SeCreatePagefilePrivilege	2356	msiexec.exe
Token: SeCreatePermanentPrivilege	2356	msiexec.exe
Token: SeBackupPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	2356	msiexec.exe
Token: SeShutdownPrivilege	2356	msiexec.exe
Token: SeDebugPrivilege	2356	msiexec.exe
Token: SeAuditPrivilege	2356	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2356	msiexec.exe
Token: SeChangeNotifyPrivilege	2356	msiexec.exe
Token: SeRemoteShutdownPrivilege	2356	msiexec.exe
Token: SeUndockPrivilege	2356	msiexec.exe
Token: SeSyncAgentPrivilege	2356	msiexec.exe
Token: SeEnableDelegationPrivilege	2356	msiexec.exe
Token: SeManageVolumePrivilege	2356	msiexec.exe
Token: SeImpersonatePrivilege	2356	msiexec.exe
Token: SeCreateGlobalPrivilege	2356	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe
Token: SeTakeOwnershipPrivilege	4308	msiexec.exe
Token: SeRestorePrivilege	4308	msiexec.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

autorun.exebackup.exebackup.exe

pid process

1272 autorun.exe
1272 autorun.exe
1272 autorun.exe
1272 autorun.exe
4788 backup.exe
384 backup.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

autorun.exe

pid process

1272 autorun.exe
1272 autorun.exe
1272 autorun.exe
1272 autorun.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

2024-11-20_58787b73866266a13385c759fcf7d64c_icedid.exeautorun.exeIDMan.exeUninstall.exepatch.execmd.execmd.exeUnSigner.exe

pid	process
2276	2024-11-20_58787b73866266a13385c759fcf7d64c_icedid.exe
1272	autorun.exe
1272	autorun.exe
1272	autorun.exe
728	IDMan.exe
728	IDMan.exe
4500	Uninstall.exe
3412	patch.exe
4452	cmd.exe
4776	cmd.exe
1232	UnSigner.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_58787b73866266a13385c759fcf7d64c_icedid.exeautorun.exedownload.....exereset.exeFreeze.exebackup.sfx.execmd.exebackup.execmd.execmd.exemsiexec.execmd.execmd.exe

description	pid	process	target process
PID 2276 wrote to memory of 1272	2276	2024-11-20_58787b73866266a13385c759fcf7d64c_icedid.exe	autorun.exe
PID 2276 wrote to memory of 1272	2276	2024-11-20_58787b73866266a13385c759fcf7d64c_icedid.exe	autorun.exe
PID 2276 wrote to memory of 1272	2276	2024-11-20_58787b73866266a13385c759fcf7d64c_icedid.exe	autorun.exe
PID 1272 wrote to memory of 2716	1272	autorun.exe	Toolbar.exe
PID 1272 wrote to memory of 2716	1272	autorun.exe	Toolbar.exe
PID 1272 wrote to memory of 2176	1272	autorun.exe	backup.sfx.exe
PID 1272 wrote to memory of 2176	1272	autorun.exe	backup.sfx.exe
PID 1272 wrote to memory of 4152	1272	autorun.exe	reset.exe
PID 1272 wrote to memory of 4152	1272	autorun.exe	reset.exe
PID 1272 wrote to memory of 1652	1272	autorun.exe	Freeze.exe
PID 1272 wrote to memory of 1652	1272	autorun.exe	Freeze.exe
PID 1272 wrote to memory of 2808	1272	autorun.exe	download.....exe
PID 1272 wrote to memory of 2808	1272	autorun.exe	download.....exe
PID 2808 wrote to memory of 3560	2808	download.....exe	cmd.exe
PID 4152 wrote to memory of 1632	4152	reset.exe	cmd.exe
PID 2808 wrote to memory of 3560	2808	download.....exe	cmd.exe
PID 4152 wrote to memory of 1632	4152	reset.exe	cmd.exe
PID 1652 wrote to memory of 4032	1652	Freeze.exe	cmd.exe
PID 1652 wrote to memory of 4032	1652	Freeze.exe	cmd.exe
PID 2176 wrote to memory of 4788	2176	backup.sfx.exe	backup.exe
PID 2176 wrote to memory of 4788	2176	backup.sfx.exe	backup.exe
PID 2176 wrote to memory of 4788	2176	backup.sfx.exe	backup.exe
PID 3560 wrote to memory of 3092	3560	cmd.exe	powershell.exe
PID 3560 wrote to memory of 3092	3560	cmd.exe	powershell.exe
PID 4788 wrote to memory of 2356	4788	backup.exe	msiexec.exe
PID 4788 wrote to memory of 2356	4788	backup.exe	msiexec.exe
PID 4032 wrote to memory of 1464	4032	cmd.exe	sc.exe
PID 4032 wrote to memory of 1464	4032	cmd.exe	sc.exe
PID 4032 wrote to memory of 4896	4032	cmd.exe	find.exe
PID 4032 wrote to memory of 4896	4032	cmd.exe	find.exe
PID 1632 wrote to memory of 648	1632	cmd.exe	sc.exe
PID 1632 wrote to memory of 648	1632	cmd.exe	sc.exe
PID 1632 wrote to memory of 1064	1632	cmd.exe	find.exe
PID 1632 wrote to memory of 1064	1632	cmd.exe	find.exe
PID 4308 wrote to memory of 4420	4308	msiexec.exe	MsiExec.exe
PID 4308 wrote to memory of 4420	4308	msiexec.exe	MsiExec.exe
PID 4308 wrote to memory of 4420	4308	msiexec.exe	MsiExec.exe
PID 1632 wrote to memory of 3304	1632	cmd.exe	findstr.exe
PID 1632 wrote to memory of 3304	1632	cmd.exe	findstr.exe
PID 4032 wrote to memory of 1764	4032	cmd.exe	findstr.exe
PID 4032 wrote to memory of 1764	4032	cmd.exe	findstr.exe
PID 1632 wrote to memory of 3300	1632	cmd.exe	cmd.exe
PID 1632 wrote to memory of 3300	1632	cmd.exe	cmd.exe
PID 4032 wrote to memory of 2116	4032	cmd.exe	cmd.exe
PID 4032 wrote to memory of 2116	4032	cmd.exe	cmd.exe
PID 1632 wrote to memory of 408	1632	cmd.exe	reg.exe
PID 1632 wrote to memory of 408	1632	cmd.exe	reg.exe
PID 1632 wrote to memory of 2332	1632	cmd.exe	find.exe
PID 1632 wrote to memory of 2332	1632	cmd.exe	find.exe
PID 4032 wrote to memory of 4160	4032	cmd.exe	reg.exe
PID 4032 wrote to memory of 4160	4032	cmd.exe	reg.exe
PID 4032 wrote to memory of 824	4032	cmd.exe	find.exe
PID 4032 wrote to memory of 824	4032	cmd.exe	find.exe
PID 4032 wrote to memory of 4728	4032	cmd.exe	cmd.exe
PID 4032 wrote to memory of 4728	4032	cmd.exe	cmd.exe
PID 4728 wrote to memory of 4996	4728	cmd.exe	cmd.exe
PID 4728 wrote to memory of 4996	4728	cmd.exe	cmd.exe
PID 1632 wrote to memory of 1664	1632	cmd.exe	cmd.exe
PID 1632 wrote to memory of 1664	1632	cmd.exe	cmd.exe
PID 4728 wrote to memory of 2672	4728	cmd.exe	cmd.exe
PID 4728 wrote to memory of 2672	4728	cmd.exe	cmd.exe
PID 1664 wrote to memory of 116	1664	cmd.exe	cmd.exe
PID 1664 wrote to memory of 116	1664	cmd.exe	cmd.exe
PID 1664 wrote to memory of 3908	1664	cmd.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-20_58787b73866266a13385c759fcf7d64c_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_58787b73866266a13385c759fcf7d64c_icedid.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\2024-11-20_58787b73866266a13385c759fcf7d64c_icedid.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1272
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Toolbar.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Toolbar.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\backup.sfx.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\backup.sfx.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\RarSFX0\backup.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\backup.exe" /qn
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:4788
    - - C:\Windows\system32\msiexec.exe
        
        /i "C:\Users\Admin\AppData\Roaming\Gajjar Tejas\IDM Backup Manager 1.0.0\install\85DAF51\IDM Backup Manager.msi" /qn AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\RarSFX0\backup.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\RarSFX0\" EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs /qn "
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2356
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reset.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reset.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4152
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX1\IAS.cmd" /res parameter"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1632
    - - C:\Windows\System32\sc.exe
        
        sc query Null
        5⤵
        Launches sc.exe
        
        PID:648
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:1064
    - - C:\Windows\System32\findstr.exe
        
        findstr /v "$" "IAS.cmd"
        5⤵
        
        PID:3304
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ver
        5⤵
        
        PID:3300
    - - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Console" /v ForceV2
        5⤵
        
        PID:408
    - - C:\Windows\System32\find.exe
        
        find /i "0x0"
        5⤵
        
        PID:2332
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo prompt $E | cmd
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1664
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo prompt $E "
        6⤵
        
        PID:116
      - C:\Windows\System32\cmd.exe
        
        cmd
        6⤵
        
        PID:3908
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX1\IAS.cmd" "
        5⤵
        
        PID:2756
    - - C:\Windows\System32\find.exe
        
        find /i "C:\Users\Admin\AppData\Local\Temp"
        5⤵
        
        PID:2760
    - - C:\Windows\System32\timeout.exe
        
        timeout /t 2
        5⤵
        Delays execution with timeout.exe
        
        PID:384
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Freeze.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Freeze.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1652
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX1\IAS.cmd" /frz parameter"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4032
    - - C:\Windows\System32\sc.exe
        
        sc query Null
        5⤵
        Launches sc.exe
        
        PID:1464
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:4896
    - - C:\Windows\System32\findstr.exe
        
        findstr /v "$" "IAS.cmd"
        5⤵
        
        PID:1764
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ver
        5⤵
        
        PID:2116
    - - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Console" /v ForceV2
        5⤵
        
        PID:4160
    - - C:\Windows\System32\find.exe
        
        find /i "0x0"
        5⤵
        
        PID:824
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo prompt $E | cmd
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:4728
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo prompt $E "
        6⤵
        
        PID:4996
      - C:\Windows\System32\cmd.exe
        
        cmd
        6⤵
        
        PID:2672
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX1\IAS.cmd" "
        5⤵
        
        PID:2708
    - - C:\Windows\System32\find.exe
        
        find /i "C:\Users\Admin\AppData\Local\Temp"
        5⤵
        
        PID:4496
    - - C:\Windows\System32\timeout.exe
        
        timeout /t 2
        5⤵
        Delays execution with timeout.exe
        
        PID:3700
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\download.....exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\download.....exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX2\download.bat" "
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3560
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "(New-Object Net.WebClient).DownloadFile('https://mirror2.internetdownloadmanager.com/idman641build18.exe?v=lt&filename=idman641build18.exe', 'idman641build17.exe')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\RarSFX2\idman641build17.exe
        
        idman641build17.exe /skipdlgs
        5⤵
        Executes dropped EXE
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp" -d "C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\" -skdlgs
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Installs/modifies Browser Helper Object
        Drops file in Program Files directory
        Modifies Internet Explorer settings
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:312
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3992
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        8⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:3092
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        7⤵
        Loads dropped DLL
        
        PID:3232
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        8⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:4908
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        7⤵
        Loads dropped DLL
        
        PID:2108
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        8⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:3960
        
        C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
        
        "C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Modifies registry class
        
        PID:5076
        
        C:\Program Files (x86)\Internet Download Manager\IDMan.exe
        
        "C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr /onsilentsetup
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Modifies Internet Explorer settings
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of SetWindowsHookEx
        
        PID:728
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        8⤵
        Loads dropped DLL
        
        PID:536
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        9⤵
        Loads dropped DLL
        
        PID:4424
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        8⤵
        Loads dropped DLL
        
        PID:2184
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        9⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:3060
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        8⤵
        Loads dropped DLL
        
        PID:4172
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        9⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:4532
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        8⤵
        Loads dropped DLL
        
        PID:4280
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        9⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:1832
        
        C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
        
        "C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4500
        
        C:\Windows\system32\RUNDLL32.EXE
        
        "C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
        9⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:3668
        
        C:\Windows\system32\runonce.exe
        
        "C:\Windows\system32\runonce.exe" -r
        10⤵
        Checks processor information in registry
        
        PID:3640
        
        C:\Windows\System32\grpconv.exe
        
        "C:\Windows\System32\grpconv.exe" -o
        11⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4724
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:408
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4092
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3020
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        9⤵
        Loads dropped DLL
        
        PID:3436
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        10⤵
        Loads dropped DLL
        
        PID:4284
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Patch Idm Silent.exe
    "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Patch Idm Silent.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\patch.exe
      "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\patch.exe" -silent -nonupdate
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3412
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill.exe /IM IDMan.exe /F
        5⤵
        System Location Discovery: System Language Discovery
        Kills process with taskkill
        
        PID:2000
    - - C:\Windows\SysWOW64\wscript.exe
        
        wscript.exe "C:\Users\Admin\AppData\Local\Temp\IDM_BAK.vbs" /idmdir:"C:\Program Files (x86)\Internet Download Manager\"
        5⤵
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        
        PID:1836
    - - C:\Windows\SysWOW64\reg.exe
        
        reg.exe import C:\Users\Admin\AppData\Local\Temp\IDMRegClean.reg
        5⤵
        Modifies registry class
        
        PID:828
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C "C:\Users\Admin\AppData\Local\Temp\BATCLEN.bat"
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4452
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c whoami /user /fo list
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4776
        
        C:\Windows\SysWOW64\whoami.exe
        
        whoami /user /fo list
        7⤵
        
        PID:1160
      - C:\Windows\SysWOW64\reg.exe
        
        reg query HKU\S-1-5-19
        6⤵
        
        PID:3632
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:3628
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:2488
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:2108
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:4516
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:2900
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:3992
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:3100
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:3096
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:2464
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:2708
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:3980
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:3656
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:4980
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:3704
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:4000
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:2580
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:4260
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:380
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:632
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:2748
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:1404
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:2284
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3800
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:4456
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:1064
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:728
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:4044
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:3764
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:2000
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2892
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2192
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4704
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:2068
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:4736
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:2004
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:184
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:1948
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:4976
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:3716
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:4104
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:3180
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:452
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1160
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:3960
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:3188
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:4516
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:4464
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:3992
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3300
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:3096
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:4964
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:2736
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:1764
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:856
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:2852
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:4544
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:1576
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:3388
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:2576
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:2352
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:748
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:3924
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:3436
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:2652
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2300
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:216
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2860
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:388
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:3044
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:1232
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:1376
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:4504
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:5116
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:3864
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:536
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:3812
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:3804
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:3572
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:3328
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:2364
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:3160
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:4644
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:2560
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:3336
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:4740
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:4080
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:3316
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:1836
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:1860
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3360
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3564
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:2024
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:4608
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:452
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:4776
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:2668
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4024
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:2108
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:4908
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:3092
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:3992
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3300
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2464
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:2392
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:2804
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4588
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:824
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:4632
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:4720
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:1576
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:3196
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:4548
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:2732
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:2916
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:3704
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:552
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:1464
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:4260
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:3060
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:632
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:4532
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1404
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:1704
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:2284
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3800
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:4456
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:1064
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:2124
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:728
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:4044
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:1956
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:1124
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2892
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:3008
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:1588
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:3048
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:2640
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:4680
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4988
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:3444
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:3548
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:3716
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:4104
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:2200
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:1572
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:1504
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:1828
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:1160
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:3640
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:1420
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:2108
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:4524
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:4724
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:3628
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:4424
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:1696
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:1524
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:376
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3020
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:4748
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:2852
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:3980
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:2708
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:3032
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4980
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:748
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:2664
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:3704
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:552
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:4968
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1464
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:3060
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:632
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:4532
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:1404
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:1704
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:3800
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:4456
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:1064
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:728
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:4044
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:4932
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:4116
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2192
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:2560
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:2068
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:1284
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:2004
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:1904
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:2760
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:4976
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3360
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:2436
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2488
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:3960
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3896
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:4464
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:408
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:4788
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Internet Download Manager" /f
        6⤵
        
        PID:5028
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Internet Download Manager"
        6⤵
        
        PID:952
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Internet Download Manager"
        6⤵
        
        PID:2736
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell write-host 'Deleted ' -fore '"Green"' -NoNewline; write-host '"""HKLM\Software\Internet Download Manager"""' -fore '"White"'
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2804
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Wow6432Node\Internet Download Manager" /f
        6⤵
        
        PID:2664
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\Internet Download Manager"
        6⤵
        
        PID:216
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\Internet Download Manager"
        6⤵
        
        PID:1952
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Download Manager" /f
        6⤵
        
        PID:552
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Download Manager"
        6⤵
        
        PID:3060
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Download Manager"
        6⤵
        
        PID:632
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Wow6432Node\Download Manager" /f
        6⤵
        
        PID:4532
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\Download Manager"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1404
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\Download Manager"
        6⤵
        
        PID:1704
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\DownloadManager" /f
        6⤵
        
        PID:2284
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\DownloadManager"
        6⤵
        
        PID:3800
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\DownloadManager"
        6⤵
        
        PID:536
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Wow6432Node\DownloadManager" /f
        6⤵
        
        PID:3812
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\DownloadManager"
        6⤵
        
        PID:3804
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\DownloadManager"
        6⤵
        
        PID:1632
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Download Manager" /f
        6⤵
        
        PID:3328
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Download Manager"
        6⤵
        
        PID:2000
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Download Manager"
        6⤵
        
        PID:3160
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Wow6432Node\Download Manager" /f
        6⤵
        
        PID:2364
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Wow6432Node\Download Manager"
        6⤵
        
        PID:1000
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Wow6432Node\Download Manager"
        6⤵
        
        PID:2308
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Wow6432Node\DownloadManager" /f
        6⤵
        
        PID:2640
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Wow6432Node\DownloadManager"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4740
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Wow6432Node\DownloadManager"
        6⤵
        
        PID:184
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Download Manager" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1836
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Download Manager"
        6⤵
        
        PID:1860
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Download Manager"
        6⤵
        
        PID:660
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Wow6432Node\Download Manager" /f
        6⤵
        
        PID:4104
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Wow6432Node\Download Manager"
        6⤵
        
        PID:664
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Wow6432Node\Download Manager"
        6⤵
        
        PID:1960
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\DownloadManager" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3200
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\DownloadManager"
        6⤵
        
        PID:4776
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\DownloadManager"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager" /f
        6⤵
        
        PID:3640
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3232
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Internet Download Manager" /f
        6⤵
        
        PID:4524
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Wow6432Node\Internet Download Manager" /f
        6⤵
        
        PID:4724
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Wow6432Node\DownloadManager" /f
        6⤵
        
        PID:3992
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "Email" /f
        6⤵
        
        PID:3300
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "Serial" /f
        6⤵
        
        PID:2088
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "CheckUpdtVM" /f
        6⤵
        
        PID:4668
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "tvfrdt" /f
        6⤵
        
        PID:952
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "LstCheck" /f
        6⤵
        
        PID:2736
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "scansk" /f
        6⤵
        
        PID:3388
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "radxcnt" /f
        6⤵
        
        PID:4200
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "ptrk_scdt" /f
        6⤵
        
        PID:4720
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "LastCheckQU" /f
        6⤵
        
        PID:824
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKLM\Software\Internet Download Manager" /v "AdvIntDriverEnabled2" /t REG_DWORD /d "1" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1444
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKLM\Software\WOW6432Node\Internet Download Manager" /v "AdvIntDriverEnabled2" /t REG_DWORD /d "1" /f
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:748
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKCU\Software\DownloadManager" /v "nLst" /t REG_DWORD /d "1" /f
        6⤵
        
        PID:3056
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKCU\Software\DownloadManager" /v "LaunchOnStart" /t REG_DWORD /d "1" /f
        6⤵
        
        PID:1584
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKCU\Software\DownloadManager" /v "FName" /t REG_SZ /d "Registered to:" /f
        6⤵
        
        PID:4152
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKCU\Software\DownloadManager" /v "LName" /t REG_SZ /d "Admin" /f
        6⤵
        
        PID:2716
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell write-host '.::' -fore '"Red"' -NoNewline; write-host ' Please don''t forget to' -fore '"White"' -NoNewline; write-host ' re-register IDM' -fore '"Green"' -NoNewline; write-host ' !' -fore '"White"' -NoNewline; write-host ' ::.' -fore '"Red"'
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\UnSigner.exe
        
        "C:\Users\Admin\AppData\Local\Temp\UnSigner.exe" -f -b "C:\Program Files (x86)\Internet Download Manager\IDMan.exe"
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious use of SetWindowsHookEx
        
        PID:1232
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reg.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reg.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:1708
  - - C:\Windows\regedit.exe
      "C:\Windows\regedit.exe" /S reg.reg
      4⤵
      Runs .reg file with regedit
      PID:4932
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Toolbar.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Toolbar.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    PID:3864
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\backup.sfx.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\backup.sfx.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:3800
  - - C:\Users\Admin\AppData\Local\Temp\RarSFX0\backup.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\backup.exe" /qn
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      PID:384
    - - C:\Windows\system32\msiexec.exe
        
        /i "C:\Users\Admin\AppData\Roaming\Gajjar Tejas\IDM Backup Manager 1.0.0\install\85DAF51\IDM Backup Manager.msi" /qn AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\RarSFX0\backup.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\RarSFX0\" EXE_CMD_LINE="/exelang 0 /noprereqs /qn "
        5⤵
        
        PID:4260
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reset.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reset.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:3924
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\IAS.cmd" /res parameter"
      4⤵
      PID:2200
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:3232
    - - C:\Windows\System32\sc.exe
        
        sc query Null
        5⤵
        Launches sc.exe
        
        PID:3128
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:2736
    - - C:\Windows\System32\findstr.exe
        
        findstr /v "$" "IAS.cmd"
        5⤵
        
        PID:4260
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ver
        5⤵
        
        PID:1376
    - - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Console" /v ForceV2
        5⤵
        
        PID:1744
    - - C:\Windows\System32\find.exe
        
        find /i "0x0"
        5⤵
        
        PID:4936
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo prompt $E | cmd
        5⤵
        
        PID:2732
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo prompt $E "
        6⤵
        
        PID:2708
      - C:\Windows\System32\cmd.exe
        
        cmd
        6⤵
        
        PID:4496
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX0\IAS.cmd" "
        5⤵
        
        PID:4116
    - - C:\Windows\System32\find.exe
        
        find /i "C:\Users\Admin\AppData\Local\Temp"
        5⤵
        
        PID:3008
    - - C:\Windows\System32\timeout.exe
        
        timeout /t 2
        5⤵
        Delays execution with timeout.exe
        
        PID:4208
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Freeze.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Freeze.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:2124
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX1\IAS.cmd" /frz parameter"
      4⤵
      PID:1160
    - - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        5⤵
        
        PID:1832
    - - C:\Windows\System32\sc.exe
        
        sc query Null
        5⤵
        Launches sc.exe
        
        PID:4516
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:3564
    - - C:\Windows\System32\findstr.exe
        
        findstr /v "$" "IAS.cmd"
        5⤵
        
        PID:3632
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ver
        5⤵
        
        PID:1464
    - - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Console" /v ForceV2
        5⤵
        
        PID:2164
    - - C:\Windows\System32\find.exe
        
        find /i "0x0"
        5⤵
        
        PID:3044
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo prompt $E | cmd
        5⤵
        
        PID:2184
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo prompt $E "
        6⤵
        
        PID:1232
      - C:\Windows\System32\cmd.exe
        
        cmd
        6⤵
        
        PID:3700
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX1\IAS.cmd" "
        5⤵
        
        PID:1952
    - - C:\Windows\System32\find.exe
        
        find /i "C:\Users\Admin\AppData\Local\Temp"
        5⤵
        
        PID:2904
    - - C:\Windows\System32\timeout.exe
        
        timeout /t 2
        5⤵
        Delays execution with timeout.exe
        
        PID:4648
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\download.....exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\download.....exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:1956
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX1\download.bat" "
      4⤵
      PID:2860
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "(New-Object Net.WebClient).DownloadFile('https://mirror2.internetdownloadmanager.com/idman641build18.exe?v=lt&filename=idman641build18.exe', 'idman641build17.exe')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\RarSFX1\idman641build17.exe
        
        idman641build17.exe /skipdlgs
        5⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp" -d "C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\" -skdlgs
        6⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        7⤵
        
        PID:312
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        8⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        7⤵
        
        PID:3636
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        8⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        7⤵
        
        PID:1232
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        8⤵
        
        PID:1696
        
        C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
        
        "C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer
        7⤵
        
        PID:728
        
        C:\Program Files (x86)\Internet Download Manager\IDMan.exe
        
        "C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr /onsilentsetup
        7⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        8⤵
        
        PID:2680
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        9⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        8⤵
        
        PID:4056
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        9⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        8⤵
        
        PID:2064
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        9⤵
        
        PID:928
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        8⤵
        
        PID:3100
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        9⤵
        
        PID:2664
        
        C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
        
        "C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
        8⤵
        
        PID:1244
        
        C:\Windows\system32\RUNDLL32.EXE
        
        "C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
        9⤵
        
        PID:2220
        
        C:\Windows\system32\runonce.exe
        
        "C:\Windows\system32\runonce.exe" -r
        10⤵
        
        PID:1828
        
        C:\Windows\System32\grpconv.exe
        
        "C:\Windows\System32\grpconv.exe" -o
        11⤵
        
        PID:444
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:2308
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        10⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:660
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:452
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:852
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:384
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        9⤵
        
        PID:3204
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        10⤵
        
        PID:3396
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Patch Idm Silent.exe
    "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Patch Idm Silent.exe"
    3⤵
    PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\patch.exe
      "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\patch.exe" -silent -nonupdate
      4⤵
      PID:4724
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill.exe /IM IDMan.exe /F
        5⤵
        Kills process with taskkill
        
        PID:1292
    - - C:\Windows\SysWOW64\wscript.exe
        
        wscript.exe "C:\Users\Admin\AppData\Local\Temp\IDM_BAK.vbs" /idmdir:"C:\Program Files (x86)\Internet Download Manager\"
        5⤵
        
        PID:4896
    - - C:\Windows\SysWOW64\reg.exe
        
        reg.exe import C:\Users\Admin\AppData\Local\Temp\IDMRegClean.reg
        5⤵
        
        PID:3896
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:216
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C "C:\Users\Admin\AppData\Local\Temp\BATCLEN.bat"
        5⤵
        
        PID:2712
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:2860
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c whoami /user /fo list
        6⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\whoami.exe
        
        whoami /user /fo list
        7⤵
        
        PID:2228
      - C:\Windows\SysWOW64\reg.exe
        
        reg query HKU\S-1-5-19
        6⤵
        
        PID:4788
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:3328
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:4268
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:3960
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:3744
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:1660
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:1904
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:3200
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:3564
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:2308
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:3444
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:1524
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:3656
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:4032
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:2716
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:3980
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:1948
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:2736
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:380
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:4464
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:4740
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:2024
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:864
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3032
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3632
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:4864
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:1584
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:4780
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:4480
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:3992
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:2960
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:856
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:2304
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:3536
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:2804
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:2916
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:3184
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:1000
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:4572
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:3336
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:3396
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:3204
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:4080
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:1960
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:3360
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:3704
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:116
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:2260
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:4620
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:1800
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:3496
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:4056
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:2164
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:5000
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:1448
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:2668
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:1232
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:4668
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:3668
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3388
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:1308
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:4436
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:4704
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:928
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:4732
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:408
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:2100
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:1832
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:2228
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:4788
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:3328
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:4268
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:3960
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:3744
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:4036
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:1660
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:3200
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:3564
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:2308
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:3444
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:1524
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:3656
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:4032
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:2716
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:3980
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:1948
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:2736
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:380
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:4464
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:4740
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:2024
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:864
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:3032
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:3632
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:4864
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:1584
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:4780
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:1900
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:3992
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:2960
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:4544
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:2580
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:448
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:2152
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:3672
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:2760
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:3476
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:2220
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:912
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:2224
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:3204
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:4080
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:1960
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:3360
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:3704
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:116
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:2260
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:4620
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:1800
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:3496
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:4056
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:2164
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:5000
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:1448
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:2668
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:1232
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:4668
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:4556
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:3668
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:1308
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:4436
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3896
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:4704
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:4732
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:4588
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:408
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:1832
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:2228
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:4788
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:3328
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:4268
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:3960
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:3744
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:4036
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:1660
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:3200
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:3564
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:2308
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:3444
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:1524
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:2176
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:3656
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:2716
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:3980
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:1948
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:2736
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:380
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:4464
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:3096
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:4740
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:864
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:3032
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:3632
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:4864
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:1584
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:4780
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:1900
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3992
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:2960
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:4544
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:2580
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:2108
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:2804
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:3792
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:2708
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:3560
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:2764
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:912
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:1364
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:1632
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:3764
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:4880
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:3788
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:4280
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:1216
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:2260
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:4620
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:1800
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:3496
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:4056
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:2164
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:5000
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:1448
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:2668
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:1232
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:4668
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:3588
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:4888
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:2664
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:3640
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:3188
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:2052
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:2560
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:4264
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:1952
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:2004
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:4968
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:2632
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:4440
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:3160
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:2380
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:4720
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:1860
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:4104
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:4516
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:4472
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:3128
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Internet Download Manager" /f
        6⤵
        
        PID:1404
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Internet Download Manager"
        6⤵
        
        PID:3532
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Internet Download Manager"
        6⤵
        
        PID:2692
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Wow6432Node\Internet Download Manager" /f
        6⤵
        
        PID:2288
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\Internet Download Manager"
        6⤵
        
        PID:3196
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\Internet Download Manager"
        6⤵
        
        PID:2364
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Download Manager" /f
        6⤵
        
        PID:3044
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Download Manager"
        6⤵
        
        PID:2436
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Download Manager"
        6⤵
        
        PID:4044
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Wow6432Node\Download Manager" /f
        6⤵
        
        PID:4608
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\Download Manager"
        6⤵
        
        PID:1836
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\Download Manager"
        6⤵
        
        PID:2956
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\DownloadManager" /f
        6⤵
        
        PID:2332
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\DownloadManager"
        6⤵
        
        PID:4208
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\DownloadManager"
        6⤵
        
        PID:528
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Wow6432Node\DownloadManager" /f
        6⤵
        
        PID:4680
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\DownloadManager"
        6⤵
        
        PID:4260
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Wow6432Node\DownloadManager"
        6⤵
        
        PID:2640
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Download Manager" /f
        6⤵
        
        PID:1900
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Download Manager"
        6⤵
        
        PID:3992
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Download Manager"
        6⤵
        
        PID:2960
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Wow6432Node\Download Manager" /f
        6⤵
        
        PID:4544
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Wow6432Node\Download Manager"
        6⤵
        
        PID:2580
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Wow6432Node\Download Manager"
        6⤵
        
        PID:2108
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Wow6432Node\DownloadManager" /f
        6⤵
        
        PID:2804
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Wow6432Node\DownloadManager"
        6⤵
        
        PID:3548
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Wow6432Node\DownloadManager"
        6⤵
        
        PID:3792
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Download Manager" /f
        6⤵
        
        PID:3560
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Download Manager"
        6⤵
        
        PID:2764
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Download Manager"
        6⤵
        
        PID:2224
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Wow6432Node\Download Manager" /f
        6⤵
        
        PID:3204
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Wow6432Node\Download Manager"
        6⤵
        
        PID:4080
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Wow6432Node\Download Manager"
        6⤵
        
        PID:1440
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\DownloadManager" /f
        6⤵
        
        PID:3480
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\DownloadManager"
        6⤵
        
        PID:512
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\DownloadManager"
        6⤵
        
        PID:1212
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager" /f
        6⤵
        
        PID:4936
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager"
        6⤵
        
        PID:3100
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager"
        6⤵
        
        PID:2064
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Internet Download Manager" /f
        6⤵
        
        PID:3720
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Wow6432Node\Internet Download Manager" /f
        6⤵
        
        PID:3572
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Wow6432Node\DownloadManager" /f
        6⤵
        
        PID:3320
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "Email" /f
        6⤵
        
        PID:4424
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "Serial" /f
        6⤵
        
        PID:3436
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "CheckUpdtVM" /f
        6⤵
        
        PID:2748
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "tvfrdt" /f
        6⤵
        
        PID:2444
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "LstCheck" /f
        6⤵
        
        PID:1420
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "scansk" /f
        6⤵
        
        PID:4556
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "radxcnt" /f
        6⤵
        
        PID:1588
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "ptrk_scdt" /f
        6⤵
        
        PID:4152
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\DownloadManager" /v "LastCheckQU" /f
        6⤵
        
        PID:664
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKLM\Software\Internet Download Manager" /v "AdvIntDriverEnabled2" /t REG_DWORD /d "1" /f
        6⤵
        
        PID:4704
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKLM\Software\WOW6432Node\Internet Download Manager" /v "AdvIntDriverEnabled2" /t REG_DWORD /d "1" /f
        6⤵
        
        PID:2488
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKCU\Software\DownloadManager" /v "nLst" /t REG_DWORD /d "1" /f
        6⤵
        
        PID:4588
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKCU\Software\DownloadManager" /v "LaunchOnStart" /t REG_DWORD /d "1" /f
        6⤵
        
        PID:408
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKCU\Software\DownloadManager" /v "FName" /t REG_SZ /d "Registered to:" /f
        6⤵
        
        PID:616
      - C:\Windows\SysWOW64\reg.exe
        
        REG ADD "HKCU\Software\DownloadManager" /v "LName" /t REG_SZ /d "Admin" /f
        6⤵
        
        PID:1828
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell write-host '.::' -fore '"Red"' -NoNewline; write-host ' Please don''t forget to' -fore '"White"' -NoNewline; write-host ' re-register IDM' -fore '"Green"' -NoNewline; write-host ' !' -fore '"White"' -NoNewline; write-host ' ::.' -fore '"Red"'
        6⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\UnSigner.exe
        
        "C:\Users\Admin\AppData\Local\Temp\UnSigner.exe" -f -b "C:\Program Files (x86)\Internet Download Manager\IDMan.exe"
        5⤵
        
        PID:2852
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3128
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reg.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reg.exe
    3⤵
    PID:4988
  - - C:\Windows\regedit.exe
      "C:\Windows\regedit.exe" /S reg.reg
      4⤵
      Runs .reg file with regedit
      PID:2748
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Toolbar.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Toolbar.exe
    3⤵
    PID:3316
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\backup.sfx.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\backup.sfx.exe
    3⤵
    PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\RarSFX0\backup.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\backup.exe" /qn
      4⤵
      PID:3048
    - - C:\Windows\system32\msiexec.exe
        
        /i "C:\Users\Admin\AppData\Roaming\Gajjar Tejas\IDM Backup Manager 1.0.0\install\85DAF51\IDM Backup Manager.msi" /qn AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\RarSFX0\backup.exe" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\RarSFX0\" EXE_CMD_LINE="/exelang 0 /noprereqs /qn "
        5⤵
        
        PID:4992
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reset.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reset.exe
    3⤵
    PID:1704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX1\IAS.cmd" /res parameter"
      4⤵
      PID:5856
    - - C:\Windows\System32\sc.exe
        
        sc query Null
        5⤵
        Launches sc.exe
        
        PID:1700
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:1732
    - - C:\Windows\System32\findstr.exe
        
        findstr /v "$" "IAS.cmd"
        5⤵
        
        PID:2188
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ver
        5⤵
        
        PID:1632
    - - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Console" /v ForceV2
        5⤵
        
        PID:4840
    - - C:\Windows\System32\find.exe
        
        find /i "0x0"
        5⤵
        
        PID:3788
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo prompt $E | cmd
        5⤵
        
        PID:4668
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo prompt $E "
        6⤵
        
        PID:4888
      - C:\Windows\System32\cmd.exe
        
        cmd
        6⤵
        
        PID:2560
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX1\IAS.cmd" "
        5⤵
        
        PID:4080
    - - C:\Windows\System32\find.exe
        
        find /i "C:\Users\Admin\AppData\Local\Temp"
        5⤵
        
        PID:3320
    - - C:\Windows\System32\timeout.exe
        
        timeout /t 2
        5⤵
        Delays execution with timeout.exe
        
        PID:4036
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Freeze.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Freeze.exe
    3⤵
    PID:3044
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX1\IAS.cmd" /frz parameter"
      4⤵
      PID:5976
    - - C:\Windows\System32\sc.exe
        
        sc query Null
        5⤵
        Launches sc.exe
        
        PID:4532
    - - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        5⤵
        
        PID:2712
    - - C:\Windows\System32\findstr.exe
        
        findstr /v "$" "IAS.cmd"
        5⤵
        
        PID:4572
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ver
        5⤵
        
        PID:116
    - - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Console" /v ForceV2
        5⤵
        
        PID:4648
    - - C:\Windows\System32\find.exe
        
        find /i "0x0"
        5⤵
        
        PID:3092
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c echo prompt $E | cmd
        5⤵
        
        PID:2716
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo prompt $E "
        6⤵
        
        PID:4740
      - C:\Windows\System32\cmd.exe
        
        cmd
        6⤵
        
        PID:3436
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo "C:\Users\Admin\AppData\Local\Temp\RarSFX1\IAS.cmd" "
        5⤵
        
        PID:3896
    - - C:\Windows\System32\find.exe
        
        find /i "C:\Users\Admin\AppData\Local\Temp"
        5⤵
        
        PID:4152
    - - C:\Windows\System32\timeout.exe
        
        timeout /t 2
        5⤵
        Delays execution with timeout.exe
        
        PID:3624
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\download.....exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\download.....exe
    3⤵
    PID:3912
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX1\download.bat" "
      4⤵
      PID:5848
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "(New-Object Net.WebClient).DownloadFile('https://mirror2.internetdownloadmanager.com/idman641build18.exe?v=lt&filename=idman641build18.exe', 'idman641build17.exe')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\RarSFX1\idman641build17.exe
        
        idman641build17.exe /skipdlgs
        5⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp" -d "C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\" -skdlgs
        6⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        7⤵
        
        PID:5308
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        8⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        7⤵
        
        PID:4200
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        8⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        7⤵
        
        PID:5240
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        8⤵
        
        PID:1632
        
        C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
        
        "C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer
        7⤵
        
        PID:3232
        
        C:\Program Files (x86)\Internet Download Manager\IDMan.exe
        
        "C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr /onsilentsetup
        7⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        8⤵
        
        PID:4280
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        9⤵
        
        PID:60
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        8⤵
        
        PID:3636
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
        9⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        8⤵
        
        PID:6140
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
        9⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        8⤵
        
        PID:5852
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
        9⤵
        
        PID:3160
        
        C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
        
        "C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
        8⤵
        
        PID:4668
        
        C:\Windows\system32\RUNDLL32.EXE
        
        "C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
        9⤵
        
        PID:1696
        
        C:\Windows\system32\runonce.exe
        
        "C:\Windows\system32\runonce.exe" -r
        10⤵
        
        PID:5136
        
        C:\Windows\System32\grpconv.exe
        
        "C:\Windows\System32\grpconv.exe" -o
        11⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:424
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\net.exe
        
        "C:\Windows\System32\net.exe" start IDMWFP
        9⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 start IDMWFP
        10⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        9⤵
        
        PID:5236
        
        C:\Windows\system32\regsvr32.exe
        
        /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
        10⤵
        
        PID:3764
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Patch Idm Silent.exe
    "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Patch Idm Silent.exe"
    3⤵
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\patch.exe
      "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\patch.exe" -silent -nonupdate
      4⤵
      PID:5872
    - - C:\Windows\SysWOW64\taskkill.exe
        
        taskkill.exe /IM IDMan.exe /F
        5⤵
        Kills process with taskkill
        
        PID:5324
    - - C:\Windows\SysWOW64\wscript.exe
        
        wscript.exe "C:\Users\Admin\AppData\Local\Temp\IDM_BAK.vbs" /idmdir:"C:\Program Files (x86)\Internet Download Manager\"
        5⤵
        
        PID:5440
    - - C:\Windows\SysWOW64\reg.exe
        
        reg.exe import C:\Users\Admin\AppData\Local\Temp\IDMRegClean.reg
        5⤵
        
        PID:3444
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C "C:\Users\Admin\AppData\Local\Temp\BATCLEN.bat"
        5⤵
        
        PID:5456
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c whoami /user /fo list
        6⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\whoami.exe
        
        whoami /user /fo list
        7⤵
        
        PID:5276
      - C:\Windows\SysWOW64\reg.exe
        
        reg query HKU\S-1-5-19
        6⤵
        
        PID:4776
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:5668
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:5256
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:5564
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:5548
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:5572
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:5700
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:5788
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:908
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:5820
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:1800
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:3496
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:660
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:3864
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:1064
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:2392
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:1732
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:5612
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:852
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:1900
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:4056
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:4940
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:1440
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:4848
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:5076
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:912
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:4440
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:4032
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:5196
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:2476
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:6028
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:5156
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:5396
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:1052
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:1948
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:212
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:5244
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:1364
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:4556
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:5316
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:4704
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:3184
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:5228
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:5148
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:5804
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:3232
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:6116
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:2124
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:3612
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:5972
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:4152
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:4000
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:5540
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:3632
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:6068
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:3320
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:1660
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:6040
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:376
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:5200
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:5160
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:5168
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:448
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:5360
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:2868
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:5368
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:5328
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:3480
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:5512
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:5544
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:5588
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:3624
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:6044
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:6096
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:6048
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:424
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:5856
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:5688
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:5660
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:5640
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:5956
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:3996
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:5768
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:5892
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:5844
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:5816
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:5836
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:4436
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:2668
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:5924
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:5932
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:6104
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:5300
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:3676
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:4688
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:2008
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:2156
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:400
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:5344
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:5868
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:4044
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:4464
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:5600
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:928
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:5944
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:5852
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:5748
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:5140
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:4996
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:4788
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:3656
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:5408
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:4472
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:2220
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:5596
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:6136
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:1952
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:4264
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:4260
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:2488
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:2304
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:5400
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:5432
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:3192
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:6024
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:2904
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:5276
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:2260
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:5592
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:5732
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:6032
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:4864
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:5620
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:5772
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:5796
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:3668
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:5552
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:3992
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:2764
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:3640
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:3800
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:2552
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:3056
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:2192
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:5204
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:3364
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:4536
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:2692
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:2300
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:2708
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:1084
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:4392
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:616
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:2748
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:4692
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:2716
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:2900
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:4936
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:1464
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:2960
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:3672
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:664
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:2100
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:2892
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:2236
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:1632
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}" /f
        6⤵
        
        PID:5460
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:3300
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}"
        6⤵
        
        PID:6132
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
        6⤵
        
        PID:5580
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:2004
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
        6⤵
        
        PID:4200
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
        6⤵
        
        PID:2640
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:1904
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
        6⤵
        
        PID:4496
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
        6⤵
        
        PID:4888
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:5240
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
        6⤵
        
        PID:3476
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
        6⤵
        
        PID:6116
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:2124
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
        6⤵
        
        PID:3612
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
        6⤵
        
        PID:4288
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:6080
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
        6⤵
        
        PID:3024
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" /f
        6⤵
        
        PID:3160
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:6072
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"
        6⤵
        
        PID:5144
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}" /f
        6⤵
        
        PID:3452
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:5208
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}"
        6⤵
        
        PID:5176
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
        6⤵
        
        PID:4712
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:5216
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
        6⤵
        
        PID:5152
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
        6⤵
        
        PID:2580
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:2804
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
        6⤵
        
        PID:5372
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
        6⤵
        
        PID:5304
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:5364
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
        6⤵
        
        PID:5504
      - C:\Windows\SysWOW64\reg.exe
        
        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
        6⤵
        
        PID:552
      - C:\Windows\SysWOW64\reg.exe
        
        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
        6⤵
        
        PID:5536
- - C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reg.exe
    C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reg.exe
    3⤵
    PID:5028
  - - C:\Windows\regedit.exe
      "C:\Windows\regedit.exe" /S reg.reg
      4⤵
      Runs .reg file with regedit
      PID:6136

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:760

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4308
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 6EC28EB6CAF8227C6C5BB4AE0E5140CB
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4420
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 3A0122380DEB607E0C88387F5C968311 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  PID:3240
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding BDEEEA421D0BDF03880B47C98BA5E1CC
  2⤵
  - Loads dropped DLL
  PID:3360
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A7D6AC3C1579DB1CB6F8EF8BA172BB07 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies data under HKEY_USERS
  PID:3632
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 50102D4CEBE33F0775C6FD4EB0BDC284
  2⤵
  PID:828
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 45553C3E67CAC4C28ECC92543EA7B11F E Global\MSI0000
  2⤵
  PID:2332
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 66011087249145FD786AF1A6DFC92C8E
  2⤵
  PID:4724
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding E465C1EDE2DF74C2F3F4691115C6FDE0 E Global\MSI0000
  2⤵
  PID:5224
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 00C76D3A8C51DD50D6277AD9A25D883B
  2⤵
  PID:5220
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DBB4607D08EF3E5894B28D48839F9082 E Global\MSI0000
  2⤵
  PID:408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:1664
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a7ecf0e3-57ed-f547-aefb-71a91f0baffc}\idmwfp.inf" "9" "4fc2928b3" "00000000000000E8" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files (x86)\Internet Download Manager"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:864
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "0000000000000160" "WinSta0\Default"
  2⤵
  - Drops file in Drivers directory
  - Drops file in System32 directory
  - Drops file in Windows directory
  PID:2764
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "000000000000015C" "WinSta0\Default"
  2⤵
  PID:2860
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "000000000000014C" "WinSta0\Default"
  2⤵
  PID:1660

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:3412

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
1⤵
PID:3388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57d9f8.rbs

Filesize
611KB

MD5
111497f2583920f2c3f9815c353e429e

SHA1
77497bfa8dac48e9c77c53b9d9a4b34099be503b

SHA256
b40cdc6f63e1433d93f19b43cada720bc774bc730d7772b3c76b926e4840e91c

SHA512
b8656b0087dc5c4585ad2573e5c71ea6b26c6041c869833feaa5f83dfb10c0301a387bb32220ec2c1eba69fa6df38388e9ed401ff160107e7652db89381909cb

Download Submit
C:\Config.Msi\e57d9fc.rbs

Filesize
20KB

MD5
5eef7e381b482f11b00105af8ed975b3

SHA1
251397656bf7d2b755279f77302f461cbb098ff7

SHA256
6ca8de3f5d0f9f57c8ac2e026e4be99e7e79188f83be47d3774203884523a651

SHA512
bf5d227f40c2596afde7c72e151d542745026edbd6a6f6a6d474e524405e964956fa4d386b2f5fa13147404e8b2b0648cecc749a873b1fd7efe3da02a93feb0e

Download Submit
C:\Config.Msi\e57da0b.rbs

Filesize
611KB

MD5
7ceb9ef351e86644d87858d53cf6f7f7

SHA1
95dec99a3e4a50f9cbf5fb07f7c0257153261d6b

SHA256
baecae8860ed67df213e5e8a62d26352fe6cdb5f3b301a36c318b23cf3611deb

SHA512
d33a2466525ccfaed92a1f8b75058ffd576fd5166059052a82bd8763a401d0b1263d5c6246c12253bd00e95c75cf74eb9137f000a75d88b1b94cf919bc4318f9

Download Submit
C:\Config.Msi\e57da0f.rbs

Filesize
20KB

MD5
b5229f90f76576bcca106e6aedbee166

SHA1
a8152abd8c7d0c18eed0df194378cd54344e37bb

SHA256
cf7a85ba81010f023107352570415d536eb64f0eb2900965f6986197491eedad

SHA512
7b249e8e746e22f220e8bc9eeef23895a660765c18b90a5875d018f33241f1e69c8fa79b9c8384dbb6990be1c70794ea0d223e3e1057294cde81851e1f5b089e

Download Submit
C:\Config.Msi\e57da1e.rbs

Filesize
611KB

MD5
3804ade4601f6d75fa17aaf37a0b6d00

SHA1
7366dd80b3feca82d6eff21b9f1cb4f80c7ef801

SHA256
46ee71d9f6639d51eaf7a7508cc8f96b859d4687657a613c1613b9d432f7881c

SHA512
7bbe09d5ac0e6890ed61529abbec9de223d4557520eda604e4662a4eda3d300200f7dce0ad67789c34bf327a3fb405005ddbe5ce955555864086deb6ad588697

Download Submit
C:\Config.Msi\e57da22.rbs

Filesize
20KB

MD5
02a4d331c4dffa9170daca88411ab64b

SHA1
085cf7b9e7b616ead6af6c6c0bb1e017cb592cc3

SHA256
749120d4434f2ef24081296945b44d26715f4df29e80644f8a102bf25a083c30

SHA512
65ad8cbc75016e48d729afc365a2742e6932de3bfb78af6170c9217622711aa0c52e680725d8ad5992b944bd8a7b0df9d12d5b5be26dc53e2cb22119b5416dfe

Download Submit
C:\Config.Msi\e57da31.rbs

Filesize
611KB

MD5
f37abe8716cbf9745239fc860c7f96e5

SHA1
8887a0dd7ab004ba2c4058404f22490ce8b8d574

SHA256
9f9b0445c73d5c2d8eee1e125b6711eaae8cb6cd82a3338eb0d16587f42005fb

SHA512
a67b0bb44c9d23f9f8ed05eda3815a212c758fb50f08352c868cc932a6e83fbc5dd911e242850e2a4cf5121ec792a9b8d12cddb77eed846563291779d519d76b

Download Submit
C:\Program Files (x86)\Gajjar Tejas\IDM Backup Manager\regid.1995-09.com.example_211ca459-f137-4f82-bc77-c55d42e10125.swidtag

Filesize
1KB

MD5
c8677593ddfa9b5e5e09d6feb9a26986

SHA1
9f95e3fbfdd7f0e160297ee7ac457fa23404f552

SHA256
6b6e995217ce391ae283c1a3a42c332d1669dd2e724b5f8741ccedf7f6ce0cf1

SHA512
c3914e94ced9aebdd40e50874e380058a2b7f50c954c8050e3bdbc9357f7daa945468e4ab64c69e4ae07ee5d13a3fd10f2174b6624b65937efbc35d7d6191f17

Download Submit
C:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll

Filesize
73KB

MD5
d04845fab1c667c04458d0a981f3898e

SHA1
f30267bb7037a11669605c614fb92734be998677

SHA256
33a8a6b9413d60a38237bafc4c331dfebf0bf64f8057abc335b4a6a6b95c9381

SHA512
ccd166dbe9aaba3795963af7d63b1a561de90153c2eaefb12f3e9f9ddebd9b1f7861ee76f45b4ef19d41ca514f3796e98b3c3660596730be8d8eb9e1048ef59e

Download Submit
C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

Filesize
463KB

MD5
23efcfffee040fdc1786add815ccdf0a

SHA1
0d535387c904eba74e3cb83745cb4a230c6e0944

SHA256
9a9989644213043f2cfff177b907ef2bdd496c2f65803d8f158eae9034918878

SHA512
cf69ed7af446a83c084b3bd4b0a3dbb5f013d93013cd7f2369fc8a075fe05db511cfe6b6afdef78026f551b53ad0cb7c786193c579b7f868dd0840b53dbb5e9f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_largeHot_3.bmp

Filesize
110KB

MD5
dedde6da418c816b65bc4ee76302bd82

SHA1
88c8df3e592c275fe534981170792530b2830a54

SHA256
2c07b067a6b06c7d87d408e16f7047615b098db2328515e92166fdd6422e7099

SHA512
a7fb87b683b4d08d6d5fb58a7887dec6b7e1c8ef3edae21f409929080c6962216766015b5f2e08c8eef2c9ed865d914e362908344da20e7b6021910fe924a404

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_largeHot_3_hdpi15.bmp

Filesize
248KB

MD5
e7dc58186d706ad372bb0521280bef5e

SHA1
e5a4c4ab0db9754ea80d5025fe60ba692d073c5d

SHA256
b2cd8216aaf138b29588b42c257c3a5c4e8c7fad8dca632af08990501602c177

SHA512
7bc8be221d7d111139ff77dda3a0979fd60b012a5fb293475160b9b6e64e697ac63064da7de1fbc6daca365dfa17245d21170f2fe64b0f4005cfeed966d7a90d

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_largeHot_3_hdpi15.bmp

Filesize
248KB

MD5
0dc0b394953344d464b60d6fa520f2ab

SHA1
b98b9c3a03490818544df1ca8b0725ddaf77d0b4

SHA256
eda9a334b8b18b02809537441be62656445a4bfb01e19efedf415514cda84476

SHA512
55d6e77b7098dbf18f4294f491313bfb9896d5d1eb9746c356057f3d24d6237d3ab0e6f62979567b5ecb9669ed3391d98342ac40a5dc844a9162a619d15add32

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_large_3.bmp

Filesize
110KB

MD5
f88de65fe9e4e5e535aa756660909ada

SHA1
de048c6ca421b31086d5d3d3cf7f9673e59664a8

SHA256
9b6dc7965adc42116ecb2673e626dd9a6718c18ee9af7bec257dae7c4349ce99

SHA512
2d7f32f38d07ca77ec2c00977cd0b0ced034e11bae43d8606c6dc5a7c7370f069dd094f9143e9fe18f7f0001ecb398a49eed2bd9f0a85c9ce356ffcdf9fbcd35

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_large_3_hdpi15.bmp

Filesize
248KB

MD5
55cb775138ba9c0df8d62556c194a796

SHA1
137d57d85b1c339818563e2a41bdf90e62ad0546

SHA256
6280e56ab091c78f17abecd01469b19fe078553a6fd77683ef818c4ae6e03f82

SHA512
0affacfc211ed821bd875c4474ed8e11a733702e1e4d5e0dbb5f966ac0782d35eba7b2d2c754f9da82f987a1e17fe954ef35f0e294e63547cbf4d3a035e0f8b0

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_smallHot_3.bmp

Filesize
48KB

MD5
1fea26b1f5ed96bf3f7ea041947e3fff

SHA1
7c6290c686808ce52000f28bd2a5c4d858636515

SHA256
07a8b0d36ed6b93c31ec699c796c6d4ea4e487e80557a66d694fb3c7de0f58f8

SHA512
cdb9a7bd11d3e34f4a1518368e6e182e8267ce89b19a65a8d1c78bb2ff5a4b4dc5ecdbeca2dc7b529334f20759457057903a5878d82c0756760e965e317386af

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_small_3.bmp

Filesize
48KB

MD5
94812df1b1c5eb32cdd953bfff6fe508

SHA1
00880cb4e515c4fb8e177b273b49696c81132acc

SHA256
d1e37d43e9dfa1bc8cc5b9abbfbf8368a3d7fc9db9b2babcfce2433ef7260bb7

SHA512
a40959c1e470255d3a2d0ca223a19c98b90ed571b3177a5ecfff56f1228875d61c12280f02dc4d81199845a0a9754848158e0bc0e610e5e7c94d538e96cb3110

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_style_3.tbi

Filesize
180B

MD5
b7012c6bfcae70e44811b5259d922098

SHA1
84b96ed7dced1cd96553950af4f8df8212e55a1e

SHA256
dda7fe7637626c6f47f859fd377cc41b93aaf101c9dcd6d7677b9f8c84293464

SHA512
06332ee6c75a38f16a3a614a525880fa7d61fea1e1840091b575e1cf53bfd2328ffbae3bdcac581653560a59bc4f3962c1968026ef8fcccc45e234db93b6236e

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_style_3.tbi

Filesize
180B

MD5
c402ea01f458a9dfb9e0fafa0c5eb21e

SHA1
3c606ec5158614d4171a0806646ab861b142e766

SHA256
10b2a66888c58a54b277fe2e68fb6e87150c3cd2c537b7f6a2d84559017438c7

SHA512
4b579008c4c9429a976a04bb0b0e7e885bbc97f8e2c63005b1bfc6e42636e2b27bcd5d7dd672e6e097a05270eee7173a2233309ff262149e01c8cd43a52e692e

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\4d_style_4.tbi

Filesize
124B

MD5
dc5d6c9733de43448cf91536f26aee0d

SHA1
6b386d48beb7ba1ed7b0e43d84d5856f7456ae53

SHA256
b574a2500d0854ed606ef770783b8112a03f98ac49aaf3cb2da040dc096fd556

SHA512
4c060d1933105b4fd4d648070073b557f0ef8da3bd15b0129772a0e37d932cc9e7d40507385b88f94e165040c8d98b45fd21e68742071ba5a255e4e3386cf482

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\8.bmp

Filesize
82KB

MD5
8238bb2279b1c5d60492e73de165353f

SHA1
31af3b9046d53c9c214241eb4b77075435ab3fd6

SHA256
9b4f57d3f973063406135b04a3f0e68d352f99876d30050e7ef694b45bc27b53

SHA512
e708e46c8b8c5e863851e782d07f727cd4faeb585f689a96c6b89e815fec51f20b05efd985d4fb8fe4aebdf6c87462693bb6beaec599ebf6e52d006ad969c9de

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\8.tbi

Filesize
77B

MD5
57046dff05c7c228f9688bbb447917ac

SHA1
7293d991354a45449b40faa99597050cf3446262

SHA256
c51e90114f11245459a42fb764b80970062115e7aa5a77cf319168d4ea824108

SHA512
3be9fd053ad07b0e969938874bd35709251c39e9445669fe30005c556ffaa40d5902112aac9a893743e652c0a440ac97fe8354426c077dbdd6ad9e4e2f388f62

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\8_hot.bmp

Filesize
82KB

MD5
5fe87b5bb11bf43636484ae721124976

SHA1
b53811ef273dd4f538b57ec021caa7025abc037b

SHA256
77454fc38caf14b7bc63c52c1d290d6f20a514961c6c6af69706c666127a28e1

SHA512
9445173daca90691b286fcf54081877a4215797918711349dc2d921d6dc6feb122ab6cec42df59b03e2777f7312d44cf9ecf7393ebde7a88a04ad852fee040f4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\ARMOUR.IDM.ToolBar.tbi

Filesize
420B

MD5
52b8e7acf8da6e22287895aa1a1d5574

SHA1
09e17813617126a94019cb5b315c57ec2e7bf733

SHA256
9fa19cd9aacde43d62d499969c03da4ce89604daa20c70bda44bc9a2b823ec7e

SHA512
063aed449544f406cc3e67726e6e14e779b83e881a86c8feb617ab10f848bb02e5226138c96c300fb2dce1fc4dff3065c6bc6c4998b5ec28f0bdcc266de16620

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\ARMOUR.IDM.ToolBar\ARMOUR.IDM.ToolBar-Large_Disabled.bmp

Filesize
110KB

MD5
427c96df4beead435ddfef03c05a9d35

SHA1
46480249b1cf2b8f129c7d990e08233d1c4f5c66

SHA256
d5c7ffe31592098073da2a2409eff3330c673609cd9771c157e6d86e12098891

SHA512
bff615ba6940508b979477963ea220404239d1c10ff5c7a69e0157b263e915a68dc25f56d9efb0b41073c1c9eab17457909686e5bfbc860ffb60bc636b2b1206

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\ARMOUR.IDM.ToolBar\ARMOUR.IDM.ToolBar-Large_Hot.bmp

Filesize
110KB

MD5
f1f691c79d9008fbff533ad5b5d2eded

SHA1
7496a4446f85c8b66e80c0038d3bcf499aec455e

SHA256
bf45de9e59410594f9cddd6850408a116db594e0d0382cb72e2459a08ef809a5

SHA512
cb0033d7d456b736376fbb98385b59780b6a0c5c0f8cb3ff169b5322a12b3d8cb01c68a47eb8e9ca699266bfdae906ec00be4770e0830fea3b7738bf397ee074

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\ARMOUR.IDM.ToolBar\ARMOUR.IDM.ToolBar-Large_Normal.bmp

Filesize
110KB

MD5
53f6b06856add0ee8fda283a29842ee8

SHA1
bef0f7522cdb49c256ed283fe1630a0cf50ca690

SHA256
0fa0c64a2d3cc4f3bf98cd8b9b7b2827da06306743b9efb6cc79213972b52158

SHA512
a14e7c33343d1fc576ae2f51b6136b265f4cbb5fafb36b8f8855d675c0c740036ed7fe59560906128441cddf4a10a78b73c91b19bb133b24fdd15e0792339894

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\ARMOUR.IDM.ToolBar\ARMOUR.IDM.ToolBar-Small_Disabled.bmp

Filesize
56KB

MD5
5b29c2fc4d0c72912cf60ec1524e250b

SHA1
619084fca554f5aad9daa8b14d157a2a94bb4e86

SHA256
fd621a114c39a3d516cd5116604101dd8ac375c03b728723d2bab05a2863dceb

SHA512
7f32a9ac7f51634f0f2431e70c4f53e37297990d3c3cdd30a673cc93257eb2ccaf8a0dda76ce28dc8f1d69aa2011657452b764a9702360b086ce3d3bf48c4c7f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\ARMOUR.IDM.ToolBar\ARMOUR.IDM.ToolBar-Small_Hot.bmp

Filesize
56KB

MD5
862963f9b46077ef7f783a9d6cf3ea08

SHA1
4cc5bd92c493e2a038c6ed54c222e82e4dac3b43

SHA256
08195db671f72ad42e6e7caadddcb4b5903042a551cb09f04f5a1fb40ae384e7

SHA512
00473f4974d9a80fafcedb1c384d5d33e876fb0b84c411064ec260d1c96a8b496b97f572172883456005f33480a7ecffe061fb07befc3eb1c16e45e24e757635

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\ARMOUR.IDM.ToolBar\ARMOUR.IDM.ToolBar-Small_Normal.bmp

Filesize
56KB

MD5
1258aea9f2108dbe072f74aa2875e292

SHA1
1c21b5a4ec3c5d29642e3f92112e97d16412848e

SHA256
87028f2f86fbb0750baa434733484774f0834fbb7a0dd68d8ac7149c9c03c77f

SHA512
c783533afcc39f4aec83d77f4bc9a42a9187b178ec9e8bce35484e11672418637fb9fcc3387f087db3baebacc4a2ac9a3203f94323f484b50648aa30a2a3378c

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Akame.tbi

Filesize
161B

MD5
a3f832002cc38bdd7d1f2247811e094c

SHA1
f913f22f363be8eff601b91fff4ac611066e5444

SHA256
6d63e70f5acacdc1c87976bd50383aa6b9d43213fae9848659ac8c0880dd68d0

SHA512
95b77a30bad07780b40fbfcc0bdff01a34bc8b961da4206e7bfd0d4fe254d770533fb07d56f57393a119182afc9846a9f8f4222a1c01982f72e69ffdc7a1d1c7

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Akser.bmp

Filesize
33KB

MD5
dbe1f339e799f5f55bc46fec38a1c9b6

SHA1
e0b7e04d2a8183e8ff226dca3d77a54dc72e47bf

SHA256
d335257d28df088cb69e646e57ceb05c4dc3e424af89897426c6e7c7c38bb5f7

SHA512
e0ac0eaa9af0e8d78e0c1d12edc168cfad5ac9720d0e7cceaf516a0398129d2d5f897bd1c91353da4465208b0104dbb1044a7f6786852b59b5ba80d0565eaf95

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Akser.tbi

Filesize
95B

MD5
122b4af3e410e0fc664a4a67f9ad7346

SHA1
38ce858bdb86d2317f9f2a45142b90b53a504f26

SHA256
e483456029ce9affeea957a08fa9d8856a8c96c0f9067b7f356210703136ab5d

SHA512
9fb7919779e63a5cad1871fe68c8215a62b24de51d996113f7001bcf7e5975c5397b29734978ad1c88c9a4262df58ef2e66cd0b4dd92bee3f7cefd41751362d3

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\AkserHot.bmp

Filesize
33KB

MD5
408d9185a6fa70bfb9741d02fb70007c

SHA1
d2748b34c0b25358707275a0999adfeeda2cbcfe

SHA256
65ebaeb01895b179df8f94bc61dfed9cfe024b2f685d82a8472735f7169c8f11

SHA512
5a34bc59533cec0f517fafd7e120f4ab17403bc5af553100da9f4efe128f44fa14ddd288494d7f3ae9d7a44c7310c7f351014892a9cb2e95f60b79fd2c69d068

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Anime_Theme_IDM.tbi

Filesize
171B

MD5
6ec20b559a72a561d231442ba308b1b7

SHA1
01ed132a632f0b56f3a6f48e986089b337e70bbc

SHA256
4d8d7b112dbb4e74963ef48850d81294fdd5fe8ef17dacbdd471b3360530a854

SHA512
210741cdaf4a2b1499fd27969de06b8a46c9918bcea8f9f45b4a90d42657dfaf061a511c7c5c1478ba9508bf981cf5c8125d968b9a15ce95ac090c31e0f045fa

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Anime_Theme_IDM\Anime.BMP

Filesize
82KB

MD5
a965c22ee44260c885ce4501beb4a558

SHA1
0149efc29a6b16d6a51450b185fe4f4f2c473c13

SHA256
ea078058040fd5fd42eab759088994ed95a9f1d1e225e5f710d8eef193b5f4fd

SHA512
91e19baf295095018a30437d4039ea47e0df7e4635134e1ec16d0bc0cfb5fa1d9647553fbe05aa88b118e23102578a7d61ab402abccc9e82abc006fb742abe0f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Assassin's Creed III-large.BMP

Filesize
210KB

MD5
85d74d72c19d792bff31e748b3abb0e8

SHA1
2776d3b2c31526ed1645352eecb38c426504fd77

SHA256
b4f1f35817f72a13e91719e98d11dc2ef1b32c3a5105caf44f8afd02ed03ad5e

SHA512
0f380b10fe1a3ee79a4c232d89f3815b1caff8e349705c653ad1577b2d9afa5d7d0246205056ac0b535dde5edb5229bc68a32051c3fd12d66ffbb2de9d2614cc

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Assassin's Creed III-small.BMP

Filesize
102KB

MD5
5fa132ef599f5a20e8ce52aa7d2244bc

SHA1
576683b306c6fac8da487467345fb54d40f868b0

SHA256
d8b6d09e5fc22771fe1954f24a22d50af2f04ccdb7babbfe3a06589fc38416cb

SHA512
b35a05ba4fe0f741706763691e73eac1b7efd30cf12fed444532dc3f025255b2de5402747986d53778494967dc9970bb9157f9a4866ceb81571312f4857d5a74

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Assassin's Creed III.tbi

Filesize
190B

MD5
b8ec0fba8fac176b5e4fab2a74d1b90e

SHA1
7451d2c42c38313300a6a68d986f39ae1a023096

SHA256
607cfd45efc105761a5faf582b098c5c696e7aaa97f2255ed29c7eea307d272a

SHA512
91ebe26a5897fa2f44b5869b19f27ad530d1dd49fb9bc08aa29b9328b722620c50e20215b1db503219d25daf3fa2f9f125508d83daaf41482539ee05f2a2bed9

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\BR-small.BMP

Filesize
138KB

MD5
f76382f1aa0d9696c7edd9459ba9a73f

SHA1
df5cb39a775536e77bb06140535fae9de5aa4d7c

SHA256
e362fe2e1baec0e2743a216ebb60c7a63f100d3adcd8c0a4a732e00d251b022b

SHA512
f046810092b3f298e20cf841cbb108dc13d34e5bbdcc402719af5993ea1d8441928c7ed450c5462dbd550e0939c95acd419f517fb930643e191f807dee66d872

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\BR.BMP

Filesize
248KB

MD5
8b6c4575e8f0cad7b5bf244e232f0119

SHA1
63bc2afbf975189f45632960420fc2db2bc0c506

SHA256
818f56e1102406ed57351ac6b44635a61511593a360762260bccfcc29e9b582f

SHA512
072d3be611d767949342f8de74248077e968bc121ac99fb9b270b4020957a686811158403df4b781b64f817000d94f85f9e7db4399371d7a05101e38024cbd64

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\BR.TBI

Filesize
88B

MD5
00f855054e003984d0487455c694908d

SHA1
a35ff4f5d5f2f95b711e3db220e9d41329201011

SHA256
7bc4cc81596d211f78bc111b15aa1bd4416868e90686b51d58bb3a6db0f72829

SHA512
7f88e3119943a7e5c20a693cf69aa0959e992ac5b184ce7d6402e886f57d1c2256575cdd031ebc94b955e2d0c49e91bd9a82f2581fcb01b33fbad11fc15cea56

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Black Smile-small.BMP

Filesize
136KB

MD5
796a74052e6a209312e1138ce838a32f

SHA1
5de7f08fc249f16cd723d3c6f02d711b56ad131b

SHA256
8f857c2b4ccc817dc6fe4adb0762806ed1c82806c86c9bec89684c4ef2f33b6e

SHA512
892cb120e80462a2a891a87859fdeffccfd561eaf337892010f6ddc0c92d4d7fd1234d0a6456534f9a5c8065fedf606a50ac70e8f6bb4ae882384dab04e25263

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Black Smile.BMP

Filesize
246KB

MD5
c254cb1dbb27949f0d935c99c2960772

SHA1
97b91fc93eb0da0fd29b78c1d3d4c2887da17fce

SHA256
7c90e0b71193d3081582eeec57810d620575c40b6f803254ff8dc3a326be012a

SHA512
ba66f5ee05f264420f396ecdc16946a3e4f7b8ef65ad39739ed122f84f514e06cb9eff8c1f2516f485cdf87fc4cc3b9c48d58cb5029a0d4190515b1bf0f9e823

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Black Smile.tbi

Filesize
133B

MD5
1bd80fc67c1e520853c2e84dc84b885a

SHA1
6d2639ad0cf545c10ddaaf32ea72392b87c0bac0

SHA256
8f1dcef14618c688d5a016d25b21088a056d048bcb83f26d4aa9dfd29db75566

SHA512
aa0ee7e3aa4ad44f7b594194fac44407857823bf4f1b3620934a5727466f8686bf7e6a238b8fa4ee4fc1dc1e74c9c414dc37f19772d814380a27107292565e8d

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Black\Black.png

Filesize
8KB

MD5
17506939c0ab8f375fffb7cca653d756

SHA1
2da8f09f2f8042b1cb817505577791b0ff6815af

SHA256
656771c6923f7521b3ff7359fae504872c35161587f14c493600d088d399c6a7

SHA512
542a2a99a79e895591336d27c3d3629ced3a30b46e2d09c3bd8e3ec06f92139ea9207c70ecdf8ae2841407b18dd0e05bc94371f1f04253364d7ce49f3bdb2fe4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Black\black-Over.bmp

Filesize
82KB

MD5
51f3861387a45ce58a11008e08f4178c

SHA1
654f39986789612a5b0676b74342b7e1b1f5d8e2

SHA256
f2daa45678584fbbf02f59ea8145708665adcd4bdf1fd396e96832f306f08266

SHA512
b29cbece2138307ce4830a98abefcabd159c545638266d6cde56c7c455131fa18d08b023a5dcb601442c9d41dea27c1ec1100c46487cd4c22946f2104deaca7f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Black\black.tbi

Filesize
107B

MD5
feb22bdbccca5438152d4f3e2d64f337

SHA1
537d3865f67e1d3f58cbe2bd34ae77a547b7cabe

SHA256
b1e77f0831d306de052b77d8893d14226b37e12735fc38aa7527a9a7bea3bb44

SHA512
0e40266a7afd27d3620d7493c2cecb8c45fe12ca5c87f678189e82bd43e1b754f65e3f5d9e4219abd365a45ae11d4e314e950d776e693db3d008d2724b464626

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue Arrow Author\I.R.Iran.gif

Filesize
935B

MD5
410fa58678363d13731829d03217ffae

SHA1
6329ba6e5df02acc74a49567a5165fe40f937d84

SHA256
76157eb9c0fdb51f079effa061823b2132cadec4aa4e53f69f9b2587d34f11ff

SHA512
2bf4b0e6cba2a716260b1d874acc8ab92c627abb697a2c424f5bd98616d2bfc65f269404dbcd9408df48f0f9e2d74f4b558794c0c511c3d7d597570bedc357f3

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue Arrow Author\Larg-Preview.bmp

Filesize
276KB

MD5
b7fa8307e0ec7960e58126ff5d99f434

SHA1
55c1f53ba5cf809bff59f047d762c6b84da5cd51

SHA256
d7de2e474a3e1afad5f6adf41e04655a3847272a63f681d9df4b7b284c21e0a8

SHA512
6ba96e1aeee7a630a7c299e37ef10a80ab63ea94b135bcf2986ff7b99d46e292a8dd4bdb31b33054c0d6f02b694786ed9a7e4d783a0512dccce9c831109f71ef

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue Arrow Author\Mini-Preview.bmp

Filesize
128KB

MD5
9639765c7596fb22351d8c0c22e9ad4d

SHA1
b9193fb28a38ba42fe68fa16987e11cf059b5659

SHA256
a7edec83983508f5931f9d24582d722b1ca683ae035663d55b652385ee70b25d

SHA512
19c8c42fdd15af07152fe7d179f8c3e2a23a272f890d10a3922a19f6a0e11476d4b8dcd44b10464c3fdd3ea13073f4c923c2b292705d91e28b3e05791ea1ab5f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue Arrow Author\Read-Me.htm

Filesize
1KB

MD5
63467b922e7d26ec0aa9f87da5ff7af7

SHA1
dd63381175442c66cd246794419c2aea5a3a60d3

SHA256
3379015d618dbcb89c60d32916a3494656c8e3f947179d63eead67e23d0dedb1

SHA512
3004884ef4f35398311ac15c7c6a063ce69125cf03e2bdd0745a29a1aea3b9f311985dab7127a51abe087550ede2fa1fe7dba364479d1b40bdd5405779fc09ae

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue Arrow Author\Thumbs.db

Filesize
11KB

MD5
d837f8921fec3a6087f9e94d9481515d

SHA1
32e08bae373d930554dc5f1fccb0cb75c1b613be

SHA256
001e365077887e5c59ffe129f034e19da2b8f18643e956cd914b9c59eb2310a1

SHA512
996ff46a2d58389e393c8f5dd0ad86c33de94ac51766c7631d6dd6ed5896a29e0488333a5b8e072c054f418ade132e23be37572bd6e4e4145b67af809eba6056

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue_Arrow.tbi

Filesize
227B

MD5
653c6908bd16bd7f05dc5ebd6544bb4c

SHA1
f0b24640a246c2c254e3206de95a52494de4b9d2

SHA256
dd0c42cb53b463c45ab40006d2cc2a3fdeb703cb1478b4a555c428f4714bba34

SHA512
492623c39ff05b3b578e897bea088149724ce7ea982ba00e4d2fa83a2db035a83cdfe510dc073c828b90bb7aad2455b900166caf2e4e98a3dfe50b6509086825

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue_Arrow_Disable.bmp

Filesize
82KB

MD5
05ed5e6dc1aaa89d0653ad5e74bd8102

SHA1
b9d35b8aaa285b7b88e7922b9c1b2837a2814287

SHA256
0bd9b7b0059d4a2f2456f68710029acc0beeb3e5dcac9313aba415d28ebde151

SHA512
a892ae7481c1d34ed5d160023219cd8b61d8e94b551b7b229310d5163e1b003f13098dd228c3e2d128f0308d663d04082e9d65ed75730c1ce6c4e2796e7e5610

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue_Arrow_Hot.bmp

Filesize
82KB

MD5
b5f040911fe79796edb044b6c9a00f4a

SHA1
4928db1a082c055a73344dc4e6957a9f6e516b94

SHA256
1922c85986ff096fa6171806d7866995b4420607654949febde5158b92487e26

SHA512
ee726b726c87898e5c6fdbb4f5af18efd28d496224997bce5c43739ed485d4ba45f99a49db63eab6d406df825dd17f5aaa22137eeaee7279e98935fdbe5c60ac

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue_Arrow_Mini_Disable.bmp

Filesize
27KB

MD5
01c89cbbd9d5e77222c77f8e275fff63

SHA1
6a2296087857c93562d6cb61bed3f6e82640d8a8

SHA256
3e519ee430f7eb999329070c90a1c94424819b02d2e43d99674050f9479ac2a6

SHA512
69fc61bcd5d2f9b21343b5a901c05591b69c73d493ef78a632919ace1d9f693b00e09ddc715099c38870ef06a636671a50c7f6a4a44c58bf1b295d3c0dbd12ee

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue_Arrow_Mini_Hot.bmp

Filesize
27KB

MD5
7cd4aa1bd794cfdbe0f302298a4a3b49

SHA1
faba8773b8eebcf25bc1ee219c4b9a49fb1e627f

SHA256
3a679d489682feb88abd642425babe7117287baca27bb16c618bb58435b5dc16

SHA512
1ed398e56fcd4a778d06f9a57e606ca02579c48975301d4b2e0cd7fefbcf7fbab64c37330fce76b86a1bede9cc9ebef412967bdb4229f00774bba85d3d1ab9c6

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue_Arrow_Mini_Normal.bmp

Filesize
27KB

MD5
a099a4cde17ab5d517249b49f9848cb3

SHA1
d34b3a9b801d7044d7f81e68f3ca9bfbe78fbb70

SHA256
c8a6be4ef42caf762d5169bd98a7a255502f49095e002ebde9fe76aab76e1309

SHA512
17abc00d795cb4783426f9b44de3deb78da088f8015951c4fedac02e02d2b8e23be83a52a2685571f35283bab803ad5dccf024531493576dc7fae8a09abf4952

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Blue_Arrow_Normal.bmp

Filesize
82KB

MD5
5b0010e871d2021c7328267204dbde0b

SHA1
57bb86c7191348a7682d2dc7bc7936d05805d37a

SHA256
5cd12ca67d18b7b3ed7268bcefc223b1a8c86d341b2c938c2fbfb204a58bf4ee

SHA512
cade931dec11cb01de3187952b3715e0cb92d623565ce6ae58b26111d8cb15c06cb083e52ef3262f3453db1962884e0b14f7821383f43c48e2dd0a16f99a4642

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Circle Flat IDM Toolbar-large.BMP

Filesize
205KB

MD5
63803f5399f76684fb58aaec283030b1

SHA1
2ad041c0a93808df5e58c48f029b1bee063e55e3

SHA256
60f3cbff15620845111499ebfbc412e10b59fcd0ed501abdf90db767e0840b40

SHA512
06e906643b639be3294f329c964ad909d90b9723644a11255a64763cee61fcc5b94e100d724c0166857e4c455c207dc1387d34e42cb71d438f95aac30b8a3105

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Circle Flat IDM Toolbar-small.BMP

Filesize
140KB

MD5
437b4fe3ddb3ca94bf022188d46a6250

SHA1
f3889e484ac004d6ba778c81edd3b24c5794fe59

SHA256
6fe4ceb71b79c22044c82a9f1b9b692932ea3bf849441326c117b57f96c9007b

SHA512
fac186260e55ada22858f3301ddc9c8bc597a36dbd551b67c63fe103d480d1208ad00944763e488865aa00c7dfe1a1c5340b3f3049aad5087e0fc3a7588090f8

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Circle Flat IDM Toolbar.tbi

Filesize
205B

MD5
e5c1473bf3f54d692e860e11b25a0ab1

SHA1
a71746abddaf67786f47c0546556ad2403d5b74e

SHA256
f26117454932bc167302ef47dde87a3e08ad320342b02a8673817ef182383cd0

SHA512
67c13a97e285dfbccdac60fdcfb2d0bcfe318340465464253210374ddf6a95c34d7d52357e96b60072da74fa3079323d583b464f6b133d5cc9fb108989d8aab3

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Copia de 3d_largeHot_3.BMP

Filesize
82KB

MD5
39afa809e3dd955745409df1aaaae4c7

SHA1
31072c538816adbb22fe461391f365ff2d9faa48

SHA256
6824dd9c5ccc3259d8576969edfd5c49ed7cb1e7db5fbe401699d9473304ba8b

SHA512
cd8cad82924f8e8c4932639578b73ad3fec3c0737c25775cebbec21539542907c5c712ea2c8b6bfaa1ca5838069a095d03aa0023f68f72d4cfebbaf44cf1709e

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Faenza.tbi

Filesize
222B

MD5
73de8bbe9599efe6f24b0997eeb91d81

SHA1
52454e93b926f2f52eac8605a98574556d4e8182

SHA256
d74a01651825d363d6d3f730a451be9a409d2a0246425d61054934c56e2418c5

SHA512
12d380a244a87ce57d1120d0ab08415672baf1e66722915e118570dfefdcb23842fd84b772655a853b4e0b3fe50bfdcdf1afb65e26285f41116a26d458a280c6

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Faenza_Small_Disable.BMP

Filesize
56KB

MD5
9a9049e3b984b2ecc9cd3da231f55d72

SHA1
d94050727d571e47c7f3e003a91edbf589fd6cf3

SHA256
2d93eaf8b98021ca3c4471b4108a6f939829f84d90790373a192f749e815da20

SHA512
177d78d6939e6bfab514578ffdabb5e3b815f0b752e4704627b176d30234968df865822ec6af1c6808f4489fe4c25be6fc9df4fabe348b3e0e77d395bd68928a

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Faenza_Small_Hot.BMP

Filesize
56KB

MD5
eab222ac70ddbd51d6d7cda411f793e3

SHA1
3b43b1fecdefadd3f5dc9963a214a2e28f59f562

SHA256
f0584485bd78b6b75c6c99088372f7bd6635f2c02eac0a11d12d7a4088225519

SHA512
a394fc595777738b8e28fc349ae072183116ab39c452b99bfc0091564a74c830d5b55b996d31894caa495a120fd1e647a3654c95789f662f0af29c0079aecf0d

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Faenza_Small_Normal.BMP

Filesize
56KB

MD5
e9be28fe29c759078c116e46839d3a6a

SHA1
c6703bcd02534c2933a795fee68f86f84df36b07

SHA256
64d02d071aa8532c7be95936d7a0b980413037d3b77a59d6bde4f45ce480995e

SHA512
55d4150e7791bc182072961ae80484bca3bc32f1a05600d8c9d1ce77c9d2fbc255d456b25a48abc142991f88f68db158ae959d416cd4f94993978da3f18666e2

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Flat Color IDM 2019.jpg

Filesize
532KB

MD5
772a923dfdd3534d30fd0835f15ea332

SHA1
35a642bb65be8b64cc1f044593511b6058e3521a

SHA256
db9fed0227d79344b3a1b14ded33cd60006be3edc0b4f7016716babf6e084ce9

SHA512
92473a201efbfd2dfe9d25dbcdee377b87484f966036a5963a4a79eb9c119873ef15696184d35701f3433cd9de89cd6246bb2ed98d57b9e2242cad95f0c790e4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Readme!.txt

Filesize
310B

MD5
b14e43a5ca96da2680f963d135c50ee5

SHA1
d9867fc6bfe09c3ab94ea6cce1d683fffbdba561

SHA256
2d383f7da382c56dc083ec9055072315fc23b90e76b9bae27a3f915a26e7207b

SHA512
9a2d085722b7067b176e32a114da7791a02c2996d09191d191cdad031c85d2e03326bdc2d5b4efddc19cf758fca71bfa4671b68c7a39e50f53176c3442b24720

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Toolbar\Flat Color.tbi

Filesize
352B

MD5
fad48a56fd81f33e03f01728b4ee6c6e

SHA1
39d0a10940cc8d8011a25461f7fda3c4c983ff94

SHA256
dfdd638e6bfde62f9a63673bfd67af6ac2e4da0c1980563e72475a0c089e455d

SHA512
16f0fc314e5212bb759c200a999c6b01a00013c822dfec2aeb5b17469065e201160e1f3f6203b713f3aebaaa52911d182c8f9cf26cea0eaad778878199b475d9

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Toolbar\Flat_Color\Flat_Color-Large_Disabled.bmp

Filesize
110KB

MD5
9cdb405d3f19b8d9792d7ec47448bd25

SHA1
dca05217bf8fa700a4f5041ed17833c058459ce8

SHA256
199a6493374cd21e01339ef274bd6d85bddd9b29ed1bb59bc6b07ffb5019894d

SHA512
e8c270c9a288910f67bd44915038dfab0f78e4e61bcfae6173229beb2a85c5b2f7dd0d639fec2233f00fab6034ec56daa96919bc9969ac2f01e1df7f83c457f5

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Toolbar\Flat_Color\Flat_Color-Large_Hot.bmp

Filesize
110KB

MD5
0aa9b9bcec04fc745101bed0377cc587

SHA1
2f2f4366b2d3b84f7880c2e8ab6e57ad20f3fdd8

SHA256
fd43c7f7f3cc7862e1a3c65e590bdb903f8559854dfe13a385e0719cb2131191

SHA512
963b5ffa2310ef570743861274b5ec2be508695a8bcace20ec9538be5085b3a947499cf00729c3618e6e0412316759186b29d6089e314429e54f7c23abdf9828

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Toolbar\Flat_Color\Flat_Color-Large_Normal.bmp

Filesize
110KB

MD5
69dd32da06f20546bb1f5275deef2494

SHA1
04c11319bb81dfac7ffba2e0668d43dea8f16907

SHA256
3521f6a1cd3be90cd8d3260b937ddeb6ece4ddbc8984f814364ca21b67d7ac3d

SHA512
0bcdbfc04e033df23af4e0d05c516ba48a77f8f4393d38221aa97d9fbb71655a871421ed91d9c9e199dcc000cc5be024e75dd42b9b18458930f4d4c835095b73

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Toolbar\Flat_Color\Flat_Color-Small_Disabled.bmp

Filesize
56KB

MD5
b109705aec65ba35718c4070492b2227

SHA1
b587a81a0daf6d0729f23b79843b855e20f4031b

SHA256
4e2ee7ae2c38499dbb1db8246bfcbc97f301dba5752e1c11c96c101635b007d0

SHA512
a87dc1994e6d48bb6fa1439061842ea338c594242060976bd8c606e7f827817d1d47e26b480b0582bddaa28eabb36c0e54844296114ad6ed87b5094ce12a0ac0

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Toolbar\Flat_Color\Flat_Color-Small_Hot.bmp

Filesize
56KB

MD5
a586f2104bc146c978475a893c5e673c

SHA1
8c72b882581c3fd1c14f0fe2fce42b4a67803b20

SHA256
7b04874c2a586e21f1e8df372d5dafca39ebc58b546fa11e51144a78edd7e9f1

SHA512
868b0d770f5651c993c338a270f9f0624a5ef882b2d6484ff6deed3010dd9b06d7912009d08d21c2695c9cbaa340159f4394a5c94075d382b3fd00821922ff41

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat Color IDM\Toolbar\Flat_Color\Flat_Color-Small_Normal.bmp

Filesize
56KB

MD5
116bc0c2208f6c25fb8863e79771b9ad

SHA1
258f9a164e44128b2bf528ebb1d50c2346ee153c

SHA256
19c1c8809fbc66fdb54c105e719d1030511f1178c882a8935c72342c0f76f241

SHA512
95b9a763233fdee667803b887282287b78c6ebf052b0f9e1a128b5932a5886cf7d014cd25d9190b3c0d0e954423be17cd5d2e62ca02c837ffc0653c9700217b9

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat2015-Over.bmp

Filesize
82KB

MD5
d29301fcc810b4c2b9062d2e1c847ce5

SHA1
ddc8aeb0c310017a4eb0603a3a243e9b08e0f972

SHA256
a405435f6b4fc04f35e3a0b343c4bb1734a4f8ffaf18d4137edad27646b76044

SHA512
762d26558165d23c1502bf26e600c8e6593ae81c7b669a699fc221a0dead01d2d093c514a8a27197788ff5ecbe6338b5cdb62f1e1e83a0ee7098ecfa840ac03b

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat2015.bmp

Filesize
82KB

MD5
bba0b2d87fce7af069300a8ba8be2e9f

SHA1
96b74f214b9438ee49e320984a79b05473f2e16c

SHA256
6676bb8b12e025e452e213d64dc7406a31ee76f17041b8dae2eb8d8323f1e778

SHA512
9170266ee15d9d087f140b81999c41cfa6398cdba293a9a0cb2b97d7867c72997670b6eb365230421cd9b36d006328019d7fca46b8576369e1126b495d3be65e

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Flat2015.tbi

Filesize
120B

MD5
a31021a378ae03812b9ab14f1b80250f

SHA1
3058f0f296ca9f15b7a7dee7626d7d848af5a83f

SHA256
a95e5ca4097da8d303ffaca5f80fa39ffc5d64a9dd2daa9dde160608a2651b97

SHA512
6a31cedab4d3ff4f167f228ac8ff878285e09a4acea6799360a05c1b690bbd913d1448b92e30878eb56b25c6fdaf339dbb5a51794b896c4831f886fe8d49ba73

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\GUiMAGiNATION\GD.bmp

Filesize
71KB

MD5
5730cdac04c58fef7d9d6f5fbc8279ac

SHA1
ba93072ca60752406151b80d060a5bfb8a759c83

SHA256
f71850008bc354912ca2512ac814fc875b4aa75d2b8f326e6d2f5973b91c38e0

SHA512
63793bb1dc813af7320cf85768d37f6cdd5936757152deb3e718c8795de6dc92fb0145e0805c536c4f77e7c351aa28041d53710f00eab320e745bf9c5c4eddfc

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\GUiMAGiNATION\GH.bmp

Filesize
71KB

MD5
031c6f54dd2e75cf2ace45734e617f61

SHA1
d815fb99b6e24608693495f67d8da70c289032a1

SHA256
add49cf37b8d87a325edf2550860dc00c3b22ee8725b9fb0c49fa1ddad6e088a

SHA512
198127190d599304224d0af6aacce0a0378596da78644dff538adc6818fc0b61556de0b14b30fb06796fb93d9c5aa1ae6c6051a4800ea011484862a9f51f476b

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\GUiMAGiNATION\GL.bmp

Filesize
71KB

MD5
0875b1add67b0dcb942c1d8a933406ec

SHA1
c908133dcbe8a78bf090d5db7bda9ae9e48062ae

SHA256
5192f37edc356c083988bc463131b4ff1f5ffd7df3f89e468d12b36efad18f13

SHA512
eb1a73d2ff89a8d607f3da64a9eef1d2abfa90ab28ec06e8a12ee8ad8a06336f12c731d568f406b6aae9338d22aff775d8e151e75915e0179d95dc0875a1d53f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\GUiMAGiNATION\GUiMAGiNATION.tbi

Filesize
129B

MD5
189c6bd464a6e22309af6d29e1066c1f

SHA1
4850e8f62be08a9b74aa1700a4a2025272bdea4e

SHA256
09fa7656e05e31ee07b410205abcc304fac954695ca0b1f5c27a91c2f93f949b

SHA512
cbbd8f993c65b1eaec928895aed8eefcaffa44267c459872154ea36267a59d9a02db7060a481f9649891fe017ed47a9169f375adc326e21b3d1ccc49638bd372

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Globe.bmp

Filesize
82KB

MD5
8f49fa6391aef82e63714ef0c20e01e4

SHA1
3383e28008b6b037b058c984b183ffcc439b29ba

SHA256
607561a5db8dc32c45f0eee77d332c2d349aa65b3f0f00c84ef4bc03a8275954

SHA512
052a9ed002fbe2ce086da3cb4ea526eeea3097b13f11d0ca4f321ac856b22c655f354d768f11149e71cca591c5c3d141f14a061f38a2110648bd7126f85fca1a

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Globe.tbi

Filesize
105B

MD5
76b41e006a9ce3ff361a6ccd0c8a3ebe

SHA1
4bda1d1e691c56ff2f2ac211ff8eae7ec0132492

SHA256
acb91fd81f3c9151cf5616d34e17b838066524c23b332fa51d3769d5378c06d8

SHA512
42f637683048f5fe844cee31cbdd7e913bcf4ed52827cccdc15e2beb9aec0e34e69d01ed13fbd55a38e3a024dc4f91fc89d5a257468c6f20589533baa855ade4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\GlobeHot.bmp

Filesize
82KB

MD5
f59246bac4ea4587af8ffe9951d36c9a

SHA1
16c1f4236a66656a70959049acc4411beda05999

SHA256
3fddf1d948dc2f4c33ec00d13c42f82ac0b6505cc3f5941158bb358f1d6285a1

SHA512
e5d4596483c2713914b99f743b3218efc1a30c5c3c326598616ba43a24a719a6b77eee93118a8577e9a98bf8864097d72c31353299ba30190abcac14228d2099

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz 2016.tbi

Filesize
318B

MD5
e913cc99dace35325a354d100e13db07

SHA1
748cc1514b437234e24e279870807d14e4be52fe

SHA256
3596d2a03cef14a7f6e14bad7619dba587dbbbf1df2da8b13053eee25a249cbd

SHA512
fb629342cbc71f54a7bcb83cf550601181e3c7b190d6cccde6f2cd2398ba8f47652fb4235a73e3d770a612ed89cf4ade8910c32c7957957e7c99cb1eb4235970

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz_2016\Glyfz_2016-Large_Disabled.BMP

Filesize
110KB

MD5
af0a8e2af7c63a2b0ae58fb63f614979

SHA1
2be9f4b97be765b9739bfb5d748ae4f58bd1006a

SHA256
79a4cadaaf2178c3c3cee065f2f60a5dbfef42dcff93b2d0ce0528d3ce0d589f

SHA512
fa32d4234c9ef045d989359d0cc0c7aecdbec810406e399487517b7bffdcbdc2dd448a787939fb25cf913e283d942719298196a5a56aaa6e65151de50d338b26

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz_2016\Glyfz_2016-Large_Hot.BMP

Filesize
110KB

MD5
e68f60273a6505e309b5fff7e57b9ec4

SHA1
083610d2622cb0d4fa265e89a1a8e30e082abf9d

SHA256
9b554d627b274507c8c17dc0a2d89728b5860242803a9abacc5187775c0e47e9

SHA512
22e71c1d442b1450889a1b0d9038b967ecd9d3d18691403a0f270a92101452c872f7c4c013f6d376debde15fbe64f3ac49932a460eefcf698fcf28aaf89a6c73

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz_2016\Glyfz_2016-Large_Normal.BMP

Filesize
110KB

MD5
dad1893be29ef08e8784b0e8ee61144a

SHA1
e66238c4d976fc0e86e7a2d49cedf8bb68157f6f

SHA256
74aafa2e4158018b4b1c25152b6ce72144b8a5f1b57613cb7b7b96f2926c11f2

SHA512
ff42415239f0dbdba4dc1105a9b55dc7b795e3a503d018d5fc22d51d3bdd8ebbc692edecf586a7a2dbccb964a647eba2bf8a3cc823046cb647b353653029c7fb

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz_2016\Glyfz_2016-Small_Disabled.BMP

Filesize
56KB

MD5
733e1e8f53fa8fbbd750f61e5476ac75

SHA1
38cf314b9cfbed29c1127fcc0f94f08db551951b

SHA256
6fdbf6cc366f18c123b723a94530ef4c6bc17ce5dfbc11b8e1d00aaa16553aad

SHA512
bdcda5d8f5fb18a9ff369939df5279cbc42c6160c8526c4b4b40d3d6f7fe2d9ea32117f9827af5a995dc3f41412f95e6d79f82bc0e86dfcfe823107ea1291717

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz_2016\Glyfz_2016-Small_Hot.BMP

Filesize
56KB

MD5
778bcd8db2c75671175a274a385f29f4

SHA1
f9126e8c294b1be4d70a09e6ddcc4a387a9b16ed

SHA256
8d114e2a2adf41baa37d8566a3e3e47d105cb8294ec825c409531159abf02233

SHA512
3433046f8b0940d908b6bd9ff7b80695fe559a269d271f0460fb08b01f1867794f9c062817cd2e6904d653320f33af7391e7483a56b75253e3bd017e41d71aee

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Glyfz_2016\Glyfz_2016-Small_Normal.BMP

Filesize
56KB

MD5
13e9645b2ab862df92de101fd67c716b

SHA1
62efc35c280a31025b56b8558526103e383af1d2

SHA256
9228893ecfa653fa7017144ff74bb881fecd6cbb7992e846860c881b979a341e

SHA512
d7301c9884279d0a54966ecfc6b4bba225700f2b193e3e1fec154b50bd9ebad22cb3d9bcfb34f3741591e8bbdcee1ca8e1a01579be4a5aa4aa2c5f7af5a05aee

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_BlueSky_Shapes.tbi

Filesize
265B

MD5
8b0224d8d9111d3222e50b083e2a192b

SHA1
04d9487434c3802494b0b3231a056ed6f962e5bc

SHA256
26fdccbfe86b5a23175c26b0053af6996b3de3743f5109b25312912f6c792e70

SHA512
5411ef7d8c5f735cf28310aa3f2e131178151343fd68e8dc51f6279299c7a306638c19403f919c5acad1db88d5ae7af295fd793275fd11b025c1337e286b81aa

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_BlueSky_Shapes_Toolbar\H3M_toolbars.zip

Filesize
671KB

MD5
51da69ec732017bb58443fd57d3b192c

SHA1
28fec8ee3a837da9d85e24b3f18e843e8dce4479

SHA256
5bdb735af62b9f14c12c9d64374a6deecbedf88e75d91e5446bd35f2ec22c719

SHA512
1fc94a4aa520488cd9e07f480fffc137d637536adc669483144a376e2bd3c0826b0374debb6e7f567dc74fa0575a6c4136790856f5eb7b3b36ab4e9e90ba0bfc

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Bronze_Shapes.tbi

Filesize
255B

MD5
37a3b7974bca361a3df924bdebc3b075

SHA1
4184a3d89bd05c1a5cf4ea9ce140c4ae630a7fe0

SHA256
d4037821d2f38516fdb4f8f363d99b88ada99aef800ca89a1b31d0898061e847

SHA512
4aa7e96987ce1ce75268e4d12d50d79f0bfb7321e522c4c7f703a493e61bbae02345a92dd37180627fdc8a111fefb7adfae2c703273c064bb3a6b7593d3e57c5

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Bronze_Shapes_Toolbar\H3M_BS_Large_Hot.bmp

Filesize
110KB

MD5
4bf0efca68bff7af5da40a9e109a8d68

SHA1
a8f2dd1f97a9dc8821f799fdb45a72bc9fdf2d2e

SHA256
d6026c1fb28dacea812c4beb1851d432612de954d9ee67d1f3bd591dc644edbf

SHA512
2119d0581b5f61eab03f09499c3f4480764a3297e0e7806386e68c821c9c5b2815c5746cfd644d13d6d756945ac668522f8723dba763cd4f7425de7874af57de

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Bronze_Shapes_Toolbar\H3M_BS_Small_Hot.bmp

Filesize
63KB

MD5
f579f38d10b999cf8ee068a7a9cd4e49

SHA1
835ec7527ef00a37e93dc97f3c0d3528dbc7333b

SHA256
4eb8ff2ada51737686c65f83857b60403e2f8f7e7e3bbc0bc23ff38754474e60

SHA512
b454824b175629ccd1e0d0a62eaeeb7af69fbee32826d5fea39997f4e450c197fb735da1391936142990ad793ac340eabd6ac828a51f7d474a953ce015b4d3d6

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Buttons.tbi

Filesize
245B

MD5
5dc0b72e079f118bb46900c6426b0ac5

SHA1
4191bfd7c14eec0026e02728073a9c6de9692e89

SHA256
c4d40893da5f49c766fb4f3788cd2da991fd762a61753a2c2eede8e20ecc3e30

SHA512
e66b22f54399ac86d976b46d85721247100e70e46353e4c47accfaa30fe0ab7d32698f19ef038a75fc015ef30e8259f52a40635c4035676374c9c83796985b55

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Buttons_Toolbar\H3M_Buttons_Large_Hot.bmp

Filesize
110KB

MD5
1f63b9816a5de5cd3215766739369fde

SHA1
cce48d733f58f8783857a7d1c4c20302f095ac03

SHA256
c0d8da4a182401ee6d31ad1c56a47ff60e529e421df6e8820342a5e038a0ab85

SHA512
c5c8ec5f8be646edd974a0ca3fc03ffc2cba9215b55e14c7712f88111a560d71454e33c276fa61157362e18047ca716cb39d5b807ed5d835644f222097e27710

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Buttons_Toolbar\H3M_Buttons_Large_Normal.bmp

Filesize
110KB

MD5
36b80c9c52eaf02f3528a554246229af

SHA1
4f6a1abbee12a31a6aea377d89435571c7fb9a80

SHA256
d546a83613b63e4942aeb562b0401ad1dec7af9185068c87e7fc85058e4fef4a

SHA512
500fad2be6b62c3f7caad25b4af846e3151be1bde572e8f4a512a8f96aa998143f62c80cac78d2aeae2c84addf527c2f202f353a069ecaa70b986fdf3a8e3d2c

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Buttons_Toolbar\H3M_Buttons_Small_Hot.bmp

Filesize
63KB

MD5
67ae52e51ff14cc79fb040af49f733bb

SHA1
2783e271c2442db0529220969bb85fcbd22296f3

SHA256
fd532fc30580d34539dd4d1b93dd2fca7f43164012e40b985c97678472b30d0d

SHA512
f2456c3f503ff8e22d6032d83765d7eba03a69d50536df6ce4de241d8629046c73230f8c185e892aa0ed6fb099bcfcee20defa6ebd5750e41f73ad5c43e9418b

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Buttons_Toolbar\H3M_Buttons_Small_Normal.bmp

Filesize
63KB

MD5
4e2d30d17c7cb06da5622cae68ef6f27

SHA1
c1a911820de6b8bc4e424ae7a50b65692ec8b3a6

SHA256
d4decf3db5e8f3389c3f9fb049b3c05dc4e8b59dd2246b3596ee1ee159c12db7

SHA512
e626a7c6fd40b2c039317e68d4e9c9e610b7c123454b82706cdf1a9361514c110e2a045e169d4d5013baacca88e8a69361569096f0649a8399cc0367063dd71b

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Cubic3D.tbi

Filesize
246B

MD5
c9462c08bb697fe2465cd3441fa16020

SHA1
8563845bb341377c630e33e9c8a7f3d799b2cfd8

SHA256
b5f4c65e1cae90b097350dc0d3a9aaf2ee353c4dc4124299801844989f8972e8

SHA512
759734c7ba2469c6a95355239ce64529ddccb10f5f582b47a3d300acb3a1a64ffd3c895e5e71f92085d699856858962b304783b86d122bf753ad72dd997fa808

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Cubic3D_Toolbar\H3M_Cubic3D_Large_Hot.bmp

Filesize
110KB

MD5
63cb599397785ca3e0cd49e2606098bd

SHA1
3cd97fac92ff5259115a2118ccc04f37514b935d

SHA256
565f1ae0ade7c766896ce7b27bb441e84ddf1550baee9e1f54d1f9223996e9ce

SHA512
f4e6ec860e9615a36cd9b2542e358a840ff6fa0b2e60b6d732f793d5ef7df88ec1a554d07337a28fd5fa24c966beab7a707557eb345b6dd1eb5705f1f8bec599

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Cubic3D_Toolbar\H3M_Cubic3D_Large_Normal.bmp

Filesize
110KB

MD5
7b498ec66bb81e4b46e10709e8390f3b

SHA1
53e864ca531e4a84614e5e7603bd95c489b99e8e

SHA256
38e4c9c80693b8821077741e8f327a9e477711e440f25991fe95fdf1132b5c20

SHA512
7b997ea92285e848f66f609b75cb30ac7d8a3b3e4316b60ffbcc2dd0c08e4fc9e8ecc3d3a709eeeee9b0b1ae788e3f1bbe21036ad984bb98c4aadd6bf1452d16

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Cubic3D_Toolbar\H3M_Cubic3D_Small_Hot.bmp

Filesize
63KB

MD5
fb9207308ec5e8af8a2c2d61ebb47e86

SHA1
59b6e799b82a6b3545e4c27ddbba2a412d28b123

SHA256
c85a4a81d3ae70546c078b377cb241c6c669646305ef99111bfcb0ff9fad16a1

SHA512
bd9ec5d7b68e816560e7f750985ee60d597e0efc117098bda7dc3dd293274376014d3e8944deb4a1bec14a8e1636676b220613d81069188a620cac365a06cc96

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Cubic3D_Toolbar\H3M_Cubic3D_Small_Normal.bmp

Filesize
63KB

MD5
6ae8a2767961b43e45ff8cce1d32ad26

SHA1
9aaa4515d6f73820ab71bd369547eb6e9d9ac5f4

SHA256
1a3e658e40f30056888ee9bc91acd03cd31bf1c70cc429e92fac5e70491261eb

SHA512
33a574ef43d2c7651ff16249f3ed533f4a59017749df45adf785de97622993d4adbf4bc8ed9d4b61fbf367b90a915736869817f37f6f8e8264b7f0103e37520e

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Glossy.tbi

Filesize
236B

MD5
113db33f8050043be45675dfeaa192a2

SHA1
88163eb59850573b8b19311a00dadc05e7c3abef

SHA256
2e4056d907637e2471eef0e70fe72538fec26824ea1a4cec825649e9b77cdd64

SHA512
a7c1600f28f6af987271a3d69d06489f990092473b9f18f7e6c76cbb5954717e527b015bd842e0c7e60078542162c2480f3b3b04e6f365b35d18aeb8578b0318

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Glossy_Toolbar\H3M_Glossy_Large_Hot.bmp

Filesize
110KB

MD5
2c6676f17f5ddd0a86b2ad4dde416b43

SHA1
3f07b386ca2b0ec07a03ac73c2ed1dab04cc8b04

SHA256
1524aef1efda9811d0cf6a565369bc02b468d00607c87f9d7b50d6db2138f753

SHA512
4b985462e118d764d55c557aa47bd7d4ce995fb84653ad390fbd245347602a9ee1b3c05eebf526eb6d10f425dcb5e5438277d0bdd1b2e1626e2a10111b73b8df

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Glossy_Toolbar\H3M_Glossy_Large_Normal.bmp

Filesize
110KB

MD5
d0e7372fd8c427c91a0c8917a50bc8f2

SHA1
23c9b3a8fd705499849172d514aec33522af75b3

SHA256
785cba480fa4e9bd597331791d75b8535422ead6a55a9c478065d153b7a6b5a9

SHA512
43211b729b0d0d514fff5591863c7dac31e12fec01b27414e177e9f6a946dcdf64e032efa4090a8b55d3766349fcb7bab3882def14bd853a14ab4ffaef8ab074

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Glossy_Toolbar\H3M_Glossy_Small_Hot.bmp

Filesize
63KB

MD5
00a2c26e5056c3cd6f1648ddf383c0d9

SHA1
c08d359c42ced85f75ec545387f6a0c506c92932

SHA256
e1e6c03d9ec0134084d714f99d7c13ecfe53582c558fcdb079ac4bdd0adb2fc8

SHA512
f14b1a3d2a948d3afaa7b0c512335b06528bdea0315a4df9e732fc3bd30d2565bf4fd0ef54ff49f22e7b57dc9976208841ef345d8478c9d72e5e85b277335837

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Glossy_Toolbar\H3M_Glossy_Small_Normal.bmp

Filesize
63KB

MD5
80c7e1945e01e95feab2415d8414af88

SHA1
d44d050b0a74c46b56e9a8239f160b002e91aa9c

SHA256
b076a0c6ebcdfa52f5dfd2dd07ac627a91ac013faf29cc56b3b17056394877b2

SHA512
33b26be14182c06e5628215315ffa6ec064845c4a23ee2f4faec4aa058d97a8200039394b71709e74fd6e049b2ad0116ea53747d5c14c677f3ebe47b99527946

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Olive_Shapes.tbi

Filesize
250B

MD5
184b78e159fa0a6f0de73649176922b3

SHA1
d8740e9ec717c8c16abc1a9eac24b910374c6c87

SHA256
aafc0944ea30ba8dc27af355b7b312def122215fbfc159faf303053defb43891

SHA512
007e05ebf575f695577b205d64c06f6ea811a8b910f5881a796f6e0062ca7246bf233237c6bc1244ebfd8872848ba7b6444f2743f364a2875a660379dc6c9f15

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Painted_Stickers.tbi

Filesize
270B

MD5
880448fb2ac402ad03f048de0d238142

SHA1
f4901fff646eca7fa13d5c424594cb2d6c32a20f

SHA256
4e66365c42f347dd548443e5b1418aa7ba4f6baa0d4e0c04ced11aaa778ab22d

SHA512
6ce0614a7c375352d61e2ce03d1252a945be341422e73a4dc9aba5e6d13e3b409187240aa5c74d79fd1dadb32e3c90dd88adf5c93f4023238f9afb0bda97b491

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Painted_Stickers_Toolbar\H3M_PS_Large_Hot.bmp

Filesize
110KB

MD5
1bea3f9b7b557080b84fd499c3b9dda1

SHA1
a4e1407bfb7c675c2097dbff018667ac125338a9

SHA256
447d4f5837733628716698e2bda821927855c3bc06fa0ceed73bc9df34a1c979

SHA512
71c6af94cbb97bbfa3849341d2671091dd296b4d3ae42a5c37cff88d6f03c52ec39492f9c59d7f791d977f2ba32c04c8b2277e03da0820b52e4bc8655e0712b6

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Painted_Stickers_Toolbar\H3M_PS_Small_Hot.bmp

Filesize
63KB

MD5
6109efa2c00296f1e5d589d47bbfe74a

SHA1
9d4ff91a4765a4fe0e28b261fa9b9c504fd411c1

SHA256
902fb574b5dcf87c47f0ac5eb788392275fc55a62cc4f4063e8c39158ec4ae75

SHA512
801b4702c51b680ba4cc54f5903fae706a9fb83e0332067375db2ee4521b29a629342626bbf9dddc111e19aacf98916de0adac89bc6ad0c56fbb63dd64ae3bfc

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\H3M_Painted_Stickers_Toolbar\H3M_PS_Small_Normal.bmp

Filesize
63KB

MD5
6d3867229e9a55a8444bcbdc5cb1b4c4

SHA1
3eac266d3f73942ea9aa13e138c0ced2f9f7cc6a

SHA256
0ba1fc0c3247c59b404d7917d38f49d06571940e9daab65deec7d44b336c993b

SHA512
931707f24d4bcc220bd2fa95680ae0ffabfcc4247027a59703ed92740825bffc8f7925a305ccf380f51b9f188cd7edebeea77be69b4a170137324ba9e752b1e9

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM PURPLE TOOLBAR\HOW TO USE.txt

Filesize
369B

MD5
00e524c516d43899d8f0311423a73a62

SHA1
9af0daf7a2f43c5a2b657e85c56a4bacd0d245b4

SHA256
acadd7fbb7d70dd17dc7d4cb244ccafe959888e590e20e342160ca376afb8358

SHA512
95c347b7a8182d26ba2f2e8a866a984894b386b6760a403320a4f6327b2e5ffb69caccef3a722e204d3112801e2e340cf2f0809ca86de5a10c5db7daa7bfb182

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM PURPLE TOOLBAR\IDM PURPLE TOOLBAR PREVIEW.png

Filesize
25KB

MD5
eee096f4670938923fa02d5d2e9874b5

SHA1
d2e52665684bebac768981ae031ddf0bb3ac7e0b

SHA256
b8af140cd470fdca249624cd69615cf9a502a5860cd37fcd54dffbf344cf539b

SHA512
617a8ac2d1b06e208cee7e05d572115e0e97c14ff2439e8f64e22e8b9a4f582c963b35c3f44f1d0094293fd7c850b61348cf8c65cf6a227c647e00c06c6bd8cc

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM PURPLE TOOLBAR\PT LIGHT\PT LIGHT.tbi

Filesize
196B

MD5
025c0f42f4d3d1af7379692410a63112

SHA1
adadfe6a418b4064e4b250e322338eb53480e062

SHA256
f78bda17e813a3441c8e73e3a1b7a1ff208153c0649e3649361dc21cfcb43f81

SHA512
cc97bf5405a6dc0052322c9a0b6bb1c455609c64d1b79ab3f29bb08aaade3fbdd34f534f5f9f1939716da3f26c6efa2b3cc961cef5b966f5efeeb8bcdf2e76e5

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM PURPLE TOOLBAR\PT LIGHT\PT LIGHT\PT_LH.bmp

Filesize
110KB

MD5
e3413582712dfb4ef172b5bf710b5391

SHA1
a7b3e3725b54bbb649253f20499f9f19191aa044

SHA256
ef6ed484660733e203dcb1004a927a4d021dbd60b9c8a4c3c190a9112a7fa94f

SHA512
0f8ea247693e1a62fd02219280af6eab7ad665b8aab9d655f37d7eed8010da0c52e8be617b4b0f842b28aec9826081e1cb18f212976ce8c5c938fba1035f195d

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM PURPLE TOOLBAR\PT LIGHT\PT LIGHT\PT_LN.bmp

Filesize
110KB

MD5
fd1afb95a1c2b91f358befcdcf46fe20

SHA1
24753bd9e266c688aa2c5c8612eec1deb44c754c

SHA256
4a6880a580b1eda105ea70b2b815855ec6507c3419ff8a90d893c10bf563652b

SHA512
4953137cb1716a5b4e8179a9e582af21259c576501222cf172b31304c142ab871926c8e187447d4b113c6eee0156afbff4cc76c540fffe17b4e51836e21f5c36

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM PURPLE TOOLBAR\PT LIGHT\PT LIGHT\PT_SH.bmp

Filesize
56KB

MD5
39075fe576afaea8043360dff028f58d

SHA1
570a8469bcc88ab2e2d7637cd71399b2d05d9aec

SHA256
c7c310c4946c6cbed3566b17fb54464ef2fe8d6560fda12b8cbe383fceaa5ed0

SHA512
ba2f536233341dc27a62239cd80199e80d955ca5822935ebbdb6c88a0b8100ee69b517f91dbb42847fb70dc471b5b33912b9ec32f60a4ac4089fc8afc4e478a7

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM PURPLE TOOLBAR\PT LIGHT\PT LIGHT\PT_SN.bmp

Filesize
56KB

MD5
fedd35a7243400af5dc336cd57ac0b5f

SHA1
9cd64779780c68caa5b8a1521825099c613e3d2b

SHA256
c48d173af53f27d3eefb46e920a2550b97e641a8f0fa20f88028ee421c65899c

SHA512
e1b836e90d6b831e1aa562832136367d4df5f85058539f48605baf4702711a105ce39b86438ee917f4685b276b22a19df4fa405d29313c29c5e1a80bf66dfaa8

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM Theme Flat2015\Flat2015 - Help & About.txt

Filesize
1KB

MD5
b41522be2be9b1088ea07c1e212e7d6d

SHA1
8d4d883a4d69622fe54e582bfa9fd723b4ad0c13

SHA256
0286725f8553045f7f42e46bec1671cda26119d72fa4d5a08eed96c1a83bf511

SHA512
febc8e00a7c0945be5493c84652c60b66855b70d00ac33998ec63e193df0a795212f8d23d130ca9e524e7dd795d46d1514a6a8750790a95e605cb844e937d254

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM Theme Flat2015\Flat2015.tbi

Filesize
116B

MD5
c43b29938adc5e44a750bc22b1e6fbcb

SHA1
02838dc6c832cb8ad6f628525033c45598bd0122

SHA256
1667af98d210410357295c6c82c7b8030cc8f311c0f68fc4289f0572dc0970a3

SHA512
c7b43825160738fea973ec741612b7c2d27a5c98da67e007d3ce3995ef9d570c4b9b75e5d9979ed1ede247808f955a680600399161a2ff731ea292fbe19e4d6e

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM-Pro (Toolbar Theme)\IDM-Pro-Over.bmp

Filesize
82KB

MD5
a6afb7a1b48e4ac3fc040ff327ae0e29

SHA1
d5d778e2d51c7c6eb4bb54161281c4932fc9a6fb

SHA256
49fab36716d5fb9fece223e50de2dfa7ac538ecf3f9040b141f40c27d574f457

SHA512
2dabe4231baea6025acecbe88e538852cb15cb8a5c7d297167a39a535745ce567032c2aa23428f6ab7f9f48242eba754f3ef3da610cf36ed5a9fb6fa14ee3187

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM-Pro (Toolbar Theme)\IDM-Pro.bmp

Filesize
82KB

MD5
cedb8ba9ae4c355a0f95736f27deba69

SHA1
3bb5fb30f8b1b05ef15c86b13f9e6287e05f847c

SHA256
72fb92dee5828afd33f9ea11fc48042229338ebb46b253e616dcc166d25e77fa

SHA512
35d93226855fbd4de5023a36222b5d51e35daacdde00446f661f6608fa2caf8803b965e9c79f825284c7fe511dbc0ac6dafeebe8369c36c270ae43ac8ec2fb8d

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IDM-Pro (Toolbar Theme)\IDM-Pro.tbi

Filesize
113B

MD5
638a003472474250f21147c2b13a6303

SHA1
363caa028ed709b4aef3112acf81fe81b00a2fc8

SHA256
48842c8ccbd8a22fb3ea222a13dfe15f79f9070ea2d10cf0a967a1e330b0468c

SHA512
ff06b3820125bf697cee463ecf6ac98c847810004bb61654bb160217e58ab6e508596d74ec721a54dddb3725103ef92774b0034ed4d2793f3de2a80adb7f133a

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IOS IDM Toolbar.BMP

Filesize
154KB

MD5
7f4b484ef6f045ce44f419694178b9f0

SHA1
310fdff62d92ca026509d475c87f26bc97cbe645

SHA256
75d505c9453d0f5f634298444447513fe80694c96366680e8127e6647528d6e5

SHA512
23aef1e0856e3f9c73628eb58319300fd25b708b7b0c75596b2d6f75cd36401ced6bc8dff473dedd5e791f27f81b7b9584a261654d4c39672698aa527d2bcebc

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\IOS IDM Toolbar.tbi

Filesize
141B

MD5
858a4b445380dbadaf1d36224a0b9e25

SHA1
79586afaf58f019fc724c24da836cee5e2c8ddae

SHA256
5f371368c3b58b0871eb663b57ccc3e33b88906a9545fa5ae9a6455de680dbf0

SHA512
0cf9997f761534705d6ce77cd64af60d19e8741a092dc56ae35dc491e823339532509adf4401b0f49ba208c3888f6702db07ca2308a1c921978bf641ea5d4056

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Installation instructions.txt

Filesize
351B

MD5
8f669b286b838134cbfd5255c31d6265

SHA1
051c0a782c7f17eb577d4a84833937c0e26d7c30

SHA256
810de7eabcfb29c408304c4b337d3f5d5e1f2fbc745e4bc6672b24d4fc089675

SHA512
1a927742c85eb02db239ff5392097894aab4b0ff12a1a1a29dba136f60fd5bfac74ea200b96b747b881cdac363d4c2ed65328e4e9efc9c8c62c25e36b0bdf526

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Kavian.tbi

Filesize
153B

MD5
9529a0cfcb0769e77508362d347d2973

SHA1
4c1876edd1ff4d63cff79a7049ffa150d48bef78

SHA256
d551ab5cec619ffce19206214fd029b31ae54d87098a11ac3e7bf31a3b584db9

SHA512
29bd1134c59dcf647397ba6f837e05238f8f7c51affe59dd4a0390859ec1da706489c23d930e73111fac2fe624ea6bfb92c89711658d7d0581259f276065639c

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Kavian\Kavian_Larg.bmp

Filesize
110KB

MD5
3fb960243b6a5b86b0aa5a8419c2e2be

SHA1
f766ec6ca49fa7bedf53435fb122a5428215a640

SHA256
db55b3be4617c045e86ad6a8a49fa290ac481b85f365d246a906606495e795c9

SHA512
e02f7fe71573a730cde6fe8c09e9df97b25add4275af36b6a20728f49baa61871ab18e68324ec8aa80afb9e2f8fc8c5b4f19fa340f39d400dd6e58b6144879e4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Kavian\Kavian_Larg_Hot.bmp

Filesize
110KB

MD5
96641a7b250c43b85682fbec7c669ab3

SHA1
4f1cfb42cccf8eb4bacd64be8f80eec385a82a0a

SHA256
5cba1302268186d47e6eeba9c30935579c8d694ba1408072474d98c69847453b

SHA512
316d85f67e2b726f10e60aab57d9f42ffbcccb308022a457a4ecd06aa14d0c2853679b005c1c441f6246246d17d91487fc6fe44668cb134fc0514cf0e5f43204

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Koushik Halder.tbi

Filesize
276B

MD5
804bc8873046da8167fa0a5015f5432f

SHA1
c05a631b54911fbd17ae567435e416b529be354d

SHA256
8f1181dba12dc5f809f1d816eef154c73a9a475aa56eb2b540f7cf986fc50433

SHA512
8e84657fac4cb1572699f77e311245729b4686725bc691ebab2cdcded00a1c638a8a26bde5bd0973aca0780cb84f9a1b11619947a53bb79f4a9caef46d2f2bb8

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Koushik_Halder_Large_Disable.bmp

Filesize
126KB

MD5
b25f063e0ef01693589710f3fc70c5eb

SHA1
c046b730375591138515727f3458d355077ce167

SHA256
c530db65d16377fb2d00d5c5ca0cd6f52fd19291f363ee9b9d318f45406f30c4

SHA512
ec1a7f7c0432b80207250c80176ba433ee895bdadd6ee8597491bd39552309449d2a3c2dc5291484240cbe6ee19f6158866ce2e29b82feeb8909e56374727d05

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Koushik_Halder_Large_Hot.bmp

Filesize
126KB

MD5
0b32d2c3831bbae9308c0461e7b7651c

SHA1
a78c3ddd074b9ae73cd8963a3863ee965a76bb7f

SHA256
1a25308d6a9198b5ee918a2d9c116c3cf5c4c9afec3cb73fc7d6f22f01136f8b

SHA512
ddd2f98c9ced0079b7c80b494d19d6b8358b6a047a1c19465335d25bf41252fca23d6af9a12cfb869b7f24e4848d8c805b456610c55c47b6e9dae825ff8a67d0

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Koushik_Halder_Small_Disable.bmp

Filesize
56KB

MD5
368954fd63d0c5381daa544af8474244

SHA1
2813e2574ed02a0d3ce50f19dd40cd4ab13fd60e

SHA256
109a6b2156cdce05a9295c126ddd39fc09ec52f4c8a197ebbcfb9d3528bd8df6

SHA512
926436a2f2f2cbe187e98ffefccdc72d43626ab0a7b3d670ed2d83cdda2d3a23848f730da66a87405c166386d7d3009b68eccf46fd0b623c2597c650c8509791

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Koushik_Halder_Small_Hot.bmp

Filesize
56KB

MD5
0f7f61536a628ac8244481a51520caad

SHA1
ecdd1e385cbfe38d8c003de50727fc58cdf3e48f

SHA256
0e3b783e2b9af1b6246156dd0e0cbb676bea1b7ade03b29c35bd27869a5bd4b1

SHA512
c9c5c5050b4d7a96aead3e73d4a752b1d2d39c26ce2ec7f4b4fc41226f4cc880df8e0d8acad7ea2b720e4c9db15a76a4cc58a84ea91e60b95dfdc276dacf0c2a

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Koushik_Halder_Small_Normal.bmp

Filesize
56KB

MD5
a9d91dcaf8c20db04a7ae78c1ff2b7ea

SHA1
3a6392ca02374d8bf15ff24e51d0e01cbb00af89

SHA256
32e673b4838c6de9236b00b822472b86e551d7390665b78b61cbcbe858934294

SHA512
2c916f65fe9cf7166e07a1a643ef8a19e1ff4f78f093a567e4cf055fcd056beea109ed9475c36e726abfef7710e45303d15f07a9d8dde8529fe785b42b24c641

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\MD_Dark_liang6141.tbi

Filesize
237B

MD5
1129faa4f09da415a416ddfe70fbd9e7

SHA1
130cd0700ffd28780b61e56704da9a959fd82f7c

SHA256
71b18f80a2a766d9511f33bf8080b3577f9e3b6e985202c9f917dc32ed4dfd6d

SHA512
9af3ed21b7dde9e33e5e81d97b9272d9e3c36e4aaa1a54766b269a79bfc21f2d05e6051544546e5f50f9dd37e8c19c5be59cdf13e0fd64913e3ceafa448d7e1c

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\MD_Dark_liang6141\MD_Dark_liang6141.bmp

Filesize
147KB

MD5
77c07e85570c3a0f6dba41c32b4c254a

SHA1
425bd839f0b8ad3f24bfc373537c0e3e474c08d3

SHA256
2b48cc84b09d5d862801c961d7fb179782d6860df4c5fa9739deebcf4d664474

SHA512
dea9e1e2302337e8cab53de86809fd07862b3e1630bfbda67c0f4171311cea588a6b2161da3ddcd673da64cf7f17d692c3a257e26171a1d8a0f60ade456ca89c

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\MD_Dark_liang6141\MD_Dark_liang6141_hot.bmp

Filesize
147KB

MD5
f161e4b250801468b272e38cee1a90c8

SHA1
f518d20c6958649c80e79ec54311ba857a4605ab

SHA256
58ef5426363d3595fbec04e076a71a920df664fe5a7059a09538402e07fbca33

SHA512
4a39fd2fdcec5621fbc6f357bdfa184e50d2a94c65fbca91e47d8b130a00bda97392aa51a52871e033b21a3f720c9c89d1f11256ff4d96530fb0d443011da2ae

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\MD_Light_liang6141.tbi

Filesize
246B

MD5
aabb17aa99c284908a9c1ca9487cb537

SHA1
071d86e682cae7a9604df2b1090f742f38cf0542

SHA256
5c80eb201b0b45974d3d166c218143b61beda34f3cc46026686eaf19bc744210

SHA512
31f1f4a208f150f38458f86d7b8144d89671d1c69b455cd5db649eb03362fca4102b19af79293b8ecf6f8e20628644f324950395a6bf125461ad32819e3a8168

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\MD_Light_liang6141\MD_Light_liang6141.bmp

Filesize
147KB

MD5
fb8eca8d7f005a4b03b002674b3fdd43

SHA1
4bd53c147d23c63c6bfd3c8cf281f4dc469840df

SHA256
1d62006b12522a4eba6e8e81200665c95f241993ff5b0e03505524e461d084de

SHA512
681d98110fa9f8aaa87e8a13ff287d5df47cfab902a22bc592a4a29140beb3601839502fae2bebf4bd3a5a91fa88228768b3633f0b7f40c6a51f6bc6d8b2f882

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\MD_Light_liang6141\MD_Light_liang6141_hot.bmp

Filesize
147KB

MD5
5d8d213c1a1f80aafb1ac35bf024ca87

SHA1
6aad13f0c28c02aba8633a52cd44c6f6f2babc30

SHA256
a752962c02bee4757b0daf438d5b4f5ca6ae45c89e4cd8df60f19958f6d384f9

SHA512
a5a87eb147a991fb139e91d2fdf82fc7ab14e1140e6a1da0be9d45e49bda2e8128d40222967b08a59b6c71b7a92ced4ee6bf34d8f54a87f76dd023c3da498533

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Metro IDM Toolbar-large.BMP

Filesize
174KB

MD5
02cea9061cd3be6269df70996432c798

SHA1
0ce928aa37a620194f269ee5ca77d50684122425

SHA256
1e5677747a72d65bc94a6a1dff5dcd4f14f4d2f230588c07351a24e61581cb6e

SHA512
892d21f015fc3f876c00d848571488da3fb31a44035c556eb3e4e4591fbc41384bf64a35e9c58fb58446434b88c5a91e9048d9b7fd8f431d19d9db9d42665005

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Metro IDM Toolbar-small.BMP

Filesize
95KB

MD5
17f28f3a2cefb7e36e813f96dcc6a75e

SHA1
b19f740b0e1301f890b2b7a95291325418dc89b5

SHA256
e6b2a1e10f11a11860c9f13d0e0ad0a0ebae872187f04e3c2d69fdeddeb76838

SHA512
f7b9bedd55f4b1a3081ed33010417e4ce44842abc681d1d3bcc81df87e7c5c95bbf9eac05b47bd1617cbb56b0943bd1f0e1ac65a65c3174d43e61a2e232aec9b

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Metro IDM Toolbar.tbi

Filesize
175B

MD5
a65dc10400f6e1a720f69c72016e0faa

SHA1
016a871815c1ccab13132faef8aec8e2ec5a638b

SHA256
d678eab6272288ba7ccf296c2305eee3aa4c8f59bfd0892374f7bcc850db2398

SHA512
fd65f0a608d9dc7368e77a0f4fd382934194548db36c0b668c89bf359661073f279db43d6d276d3bf9e401c3851d9c79b47d2f9c1286341484a3b0425b3835d8

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\MosI3D_1.tbi

Filesize
132B

MD5
7d37ae4b3a0054040aac80564249e859

SHA1
cdb72c794e411a5d88f73fc61bffaadd881c3179

SHA256
0e01bf0e5e0cda260b4eb7a1d7a72020051e34ce945788faa84bceb12f77be54

SHA512
f2e88caa5be4a6ab07ef04f378167f385aa6466918d8866089f6653d6c4e320dc999167f210e34b0dde17d9fc3a2ff17aac64ff7c10cb967b2c612ac1aa5d48b

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\MosI3D_largeHot_1.bmp

Filesize
82KB

MD5
fa6eb0d8242e4c9bb11dd07d04432029

SHA1
7662b052872302ca1f9a6d8b8b1a32ef83bb97f4

SHA256
2608f8a51c6be439d4164bf8097377827bbae7408ee2d64f80fa5ffe9ee67d44

SHA512
2803e1a2130461c8fb621945e944bccc99362815e27054b37c9bb7c9138a2d3fe61a278cc1f37ab7fcf4849388c7f6d2f48619641d752353599f1afa32ef9260

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\MosI3D_large_1.bmp

Filesize
82KB

MD5
22853e9724c73ce2a76104e65b86b6d7

SHA1
464673ed3dc6801ebeba51ec84abf1a324b324d3

SHA256
0fdad63eb6eda99d2e4644bc594ee84c660a5f4045c8bd122ef8414bbc2a42e9

SHA512
141ee163998e0ed66fcfd2e89114f5aa2c8c3d300f47c2ad180976806d571f7db74cf54230ec02604c7eef6e15912e56bfbb6945c284539767e0e138a26846a3

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\MosI3D_smallHot_1.bmp

Filesize
48KB

MD5
93efb1f4da410ed8a769a6050b8b1fb4

SHA1
017e2d13fb81587096b963a3d52a419b983fe4b4

SHA256
2a0c8004a85b8b0eabd12091d902056eafefbc4489403eedcb2d96de558ad620

SHA512
d4c63fe19e4708d57642df390a55523ea2b996088bd2159a1386f139ec2bb7855cdc84f2c7392a8c6b9093c6eccdffd5d14629e711b59f9708de9645f4381051

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\MosI3D_small_1.bmp

Filesize
48KB

MD5
9afed54b5ff6faededecb0202f320c8d

SHA1
450235a53fd1a9803ea183b703b128af707ab0b7

SHA256
958431f55770378377a95bac6d79bb31e76b03c15dc0c6a4f6810d7c2613d1dd

SHA512
7db915e4389eb089935844c725d5af785035c16fde33e71c62d4fd1a5edc764f2819d0b9d2e96b78645078ae3cb18dea98452635ec771f01e4271ea12821f40f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Mosi_Modern_XP.bmp

Filesize
82KB

MD5
f3698a7003e80d798d84f729426bcae7

SHA1
e748d77636aedfd0697440e7955759cb4cb5f5ab

SHA256
a10bebddb8071d352cb41da273a235a5058bddbc11658aa9be2aed9982675e6a

SHA512
2413131fc23fa2824146bf345a260275eb0deaeafef01bd904caf54585ecdb099c93ce806e82c82bb5eab014142180d2350bd558f369926deac420581f5e8112

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Mosi_Modern_XP.tbi

Filesize
140B

MD5
c7528ffc393ff885b27972445fdbf039

SHA1
0669278342348ad40776153f0b389614ac0f8868

SHA256
fc55511b322c9520fd363d1e7423efaaa4c6fdab595879987e0d2671bcdac909

SHA512
8b9d6e70eaeea9be7c0912234923bf8eae4187a2a24b1bfbe48f41e58c18bfec74f03d121b8f0ad0339165fbdbb9632b17e43b4c3be4f5209d127d60cc9453c0

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Mosi_Modern_XPHot.bmp

Filesize
82KB

MD5
258bc2e03670015e3eb9ede0611c7d50

SHA1
ccd73752cca278e8c7dfbb7c34ddc8539e1c16fc

SHA256
98ae19b388622784a4330d13775cfda9fd509610c568ed465635bf37a0a6e5c6

SHA512
f0bc3f7604a2f0a5b8287754ca10ae631ebb80dc9b0ff17388a272ecf5ed9a68386bb58a3d4a357a49d8e608f50d9a7d3839a2f79a0214b45adfe6e38a65d391

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Ninja Toolbar.BMP

Filesize
240KB

MD5
965efdeee8a62858d08e790ec9f172c2

SHA1
d021d7de285ab42db749196e3ec934b59dad2063

SHA256
18fd26acf47d26b68e90d21aec3cb36d11dbd588fcbb0ddf004a4878cba16667

SHA512
72d5b82d8924ef2cf1cb26ab32389f730a352c0ac09bf2bf3ddffa3821d768758fbc7e7e884574d877300bb11d057e27e98e91eccbae94abf014270015763f6e

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Ninja Toolbar.tbi

Filesize
131B

MD5
6f72da0c2a54a3a28da98cfcf6182bdf

SHA1
9d1b19aaf0f9f6e2dab8b200d526ca5b2c72faf4

SHA256
a0f7054fa241732c03f27a8b3e8b96453892709658fd5d494b64103476ddd43c

SHA512
2501d7fde3c6621faef377c7b19bc4740263698bbe49d62774d47c49e7993c540df1f88c5cbce4cf1aeb456756cd7fe3078562cf6337aaced68d5193878db65d

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat.tbi

Filesize
369B

MD5
c9de2aa3c3ea4d2c6b3ac3f4c7861aea

SHA1
95d63ebec0c91c4efce164fe0640ddbf4f4b1884

SHA256
4f6c48f9e417d37f4e4cc763d1c479c0ae5bf167f60ce4a86873c803d65e3cbe

SHA512
74e6ac967226afde9be31bb09ac4fd5ae25885a16a8d43d7d57a34bf57d571e6e8b515716377f236c1e174b8cdc155974202bbeff3f0cfd9b122f2b9223dbad3

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\Office Flat-Large_Disabled.bmp

Filesize
110KB

MD5
f0b07264f4ed2978a09469c827e8440d

SHA1
9cbcaa19f58c01701c7baea61f756e1ff1548c1b

SHA256
eb913b66ddca320da073af39953ddc0ca0c654d51e19d0de6ba9368b7f7399f7

SHA512
134a4fc8557aa8e808857c26a71f73bfdf88a5e421ca12205e992fadaa9e4d7a4eb468d1e720b4ea9d95b690286d4ce72f7aa9f90918785f7ce6a7e00855ee23

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\Office Flat-Large_Hot.bmp

Filesize
110KB

MD5
9d82fb1b63b67f5e17946bb70676e0db

SHA1
17d91a16f5ba9359d8feee6901da965352619529

SHA256
e819aa0287c03f7d51d7c628f8b38862c977bdcbcb4372a49ae31ab1f2714f16

SHA512
45628d0f640fe26893af8a23c60fa49cb32b6474f17d560fd51d8eec7c5632064b8404e39def7fc5d282e15d0b6735234f1999185c2a36550e2155fa3722ff9f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\Office Flat-Large_Normal.bmp

Filesize
110KB

MD5
e234ad34a6df806a8557152f82306c36

SHA1
0d805ded3d267c4e159135fc5af5af7ab324a16c

SHA256
bd20095cbc206613f76ab0d157587e5618202adefcf0ef2d57e069f63144833d

SHA512
30269dcf127c06440b00fc269135f40b9e56b3b8f86b61a5653b1164d17ca5de23d20a4d8d8bbb6e9fa9c85d33b0fa78c62257971b683137515d3a46315e7236

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\Office Flat-Small_Disabled.bmp

Filesize
56KB

MD5
07480280caec88f7d8cf9bc5d90ac8a6

SHA1
ac8cc560e87d760a4ac442147e2ee421ef1f20d0

SHA256
6fb958772da114a6d4792678712961e5bf812e5910255e496acd8fa86911c423

SHA512
22bbe3f7f17e18c74e7ac1ef749cc72719b4b8fa8e289ffd32612ef325f376ea48ccb53c1b8a07f52bb632a8fd70949ccc33ec1f7a2223467b2506a5a5b2ce94

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\Office Flat-Small_Hot.bmp

Filesize
56KB

MD5
cd2b9bdccbbf04b08e35682fce1307a0

SHA1
57c15c2dd319b42db78ec9f15413fd58d72bbc5e

SHA256
39b603dbec91ded6040e5f8713cbf5844d1b5629c2f633a043cab47e31fa8600

SHA512
a9eed1e88456587de3edb512a1f2f045f8a37a5f38b38be3b4cdc4ad65d8ad6b7e470bfd7c7c92130ecd4a609e3f3754119a5fc57986d98870b0aeec7ce4a41c

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Office Flat\Office Flat-Small_Normal.bmp

Filesize
56KB

MD5
e13aacd75e11cfe29bce2c8277bfbaf3

SHA1
6437d9d6602f64982e50f49a8155f0e8305ab0e5

SHA256
b920ab301a85b4838f875b329e3ec9ad184280a4dbf8c6c99c0871cede510e3f

SHA512
f87fcc7eced03771de2ebdb8f77ba6a092b50d3b857b938248ce509bc36b33939116f43e5826ecedb798742f888fcb6ad731b1c7205697bd0b08d5449757d4a4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\PureFlat.tbi

Filesize
171B

MD5
7383a950fd9cf4e544d6c0daa11f3dc6

SHA1
04b1f5372560a000aa87d3afd2d400e6fae5b9b2

SHA256
b4a3be388ba7abdbd86b9bbf6d775ac2505860d16f714c46e1b761b0ce706e1b

SHA512
b0b63c6a3e716c568a904b888b0516ae715d13b157b83f9973ae9758349c2df8232e7ca1aa2536e8010e81be333e55bf13f52f3922143d0ee77dc9a7ad16bc7b

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\PureFlat\PureFlat_Larg.bmp

Filesize
110KB

MD5
7628962268b6649a7a7b7b04e4a4e5a5

SHA1
a136fcee1530cb3731d41fa4efbb933b2e397b43

SHA256
00c020a1c49e7d1be356a630ac17fed6848fa93b669feab8c3fb55995d98964b

SHA512
90c1a5c6ce1b725de2785d0db14d3da5555a529ddd54be5d16ad862d7de90100bd3e521ae6d0b31cd1c20d1e3d67bb7da53dfc5c1cd933c10c59e1facfcce1ba

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\PureFlat\PureFlat_Larg_Hot.bmp

Filesize
110KB

MD5
22f439a6fefedba9c1efce37560d01b0

SHA1
a09597fdad9ee50fd41f866f0efd24d56718c778

SHA256
c766ca4b6e45b9ff03c7e13f2269b234fc9aafdb0b7ebef81108e718413d3899

SHA512
8b654f7bb9509a9bfedb99e3be8ac7afdb39c8cf59e336c10d1a45fb81344852bf8bd395f237e6b2e441c5e910e0fef117174d36e2a303a408387a6e96a57d5e

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\PureFlat\PureFlat_Small.bmp

Filesize
63KB

MD5
068001b36f7f18117c5aead61c46809f

SHA1
d71be24e5d72e6f886c69c1cd57c440531f16aff

SHA256
289065ed88e91dc1adf8a8fd8b8f16e8a8163df79cc26178d5a66ca63108849d

SHA512
95edf0158be33d7e4c285d40f8e34ca9719d512754ce064342817edb7bc1706d46f4ec043605bccccf5566bcfeb756642eec4c994914eb3071a62687f9e393a9

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\PureFlat\PureFlat_Small_Hot.bmp

Filesize
63KB

MD5
833b26b05186387925056295945c9240

SHA1
9225fd04a6105106f32b0f5091b92511eced04a3

SHA256
ee8a96c3c332e370258ae57c31cd27dc90ad4f973a7aac5a4b72b770b77885a4

SHA512
0748a8b0b90ae0569691179df19e53fc427041a26ad928e66640cecf7235b03db865761e09a3285fc6fd5ed8d8e3d1f15991b3913bd3792d184ae217d8843512

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013.tbi

Filesize
369B

MD5
ea633bf5af0716ceb0f6d44246951dd2

SHA1
8af8de81ce3827a2905d25d57f02d6a525eb9908

SHA256
ac49cd4f1208acb2f0486cad3222997a8ba539b1ed3cb8397995bd573120058c

SHA512
28e0c86873c3b0f24f4d609646399d14a9ffd078ecd9fb4f6da859d4ec5fc722e54952241fe50fd97078a7a00c8ee609d7002adbe579e5bbe8622cdc01d8b0f3

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\Pure_Flat_2013-Large_Disabled.bmp

Filesize
110KB

MD5
28085d3bded66429aa4895485a6a9cb7

SHA1
9f466f539c635c24de6152f199c47918e10b67b7

SHA256
14121fc780c32c1ad4672bb81e743e0162800d4968c935f778b6376e7946a5ac

SHA512
065bf78f9adce007929bd3934435b2d366427ded09c93ba7eb17b6be7bf82d9a703dd03aa7234739a10e44cce1ad0db5b846e38e4e3e1e6807aa406b5af13d09

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\Pure_Flat_2013-Large_Hot.bmp

Filesize
110KB

MD5
b4d5985c48a1b2d5d846f9da2f5a56f5

SHA1
22649585c370dc9b14660788fef2a068e51b176f

SHA256
fe016f511f976af632fce12e5e91585f5fd8d1950e1a78895a3f219975bd6036

SHA512
436f6f51226f538c3b06cbc13bcc72c91a3bf22feb8e50d18f25578a3ff3a4857fa37f1a95397131fab3db1db13e0be06b280b338057314a4922fcd038960aab

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\Pure_Flat_2013-Large_Normal.bmp

Filesize
110KB

MD5
34ce5b5f9687e9d85c9bf0cfa6b0a529

SHA1
e17353134c0333dcc80faee74205c83916044192

SHA256
2dae44574f348cfa38719a8fc41bc0e45e9bb77abcdb82bbfcce81b2dcbcd9df

SHA512
e42d2386a1068af2b9960566d99cf8465a1e7820531c3bddc6155b08d3df6e673409e9daf69533d73bce30f188b74d7f4021493b2ba39866cf092bda052795e9

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\Pure_Flat_2013-Small_Disabled.bmp

Filesize
56KB

MD5
b9e0e6e9d775113179bceaba315853c0

SHA1
7af9676a10c712614883e90bec3d31f43dc27252

SHA256
150791cf9d29bcc3928f203070dd5f7fbe3fc8fb1cb7f7308b19dcfe69677017

SHA512
4a6d36ce5473aff2322718bf8ff217e3d5f3f0963ee470c1cfc76a5da0e187d72a6e91a63cbeddfe52d10ac855eaf0a8609e0f369622dcd05b14857b00169831

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\Pure_Flat_2013-Small_Hot.bmp

Filesize
56KB

MD5
56e4dd8df1e73a8735be9a11e41e87ab

SHA1
69ab7947d8b23e96d8bad2cba0922f50a546f975

SHA256
590d81952c1490a92cf62476ec809cb28c090cd0a269731aa41e26ee9bd48fcb

SHA512
f4de9000ce3d7a7ff7696f20644d39ad4f284736cf15de8250430a3acd05ff868bcbadc76206faf1f445e9cbfb170c2858893752a49442da279d8b8ae89da9e7

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Pure_Flat_2013\Pure_Flat_2013-Small_Normal.bmp

Filesize
56KB

MD5
2104cfb98684b91541980b544831b1c5

SHA1
cc43d0578990c6e4b30d940a8f32e73f07d60fd7

SHA256
5871b5c80426d388dca9fbd03da5d88b1b249011d5941e497f23276bc2195466

SHA512
b622eb2f34f879fca79c653b92ad5b66515865714838f4fd92624d52bce692f2ccc0a46094e207163136cc1622721522311627ddaf571cbbbd8f5c551007d815

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\README.txt

Filesize
734B

MD5
81f4571d680cbf4b8b3b63fa4af1af1f

SHA1
1ea79bd0766e9fa3ce91fe06771e351caa7f7704

SHA256
288ac7ee86b472a7c12fcfeeda08ecb3ead4c790b69d136f0f950efe6abce806

SHA512
5ed2dc55d2562aed285123d487b276408096de20c9449e89b371ebef83795c9023ad96bb997538172d62ee652d8f593cbc3bf12543d1851893ff7824899946f4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\SEO IDM Toolbar-large.BMP

Filesize
205KB

MD5
a0e694a5525c458ede5b764ac0841a2a

SHA1
e6a529883e57840466305191adfce8447276d0d4

SHA256
e6104e4b328939aa356f76d6d4900be32809c48ff57cff94a9a0db56f2d4c1f3

SHA512
1915115e2a1b498dfed58ddef3eb72706f77529bf978d60b9d5cb48b6defad8ebcc87b78e66a9caacf28e8a96ed24dfaf825daaa97416d8edadabd20b4704a63

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\SEO IDM Toolbar-small.BMP

Filesize
82KB

MD5
6d05b4f2e396f27f8eca4faae1fa0b54

SHA1
3d8c7b7bba88e85172453434eb5ac0eceffbcefa

SHA256
2cbebc75c5763c4a0e8eb8674a1a38802f4530957b38ad820537ae29ce3397b8

SHA512
9b857ff82c611e0a41fa14a2ff1610b41b30d83758282c14fbd8f35e08ec335810dc198cc2ba155435be8f7adcf7f142145d79e0d236630b84b9cda17c37470d

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\SEO IDM Toolbar.tbi

Filesize
165B

MD5
6fec6002cbd295bef7a027b6c798b3d1

SHA1
eb139ea9784f0b60a1c515e534c323802b9db0cb

SHA256
2f96d74bf3f863d258def06ccdecc26c83f35f800f850289e78f86129ba68bef

SHA512
8f74bd594840474c69ff74c167730e16348e45554e84340b812e43e161a519e1c1b0a9e4b0b38afc25c0bb61652dbc0566b6da78c9c140f89b266b3e1b489ef4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Skin2\3d_largeHot_3.bmp

Filesize
82KB

MD5
476ac68b0986ceb5095dd22bb0159b0f

SHA1
51fd433d1c0cf7c8381bf33f7ba31d2492618063

SHA256
dd2e71d9cdbbc21ef635b8d3231967d5dd51fb89daa54deea4f322e56fa63a13

SHA512
b4bd8dc6d28267f949dd9b60d80e6a46f3a667b8d59b9ae7aeb8c4a4851197c58d14991a0be272bccf72014a5a3e474f919e0baf6252d7af0a59f2b308f828c9

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Skin2\3d_large_3.bmp

Filesize
82KB

MD5
6db574e4f5dd7de7ff55adb4b195f1c9

SHA1
17579d6d3622324a1ced066ec6eea279905fd3f6

SHA256
fd59ed5e782d82772a216cf88e4908e41fc8c2d1fd03abaf94aec55355ee54b9

SHA512
f172faf203813461fd928d308d7a4aa0a9a82fb897d90102c7165bab1da424ec131f464ed8db829e2aa479fc7bd53cd0218d85a667355941c9d342d081180cbf

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Skin2\3d_smallHot_3.bmp

Filesize
36KB

MD5
5e3799ef1a3de8be3600a7c265bddb1c

SHA1
b7694aa2b74196ed3dbe7575961637c459913809

SHA256
8f31b8bda4aee3b11f257c9adf18dc495704bbce7d0daec400fe6794e0493e7b

SHA512
15b79da3a5c1631b5321f93b532a32900f353b37379400c848cdd01f9a4147dc3ea26df0963805791d9bd12938e4adb5398ae01b290fe6152b11c1a78e86545b

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Skin2\3d_small_3.bmp

Filesize
36KB

MD5
1d4db4aa42f840eac54c6a76b9267dd5

SHA1
6a8037b6dbc8f6bcc2af81902b4789a05b26d8b0

SHA256
cdfdd5d938ea45f5ae55f205a4331edfff5d2824950233e3b206edb862cc5dd4

SHA512
db60f6fc29ece967bd038705b112fba1143e662dceb90d427431428de8dd907106913be988239ca3ec721f74f5497b386978fdefe514b68d3d229057e5f8c92f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Soccer Toolbar-Black.tbi

Filesize
167B

MD5
8d5c5eeeaa23a866cd04a1d8fee8fafa

SHA1
3097602802b0588098fd32e9c4fce6bfe1ccedc1

SHA256
b8fb55aef0b4087fe5daa447900aea985e9716ff5964569f0e93d580007c965c

SHA512
1a55574c953a7dd46cdb1ab66e57cd756825ee8e3efc4b67b572f9377232b4d7a7058a61da50d9c663c860fa49a08291e4702c36ee3b686fd1b7f212816c37f9

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Soccer Toolbar-Blue.tbi

Filesize
161B

MD5
d2c2c03d8f0a1e4030bb49ac8323bf1b

SHA1
930e47b6b1f203c11984678fa294046029fe5d01

SHA256
b0ded2a6152e4b3f1e04f009da0fef2cd5701e68b73d5eb1d05cf14ffa94d684

SHA512
0f847932ca3d372d67a853fcff41d3b201555ff97bba6811ec5c8af4633d5088eba20826970694e47b76617e884b308d13d03d5562ab5542e3f5b34126723156

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Soccer Tooldar-Black.BMP

Filesize
206KB

MD5
dcb9f2f621faee1157d70b368d5b3328

SHA1
ce4f719714168b1871539fd976a070bb6e5def50

SHA256
d65adef44137cc0e054e5f39d5fddcbe9db82e980a302e19fb0824ee5c24a651

SHA512
3c4fd5af356c553c5bd830bec4ea7c9856a62fd6cbda8191c0593a25f9cff97fe08f997acf71a5745fcb6dcc954875631314bcfd5e43aeaf29a1899c04ea9064

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Tarfandestan Blue C-hot.BMP

Filesize
240KB

MD5
c7b848a124207a469857d08b7e4db571

SHA1
94197acdfac316e7a9b77df38b2f857f3e1f9155

SHA256
16a02083b7aef5e0adc6b4ce3438632afc43deebc984f12ac74adc95e6dfc592

SHA512
40d59dac0d47350555969d171c2e739400ad49a3b511cde51b1c94ac0892678d5fb9d3062ea0174d07dab34af83f8546c0b3eb647d9c91dbcd1c3dc747382214

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Tarfandestan Blue C-small-hot.BMP

Filesize
132KB

MD5
75b75e6f895520f8ea64622449f169d8

SHA1
829f4c95fc3201eecb1c3339e86c5e9d4834545f

SHA256
b375db6ac6b329aad7bf53c673d0e30db30938270497527c0737633020a53614

SHA512
82b3e88e03d9ec8e07512598fb295a6696ce153f56322ea917e80d44357a0536b556a58c0255ee737e762c30bf17567ef148eeb2a70b8a38adb74dbcd0ed0119

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Tarfandestan Blue C.tbi

Filesize
181B

MD5
00d32f50205b1240f8f61b37b9929072

SHA1
1d6284a230622c07de9fbe587546822d662b69da

SHA256
baf616a57b55f1d960a6741b1132b9769b421548ccd85f587b684ee87d775a0b

SHA512
b01df2040266e3cb3638b019722ecd962c1c1a135c6e52553dc8d56782bdab6138b26bf22ba4e12475b6a3c4a8962be2638b1df4ee13cca9ba93067ca99cc9f2

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Tarfandestan-b&g-hot.BMP

Filesize
224KB

MD5
479d11aaec819ef3a0f24736515f17db

SHA1
38d0e987f118fe8f730f9416ff31329bf0f64928

SHA256
d39a230200c9e578d4c36810925f8ad0032164bbca299ce2acfab9c310f8cb97

SHA512
48db744ed7d00713f5053679af8c76f029e564edb766b6ce1e2cf016f7141f546af3580ce2f634de9c8e54bba027b155123fcd7b5ae0b0870c79295308025708

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Tarfandestan-b&g-small-hot.BMP

Filesize
117KB

MD5
40b3cb914cf7034a7d1d77e60a080ec2

SHA1
d12facb2805d6ca095dc40c18d833220db27ef65

SHA256
9ac8051de6edcf9224cd76302ae94a87031787d86abb50f5e35962f4261b1c7a

SHA512
7915415afe15f7c3445260eee73c74493fad4ec8bb6eb258e0bb6e7e2581b4ca43864afef1d41bca355384724ec0dbd013d61afae442ed73c18a8dbf035561b8

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Tarfandestan-b&g.tbi

Filesize
166B

MD5
c94e746dfc3fa9b70bfec4d0271bed9d

SHA1
5bae9a9037842efc835a10c579b3584b1213ea2c

SHA256
16c45302175b2df9d46bba75be5c29ef5b9ab3aa25fbb9b9b917c7370141564c

SHA512
34eda8accd7c21ce9c127bd017439987abbe891e86ed2c471e3a3b13e401d48a2ce336435040665dda8bc6f7d62f45d5867b76d3bdbf000772ab2e8f81bd45de

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Tarfandestan-red-small-hot.BMP

Filesize
99KB

MD5
05a6ab90d2887ca21b2d6f11039b9f07

SHA1
c850518f6fe049bba8a9fbde07788297d53f36fe

SHA256
87d622bf7a1fda46e68f339b4a66b4bd2bd737e7b9855753637cf5b2eb776e47

SHA512
3f649493dd9dc1fdebc1865c4bf15e0cc0ae7d47ec3fdcedb68605c942e0b8a300d7295280b33ce182eebe1976f37f026f624f029ada756f7d07f96c616a0b86

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\ThL-Toolbar.tbi

Filesize
177B

MD5
5e281fd7d99c68f6b154af1ba53ecb7a

SHA1
09d65cb6ffc0ff13b91714431c270dc76dfcd25d

SHA256
f6c4b7223350dbcf69641b4f9d5a48424e8d672c54bd7cacf9b52fe694d933bd

SHA512
9276cc3feaecc916a29157b80fad4e788e15031b140b43b5e5cac7f090bbb743a971ce3d1ca68f02ee9dee7640e7e91d60fb73961f5ff68faa08285715433ccc

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\ThL-Toolbar_bmps\ThL-Hot.bmp

Filesize
82KB

MD5
a9ceb3c72b3fc01b3a70a79e4f0d7abc

SHA1
98452de2020d9f76a85ba9f353b68c02067c5fb2

SHA256
f0311786ae32e722f23a1e8993ebfc2256adc63a11abe6e6142ec0c512bae324

SHA512
ac1184023bfbea8226797d91f56e795a4f4d486b92181354ae5d08db8d09678db438fc7dc9b43d17f7c0c83c432c8b191d59c7330b091474685c1290aa09dc97

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\ThL-Toolbar_bmps\ThL-Normal.bmp

Filesize
82KB

MD5
4768842c4c99e2010696925f4a5f526b

SHA1
3465298d2ce98d0e2256583dd3b40c9d069eab97

SHA256
adcb4327d3e39f3e1cd732918c5e2f90a7e46972be124f8818fbe34416a7be06

SHA512
3c3237564825fac3ca0f8e52fe4e6a2135012c804211851ebea4e6ecec66b4385e5e2464903885a5435e0bdb9d38ea40a63cbd9779a88f9f5d703fdb757bc59f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11 IDM\Readme!.txt

Filesize
349B

MD5
bc3cd9ee56e660b2ed8d4edacceb0d63

SHA1
82a268fe5b45bea436a146c286dffd13ab140f7f

SHA256
05db305b9a64b45e8c9951b628a6ef20e1ef4fc5b6255a1aee4152a601ad5966

SHA512
505beab1146ece501fff076bf10c2dd8a7a5fa31e979bab03674768f369b9704de3805ccf3b7649d1048d66f92e32b77d952ca4978ee71099b7996ea9d98dbd0

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11 IDM\Toolbar\Windows 11.tbi

Filesize
356B

MD5
842329157ed5638d27f52f7b013947e6

SHA1
dbcf95dd3651e4b6fb276384cc79827d2add2bcc

SHA256
bee8bd9d6f777bbe801e69219571067bf6adb74a35348631e2413f9ded244362

SHA512
554b0aed0395b799cbe1c98dc4b21f0357260802593ed8544ed95ff5c877ea64bef6c6acca83d1b6872080f435049509a1a47cf8cf4c769ff322167eb653d66c

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11 IDM\Toolbar\Windows 11\Windows 11-Large_Disabled.bmp

Filesize
110KB

MD5
1a1261004c5f5aa4c21a44f7ed6ff50c

SHA1
b799a8d1c454937a3d0a91ff3a0b43be9ff2c269

SHA256
792ba20b1b4f508289c9e1d039dac8bcae492fb97ac8705978855c163197c0e2

SHA512
68fd378c416569e249ec771dc7d9c9a2eb9769b535eff5a8e330ddb5f298f8efc5c6409b9d2d8e2c67d906967f6fcf71d86630a6ac9a678ad3bb9f3a22ab083f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11 IDM\Toolbar\Windows 11\Windows 11-Large_Hot.bmp

Filesize
110KB

MD5
24dd6b1ca6ca151d937ac135326e9566

SHA1
181ed6acdcbbf8622344a5341b1ec855f82dea76

SHA256
1b91283e4d9b1c952ef76e84751ee3982a61b97500d6b19706371636dff286f6

SHA512
7d5a6c2aba91a281a02b1c0d4661fc3be0ec85ab1735e1d54f86cd9c933a923e4e453af8135e3b9b7e61528850f6e186b36f60017246c6d571212dc4f58a06b0

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11 IDM\Toolbar\Windows 11\Windows 11-Large_Normal.bmp

Filesize
110KB

MD5
bbde097e9d205a2a5fd1e70ba8ce3b8e

SHA1
b76f1a424276247928caac575c60ee8dc4a4e496

SHA256
cc49959db7ec8c83bb69732ca820da4d6c195ebe6a037ee8fc1ac740dea5ab48

SHA512
07d8e003f4d64c5b6deca413accf58106ea369664905af55372c35859f570017df9dc6e7a94fb5ade3c9f03f47eb37cd8d53cdea9709c54834066384287f7099

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11 IDM\Toolbar\Windows 11\Windows 11-Small_Disabled.bmp

Filesize
56KB

MD5
a40aae9391c31eb7ae9febae3a378842

SHA1
7e4f99c794167f35b859bf46659e7a879165e5ca

SHA256
fc72f9df3c4c9bdbec554a5af857a7a45bb074ed97e9170baafe2522e702e90c

SHA512
e3a1e58816081ec9cc111ae8b1b4311e57f8ee2c660e34bce10afc9c1ad49bc08d3f4f1dc3aedca53f56e910080c63cb612997ebf41bd3e087e30a898d5a48eb

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11 IDM\Toolbar\Windows 11\Windows 11-Small_Hot.bmp

Filesize
56KB

MD5
f241c629ae0c1047c6e98c6bb5b117bf

SHA1
9c3ef7a098b2051ae3a611163f699624e7a8ee47

SHA256
b3e2101642415ecdb1b3af84491397a3765ab35b35e402c9db3195e948e4c82b

SHA512
ea251b8ddd026ccd85611cdaf5b7c2dbcc6aa2fb721da5dbc15024499a779734db6db1e72172762c42b55ff7cd2cb3fdb25e7cc5dafc78ec49a5f46b9e904610

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11 IDM\Toolbar\Windows 11\Windows 11-Small_Normal.bmp

Filesize
56KB

MD5
850269e730cb25dd678cb99dbd7e9b12

SHA1
c8b0da71d23df17b1798ba25447a99a6ff3be9f5

SHA256
bae6b2f6b162645b044a838a5548a8719c6332eb62dc1918b30d2f3e7c4fe5cf

SHA512
4282a1bc5e0e6187e8ec5e8a6e223f80e884695e02738560ca9993b4eb0802e0d76787d53827a3a8ffe4fb6150803df04f57b0101e4302feb8bbdae39c940efe

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows 11 IDM\Windows 11 IDM-Preview.jpg

Filesize
667KB

MD5
35c84b6f82390ba113f67cd12770c6e0

SHA1
bb122e5880e464a31516710f81c4061ef5ba1de2

SHA256
d8ff5162aaa8aea739b655ce71e3700b1c116e49851c3eac755697446776924f

SHA512
8ce3aa0e7cf98ff4ab4c932ce0cbbc5d6ab7c9ab63876243e6530aad547a5f4cdb4e2b0f78bd13c7ed7ba9904f71905d871d78aad4aa7a6809bece5321d902df

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows10.bmp

Filesize
110KB

MD5
2efcddfbef5c9e7d0ba3227675c60a2c

SHA1
aeff4b5c843f3aa4ef54e7946f01b3b6278e19a8

SHA256
e7bd71779d9a1b2c3b67226c82293e4267627c3761c747f18927ee5a2a5668f2

SHA512
1ae27fd8b33edf5ccf034793132486643ff853ac52f9599e4a0df75f3d5ae8830f66309948e1a1bac690a83d7e309680f084c282af5a43f4071ead43338b0e65

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows10.tbi

Filesize
110B

MD5
8fa9e32c44254ab6180cb573d1fe7fd3

SHA1
da3d09c84e38a192dbe48871483e282e5c063dc6

SHA256
4915dd7576102fa4716d940c037ba3ffff804604fea5245e2eee562bcdc95bc0

SHA512
8891fa3d6881667976a5f5be931f820d6a13676b5b7a7f94f0826ed05066d81501f977a5713936ebe51f23a3c307fd650bdc511ff12db62ba8b85cc8553e5d26

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineD.tbi

Filesize
430B

MD5
af00e53778481104b44f94c3851fc32c

SHA1
c5de900b24c4f88c261ba53517faa1627d8d617e

SHA256
b35e928ead5a2eaa2d36c807a966286a4098140cf57a0bbd0bb641e3d4c20313

SHA512
3fd0e294e811a3fc62cb6a643c4cd1b33d4997f5c0596b3b051cab33e3517be2ee2cbf2c2b32ff3b9ef1c40a743ee9df4e3079c9ef38bc022ac0be8b6b4aa9a1

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineD\Windows_10_LineD-Large_Disabled.bmp

Filesize
110KB

MD5
a2e7a1152539cd6a52091cfc3ab2fb2b

SHA1
1c1fc3ccb4847f3fe69240b5627e5328e59d80a7

SHA256
0531214a862fab1e9904632029c5f4c9a895c9ac9f8040a8e66b96758dc8cefe

SHA512
d5bad841ffdff769d58ba5bf025fe57b38dce542b7d4fa6d5af91e5e1fcf338e2c184606034156a6d2f0a51e36269de1a2f80a025865245ff9b85ce13aa61312

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineD\Windows_10_LineD-Large_Hot.bmp

Filesize
110KB

MD5
4cb7578154381f8b1741da9a04d73243

SHA1
13b612598bb91bd02f125e60bbfdf26cf3d0ad81

SHA256
7d59da6ce20d25c632d10aa3bd1e7d3b5fe66d1c569df66a139b66f325b43450

SHA512
42e856799b87ab78892192ee26e89e2a58c1ea6245b15200ea4bb5082dd4aa2f2b43b3ff50f87e7b0a8befe6e38b11a8cf1d3324381b5dcd9db0dc995827cb37

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineD\Windows_10_LineD-Large_Normal.bmp

Filesize
110KB

MD5
7cfc60afd9bc1a551c8c1e6076c94411

SHA1
e3745893fa5e42a04550d1a11c4f8d8987a474bb

SHA256
f1b08423063582e03f575a1df422a302672f1f9c847490c16db3f022e874ac04

SHA512
17e7a280d7400863866a88b84ae231e43bd769057e70a9fd2d82c730b300a173368dbfb504302f2669efd584a40c129d2340aecd9a4f8b9404adcad020f6a6d9

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineD\Windows_10_LineD-Small_Disabled.bmp

Filesize
56KB

MD5
c1c828e37f49a335bf259a648aff1962

SHA1
0e521fd785ab85b202d6044e663679cba92da609

SHA256
78b93e75324baff222d30652b80e14eb0119bfb8050aff526ef5b3aebded20fc

SHA512
3970be682d74bed12fe5bca5a56af20267778670e9a628607e455da1cc0a46bfd34e36faf7b68b7769aa1ef43aa3d26f53daa3b399951b80e752026199c13689

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineD\Windows_10_LineD-Small_Hot.bmp

Filesize
56KB

MD5
ab7051228378c17cab9715d6a76040f8

SHA1
0ea37de137ef291cdd868448423cf494d1c6aeab

SHA256
f3f506a5f1decd88d4c4b2ffd3db871833a0efb00f872f0a0bffe10763811d39

SHA512
14987d6f6ce00800f5d08af95349a03a2abd0f5548ae2e3a79dfbb8228b7e82440bfe20d8c24fb91d448e59c9db84ab9ebb284b392bc2a9fb88e3fc387011875

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineD\Windows_10_LineD-Small_Normal.bmp

Filesize
56KB

MD5
91ec028694dd44c596dba946699e319e

SHA1
15d1cc73446aaf1bf8a5513a8bcf69cd9abbc7a3

SHA256
8856d9563b7610100b1058e782738ca23788404766d2e8770e6c1e7a112e1ebe

SHA512
620e21ab213f764fbaaafb8f85de2ab049da44c2030ea5a4737d2f11f5e32a7650131d72560072fcf83d743a905996ccfd493326025ad55b0e5d814b9c16eb38

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineW.tbi

Filesize
430B

MD5
b44f3f183db1c0ec78aefccea86a7876

SHA1
f3817cebe29d1f87e8462405cc2aba6541e9e8ba

SHA256
bdef917049ea3fae62315bab702df8da9371ffeb4b9bcf56946d8a677567d86a

SHA512
d50b869786a448b88b8aaacc916043caf5c2c22eb138a51884bfed06acb35740a7759442a152217fb678be31374ccff1ecf80efb3d2a8cc2f79ceb5fdd19448f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineW\Windows_10_LineW-Large_Hot.bmp

Filesize
110KB

MD5
64891c7905da2815f55e2f33ec361952

SHA1
dd4693f1c96103540bc573e394a657c685aede89

SHA256
247227cbde82aebca668121bb094ede32c2a8585d5d9141430cf35a006c9e512

SHA512
6d6060f22b76fbf366c911eee7ecbd989a36f5867f54f46c7ab674a94e1e8ce59e0c213efe2aadf3fe5f93ef7b1e5c591d37ac9d6447a60b0d4cb8f04a4f315e

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineW\Windows_10_LineW-Large_Normal.bmp

Filesize
110KB

MD5
02405f7a1d1393da7eb78564196106bb

SHA1
579e6bfe30200b5b54343459d44267bb18a4402b

SHA256
96f9dbdc7d43f978bcb06c9dea519e002137d0a83e245a36cfa081c749c78107

SHA512
2ec7087d323871ff8a2f70f86d3b305a29c584c06a34294b18e799cc92f5baacfa52e6555c090c2da9dbe8f55a3200d4e68de71a37c8f9bf1bc7a61cb50dcb08

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineW\Windows_10_LineW-Small_Hot.bmp

Filesize
56KB

MD5
7bf6f8aebf35b78918ba2da0df1ac644

SHA1
3099e6916ab2f86ea93b8666567d43955c5c5757

SHA256
26d04f40d890d604ed387130a63c0cd5ae1ae5cd40c5027c8b6a2e4a5b506a2c

SHA512
ca003075c4bea59217a88c28700d73041f6751f052dd865ce9e8b3c3af067fcd5c80a8a01d062908b0a60f333460d5c8ed3707bf933e407cf6e7f27fd4ad7f3d

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Windows_10_LineW\Windows_10_LineW-Small_Normal.bmp

Filesize
56KB

MD5
fd93d1be10bbdb6f45a55617a33ecf2b

SHA1
a3bfbfac106be818d1c2e5e5d41b9be4a0198744

SHA256
54355791c411b1d1572870d2d52d3d6d4f5aea34f5091990e16e5c3f6b3cb1e2

SHA512
48509dcc31e7e95bfa7ba4ad542db6128b3a6be0b4390d2fd424a5fb5525e3668c8c51e73f2f74fae1209ce4b020ac15519ee360de501ceda2cc2939bb91ab7f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Yasser Divar Glyphocean\Yasser Divar Glyphocean.tbi

Filesize
181B

MD5
5a9a95bdcf15188d730256bc58cacf30

SHA1
918ef12f7084bfb6beca2f7cdd68350a825bc428

SHA256
3fc3c4e5e136fb4ef79491fa8d8c095ddfc615cc7f8408b7ba8b3c01abf51337

SHA512
f65b1df5fdc3932ccbad7e8798f47cfa969ac512389fdfe8f2ba06eb05b67a171259a8fd4511503a0f59ebdda1feafe63362aec8b11206c84583baca6a291dcc

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Yasser Divar Glyphocean\Yasser_Divar_Glyphocean.bmp

Filesize
108KB

MD5
1ae80068a114a5a82011fcc9e06055c4

SHA1
c6e07fea19c1fb48a98bb2cd3d0f9122c1c51fd1

SHA256
1a0e748af52ef261d9ff7a8e2e8ea1b9027c67d79bf950bda287cb026ce229cd

SHA512
079d4258ad67cc4aad9094a061688e10d4609208e319ebce5818a7a274f97340c86033953fe4c40db27c31266c9956c2501f9d97fe3eb4c393374531b9f1e1ea

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Black\Yasser Divar Black.tbi

Filesize
151B

MD5
399e42a193d8fc70ccd59bbac85e1439

SHA1
cd9dce5700ab862d365bb1a69e78f49b46b3570f

SHA256
e13abe2170f1ba522d9d0da19d94e9a0a0b10b5b6ac9199ac606f1dac10d74e0

SHA512
6a96b06157aaf7d6bd36d1af24fe61a01c044987d688931284402c3020fd5a50aace9a17dadb1c7ccab29eb6372551682689cc605a0dcd092f3cb838dd3e62c6

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Black\YasserDivar_Black.bmp

Filesize
108KB

MD5
9c049d7bde2e02757d6362fa72085509

SHA1
f892a204e3bc6cf58ce45c7cb5d16e1e06a442bc

SHA256
fecdd2a80b29ac4ee473fbebf100de0145a8cc871282911c6f0da937e5df389b

SHA512
4b71ce9d6383e8a67a17ceac32aa49bf2fe5cb7f6dc3a389d50db1445f60db1c0d2c22c654216ae39621def23a972aeac2ac5dc4f55d9b13a6610c1a8a8999db

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Coloize IDM THEME\YasserDivar Colorize.tbi

Filesize
174B

MD5
dc3cc0358fac88ad8bbeb5a39e04bf05

SHA1
cbd9b86786265a7b15e41ad44013727f9db5bfed

SHA256
e8504cdf569ab3f3c79197ca6ed1e12f1ad2d7d822674a6c8bcfb3b06d0a1843

SHA512
357aae67b3a28223e8ff29363ecab5da5c0013ef7655632caf382e8ea1bb284121ea8f6b846f92bc82a15da1572b9d88979b2c20bfce97bf154f300d634230db

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Coloize IDM THEME\YasserDivar_Colorize.bmp

Filesize
108KB

MD5
0f2b92e818441ed4a978adfea4afcaf2

SHA1
5985678702f074d7d8e66ab812aee94248e3ae72

SHA256
99668ccb50077fcbcded93ef61fec005713648907cafd6a7a32aee793d888dc8

SHA512
3ca6b6a3bc6f9666020f9c71237836962d786fb29380782cd3aadd664b27b8d5357d131002d8e8b8433eddfe2a6eaaff16451e45b6131e92c780d1cac6d477b4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Coloize IDM THEME\YasserDivar_Colorize_Hot.bmp

Filesize
108KB

MD5
7d9c5d20552a9294f4716cfd71e88cd5

SHA1
c0968e37ed59fbc6ae83aa578f76e2b6a0e330d7

SHA256
706a46b01ecc1151b988c7b758563769ad5dde711785826f44cc7c1f5445304a

SHA512
9799480b7b2d432e8824a936686b031a945234e373c05b06f7ac9e840ef4fbb50a2f8abf691a6ce32aeedc5eeff5c6d6145a049662c8c7cce61d83ccffa14294

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Flat\YasserDivar Flat.tbi

Filesize
154B

MD5
1426452cfeae38c893bd381ae76f67c0

SHA1
4969761b956fb2ba7899528e8555220db1fc84fa

SHA256
eb084481ff63f02efccc1659700f1b4ea5bb38121fa259ec75ff9e110cd2c573

SHA512
d590236b464e9b4ae4d1d56fe4569f09f5a623815e03bc3a96172a888cff563f276dcf0520b58eb7e3cf9ca65ca2121e2c90b175b6e91f10c24b10262b4d38e4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Flat\YasserDivar_Flat.bmp

Filesize
108KB

MD5
0d602e1d66a18183119b079da355947b

SHA1
01e3ca760825e618d7a6847da4420fa575bbb0b0

SHA256
ec83aa41f19c67e3cc77d170cffc5dc5ec56db6b0b3ea3670d470639c80b8686

SHA512
87c3f0e3aa67e8d85fcdd7f6cbd6c91f970b0792e5d11d0cbd26e866f807037cba1d27a1d6ba7567eef3cba2c6eb1a364831c098f150853a6a1622c10dee54b9

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Flat\YasserDivar_Flat_Hot.bmp

Filesize
108KB

MD5
a30212f61ce0aaeb276f7f46e34268c9

SHA1
8ae45cc567c9839fd048303c6fc358ac9fb93c96

SHA256
12d050f69e739d539556bfb597a80bc7993b3ba793f5ee76c1ff66cc42aade01

SHA512
d69be0716c6805aa6ad813702f7866a292c718227c690b442e7acb232ea77ccab7c269a0211f0a40a7e0c1cddb8bcd72e2440c26051274bfef1afa1f889aa2ab

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Liner\YasserDivar Liner.tbi

Filesize
159B

MD5
8cf8bc34ebacad424b44ddb038e79789

SHA1
a7226fda38e0c8142c2479c675c99fe6b14d6ccd

SHA256
41aa2e513092f29a3c35fe9f58fe1b84ae8faa8af9f5c1a84303dec5d7a2b598

SHA512
d7a619125ed06f2cb6e99911ab5eede0b6118f08ef4c79424755b8f5edde33775806096f9083a50f284710866cf4c9382c6e90c00eaacc1400fa1de948fcbea2

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Liner\YasserDivar_Liner.bmp

Filesize
108KB

MD5
74d29213c09667de87da0ac2c143a34e

SHA1
bad0a4bf3074dddfff6fdcc6d50044525721a303

SHA256
7a9c059ac828fadbdcd1881f68599d64e355afb274238d1e187849adcec1ec01

SHA512
4445eb8a50f7c85e69607beeded30a568f4efe68bdbfd989194530ca58fc3530bd4b3b3af2f0180d9f47bda09d292753733323ed5355c229a90cbba818c539f2

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Thin Line\YasserDivar Thin Line.tbi

Filesize
171B

MD5
758902fb9624481f69e0f6b4c24e70da

SHA1
089a8fd331a9b888f094375ad22c20a82065b7af

SHA256
59a18c6aeb5f65f95cf1ae42f915aeeecb6a549452ee1b4389f04883af97df8d

SHA512
a251e3b85e1e055577d8ce0581266c884ad3aa596a06f293ea391467c5d43af1a13be144c04e08b130042d77e098b64ae7938210e6fd5ce85f71841520a31512

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\YasserDivar Thin Line\YasserDivar_Thin_Line.bmp

Filesize
108KB

MD5
60733e19244f4e2c8042fe65c8e26e6c

SHA1
2127c2c45aefac206c54f75b12870d789d01f2f0

SHA256
b93f3e679e617df36285b28b650a851ae6b9fe3bd7268821623c0675572727b7

SHA512
3ab2cd9189e1421ef5333f306af3524990a7a0ada01b75de33277bb8a88c6f0db8733241956a3256a28b8163c8fe31e13fbd9de5aabad8f7942fdbf4f9ed44ed

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Z-Style.tbi

Filesize
129B

MD5
819daaecea5fb11a03fa59b2756844a1

SHA1
2a4e7a9c6eb4c161f514400450363424635b662e

SHA256
87e5d3d6b577fa5475881e449c664af6573a97a7e1ccaed08e024fdfebb8d016

SHA512
fa544503d5dc0bd628f45b08401dfd1cb80f891fd44c9f753abb4d90a2ded987556ae411915e1dc1c38aea0d9a281fa4d33e7e06cdae5a317e2f1b9f18dfa2ba

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Z-Style_Large.bmp

Filesize
110KB

MD5
233d156748bce28c7f5610f724ea1ce3

SHA1
55675d25b5c32efa2df8d4848ea43398d2be0d98

SHA256
e7cd19e8b7689be73510c0470c372a5aa793899a4c443640dffe6c4d332045b3

SHA512
e1f9b12b464fe0a21e3d7dbb54e7dd1d23f132d682c61abe56750fe8178cdc2674f26a6ea3bcafcea447dc6ba19963fcc3a9933e91223f086f382c6381df9a68

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Z-Style_LargeHot.bmp

Filesize
110KB

MD5
162bf988a629bec701ed2693ad9bd2e7

SHA1
d2f5b0f31df5c7f4d8763359e73d38b0f8831dd9

SHA256
e50e2132f22034b768aaefb78f2826c95e6dc1ec8f837a38bb23d6a99f827c95

SHA512
ff1bb9b8150e17556ef9277f0fd3ee0f4d02e659aedd78badd477f49b5da471d1bca93593eda85c4ff853c431860fafaed80e1750d97003f6852e022c45ea90f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Z-Style_Small.bmp

Filesize
48KB

MD5
17a4f6513924af42b8c7c36ed3a54fe8

SHA1
b6c07ebd740ffe68712e9873f7487724320620d2

SHA256
ca49f6e3817c3c681ae7276050ba55d6c3bcf666bbfc04061690828ea495e3e3

SHA512
1d23d99db193da580ec6e22682d6769f65352ddca3a350273681ee136d68d558d12c68fcba6e89d376d3a0e86a3670ac48976c7f540eaa218f21bee2dd64bcbf

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\Z-Style_SmallHot.bmp

Filesize
48KB

MD5
145d95c60ddc0e829146ac4440530112

SHA1
e651fdd4128b9924f0812b6dbd3fd547206d0240

SHA256
ef11ec466efdc2319d6511e690aecc796d61e28100407f21a9465fcdd77881e4

SHA512
c23f0c6287fab3ce306315f4dfc3b6138f4ffdc2808bdfed7e6d4f256761ecb626cd13ccd63b15f86a282873ed674b77183aaf96d54b53396bcbe4cf702293e8

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\black.tbi

Filesize
109B

MD5
dd5595f89dcd53d1bf510dd1fc9ad68c

SHA1
ab0e1efa905345643d1b4546b6c8f5d69c257393

SHA256
32585d0a8ed7484e12235fe5fb1a463892b23d8223a19a85c0e6936045ac3534

SHA512
33498c9a810aebaed492d10c88e9624df9686f15a4a3359566f46d0918d240b1230b0b5b4bfa76a963d0016ee50f5186cd9319bf7d52482ade69de5bbfedb88d

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\flat color.BMP

Filesize
82KB

MD5
2121ccf3508cf15148f92dd8212c02a7

SHA1
d491406cc9998ceea5d71257f93078fb58edb14b

SHA256
38f48e70f66ed7c91244be3387b311008d633d46c829f99edd2d6c527d374244

SHA512
bb5798337c149ebb8a3fc89fdcd14ac5d1393b4b0aac72b3fd5b677b1af0ee768201fe5cc878b3e5cdfc363b92dc52b791f2893931977e663a44951212b7b610

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\iOS_Line.tbi

Filesize
293B

MD5
ffa83ddf50b68c167d8761368fe8fd08

SHA1
0e6264a1c4709f7f512ed66ac6bdafb810970ec4

SHA256
e95195e08b9194569931fd63fb06af650f9f66e23c9fbacd1b4252a515e1be42

SHA512
ecc23c824b11c48315cf0cad88d79d7545d8b772af7d4b29a45b9b607042098b8b0f70082f427ab15dac15f1cd20e72b21f1fe3267c93afa49c11373ebdfa29f

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\iOS_Line\iOS_Line-Large_Disabled.BMP

Filesize
110KB

MD5
1141a2a868033b0d9acfc74246cc967c

SHA1
a0b779017a1edfb3f63f5d52ba5b1604c07daa37

SHA256
24616efdc08d4745774a81ef9a5cffe84335366ccbb094e364558fe0b26c90b6

SHA512
3b5370e2110b8568f6d0eff6828dff1f3a2f3542b340d676e1f283a5e4560fb51b4b0a17a345fa8097796fadc1c5877c552cd03e7374e94200b004e6d261cbf8

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\iOS_Line\iOS_Line-Large_Hot.BMP

Filesize
110KB

MD5
086648ec78e5ae0f19f8d5a513c41d13

SHA1
39b9bc7fd332fd57eda9b94c5cef98bfd03cff2c

SHA256
9f00b1b64cc312c0fd8555536be3816623b3be408bb89fa207fbc271ef171f7b

SHA512
9a9df73350f01798550a7c8a59fd5e63c88ca28e740a03234bc1abda606b880dd403c3e4e6496a10c5af17de430297a6588f78cb30191774a520598838ee06bf

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\iOS_Line\iOS_Line-Large_Normal.BMP

Filesize
110KB

MD5
3f05aa3db94f083e7db657e5c777eea6

SHA1
b14ec79a2eeec321dc2fdaab2536a3628eae9abf

SHA256
9cd0844f9222f4efe089ac8d3a23285dce2de94d6484448d0e6227424423d9b4

SHA512
46b38521c30c69fa88f251bade226d429734cdd2f4b94a573f0724a12ce4febbda5f3f8dd4c0269fe7531bae22e5cdfded23428bf377180615061cf62da57f01

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\iOS_Line\iOS_Line-Small_Disabled.BMP

Filesize
56KB

MD5
b9df46e902016f6d4881c2a2986399fa

SHA1
813801757a1456feb477f659edbc99899d06f091

SHA256
4be88250393c6440e1fc8b86baba4234c354b16053c4ba9386c4299fa56e09d1

SHA512
d5b207788e07ae0b707e92a9e5733c7cbfc695e5726f4c5fa20383a112ef73711a435119fffcefd48d755a52de4b4bd7b6bd68f26e27ef16e7428477434990ad

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\iOS_Line\iOS_Line-Small_Hot.BMP

Filesize
56KB

MD5
b2c07cf83c60b2fc92c40c9afd624978

SHA1
e50eea3f63c150779901df794053eed3813c0d34

SHA256
63029d542296c4633dac60f27fc297b84863c1c918fe2d3562b8bc02c2410b60

SHA512
a03b6ea86e92e3200aea031f214cbc6ad95117f463e7407f7fe5670082410c42ef09305fda073b0fe6c8ef2977a6c0b90933442994fade9147d772fc5b95dbe2

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\iOS_Line\iOS_Line-Small_Normal.BMP

Filesize
56KB

MD5
999cbf60b0ed02e9b53345afdd034035

SHA1
d0ab6676e8158998385135a6e40196bfb8a3911f

SHA256
e5c858a3662063ba21a4f2ec0ca99e0c63a03bfc05b8b8fe22ceca10dca2bcdd

SHA512
0dcb47539c93227233e60e5e4603d1cf75802679ca318b4fc5442bc53d372ccbc28e69f23c231351f76f48e3924d581778335d7480bc4738e37113d3e9e526fe

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\kiti.bmp

Filesize
110KB

MD5
423e38c5312891b1e36a11a53bf01cd5

SHA1
5a932c176557757f1a755ccdd340f11bb649cbfd

SHA256
d6983cc32a0f3687aa60b9c4f663e29d3a73069116fb9ba264af371814e5c1c9

SHA512
e88c880863be78097a14aedc1cd2e0a7e8d9d986335aecf3b8945fe9b69efa8aaaeb4f647e8df3c29ccfc0e920fcccdf2fcd3b5bb5bb598d0207c38e24050690

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\kiti.tbi

Filesize
90B

MD5
7870a22a2809281a37effc1560af7fb6

SHA1
ff2fc1b1226c14cb727060da2d41816bfb52de5f

SHA256
9001ab154f8d620cff7ff0e6516b93e9f2c3f6601294815ea728a88cea82554a

SHA512
07de6392bc9e6880253c8cc01897da71e81cd918c0883a967217fe4c1cc86605c8c01ffbf37e937d6f528cbec37a83342b74e29f39eb42e37cdbe23d039cebc4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\kitiHot.bmp

Filesize
110KB

MD5
10357ba35bb74a742f041e57554d99af

SHA1
a127e83df3ca964b8ff39caac995780033b9bad5

SHA256
2f61f3ec69ff49b955b6b21b46530c38f7bbfeefdb10370e8b711d1ec50b35ec

SHA512
252cc424d6b3cf72274bd59626cc288ad1d2689620787220440597f728bd82e4cdeca62da262012b87ee666429983d9798cf0ab27d742aad354960c5f1c2592c

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\luckyToolbar2.bmp

Filesize
110KB

MD5
b62bc7a9804356864aead8471aca5f90

SHA1
b2cd99013c6e4f10466a5c4ca7d3bfa825217e0a

SHA256
6781afe20e5c630bc9d7cb80f4873b306799a515720c91f4f4ace0a12e4b574b

SHA512
5e8e55a766d8f7a9dec8d3aef55a00f001b529dd199d3357e05b0f6611c465e929f389192cd08e0395122c5463ea968efedf008daadb29c714fa611a6ed8cea5

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\luckyToolbar2.tbi

Filesize
126B

MD5
ec517ee017d60262476fe51679ea35fa

SHA1
bd7922b5c5d23642d20050c945aceda004776e1f

SHA256
65390e7243775f079e213e1957e9d238f3a8e44fa26547a7bc20234ccdc558e8

SHA512
cc4493f71b8c8d64f3e0398d188c242728913a1e0ff766d264670d61e96cb5bb950715a1dbc62022753d16678bf5d040063273932ebc53e9e1c0ad895a9d9a5e

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\luckyToolbarH2.bmp

Filesize
110KB

MD5
5d3db40bec340e7a3717b9773ca10797

SHA1
f69b85b632ad73277b1b7c08069cb9c2e2fdb7cd

SHA256
066e5eb7d8c711d5e1440a31a7794d17905c2ddf5f8ca63c297d47b2b8cb2f86

SHA512
9b0c23db2e63eee612881b4f026f988f2fbe43693fd2acb5f851add5402e48ea20800bc959a38bae09effd5d7f0fe37b3299eb1f748d070a91358c9ba25f30c0

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\luckyToolbarS2.bmp

Filesize
48KB

MD5
03751d7506971ee2e57e5d4f381dae82

SHA1
b45f544c619f5522c721df3d7b04a067ec5d128a

SHA256
f959a2cbdb40a97c20720e0fa412204c3b8e98212d9f4d413246a79d35683344

SHA512
a5ac85578fa9688b77415664d00473fc73ef384e359ffa50057b3896ce1753c8a5f8cc46790b867b2f0ad0362b55feac06ad08e4a27d6b27904ecd623ecc719e

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\luckyToolbarSH2.bmp

Filesize
48KB

MD5
4df4f34b343297defee5a35a7a21a87d

SHA1
658bf338b0f7e5d7bffc9a8100ab72892cfe0667

SHA256
66b8f2d3c556aab3b0e4fbd4cee277534277ce9b8ebc054f194d4d927cd2eff7

SHA512
29c9009d61b786fc9329bc109216d56ea9d8b9368b631c40e60ffaf2ee98c3b5f6a215429c3b5339e3d53f09d7175b40cdbf68fe5fd8a4f25f1ea1d9c5a6b695

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\metro.BMP

Filesize
82KB

MD5
994c8b47a622fc358922892ef775ffec

SHA1
fa0d9364de0bf45be37180169715e50e1e60588f

SHA256
21b47a9ef536cc2d40b945b9a9941f304429cfd821863858d22a5791d0f6fdc3

SHA512
19318f5dbff68d770fd56514d04b9f3eb1b30684264d85e7fe67b9f61c81cdc20ec286f343f64daaf586ab5d9f62d40d83b2995bd3dd25888fee844cd9344686

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\metro.tbi

Filesize
108B

MD5
df06459f832d9334b84b0a2fb1fb9559

SHA1
fb403a867a05695b7ec942b6b58ea9d455321c16

SHA256
79592a91aec2f109c44ab042d0149d8ac73b2142a7f15c6e381b948c34098cda

SHA512
f7bb4289280997c3d4518bc3f0e9377f8adcb630291da01352a9ab24f97086cdf5d884ad2d9d4fa8cfccb92de7c382c4797eb862e547931e0c6a0be5bdd10234

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\metro_hot.BMP

Filesize
82KB

MD5
97e0c5638ccd25c203324cc9a60bab29

SHA1
6e6bc7df8ce51070b29a16f8bf4a414496187633

SHA256
81ecb109aef65d6bcb9816e9a9aaa6970be0102797038f0e138c162697f070e1

SHA512
19f0773dfec2018767e156cf8e218c6cf73c6220ae5387356de2759d858b90b4d0e10cf312445bcbe30ea4b9a69a72856523806ab1f29380ec3160059d034db4

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\metro_large.BMP

Filesize
94KB

MD5
dce0c6fa150424e4fe2bb5f412189f30

SHA1
286bf2e1911908f0a4aee474468ae625fe14c039

SHA256
dc752d68f9ef6e4e2f658210096ccfaef8e580fb6fb473692237ac9a6938278b

SHA512
aee24be9327941b815099540a29aa5bec17aa4a5c207099a3da56da4737f13382d3a007a7eaa7e8bb3f11a6daf920ab8fcdb4c8a168713c1af575df9d0a4554d

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\metro_large_hot.BMP

Filesize
94KB

MD5
6f920d5f3ace87d5f8abb34434989ec2

SHA1
4dd3431109888cd8701605f75f145b82941c8785

SHA256
3c4b5edf519b15d462015022ab7df9796a434f54f4edf24d87d42f45e5d7e165

SHA512
3eb7c5b87e3d8f8da7b9e43b82877716ba4cd0d4587ccfcf4b20849cc94aa24900e38027f4000d131df082cc52eb8ee6b398c6e2b78b865b56d82ab3e2f6a4db

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\metro_small.BMP

Filesize
42KB

MD5
137520019923a88160c50a97d5bd9d2e

SHA1
4a2572c79cad181538d865b5f3b285716118a927

SHA256
9f4541c0118fbebd2cd2844fce96a4dae6997c1ec36d8577e2ebda87089f9a71

SHA512
0d2116e40a4c0ac8f890f825127466aa7723dae06c1124a567119cbc5a1488321e2fd39bd6493ae9f309a4bdd805d7fe20fc2e5a9238835e8562fa57137c3435

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\metro_small_hot.BMP

Filesize
42KB

MD5
5cd51d17d0c44f847965cd99538735d5

SHA1
2d5b858aecc0add0f85b9d7863dff34977389dec

SHA256
c89adb78fb3deb0ab8fa5b2b8b8604b9ddce38e90e27b48a0ab90ede708915c9

SHA512
654ddaf487e310fdf856360f4b2338884254832d5682665e0ad2c00527b314d363016ff2799924214006b22b95b056e7e407fd52fe1e28686743414771994ce6

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\neon-Over.BMP

Filesize
82KB

MD5
7995dc42a1d1a370747d2be0758cfb0c

SHA1
9f9fa4ee48aeef4a5f4faa35effa23b7fe01668d

SHA256
fa8b2f81788c43c2c0e80a554fec0a9b5dd3b462c39fb45fa82e88a419666bf4

SHA512
1aa6c71dab5b3936e335649dffa9a8a5236b99ea9843aa6095a591f1cd924442f0d977b87683facdcbed91869171ef2ccae1735f21224dbaac0ce2ac40c753a6

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\neon.BMP

Filesize
82KB

MD5
a55aa5919aa5335044e69aa405387cea

SHA1
f5645575abe18394aedaa5eaece63925d68a3d08

SHA256
c7e40e708f11d8750d40e24efa069d19c6325a33a6aa348e4b6052211e14f75f

SHA512
ee31c339a71e82a83addefb0ad2baaefc162e2aebe832b02d7b4f9ba7da0078906cb4e81040182285f87e4ff82400a1f1e2b7c95f9b355b8ac604a8cb00cff21

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\neon.tbi

Filesize
106B

MD5
0d652c91cb54c7a5e1440c1acf23f52c

SHA1
f7972ea5b72a9e6625021dffc7cf119a85dcf5ba

SHA256
6cea80e2d5d4a09132fb1f73949cb8caa04b15b4d12d632c07398d29f0839624

SHA512
c9e920c6a34579b44a34c17d8bb306c6d4c694ffa529eff0ab397e60f17bac9c797f4895b74172e980630368e07f094ac943e304d2dc5bfd85f12943ecc35416

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\pokego.BMP

Filesize
47KB

MD5
cdd7e5211da488a47d2e44cf86dd47f8

SHA1
70a44ed9c6c2f75ee948d9328397623a8a1f5b29

SHA256
5e433abb6b5660816800a42ece750a2af0da109e10efc1973df88cfe6c2c05cb

SHA512
e2627e6ef488bdbd274a16ee8bbb2994e0234edf5208c38d47664c6c862719d518df2d22087acbeaf49d50cbf3e0e08db59eca6b5492c46dc44441e156e2b0ca

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\pokego.tbi

Filesize
110B

MD5
0b3fa61f35b056f5f87c9d4a0b8375ee

SHA1
fff35a5be115af9b2cead6ba15fb14062a7cd476

SHA256
26715fa86359971176db665b8b88b499066bd85afd8e162c0665d92289dae933

SHA512
f0824564c46e143815f8455d75c393a92a8dfbeaa6049d880669a9a9c9f0c8c9586b0cd66b870f1528b03e3bbc79845a2bbba54172724dd3395d5f08c96df2d2

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\pokegohot.BMP

Filesize
47KB

MD5
6826acbdf955f334fd9b3c52e017de44

SHA1
dd416824f05986d5a201fdbf22932fa0f01a59fb

SHA256
8e54deae3981384ea76918bdede6a9f54856639fa44aa87af21844aaee4e537a

SHA512
1c0e04d8593f2c2f70876e482a99e87b91614cbc7319cca3aab9151f5a2c4dfa78e5e6b4d19f8540be44db82e56c8c1d1cfd34d6c67c809a8f7170aeff8ae494

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\round.bmp

Filesize
45KB

MD5
623181d3673d7a5a32eddb4d7594b961

SHA1
7169846221af39aff24ff92f66f1007a693efd94

SHA256
54c9946ba66cfba92d1e4ad983ff5aeb1e869752fed9b547b56031f5cc3c0090

SHA512
7c5940b686843fdc66fabcbb5956994521049b85d5548408bd326dea1c4fde743216bf6ff08ad880eb661e580ddfe7774e0a60d2342d1dab238402eefa807f7a

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\round.tbi

Filesize
95B

MD5
7911b3cac99d535a07bf883d6af28815

SHA1
5254de9b8b1e0755c528c9a79332963de376c863

SHA256
c67280b925e334abf1c82b939e4e774d687d8e2d42467388fc3fa843e5371679

SHA512
f3682b190c3917431295dae59d45861cd3d51b7d29dd169a6047b4c928b5aafb45e3aa7dae4a0f0d95bf068912bf0ad80683e017506c15946c5e2891cd232498

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\roundHot.bmp

Filesize
45KB

MD5
9fc35d59bba10ca3701062c55c5d6fcb

SHA1
6601b60fedf0fca6e6b7f3bf32228f1568b8cc51

SHA256
f45c3f5704bfaa6dda6a192709ce82fda2e0c2b56c61f7307cd17c2335e4e401

SHA512
c237175431699b43d7de9e9cdf28bef4e5997b0f3860815330e28f56902fd62221b5693e2ac9a23d27b9bedc0d5288e20380c885fbc54f9228d7440a3cb50c64

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\skin2.tbi

Filesize
141B

MD5
0051692b51b1f9961759744b1c6dc853

SHA1
73bdfc7740aba30b153762e7a99153ce77edf303

SHA256
bd5e67e2560eeb26284d8bc9784dbf4ea3154ac478a5f1c9ba9cefb38afa9137

SHA512
9094dc8c885549e49bb423252ce0496e3c4f6ab0e75237a02cf1d2f868d3eca57c7b33bc1519ffabf848ead5cc8ddc2160c3ed3e17b3980d12ea4a74e2b3ba10

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\tarfandestan-red-large-hot.BMP

Filesize
180KB

MD5
729f9c0df27f8ecdd1723d9403b3f1de

SHA1
acabc46815d2a4b6f7f033dd08f6e1f78f22be45

SHA256
6df012e2bc63f99eaf025ae7b4f7e57cf85a96b435132403fee018a549cb6bff

SHA512
1405c757c8eac9f5c4ec308a51d890d3a20e468d62c255a56b48314572d00d254d255802e24a3240c91eb95ba8fff7a6716f25d253c1945d41450afddf1f99cf

Download Submit
C:\Program Files (x86)\Internet Download Manager\Toolbar\tarfandestan-red.tbi

Filesize
178B

MD5
2bd8761c585d278b00b32d1e651aeb55

SHA1
4b32172f5346fe138a32c78af66e73c33434e454

SHA256
2fd162577fe9d3e7d3fde3824c8910dab7e083c465e851f2acebb6653acd4fd7

SHA512
a8a23e8892fca87f9210308309cadcbf62c49ff56b890ff5b5801c9b72f47c927ec35e350710356dd69c5df6090a817bd59e72d0a4d10a9bf271d041abfcd027

Download Submit
C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll

Filesize
197KB

MD5
b94d0711637b322b8aa1fb96250c86b6

SHA1
4f555862896014b856763f3d667bce14ce137c8b

SHA256
38ac192d707f3ec697dd5fe01a0c6fc424184793df729f427c0cf5dfab6705fe

SHA512
72cdb05b4f45e9053ae2d12334dae412e415aebd018568c522fa5fe0f94dd26c7fe7bb81ccd8d6c7b5b42c795b3207dffa6345b8db24ce17beb601829e37a369

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\IDM Backup Manager.lnk

Filesize
2KB

MD5
f398ff37880b38044e26bf575733608e

SHA1
4f4c8e14d151d8d6c3d08efed42c138ea9626498

SHA256
12bbbab12e0c63744ee70217a99c0dbab6bd7039f6bf516ff2c652709cf873a3

SHA512
5e22adf342f528ab92f0c8fba5c01b2f3d98b450a631680396ad0cd4ccb0f8bbde5bde7cfbbecec0d90127cba9ef741882820c964f0f90007c98e83eb1ad6570

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\IDM Backup Manager.lnk

Filesize
2KB

MD5
92c39f8ae87d5558802d0e6967c1502d

SHA1
2e830d4902b1fbc4d6c650afffc7d3f36705feff

SHA256
1426d56d03b358dbfb67fa812846f68d5b526c2e6650eab0e173118d0389dd18

SHA512
1ae244db6f84bc03fe60e58eae350b73f4e700e2fbb10fc6a62ef22d6754cb37a9472b83f3b3be670d834e34e469b7a57bbf6a37750973803f496c0b98f38f31

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\IDM Backup Manager.lnk

Filesize
2KB

MD5
22eed2c4496522c6889b439c980f6722

SHA1
5d4d6d1dd70cc82b51234df4ac1dd139d66e678b

SHA256
56c213578e0970a1e93b196630efb8d049971f849bf0865de06202ff81c67908

SHA512
ba4281f54c0b4bfbfbee558f6092255f2950859b317bffb67296931791d1a11ada6166372e01cef8a67384dc87121df9cd038a7fdff33a110f31f9d41af7662a

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM Data Cleaner.lnk

Filesize
1KB

MD5
6fe166f395822b632e5963a8ddc8df79

SHA1
3009157aea01f0d5acb088814862d696777b2dbe

SHA256
2f2eb092489b965af29ceda41728666e797521089a14eb19416ac813c2772aed

SHA512
00c3a30bf6588a03c0d3c9aab337de42787ed41d7589c018f5d53972c8d64bd46604ab3d4fc484df99f7412471ba266e40f04ca4f9b1672948b321ffdf719111

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM Data Cleaner.lnk

Filesize
1KB

MD5
209959921d31df1dd472f3f630631599

SHA1
37e4de97f03c0a3d858df7d4a52fe9d2a05a3114

SHA256
a8fb2f511b813b84cf92e28b67b11c4b74ef4d85eda3e73b4cca4a91ad17f062

SHA512
1747554c45f9895da3547f7a42ae6e6e2b30cf21e8904b03f7a56843a0268b23d48e78632f347f8e16c1bacc82508e0210314068616799d3a56fe112623f6926

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM Data Cleaner.lnk

Filesize
1KB

MD5
1cf6e28ba41b3bcfebf913e9db6a7f3f

SHA1
441478ec7d0270c2c180deada2f71e04bb89ec70

SHA256
5159d1b83b6616cef20e42ce333150d4543e9c100fe8db1ab62b748b9b104be3

SHA512
7cf00d99f6673741b174514b2f499ed874208d830889d9e09bf0bd70ea2e8e81f85536c4590ba57df2d45d893e3a5d76283206c276f4a34085e515ccbb844791

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM File Type Enchancer.lnk

Filesize
1KB

MD5
3041c72c9e590002102357c2ba4f9a83

SHA1
98b529b8ae1c527d13c82b2c45ded2e6def3f282

SHA256
4e20d7af50597394fbc7d7e19772703dc142461b4154c6e70d89cc17445fa0ff

SHA512
9e14813cd44b10975a14746be49f2237659f1385483232d1887f2792d3684028df0a2850f114970b077374df6ec7bbc5317550daf4e3534dfe71384a06a5d8ed

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM File Type Enchancer.lnk

Filesize
1KB

MD5
a5b95b728924fd369f1869c93465c2ad

SHA1
37a5209be1b113362be549ba4a45786c52198319

SHA256
aad2203a382d2fac7a28e1e32cc76f9bec30b91d78fa8856bb118160765ef8b0

SHA512
04ee8267c6ae6c8b93457d2165f0f699bbd916392d72f6624bee8337168bd53dd9c0d1fcc581a8950c7ab8e1700161a255cc7a7093deeb996bda3f18f3373902

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM File Type Enchancer.lnk

Filesize
1KB

MD5
a4e8c23f67b766f8282d16de78e21837

SHA1
18bf02ae162a8d7bdd9d7708a23152ab7a615119

SHA256
e714024dbcfd7a0cbf930a189348db076edbe1052c5d77bc8cc39b60bd00de9a

SHA512
076f42e2b8cb1455dc948512989302254d9b47d45c32af4dd393c42c34cfc6b189540db6c77349bcf91a2fc49287bd1085f8ff523e06c9e880b721c3981b8664

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM List Manager.lnk

Filesize
1KB

MD5
a44472af60f3ab36a2ea5eacc27d8e86

SHA1
1e8ed4960d08fbb4943273b668647edc073e4d52

SHA256
2dbba517440975f5a061ff2054adeaca7524e2e6818ac4ff8bca2e6441c5565d

SHA512
22422fd8acdbd7878162ea87988365f8bb0002fe9080c44ad2a001bcaa72f182ced4bd0184880ba2b44b7d482ca32a0a61a3d34a2a50a6b24a5a183865697886

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM List Manager.lnk

Filesize
1KB

MD5
050fe4a92268927171847389d41cfae3

SHA1
64f4c908bab628a8b64b90ecc32cc64a572960e9

SHA256
2687ce52554eaba21217ea3f94d6a79962dbb6a66af01c191df16dbc02973f7a

SHA512
4be5400146e78d755aa7b46e7469291184a4c697b9773084cd622edcaa56445df04825c02452decd4a27d71b42a337da78688d513325e00b507580531d4d51fa

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM List Manager.lnk

Filesize
1KB

MD5
f4821ce7e1985b56177c33a9cc9e2fcd

SHA1
a43819d25a1b793f19e70e67e41c28d73d8d441f

SHA256
6d03e09b19a8114b5f5ded8bc1379204862fac784ab53946099094f0cd76f3ec

SHA512
967b6418c61d8e7d83bd571d873ce958004b26edfe7d75971afa31a7706c3c0646a4742aaa62bc7b9ff4e4829cec16f51c0bf7209cf9674dca90a08759b7fea9

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM Password Cleaner.lnk

Filesize
1KB

MD5
db4e000bb67eebef488cfa71eb5ae827

SHA1
443ff436c333ec91aa1a85df6d59c8b5da0fd168

SHA256
0071b49bcc46b76c57c21d105ec1693ca04ac7168c262a70c0198a70b16d0ada

SHA512
79d959919e2e18adc0ce12ff2acc15f272c3a6d563b9c4b97b4576d410e8302e193e96b47018f31dc84d810e03e235d394d496c220e8146ceda8f6278e481dcf

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM Password Cleaner.lnk

Filesize
1KB

MD5
7ba6cd07d428a256a723ecca0efd1bcd

SHA1
d829e3fccab3347566a0f5edd32054f88a9b7f0c

SHA256
70628072bc0db19ac3a02289665eb40fb03c2d9d69a593467a1b3124e5e78bd8

SHA512
7522c6ec1cba0fa13a7a39baebfa72c7887d4fd926eaef53dd681b9804eabbe8aad6a262ac3faf4a3121029f38f05d3cf08dbec4ff873d578739f64eb156c2ad

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Tools\IDM Password Cleaner.lnk

Filesize
1KB

MD5
e8d45ef3d099d71ffe0d58f0df1525fe

SHA1
3a05b09326779673c648cfd4ce9f67ad68aea977

SHA256
ba6c3d03c1107289a2e8de3f96f0dc0041c0022fee6ff56484b9db5fce96289a

SHA512
288cd185aba23a4dfc7b808df04db38b6c1ac5d8e267134a9a9ea4734777ba3a55248a2d28bac29c5c5d8397b1c509359379c43935497c8b39c0079f513d1a27

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk

Filesize
1KB

MD5
78ca28f3af83ad57c1eb0bb993e81c9f

SHA1
19fa01cc0926f1c8d7aa27508c4bbf93224820a5

SHA256
1e4824c2df5ae49959b14846c4ba90da8a6d5cdda711b67030907e590d00ca34

SHA512
d8168cdea766cfb72e1adbf642a32cbecd1e2cf6ddb4908e50676850bd9c4737daf693397774a2c08847d2be7946a9aa8f0d73dc86cc891154d29efbef05d72d

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk

Filesize
1KB

MD5
cab57ccaf61c0b6f8df854d646350f6c

SHA1
dd31311fa8eb27186d685b91fa586edf67af8e7a

SHA256
34d665c90b5fa2cbe0be72dbca4a3a7ea70424e588ec5b300cd9c552fc3e02fd

SHA512
5c0b4146baf43691406e004d07275ee76ff0f526caf64f5719ab5367d6c44b7b69cdfa53ac1fddc4ab8f31f09d724a650a4a6b21e1b6e99563f6aa0e9b0089cc

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk

Filesize
1KB

MD5
5684992ff5e73cffdfafda33f288831d

SHA1
1917dd8063b18e63c3d09ec75b4649bee24b5dd0

SHA256
3cb2856cbe06477d66948885b92256d24734cecb5db180369bdc40e93a578217

SHA512
bed341e12e834154523f95e46bb58a23f4d09cc95e0e3e8c3a4036fc56a6de099a3e86effc011c5d283913bd2fdfb4cfe08be14afcbf9181c654e846c9fa7db3

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk

Filesize
1KB

MD5
cae271bdda9a1457faa1de3bda46f017

SHA1
0ce1d579d029c13d691b26ee738d31e66fb736d9

SHA256
dcf5d3284c014bda0a44c87220bb055873b8376761f49c8f167d5a60820a85ff

SHA512
e38f33cfc76f7e8ede215a23342e053bb9703db0834e116ae9e2ca73e49aaeae0fe3b44e928f6f937709cde5c1174f652695ec0c6cd7ae15d515a5ec1545b506

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk

Filesize
1KB

MD5
cd174a87d2f5255646e4171906d975b4

SHA1
2688ab65013d1872ea1a80f683e3351d50f12621

SHA256
e3865ddf9fb27266a3528dd14256e8571a12a930e528b2d7ca20b758149223fd

SHA512
ec3d4272a899c08ca06fc15fb847d01a1a1e570a2e5f591b7da4613e556abefc3b482c8089da39b85e00f0b8b1e012e1a3453dfab65f0f4c1546decdebc07d91

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk

Filesize
1KB

MD5
b7f55d79ceb7d2a3e93888eee34d0d83

SHA1
5e5c1a75523095d55409a04f410b0a736a48e278

SHA256
5fa49e5bc6732101987dde844459b832fbd2c3609469f91824d3fcb50cf6c85d

SHA512
e8429b94d5b49d78359547245bc6b65c5d0802b3140d505d788cb4d2914ab096057cf1ef17c784038b3b54c07019b0d98aa7cc275733b77ece6852ae912b38ef

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk

Filesize
1KB

MD5
8734a8c1089903d5d432e79ab610c828

SHA1
6c44e7cd0d0ebec1c75db83e48ef3e57d69e4f8a

SHA256
14cceddd478f7d36af9488a37227aae8143ff96f12a60021cc9bd9a8dada5868

SHA512
7300a2e328e661fe05c96d265c03932548c55ff754ea83906ea9174170200cf884fe50f4de08d44fcde7a0f6e4992a70e4c0c8b9357d213e204a44a3d3bf37e4

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk

Filesize
1KB

MD5
5659a55b54f05d1fbb55b3d99a98b133

SHA1
b1ca665483b08cc6bd7a5642213c3db7bd174a4d

SHA256
0acfa0ea41fa42f1dcae281c14c98fe18434a6d6b41f1eea4e585c9499367b72

SHA512
0c3dd9b0dc289d92f2333e0d9644656ff4f73df428833dfc6863b3e5fe8cd8035860a76983df63820ebfa2560c48dfd9edce080a894b72684a959fce2f16b1b6

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk~RFe57df63.TMP

Filesize
1KB

MD5
668ae7f320f11790ef4b1a0015097de4

SHA1
99901a636a9f8364ab39f42d1c4067bf3872c1d2

SHA256
f358e025c6c3b85c5de214e5c640ac9021681f73023215618f968d08e97ea291

SHA512
12e17b080582f14c5afa0c409fd45d8947f0efd9f8fd72139e311fe93958c358f8fdf34f537e66f16d5fe94cabd5b7ea97a9212ff6b58bf040adc7a45de2cd30

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk~RFe589239.TMP

Filesize
1KB

MD5
6b4ee048596f08baad56f971986971a9

SHA1
497c1775a946f0129334b8149329190178dbe6ec

SHA256
695f8959177cf28c0939561178f43365c15f4b3c2e85944b6ed8705cbb6711cb

SHA512
92771f5cfca65e29b5d6c12f1918bcd39ccbbd7e527b7d3bd3ccf0faaf5b2043ce323c41f77342baee6750e9631c8f36abf73b56fd85c13465c3d93b9aaab400

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk~RFe5931a5.TMP

Filesize
1KB

MD5
b5914afbf76169ed81fba8cd211cdb3e

SHA1
fb7a26346f98b800d205a22f9244bf8afcd68c57

SHA256
a223785d67e74bb579c1d97780858c522d8396b3c66e58c467c1ac3aeadcf2d2

SHA512
a97c16bbed3e217072c997c5bc83993ea5705f8297466436e903ed9982027e076d94c2092af03910ca5f079523cb25ea583104ecc196daac9fb527c34ee4ffd9

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\Uninstall.lnk~RFe59a697.TMP

Filesize
1KB

MD5
17313a865aa1083e2c709d02a08039ab

SHA1
c62ecc6497f04757ed806d02120d88af9934421a

SHA256
744326688bd9a240fdfa0db1e9818a562c7387512d407e32337491896eb400b1

SHA512
f249b1168c474dbcb9f61640cf5734b22b0d3c86ea08955ff47a874d3f57300e5a23fd5e053cb918e57b7a8e388ddcfa13242d0bf0163538e0a053ab8b89153c

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\website.url

Filesize
142B

MD5
0d026eedcff8fc0046e807a7ef2dfe2a

SHA1
28ad89c1c9007347d273d8bcea5e673311368efb

SHA256
a0fbf0bc16410516f6c4778ae485f52e1ce342287ca2d3041134f2579d472e0e

SHA512
2e78323ca0cf5bf2465906cb012669ff26998683db222461f0ac5f86a72a8bce0054d25231949717ccd6eea70e08752859fe7cdc0363ef9be8e568e9ff7b29a7

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDM Backup Manager\website.url

Filesize
111B

MD5
2734b67c771dcf0269ba50f2a2494f50

SHA1
fde3482fc1999067b2479a51320c39a6ebfedbcd

SHA256
d7fc08c9dca542bcd08fd0973e3c2db2dd54cb254e8f03b89c54bce6bf0b02e0

SHA512
8d3027806680294ab04d33bbc0b22ccd4b79b136bf84cd36f8d9aa10968059c44a0c43cbf837746c425c0dd0fb0e76732c489a48f4e903006aaf028d71c3ecb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp

Filesize
162KB

MD5
1c734d0ded634d8e17a87aba3d44f41d

SHA1
4974769d1b1442c48dd6b6fb8b3741df36f21425

SHA256
645ee6e64ed04825b25964d992d0205963498bb9d61f5a52be7e76ddb2074003

SHA512
20239782f4e30157fdfc02a3793ac7bde7ed74400de4cffa812805d680789ea7be5c2c765924d32f74807d80100cccc14b453d3d7e006dd4aeee60dec98af4c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
2KB

MD5
6f55de303515b8db7aaa8addbe5a3fc8

SHA1
1df206c3e78572ab4e5df6b652306f4520d93209

SHA256
c8794b2f508cc1e4be2717e4e9309839fa62af1e49e5c92af0b2f8ec12705c24

SHA512
5ece3278afccd299b7c8a53f61beb4ac000cb13b74ce4f4f8ccf5f62656829aef613bb3fd5dd7e5d9655d538f2b823130844e604a85d3ccbbfccfb665871e8d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
4KB

MD5
e7a597ec7506cf3c346c7347aae4973a

SHA1
3a04e8afacb63b4e95ec02b71f29939c49a8d22a

SHA256
71528c61c571235a63834d400e14fa4342b99197d6a1f2377567516b2be5a782

SHA512
99effc1419dd5b4d63080516f140b717b6a27f5b9a469e6871a92cfc4d750dc4ec1a95bb4e536a3c9f1a8a5571ede457024bed5da99c9157c3c7c9d538cb2751

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
1KB

MD5
8f7f1e7bb6cb41162fd8cf538d95fd0f

SHA1
e0e89f0bd99b250a7c390cf626b8a39869abe488

SHA256
4476e0c41f6293cb0132402abccb58725a377ff5a3a8a14adb7618230d83f6d8

SHA512
96f96b7dd6a3998393595906880ff0765ab48830c8c6c1b3f82398fe6fa0e9c698dbbca5a51d5a338b1051d9d057214233e4dbe16f5232af8b605dd5a1c14b58

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
2KB

MD5
718ffb12ed05ab9ef589847c617fa63c

SHA1
143dfb41ae8753124221ede9ecd057c12897c100

SHA256
00665a59bae988a503487e3b9bd4a8b2292ace11aa62f9d21895c3d038a5874c

SHA512
31a007580dfeb201f4b0c49af5baf2228554bde4abfb4f804aa7309c6791eb315f92625c6212efa911eaaea327cb8c3441e36505581bb8ce0bded6c4980960f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
354B

MD5
4c1528dc716bdcc77f5351d94a512c95

SHA1
aab105993ed2cc2aeb72fb0f9bf923047c8ddf19

SHA256
9e204b604538ddc273eb7ac2ebcc92add539ae01d228d055ce99d4a08370fbd4

SHA512
cf57b84a7a18310a76ef17db3f67ae827d9de5c011100d3dad0710e6a1b3b95e0015e235a3c7d6e029fd642f359a4c81f5d11c62270dbe4ef58f7317bc9aaada

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
478B

MD5
037b1fe5fc234d083575584a8688190c

SHA1
5d0323913a2810b5ea1b61a930ae0c2841a8ba4a

SHA256
8364ada954a900039f0ea21b5548ad6da7cfda56b73a2ab5b0d7a970f8730cbe

SHA512
0489316229884ff4be6731ff3c9e02e80e79410bc39cb698b41595420bc93477bdb26d735098c4bd98c66dd31a266d29e8a754aa8850099a3fa3f2c9df948441

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
598B

MD5
e2e44254024673009517d025fe0003b0

SHA1
c6f02e7d1381911f0e637cfb7dd7e4ec406699e8

SHA256
edbc516070517786ceee7edb5ea48f240036297d89010312c10b42f4a63300ff

SHA512
c7817d803c30d7fca4b3664252c4d8e3377aad0db1f636eeeccc83139ef1332b6e3e9b918ba6b9c5639fedba9cb40151d9d582544099c0fca133034578506524

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
718B

MD5
3ce1b5f96ee1007094d3f404d7c8b294

SHA1
7abb3f2a0408e927cac083c993a80da2b4c84511

SHA256
1a464cd823fecae5aee8b71b52efa138e759869a5e378585f6267ea2efcb0ed2

SHA512
246611e83ba53e63cb3fd380e2d3d29af763f5f4ed9c72f39b15d81dcc635fd61c0da184a2db6fc2c26521f3c2cadf3800052d1ba1919152be9ee6842a544a49

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
854B

MD5
310690cece8396643417185aa7dcb9fe

SHA1
97fd9aa5a2e8f8f923927058dc96a892e4458c31

SHA256
af2952ca76a9a1bebbdccc6f70d8c38875d2c3cd6afbca6163d28313c7b1bc16

SHA512
5d604b53d4beaa621ca85224f879010927e8b2dd2f70b1161177e94c29baefbc0daa569ce8706c3509c5cc1edcd56af5812b5906ac2357c34e37f84f7710d780

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
982B

MD5
4ad6b6a12d5dad0d7f288c13fd806bda

SHA1
8121e777282704642e5380e873f4140ae42bed26

SHA256
21694fa059623f228cd594023b52128012b62124e00142dbc058f77eba51b08f

SHA512
50542ea0e1455601e20b33e74197a2029234fa38cc926dfd1d0be7ecaa3acc32619e4aea9113267f52a18dfb9e36b1b441645fb1d83c31bdf6b81cce3f8a18ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
1KB

MD5
dd58746f4870bff3c71d411d2010d2f8

SHA1
87ff804be245abaa6cdb77c5c44373213e9f5298

SHA256
2f54d1b1aa5d3fa66798640d7b064ff690b696f4fd2d076fb0404767dcaa82d2

SHA512
d88c9ccda3d21cf6061effba46e701dba4404f906e2923fa01d6c22778ab93a24c93a1121d05a36300816e49edf54eea3b1f169c84e8409fa5d7ce882ac6a712

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
1KB

MD5
2fa5aa35cb57267d941fe3ff717cbd80

SHA1
c6372870241b20ce87cd59297d53b48b59670414

SHA256
9f1b98d0dcb6474707ddb88e7c80e765baae4e5cdc258e985f7c6a22aef1ae9d

SHA512
1fbafb6cdcf0d5388b7d160435f3b0588d729052b1abdfa4d673279701537fb8dae7a308de173112ee32cfa5a4cbeba170c1f95b9715c7eab14467422ae16b9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
1KB

MD5
cf39ad4c2c9b9ade747f80f541e1c419

SHA1
6adf8eb0f6dd1c89d1365869b92a9a58c400b009

SHA256
32b434c256343a7f6f836554d38b4444c67ff0bfa72f833a7518d0c97e192c03

SHA512
9d9ad0f3c96581ac65c3219d5719518057aaa67fd0f9ce2889eb425bbcb501dfa119582b896339127369f175075cd15adc248785b480b3530da86ff451c6e185

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
1KB

MD5
c0516eff76a05ea8e89f517cbd1ea377

SHA1
221c58faca014a134acd8eecb0100c87713d6cd9

SHA256
45005e575d3b8f1bd3853aaa1de6874c0d82434c9cb842fe27bc3ab3ac65522a

SHA512
f32ae8ce0df663156223df4a7d1ceef4d9d8589a0257d62e31e46037b6036cdd7415aca79479a41d65bdb0c502a48a9ac2680b3e8c2ce1156f8ed8bfafcdad20

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
1KB

MD5
15ba992bfe7eaa246ea196ba76f71217

SHA1
44917e8c73c2062472ebe282002c56db2e885a4e

SHA256
906ef3e99ebaa80f2c2a96cbdb7aacff84f18837679029bfd3ae46e73b485130

SHA512
0dfbecb067fc94ad4a115719a8367362425008b4da19a8831726373b778676d985818a56c9bff5df471bd69833be4203c7ca76d81c43f2d5d0c62870cdfec30e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
2KB

MD5
3cdb445657795d0ce934c7869d229e54

SHA1
6b9edaea802bc029f5b1bf46a66f23bd837a7bf0

SHA256
620560ffb3c7c95443343cd3b6b432f6ac139fec750422f0ac6579834e7bb6f3

SHA512
905b3e6c9fa2e38bd3bec3222d6f1fb34bbf3a79d1c7aa88b842597996c751dce4404d58abf3b0bec15e1efaaf773f0cf4ea337fbcd8a6adae110b76b5bdb410

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
2KB

MD5
8d132d6e7eb241d5c02281aeb087a1c4

SHA1
778759e8682912f9be3f2e207850913e531d2f01

SHA256
dc52201539f1fc31738c348d92c326c831b50dfce10419de7ac3d9f89531abca

SHA512
d2f00449f0e5fbff9a8eb6593348b695f2659a9165abc4962cecc79b774484d83ebfee756e6e370ce36efb6eefa997fbb93f5d5799751bb450a988a80b34f775

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
3KB

MD5
d0b3f5b0ac6ffe251d2a0d93150cf2f5

SHA1
ac3565b7da1198595b587e0a2015bc73be815ff3

SHA256
c9a75d2f6a98076c64a823a33bc6e92960f4a54e207505594781d8f35c539f76

SHA512
9a0e6f8fa53afecfea7ef4a0500b733306f996c7f4a406573845e6076a47e4c47a6a104b83bafd98adea49705446fd1eb46ae7ee7f2a82456a39fbd28d9d0b85

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
3KB

MD5
de1aeb1fce15272e7234e0e743af3837

SHA1
4db1d125582f11938978ccf86a59a2d7f019dfdb

SHA256
c6b4eed0cc8f2898a89aa0c00e386c5285e408aa228c2bc0bd5397d49b86618a

SHA512
75d1e540f15a72e026497474618ebb928692d2a43780b4874dd88ed5b4cc97b6236709039a66b711c92ffeca37e52995be40c0430dbe9b1fefe1b8f1202719df

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
3KB

MD5
617aa7a262a7ac5a745ab643a785be6e

SHA1
4dd18ca71e8559338a74cba312e919326d0c7785

SHA256
a15eb326c2af5d0a9193c97323e9dacda74e228b0efe08fddb266a18c10afb5a

SHA512
6ff16b887ff13f20562fd4aa7c27aeab649278f7dda151d79214895f541bf96cadfc872491efe5136cbb50b310db177252ba1b3c52ab3cbf634584c8712495af

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
3KB

MD5
878a4f82f171ac684b480d9eca3d05fa

SHA1
1533f9eaa4c2403b1c8f837ac812c6d89017a78f

SHA256
130382c018e91428a90e2ea6991b8723344127f0031cab020eba64af96dfd46a

SHA512
bd310b09b98f3eb916854302d3ad58688cfa7379da99a4ea116b665a23266728c32572455eaa1a948633923635751bdf23815ed58c2f4cf39033c81d3078949e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
3KB

MD5
d43e1b0a877d8411bf0c7d66274b5277

SHA1
b6cd639c140a44b76c8e9bf95a722ae5c8f61558

SHA256
ed70acf9693f0788a8e35f8ecd47da9f82df26b1bc8352b4a62fc5e53039ce63

SHA512
26d91a640715cfa31e62d559fc5162d2d486df47e6581cfdff7f86c93ffa9bb874fe3e8502f1eac3290bcc8d245415f3036132ddeb720dec58acf372cde2dfe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
3KB

MD5
e456222792bbc10ccbde98f4e6f564e8

SHA1
fad055f86a544ad052bc6d887806be72849877f5

SHA256
3ca1de398ac5f5ef1db4424d9ba672bc5eddf9cbfc1a164faa5630cc4b2f8ada

SHA512
b0a362221d235843352039cef37f30c4faa8b5af70e07cedf04ba7e965578068b56d7bbed1fb352d362ef4c1652f7c1b59b7d2cc83af07eadedb8c92f7598d1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

Filesize
3KB

MD5
7bdb4986ce929e2dddca77d09348bd30

SHA1
29ed71eed22d1f219444fa5eaa496fa2013479c4

SHA256
0afe2be7375d46d61043f490692a2d9d4803cb9ecf7bbc87882bea556e3462bc

SHA512
8ee8a157dcbe5de69067131b072f00a33038fb9ea9a016bd785c6d82299837a96ba2a22677622f6bcb2d6fe1e5188bceb252d423f6e948139d1f81811948459e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\backup.exe

Filesize
2.1MB

MD5
2c34bb7f66cb64a100df1ed1808a3983

SHA1
f06c6f12e30490a605204cc9b1946a91b3fd9a14

SHA256
3ee2ac79db411874f47221deef1fd6a46ec391229c9921659d047d348d8b1447

SHA512
e542fa7a9eb649357140314bad70e0cab6f8f062ecce2e1259e72dfe77aa1d298afc8b072525548f211f35565c46782ec8a8343ec615da118ce74c7c664ed48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\reg.reg

Filesize
15KB

MD5
71331191e0668499e6306b5b9286a51b

SHA1
48ef97569fe6af03b221ccea3d6a2795abc7d4e5

SHA256
bdeec00d26339501e318283b65f48983fba564970daf844d0f3d37c30a2f2e66

SHA512
e6c2f4386a259f3bc740d8bf258ee8459420b804850dfea5daecceb6b5664c0ade0c536b72d6cb92f4843d52d75490479c31aaf9f80d601330f741fbc7674a52

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX1\IAS.cmd

Filesize
31KB

MD5
e2e2b6fb84ed23b2950f26939c36fdf5

SHA1
7988b5c71397db6fc4a611a54f7d5622eef73f40

SHA256
e06c490758709eff468df8f8afda86b8411758fd93ee16e14e6153de5ee933e2

SHA512
70a14feca5efc2e699ab9f190fd508cf5aab0daa5c8447ac06f7da0b1cb32bd1781b5fa91440483b2fb4eac10ebd611b28e582ee364d2681bb131eee1fb9aeaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX2\download.bat

Filesize
245B

MD5
77f3dc608d4c39c82c5a592ce32d5c63

SHA1
30ba516b09c3ea0ef72acad83d4ee7e6272ad6ce

SHA256
6886ed268eeb0471fab937558f3658cfd5655e805f6573dba3f361c9df18af5e

SHA512
dab7792c38e393e65148d61b81f067aabbf4e4506d65287fd235ae4cb27335fdfe95570ab0daab513352836d2e0581bfb869e75d0644d8c2067867cb2f2c8c5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX2\idman641build17.exe

Filesize
11.7MB

MD5
700e229a6d079c6c667ddbed20577a1b

SHA1
6be9257aea267d5c49207455b2f2e6e372b02ae9

SHA256
df5281d752bc4b80fe43e20d044f0c4fceda1ea0e7f60c50bd6a71d2262d9184

SHA512
5e908e436063391004a2fb4176020cfe18e57ac08f22e175615247f6a6c06d5fe4156ca9c9db1e916d4edbcc3703404a00eaa6ae478bb10c3a5d25bad67bd828

Download Submit
C:\Users\Admin\AppData\Local\Temp\UnSigner.exe

Filesize
5KB

MD5
f24e5a3e5e1cebc94d9066814b9042df

SHA1
0f2041e346d67d460ca803f4ae2232e830aa3c92

SHA256
28a8709a92a7b0aecc3a5802738a5f45d74193c4bf16ef944fda8d4c66556ca4

SHA512
0eb30bae067f5dfda2c18ad1d314d2968d0065bfff652ad79017ecc81f8fe9c323bf49e07a3f92625a98fbbd2c5e39eaf6af2551bcd1befb1442a613464ceff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_f04dvkuw.eyo.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Freeze.exe

Filesize
386KB

MD5
48d6a2576ac4843d644e0f22c19531f6

SHA1
c2641603a40656cd3667cdae2b00db06335f71bf

SHA256
c4424f26f0566bb11f74f2413c400bbe52102f637f60b15a5e069006bbf31285

SHA512
e8b82c4069717b7b2709c0b897115ecf4933d9dcbeb60054f79560c31fb4840dfb2406c236a33a275942d779b422b3cd36dbd504fca800ed14fa0954981409cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Patch Idm Silent.exe

Filesize
465KB

MD5
4f345861e3973b0c888b6c0e58d77a01

SHA1
8facf491992365bdb8170199fec707c99fc6ddbe

SHA256
8ba12f77d93c2634f511ae421b5120145068a25ec8e16464b81d90bde4325370

SHA512
fd14de9aac09e622988ff688d47d10a224bb09bcf0387f7df5c3b427fc4fe062ce717d954b39094334d06c47a0de371f741dafdc454da58411327f8e87d81313

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\Toolbar.exe

Filesize
6.6MB

MD5
a58b3306003504edd8039a4bc0f7fbbe

SHA1
8d5bc486d500bf952e2a7d39efc7a1e5d1b393f1

SHA256
3ad3e897789b2e14cbd074ce48e607b2c017ad70115c887efbd5ff119fbface5

SHA512
065a92344015da7ac233b5fe7fdd8ec2dfc2ecec242ed97d0a7f2f669214e2676aa69728e8829688a1a396b6529009a5a48fa8efd2ef74319233bb7021d51cfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\backup.sfx.exe

Filesize
2.2MB

MD5
755ae68ad9721143b17531ac71f4106f

SHA1
5825c4aab9fa1ff7031df188436a9f2c4cc5e44e

SHA256
b5871919a65575ecaf81cf6960e2b048cd2123d9635690e917f6208fb7e8a816

SHA512
24c26caf2ad67deb2de13160781cc606986de6958850bc2359eaf22b8a7b6170fb278f32e250a1ec74954217257f96fe9fbf3afd9137f56d095e4a8299db56e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\download.....exe

Filesize
434KB

MD5
3858fa85060e939be9e30eb7ebcd9f60

SHA1
c4e3b111c375d6bc3a5d869ed977fb6b2f76b77c

SHA256
9f58ddab3f07f1872799edcbece921622c8f1dafa93f83b74d298fd6647771ec

SHA512
ed851994bd2a37f8b2689079fea44474cbe436d4cf5e296487eb60aee7be9d1324dfb01cea037cc30a532698e6e65a0259884e8594a31fbf92fb015dbfe26e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\reset.exe

Filesize
386KB

MD5
97dadb81e1ef514b3b2271fb27b7c901

SHA1
c0906fd73d8fbd36a6c1b5a9ed9fa0db61c9e175

SHA256
c36bbaba4a8c346939165f560897be68fc8bb44d786410c777f2c04e0a6e765b

SHA512
b220f2a72831d9324d62ddbb13aab0227f644b3e4a39e87419076a0c33e266915060148d74d09c8c33041479f9d189a9105ff3010dddb686086caf6073b67e37

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\internet-download-manager-idm-buy-online-genuine-product-key-license-code-activation-serial-instant-d

Filesize
77KB

MD5
4fe6ce41bb007ab90fcffeea5682b889

SHA1
c7554451364974b74a88ed72852d6f3df9ec475f

SHA256
8b01d45e2e506560d8b5fc3aae2f11097492323d4da80b3d05e1b233f1cfe68a

SHA512
c1c87c206d00b668c74948cb3d3d309ef4e88b30e80b525f05bd0715b5f11195682965dc015b8e5ff1c23294b96612d64da879d1968b31b8e867cc09bb6c351f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
96KB

MD5
2cebfe82a36c60d46b53ecf8b60469fb

SHA1
08639791c6f106d25c9cbd6f9914497cdd90b9e7

SHA256
62cc1e705b3381a6b9832a5fd280cb2b03980947b0e4b40b9ceabcd958c058c5

SHA512
77e67ccf56c04fc6429621a5e1e3c351806681375b23257354c484c8812ec1058db499033f13f9f28ab3c097ebec8065751de30b4c5385962cd96afff59d0c59

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.7MB

MD5
574914dd002321c81ea2ec5164bf6f6e

SHA1
f9d2552267003b5f6e87cbcbbecb5b9e6c43f629

SHA256
1d6e7c7d5e37d7824d38829e7855e1cdc11d74b14a840fd223396abf934587b6

SHA512
021b602da9665001290a85580c520fc0832e72646723dab0f5ea53212b5f548e714897897969d2264ad7e591026914b2706e9a67bf9e7f6bd0a8eb9aec8d2683

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\icon.ico

Filesize
92KB

MD5
c600e08a8cdd58285868404f9b8c0724

SHA1
30386b7570ae772aaef550c8633d22ec92db1726

SHA256
5a743ef52b0841300b640e7d59d9f29576018943f66000e3e13199e4a46e8c58

SHA512
18792292e83c174eab4c69b25b588f4a6efa632ab39c1a160864a5087e5db44ad2c93464a556400a8e4f4ab8d00f5ea1e2703967665f8076eb5edc51dc693c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.3.dll

Filesize
395KB

MD5
652b2e10ac3c23416c4418a50cc43095

SHA1
f8ac5f2535cce84cc16c6b4410fb0885604ffc04

SHA256
dca9f90340d5ff29288dbfbb3a9c79616fb4baa013e7dbe14ec071733de045fc

SHA512
bb406b3f10d678e773499edbc949f49bd138e6742f1ac31bf0a50f8d3b42383580b5aceb0155625d6bad5074e577994938e109f94cd921769270aaa0b1a5f301

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\patch.exe

Filesize
71KB

MD5
2ab7a4477f4c4b6d7e6371d1eb141b1e

SHA1
688d3e884d9ebd66870ff0d1d4845fd7732b6f7c

SHA256
3205dbb244de8d75be0afb501c4711d126cc877223f81428bf2fc761faadb682

SHA512
bf9f9a4aca501e580f5510da0bbb0f6243c2d88498006ad067728e5d0c50981ceb38f636fb940a75aab5e4c72990afa15e02ddc88b31a6241791454579a779bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\shi7B36.tmp

Filesize
3.1MB

MD5
aff55ff1a0d686ad405855bd22a932d6

SHA1
00b5db2b0322b2aad7aebd80d1d13372eeb85832

SHA256
926a128e1ef90c09470460fab0682fa500640b96ad3ad6fd8efaff9ed46e97db

SHA512
19bccc43eff166e1c701713edd6279d6c55b1c1277c2391eec73e6aebd201db762a52fc5a764900ac04441e73c573703ee29944c6c0a8e59d90b46b3279cd11e

Download Submit
C:\Users\Admin\AppData\Roaming\Gajjar Tejas\IDM Backup Manager 1.0.0\install\85DAF51\IDM Backup Manager.msi

Filesize
1.1MB

MD5
33249f4e6f7d9e2061bf4e3f2534956f

SHA1
be4babeb4bb5f2ec159a4583f07eaea894d4e77e

SHA256
a0dd7d4feac234a7d1dbc9ee9c95b3aa83bd0a552a48c09e93248abdf5f116dc

SHA512
022788f1243d8cdac55646c3663fe787e08e2dba6b3d2d331e5377239fb676ccd92688f9079469545e5f8ccba5ef952517db9753dd065ce03dbbd3ebb8e645e9

Download Submit
C:\Users\Admin\AppData\Roaming\Gajjar Tejas\IDM Backup Manager 1.0.0\install\85DAF51\ProgramFilesFolder\IDM Backup Manager\7-zip32.dll

Filesize
625KB

MD5
52f1fd0614e8c290f44c74062382ac18

SHA1
445f4f16c25e64f55217d6799cf3ffd7e2643c59

SHA256
bb3d272d1b8f67724f77deab8b0fce886bc7bafd74ae2d53c462cd6c6fb61517

SHA512
13bda94c20c8d7ad6dc2a383a6827db9098239ac04f6d77a2a321263814b7cb8b8edf04c235ed27c0cc66b2dedef9dce9f9e52477ed99fdbda3cbbe58b352ea0

Download Submit
C:\Users\Admin\AppData\Roaming\Gajjar Tejas\IDM Backup Manager 1.0.0\install\85DAF51\ProgramFilesFolder\IDM Backup Manager\Help.chm

Filesize
155KB

MD5
cf76e78d8b60a3cafae10717114da2a8

SHA1
e83dd165be5788c266c79cdcd2dbe7d28c078f38

SHA256
267d0920aafee95926921e8df7111a2dac6721d9640e1af1b62283686b422948

SHA512
caf78c4147aa401cc584b0c7e6dac35c3b5b31595caf6f5ad539167facf2ff2ff86b7c05149a6da2e4e5a82efcfc6b7683fbe7fd3a244a542d72232ea529f181

Download Submit
C:\Users\Admin\AppData\Roaming\Gajjar Tejas\IDM Backup Manager 1.0.0\install\85DAF51\ProgramFilesFolder\IDM Backup Manager\History.txt

Filesize
2KB

MD5
1587d448dd0dfd04265a130a1378c4b4

SHA1
c1dcaf0665fe910834c140b63bd93f8dc7d02886

SHA256
880b73d4ed0027afda45e1a0b9302ea77ff54f8442aa1c0af63ce1cea3bbf60a

SHA512
9b10da0a5a892f95759d3a83257bdd4cf2cf9e299ac8673a878e4600a022c2b4eae462a8b63055ad3920459f544a00c758a9026191c0369cf098984dc8b3f8a4

Download Submit
C:\Users\Admin\AppData\Roaming\Gajjar Tejas\IDM Backup Manager 1.0.0\install\85DAF51\ProgramFilesFolder\IDM Backup Manager\IDM Backup Manager.exe

Filesize
699KB

MD5
2bfc3a8b45820db6646250ff6f87055c

SHA1
ffc3dd412d0b5a15851850a45e6cb650f58f0a40

SHA256
5e1bf2391e9eb6d38e8fe41d974d5ef90fddef1b688a8f9f1e422b6988df4a87

SHA512
a3a3ac2a007258fb76a7d31ee229193d500323b0889d67169a6edb7d3e50331674260941684168e9f5cddf63d44ad63d21f7238d607e1efee3712e52b0eeccfd

Download Submit
C:\Users\Admin\AppData\Roaming\Gajjar Tejas\IDM Backup Manager 1.0.0\install\85DAF51\ProgramFilesFolder\IDM Backup Manager\License.txt

Filesize
2KB

MD5
401ae5f3537c374d43e244ac1e5abb85

SHA1
2847ec6da37d2f5363f7a01a0501df76b1e5eb19

SHA256
47c333b6c0879a556889f796dfdbd94401fc31d4a128b3f27fdd66a4d66144af

SHA512
ff95de7fa96093c2769c9e98f68d4c099e4a7719045725d00bd8ceb8cf33380941880520c195ed65aa019055c9a45706271a6d9ae32ab47e52471a0000cceb91

Download Submit
C:\Users\Admin\AppData\Roaming\Gajjar Tejas\IDM Backup Manager 1.0.0\install\decoder.dll

Filesize
126KB

MD5
f47d962013572457bb18dd0e5c0b8e48

SHA1
23b77c99a5dd7b81318b44a5f830d590756d3e78

SHA256
375c0dee85f8f08a52830c84b38a70d8c2bf1832ee0a5d33a888637ab0fbeefa

SHA512
5d1ca5df1606d756f400c2b64387828850c2e078ff904c01db6a912c46bb32a9cc417bd81bec076dd76b771c745bbe5cae17c59a477f26d6b4ce62a5b09095c7

Download Submit
C:\Windows\Installer\MSIDB0E.tmp

Filesize
91KB

MD5
f16f35078bfb36d801f8c500ba5c1a40

SHA1
3b97e9a8daf7e2d6a9e656edede87314ee142a89

SHA256
583bf08b032b830d33cb34fd0a1d51361311592528d27881266e87a074b416ff

SHA512
84e3207d6399a314f533ea597e23759c618a16fc57493e8fdf2ee86a1daf776d4315612fd6ba23046d46e46a92b1b0b29a2d40bdd27baa9dc51feadb4af89230

Download Submit
C:\Windows\Installer\MSIDD06.tmp

Filesize
300KB

MD5
3953318d1e6d124b10805cc5919fe47e

SHA1
76dfb3240d7fd6b860d23a6d210d85adb17b7803

SHA256
0670c12c9d190d80f0e4b907041dd94ac25c93b71b121b75372e3560e7818e1b

SHA512
8937bc63d5cb685216e4fef6eef45cbdea96787d762467bfc7f8ce87b28985f4834cf67ba13e3f2194e472af1ce3ab39eb239ae2140ecab4eaf411cc95c207aa

Download Submit
C:\Windows\Installer\MSIDD84.tmp

Filesize
295KB

MD5
66f232550a55767aed3e1b40469dfc50

SHA1
f5f6cb2aa6eeb36bfbabc4b24a5e4c87781233a6

SHA256
81efe108853a6c183f7c13cb72d608605628b5fd0fb78d166af8137b76011e71

SHA512
29d7785ed58444b9ad973aa7db18f81f2f47bedff6201b94864ee3df62b44b0bda249072aabe7bc44861cda8b563113abde1967cf9fb9303ae5c1a7f554e8d15

Download Submit
C:\Windows\Installer\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}\SystemFoldermsiexec.exe

Filesize
14KB

MD5
c2649ad15118fd46780d6fcbc38447d0

SHA1
f32efacb590f5028a9f5da7236cc74086a3c87ec

SHA256
f0f4d5bf1de9d2463031520aff51feb1e7d432ecea447534a91cbbd79832ac89

SHA512
322ea628ed541713457248341b2cd0a95b6dd3661c9e1e4a22285368872a1b2a89808e272e2a6195b34fd47bd02c33aa893d0c324fbe35e4d65c5e5f401a81ae

Download Submit
C:\Windows\Installer\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}\ext.exe

Filesize
55KB

MD5
2af0a971fccfa1c067a97707b5ab8f13

SHA1
a182a9213cc4bf372d5ccbcddf889f31634bda69

SHA256
f30052ae73c2039fa884822d77fcfb055a6680c3e5dcf860b24c5c56b27dd30d

SHA512
4074cf0626baacec13d24607609d6bde8730c236780a44eb4dda186cc7166e4c83e06bf06d11a97ea04cb0830f286c302a5df0e62a1ea417445844014c8a25f1

Download Submit
C:\Windows\Installer\{A11DCE71-9E83-40E5-BBE9-2D6DC85DAF51}\icon.exe

Filesize
104KB

MD5
494c899894fc3126c091c9fd06a3e1bb

SHA1
67c824530d7587cbf24def88321f3ff2ac305498

SHA256
826d5343f12ef0857414611a13053bbedc25fcf4f065b4d64b3cc0133e840ed5

SHA512
c743421cac90a647706f84b1ff146a8fc2fce033e7411f523b972d906effb28ce8312a0448b70112820e6daf243bc5a44482a262515a4b168b9d4dd9bbfd3446

Download Submit
C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\SET343A.tmp

Filesize
169KB

MD5
7d55ad6b428320f191ed8529701ac2fa

SHA1
515c36115e6eba2699afbf196ae929f56dc8fe4c

SHA256
753a1386e7b37ee313db908183afe7238f1a2aec5e6c1e59e9c11d471b6aaa8d

SHA512
a260aae4ff4f064b10388d88bb0cb9ea547ed0bc02c88dc1770935207e0429471d8cd60fcc5f9ee51ecd34767bf7d44c75ea6fbe427c39cc4114aad25100f40d

Download Submit
C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\SET343B.tmp

Filesize
12KB

MD5
d5e0819228c5c2fbee1130b39f5908f3

SHA1
ce83de8e675bfbca775a45030518c2cf6315e175

SHA256
52818c67be219bc3b05c58b40e51b99a65c2f4bcafe38a995610b4ec10928def

SHA512
bb397004f2256db781385de3e7e7b7993be8fbb2cb701ead99a7878c2bcca6c9ae4a7aa61c329aeeb6711c8c74081e971e85af38af6b32b58888c932fd51d218

Download Submit
C:\Windows\System32\DriverStore\Temp\{557a790d-7a7e-fe45-819a-21313e2a6bd5}\SET344C.tmp

Filesize
2KB

MD5
f8f346d967dcb225c417c4cf3ab217a0

SHA1
daca3954f2a882f220b862993b0d5ddf0f207e34

SHA256
a54e0ac05254a464180e30f21a6b26651e7495427353bba9c246ba1d2388e7cc

SHA512
760c2914f3e937a2a3443a032cf74b68b6d24d082d0f50d65058a0fd87d8eeab229fb8d3105e442f0b3b0b2f3824439981951266425512e51e7ff36669a652fa

Download Submit
memory/312-872-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/312-1303-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/852-5279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1232-1450-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1232-1447-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1244-2843-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1904-5302-0x0000000005FD0000-0x0000000006324000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4295-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2804-1423-0x00000000056F0000-0x0000000005A44000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1412-0x0000000005610000-0x0000000005676000-memory.dmp

Filesize
408KB

Download
memory/2804-1426-0x0000000007510000-0x0000000007B8A000-memory.dmp

Filesize
6.5MB

Download
memory/2804-1409-0x0000000004750000-0x0000000004786000-memory.dmp

Filesize
216KB

Download
memory/2804-1425-0x0000000005D00000-0x0000000005D4C000-memory.dmp

Filesize
304KB

Download
memory/2804-1410-0x0000000004F30000-0x0000000005558000-memory.dmp

Filesize
6.2MB

Download
memory/2804-1411-0x0000000004D10000-0x0000000004D32000-memory.dmp

Filesize
136KB

Download
memory/2804-1427-0x00000000061B0000-0x00000000061CA000-memory.dmp

Filesize
104KB

Download
memory/2804-1424-0x0000000005CA0000-0x0000000005CBE000-memory.dmp

Filesize
120KB

Download
memory/2804-1413-0x0000000005680000-0x00000000056E6000-memory.dmp

Filesize
408KB

Download
memory/2852-2876-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3056-4286-0x00000000058E0000-0x0000000005C34000-memory.dmp

Filesize
3.3MB

Download
memory/3092-741-0x000001DEAC9C0000-0x000001DEAC9E2000-memory.dmp

Filesize
136KB

Download
memory/3412-1446-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4392-1439-0x0000000005B10000-0x0000000005E64000-memory.dmp

Filesize
3.3MB

Download
memory/4500-2839-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4500-1408-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4724-2874-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4888-4260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4944-2867-0x00000000060B0000-0x0000000006404000-memory.dmp

Filesize
3.3MB

Download
memory/5508-5275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5680-5309-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5832-5311-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/5872-4293-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download