Malware Analysis Report

2025-08-05 14:41

Sample ID 250703-f6d61avlv4
Target 2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn
SHA256 c306ae8692b0d6a8452fef14695e3ce3d372a9ce425319ebbeab468ebb1def02
Tags
adware defense_evasion discovery persistence phishing privilege_escalation spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c306ae8692b0d6a8452fef14695e3ce3d372a9ce425319ebbeab468ebb1def02

Threat Level: Known bad

The file 2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn was found to be: Known bad.

Malicious Activity Summary

adware defense_evasion discovery persistence phishing privilege_escalation spyware stealer

Modifies visiblity of hidden/system files in Explorer

Drops file in Drivers directory

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

A potential corporate email address has been identified in the URL: [email protected]

Reads user/profile data of web browsers

Executes dropped EXE

Installs/modifies Browser Helper Object

Checks installed software on the system

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Unsigned PE

Runs net.exe

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious behavior: LoadsDriver

Modifies registry class

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Uses Task Scheduler COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-03 05:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-03 05:28

Reported

2025-07-03 05:31

Platform

win10v2004-20250619-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\svchost.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\idmwfp.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\idmwfp.sys C:\Windows\system32\DrvInst.exe N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key value queried \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe /onboot" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A

Checks installed software on the system

discovery

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\svchost.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\idmwfp64.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\SET69A3.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\idmwfp.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\SET69A3.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\idmwfp.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\SET6992.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\SET6992.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\SET69A4.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\SET69A4.tmp C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_chn.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_tr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_ro.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmtdi.cat C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\grabber.chm C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_pl.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMVMPrs.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_bg.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmwfpAA.sys C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMSetup2.log C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_nl.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmbrbtn.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmwfp.inf C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_ptbr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_kr.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_chn.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_mm.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_sw.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_ru.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_it.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_uz.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_hu.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_no.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_it.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMFType.dat C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_kr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_bn.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\license.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\template.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\defexclist.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmindex.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_gr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\openssl-license.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmcchandler2.dll C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
File created C:\Program Files (x86)\Internet Download Manager\idmcchandler2_64.dll C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
File created C:\Program Files (x86)\Internet Download Manager\Uninstall.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_src.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_cz.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_cz.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_hi.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_dk.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_ptbr.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_fa.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmwfp32.sys C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmwfp64.sys C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_id.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_iw.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_id.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmfsa.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\template_inst.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_sk.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_iw.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_cht.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_jp.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_iw.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_de.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_sk.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\RUNDLL32.EXE N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Resources\tjud.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Resources\Themes\icsys.icn.exe C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
File opened for modification \??\c:\windows\resources\themes\explorer.exe C:\Windows\Resources\Themes\icsys.icn.exe N/A
File opened for modification \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\themes\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\themes\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe  N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Resources\Themes\icsys.icn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppName = "IDMan.exe" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Program Files (x86)\\Internet Download Manager\\IEExt.htm" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppName = "idmBroker.exe" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with IDM C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4144907350-1836498122-2806216936-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj\CurVer\ = "IDMIECC.IDMIEHlprObj.1" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor.1\CLSID\ = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{42FD0451-B21A-4EE0-8B4F-6F2DA05F6FD1} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\ProgID C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\TypeLib\ = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\idmBroker.EXE\AppID = "{3C085E26-7DF6-4A34-ADA6-877D06BAE9A8}" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\VersionIndependentProgID C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C950922F-897A-4E13-BA38-66C8AF2E0BF7} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Idmfsa.IDMEFSAgent.1\CLSID\ = "{0F947660-8606-420A-BAC6-51B84DD22A47}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID\ = "IDMIECC.IDMIEHlprObj.1" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib\ = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC69364C-34D7-4225-B16F-8595C743C775}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}\ProxyStubClsid32\ = "{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ = "IIDMEFSAgent" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ = "LinkProcessor Class" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr\ = "IDMDwnlMgr Class" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\ProgID\ = "idmBroker.OptionsReader.1" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.IDMDwnlMgr.1\ = "IDMDwnlMgr Class" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}\ = "PSFactoryBuffer" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.VLinkProcessor.1\CLSID\ = "{CDD67718-A430-4AB9-A939-83D9074B0038}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\idmBroker.OptionsReader.1\CLSID\ = "{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ = "VLinkProcessor Class" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C950922F-897A-4E13-BA38-66C8AF2E0BF7}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861} C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Idmfsa.IDMEFSAgent\ = "IDMEFSAgent Class" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\AppID = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\Programmable C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage.1\CLSID\ = "{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\LocalizedString = "@C:\\Program Files (x86)\\Internet Download Manager\\idmfsa.dll,-100" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.VLinkProcessor\CLSID\ = "{CDD67718-A430-4AB9-A939-83D9074B0038}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{42FD0451-B21A-4EE0-8B4F-6F2DA05F6FD1}\NumMethods C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\ProgID C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\RUNDLL32.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\RUNDLL32.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5884 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 
PID 5884 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 
PID 5884 wrote to memory of 1584 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 
PID 5884 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 5884 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 5884 wrote to memory of 2988 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 2988 wrote to memory of 4480 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 2988 wrote to memory of 4480 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 2988 wrote to memory of 4480 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 1584 wrote to memory of 4524 N/A \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe  C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
PID 1584 wrote to memory of 4524 N/A \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe  C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
PID 1584 wrote to memory of 4524 N/A \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe  C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
PID 4480 wrote to memory of 4760 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 4480 wrote to memory of 4760 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 4480 wrote to memory of 4760 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 4760 wrote to memory of 4720 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 4760 wrote to memory of 4720 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 4760 wrote to memory of 4720 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 4720 wrote to memory of 4716 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 4720 wrote to memory of 4716 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 4720 wrote to memory of 4716 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 4596 wrote to memory of 4896 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\svchost.exe
PID 4596 wrote to memory of 4896 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\svchost.exe
PID 4596 wrote to memory of 4896 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\svchost.exe
PID 4932 wrote to memory of 4884 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\themes\explorer.exe
PID 4932 wrote to memory of 4884 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\themes\explorer.exe
PID 4932 wrote to memory of 4884 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\themes\explorer.exe
PID 4524 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4524 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4524 wrote to memory of 1604 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4524 wrote to memory of 5260 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4524 wrote to memory of 5260 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4524 wrote to memory of 5260 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4524 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4524 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4524 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 4524 wrote to memory of 6064 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
PID 4524 wrote to memory of 6064 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
PID 4524 wrote to memory of 6064 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
PID 1604 wrote to memory of 2424 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 1604 wrote to memory of 2424 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5260 wrote to memory of 3552 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5260 wrote to memory of 3552 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 868 wrote to memory of 2240 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 868 wrote to memory of 2240 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 4524 wrote to memory of 5240 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PID 4524 wrote to memory of 5240 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PID 4524 wrote to memory of 5240 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PID 5240 wrote to memory of 1640 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5240 wrote to memory of 1640 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5240 wrote to memory of 1640 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5240 wrote to memory of 5352 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5240 wrote to memory of 5352 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5240 wrote to memory of 5352 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 1640 wrote to memory of 5648 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 1640 wrote to memory of 5648 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5240 wrote to memory of 5928 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5240 wrote to memory of 5928 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5240 wrote to memory of 5928 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5352 wrote to memory of 2128 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5352 wrote to memory of 2128 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5240 wrote to memory of 3812 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5240 wrote to memory of 3812 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 5240 wrote to memory of 3812 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe"

\??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 

c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 

C:\Windows\Resources\Themes\icsys.icn.exe

C:\Windows\Resources\Themes\icsys.icn.exe

\??\c:\windows\resources\themes\explorer.exe

c:\windows\resources\themes\explorer.exe

C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp

"C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp" -d "C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\"

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe SE

\??\c:\windows\resources\svchost.exe

c:\windows\resources\svchost.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe PR

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\resources\themes\explorer.exe RO

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\resources\svchost.exe RO

\??\c:\windows\resources\themes\explorer.exe

c:\windows\resources\themes\explorer.exe RO

\??\c:\windows\resources\svchost.exe

c:\windows\resources\svchost.exe RO

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Program Files (x86)\Internet Download Manager\idmBroker.exe

"C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html

C:\Program Files (x86)\Internet Download Manager\Uninstall.exe

"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv

C:\Windows\system32\RUNDLL32.EXE

"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2008 -prefsLen 27099 -prefMapHandle 2012 -prefMapSize 270279 -ipcHandle 2100 -initialChannelId {cd8558fc-b048-4b36-b70d-18121368a983} -parentPid 2160 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2160" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{279fa12b-7509-6341-91fb-d439ecc9e13b}\idmwfp.inf" "9" "4fc2928b3" "000000000000014C" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\Internet Download Manager"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2496 -prefsLen 27135 -prefMapHandle 2500 -prefMapSize 270279 -ipcHandle 2508 -initialChannelId {a63721f0-ba48-4272-9271-bd0bc28dd87b} -parentPid 2160 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2160" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket

C:\Windows\system32\DrvInst.exe

DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "0000000000000158" "WinSta0\Default"

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c grpconv -o

C:\Windows\system32\grpconv.exe

grpconv -o

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3832 -prefsLen 25164 -prefMapHandle 3836 -prefMapSize 270279 -jsInitHandle 3840 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3848 -initialChannelId {b0aa1824-ba3f-457f-aec0-0e7ef84c229a} -parentPid 2160 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2160" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4000 -prefsLen 27276 -prefMapHandle 4004 -prefMapSize 270279 -ipcHandle 4088 -initialChannelId {567ef87d-2256-4587-8afd-3a18afdedfb0} -parentPid 2160 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2160" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3256 -prefsLen 34775 -prefMapHandle 2716 -prefMapSize 270279 -jsInitHandle 2720 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 1620 -initialChannelId {768a777d-0129-4e2c-a5fc-016a17eb0803} -parentPid 2160 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2160" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5008 -prefsLen 35012 -prefMapHandle 5012 -prefMapSize 270279 -ipcHandle 5024 -initialChannelId {a6b40b34-44fb-47c7-bf58-8a81ecccc266} -parentPid 2160 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2160" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5176 -prefsLen 32952 -prefMapHandle 5180 -prefMapSize 270279 -jsInitHandle 5184 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5192 -initialChannelId {74a8a7cd-6b78-47e4-83d0-ffde20a3ec5b} -parentPid 2160 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2160" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5388 -prefsLen 32952 -prefMapHandle 5392 -prefMapSize 270279 -jsInitHandle 5396 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5404 -initialChannelId {5aa96cd3-44b6-4ca0-8c34-ec38e8424efb} -parentPid 2160 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2160" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5580 -prefsLen 32952 -prefMapHandle 5584 -prefMapSize 270279 -jsInitHandle 5588 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5200 -initialChannelId {8c87e6d1-fb57-4989-a88a-ad2d42727591} -parentPid 2160 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2160" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5616 -prefsLen 32952 -prefMapHandle 5580 -prefMapSize 270279 -jsInitHandle 5584 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5576 -initialChannelId {08846531-e64e-4b0a-94e0-f31171e76e9d} -parentPid 2160 -crashReporter "\\.\pipe\gecko-crash-server-pipe.2160" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe

"C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe"

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" -Embedding

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files (x86)\Internet Download Manager\Uninstall.exe

"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\RUNDLL32.EXE

"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf

C:\Windows\system32\DrvInst.exe

DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "00000000000000FC" "WinSta0\Default"

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.internetdownloadmanager.com udp
US 169.61.27.133:443 www.internetdownloadmanager.com tcp
US 169.61.27.133:443 www.internetdownloadmanager.com tcp
US 8.8.8.8:53 www.internetdownloadmanager.com udp
US 8.8.8.8:53 www.internetdownloadmanager.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 merino.services.mozilla.com udp
US 34.110.138.217:443 merino.services.mozilla.com udp
US 34.110.138.217:443 merino.services.mozilla.com tcp
US 8.8.8.8:53 merino.services.mozilla.com udp
US 8.8.8.8:53 mc.prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 merino.services.mozilla.com udp
US 8.8.8.8:53 mc.prod.ads.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:50440 tcp
US 8.8.8.8:53 addons.mozilla.org udp
US 151.101.129.91:443 addons.mozilla.org tcp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 addons.mozilla.org udp
US 8.8.8.8:53 example.org udp
US 8.8.8.8:53 ipv4only.arpa udp
US 8.8.8.8:53 content-signature-chains.prod.autograph.services.mozaws.net udp
US 8.8.8.8:53 content-signature-chains.prod.autograph.services.mozaws.net udp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 34.107.221.82:80 prod.detectportal.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 prod.detectportal.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
N/A 127.0.0.1:50500 tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 8.8.8.8:53 test.internetdownloadmanager.com udp
US 8.8.8.8:53 secure.internetdownloadmanager.com udp
US 8.8.8.8:53 mirror3.internetdownloadmanager.com udp
US 8.8.8.8:53 mirror5.internetdownloadmanager.com udp
US 8.8.8.8:53 registeridm.com udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 archive.mozilla.org udp
US 151.101.3.19:443 archive.mozilla.org tcp
US 8.8.8.8:53 mozilla-download.fastly-edge.com udp
US 8.8.8.8:53 mozilla-download.fastly-edge.com udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
FI 62.115.252.113:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 34.104.35.123:443 edgedl.me.gvt1.com tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 169.61.27.133:443 registeridm.com tcp

Files

memory/5884-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 

MD5 85411533ad487aaae811a7502d6eee15
SHA1 5579a22f8e415ce186a7f547de47761493e68af5
SHA256 28125dfe798eef1bdf40e36ef5ef70573def5f439cfbf673cfc22c3a8cd75610
SHA512 4f1e74ac61fc8c8a3c00a6c0f8113b3332468d23ea687a2d496deda9dfa2cab34fc0784cbc6886cbba64bec4eb906f9f93cea572bca479fa3e2c950596e1ff69

C:\Windows\Resources\Themes\icsys.icn.exe

MD5 b6c42a057794db20c7c2f59861879bf0
SHA1 cf8af3c20e5239d21ef50c980871f4f275157a99
SHA256 38cd5fa4d593c4b3907e28c29071ff05c75be65ed6a21822ef89a7b75fb94302
SHA512 c91e6b2ab85169bd2d29bfbf7ecb48bba2a5744146cdb2879e41c7736b109541165d716c769f2c9cc0ddd524283823c0062823f517f7a2fd33240243a83ff329

memory/2988-12-0x0000000000400000-0x000000000041F000-memory.dmp

\??\c:\windows\resources\themes\explorer.exe

MD5 226ce7c4186d32209bda51d324c9f2e2
SHA1 89642cd36bf5e33974a3e0e5d057bb38bc69f2f5
SHA256 32b1b4a1124f4a75365319b291bdf5c10a62062019d486d8236a98851ca74845
SHA512 60f0d3b00acae3877c5801a393d5cf7b03bfdc3bd58330a87669d0a2ae83324de34d26bf9f73f31536a33c79f0c588645f5cbdc1bbb4ee70a459566e4cfd1610

C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp

MD5 1c734d0ded634d8e17a87aba3d44f41d
SHA1 4974769d1b1442c48dd6b6fb8b3741df36f21425
SHA256 645ee6e64ed04825b25964d992d0205963498bb9d61f5a52be7e76ddb2074003
SHA512 20239782f4e30157fdfc02a3793ac7bde7ed74400de4cffa812805d680789ea7be5c2c765924d32f74807d80100cccc14b453d3d7e006dd4aeee60dec98af4c9

memory/4524-28-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Windows\Resources\spoolsv.exe

MD5 3a7c33394deb16c0d93d8dac9cef7ae7
SHA1 cacfff61752392d264d1725840399c41abc9d34d
SHA256 17829b658ddcc8b5b15da3bb7b1d8358adf90c3a36b48b27029b64e59b8c25c5
SHA512 148bd393fd97a36f69e0bf427249aa2a9bb7730b659b88af44e786a74d3aad1aa16097c77ac083538c4c827106d3b6bd230360bfdc8f42dd0bc18449fdd5be4b

C:\Windows\Resources\svchost.exe

MD5 4af65913f417358baa8abe8fa54022e3
SHA1 77457f909a764cdc2b107cc3b274c901dbe2c67d
SHA256 b754f08b511dafcba2af3a1104a60a0d8b313e76a10c7c6b79d495bb2ebcc4dd
SHA512 94c38a60dba404b161ab62348062b53de392592c433c488429c662376560cf364a3119e6adf57047528d880e64ae6a1329c72cc9b5f1616e8be77a98fef0dffd

memory/4716-46-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4760-47-0x0000000000400000-0x000000000041F000-memory.dmp

memory/5884-48-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2988-49-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4896-58-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4884-59-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

MD5 95603374b9eb7270e9e6beca6f474427
SHA1 2448e71bcdf4fdbe42558745a62f25ed0007ce62
SHA256 4ff66e3c1e781d92abb757f537af13b1fb3fa167b86d330b7ed302728c7da53a
SHA512 d3987f207ad05e142d864b3ffe4ff6758d22b56f75d60ebcd79e0c760cf27106d7ff74bfbc7569389710e50602d3359b4ab20ddc14fbafcf526478dc85bfe593

C:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll

MD5 d04845fab1c667c04458d0a981f3898e
SHA1 f30267bb7037a11669605c614fb92734be998677
SHA256 33a8a6b9413d60a38237bafc4c331dfebf0bf64f8057abc335b4a6a6b95c9381
SHA512 ccd166dbe9aaba3795963af7d63b1a561de90153c2eaefb12f3e9f9ddebd9b1f7861ee76f45b4ef19d41ca514f3796e98b3c3660596730be8d8eb9e1048ef59e

C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

MD5 23efcfffee040fdc1786add815ccdf0a
SHA1 0d535387c904eba74e3cb83745cb4a230c6e0944
SHA256 9a9989644213043f2cfff177b907ef2bdd496c2f65803d8f158eae9034918878
SHA512 cf69ed7af446a83c084b3bd4b0a3dbb5f013d93013cd7f2369fc8a075fe05db511cfe6b6afdef78026f551b53ad0cb7c786193c579b7f868dd0840b53dbb5e9f

C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll

MD5 b94d0711637b322b8aa1fb96250c86b6
SHA1 4f555862896014b856763f3d667bce14ce137c8b
SHA256 38ac192d707f3ec697dd5fe01a0c6fc424184793df729f427c0cf5dfab6705fe
SHA512 72cdb05b4f45e9053ae2d12334dae412e415aebd018568c522fa5fe0f94dd26c7fe7bb81ccd8d6c7b5b42c795b3207dffa6345b8db24ce17beb601829e37a369

C:\Program Files (x86)\Internet Download Manager\idmfsa.dll

MD5 79fef25169ac0a6c61e1ed17409f8c1e
SHA1 c19f836fca8845adf9ae21fb7866eedb8c576eb8
SHA256 801d3a802a641212b54c9f0ef0d762b08bcca9ab4f2c8603d823a1c1bc38c75a
SHA512 49bf489d6836b4327c6ebad722f733f66722aadb89c4eac038231e0f340d48bb8c4fe7ce70437213a54e21bce40a4a564a72a717f67e32af09b3f9aa59050aab

C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll

MD5 597164da15b26114e7f1136965533d72
SHA1 9eeaa7f7de2d04415b8c435a82ee7eea7bbf5c8a
SHA256 117abaeb27451944c72ffee804e674046c58d769bd2e940c71e66edec0725bd1
SHA512 7a2d31a1342286e1164f80c6da3a9c07418ebeafb9b4d5b702c0f03065ee26949da22193eb403c8aeec012b6f1c5ff21179104943943302972492fcdccc850d9

C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll

MD5 13c99cbf0e66d5a8003a650c5642ca30
SHA1 70f161151cd768a45509aff91996046e04e1ac2d
SHA256 8a51ece1c4c8bcb8c56ca10cb9d97bff0dfe75052412a8d8d970a5eb6933427b
SHA512 f3733ef2074f97768c196ad662565b28e9463c2c8cf768166fed95350b21c2eb6845d945778c251093c00c65d7a879186843eb334a8321b9956738d9257ce432

C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

MD5 e032a50d2cf9c5bf6ff602c1855d5a08
SHA1 f1292134eaad69b611a3d7e99c5a317c191468aa
SHA256 d0c6d455d067e8717efe2cfb9bdcbeae27b48830fe77e9d45c351fbfb164716d
SHA512 77099b44e4822b4a556b4ea6417cf0a131ffb5ee65c3f7537ab4cdc9939f806b15d21972ea4d14a0d95cf946013b9997a9127d798016f68bcd957bbffdab6c11

C:\Program Files (x86)\Internet Download Manager\idmBroker.exe

MD5 e2f17e16e2b1888a64398900999e9663
SHA1 688d39cb8700ceb724f0fe2a11b8abb4c681ad41
SHA256 97810e0b3838a7dca94d73a8b9e170107642b064713c084c231de6632cb68a9c
SHA512 8bde415db03463398e5e546a89c73fff9378f34f5c2854a7c24d7e6e58d5cdf7c52218cb3fc8f1b4052ce473bb522a2e7e2677781bcdec3216284f22d65fc40b

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

MD5 4bd90f209b82c3ec374c59ec9044118c
SHA1 10b3d9d45c4de77b997c5f6abeee31dbc6bba796
SHA256 11f663edbeea5d54efbdcfd9fa5444ef217b5fc4a844f70c0f5d8455bfee7e25
SHA512 1c634160c8e1dc72f19724f784e0ef4ab705d047a940aeb8a9dc1a42bf81181fb479f074b1f9ccccb552f21958c23f9fb28385d8316d7d5b4fc3900dae766c2f

memory/4524-492-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Program Files (x86)\Internet Download Manager\idmvs.dll

MD5 e7ca61c2ee52033e38d6a4d607472e3a
SHA1 0fe77bd275f3e8a36ed1335e968d6bc11deda6ba
SHA256 a2e28177b51a556742a164955f8b62dcf2bdf848c2f6907fea0c92ee8e4ccddd
SHA512 7cc8a42e8eaa0a46d4cfdb1d22de234e3004e7e46dd196b7fefc315faaa48ceb6eb7faa6d4b0d6ce2e6f269f163cf80c37f68a3e8e8a3b56f914080d9ca824aa

C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll

MD5 a3c44204992e307d121df09dd6a1577c
SHA1 9482d8ffda34904b1dfd0226b374d1db41ca093d
SHA256 48e5c5916f100880e68c9e667c4457eb0065c5c7ab40fb6d85028fd23d3e4838
SHA512 f700cf7accab0333bc412f68cdcfb25d68c693a27829bc38a655d52cb313552b59f9243fc51357e9dccd92863deecb529cc68adbc40387aad1437d625fd577f1

C:\Program Files (x86)\Internet Download Manager\IDMNetMon64.dll

MD5 3ffb2e17429f183cd312509ae93eee93
SHA1 ed190aa09b5c8f7122afb02dd98c4c56d16f2a67
SHA256 836f1f880c0020f2821211c64f35c11c0cf4a044d06d4fa26a9c3c10cc6bd0fd
SHA512 bc32e9bca091179ecdad8dac68ff05848f7de0ce954e3fb7509f7a959317e1e7bc2d89d77a6ce3eb2534fa95c651709cc2a483470b2e55cabfc0bf63815d0071

memory/4452-541-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\SET69A4.tmp

MD5 f8f346d967dcb225c417c4cf3ab217a0
SHA1 daca3954f2a882f220b862993b0d5ddf0f207e34
SHA256 a54e0ac05254a464180e30f21a6b26651e7495427353bba9c246ba1d2388e7cc
SHA512 760c2914f3e937a2a3443a032cf74b68b6d24d082d0f50d65058a0fd87d8eeab229fb8d3105e442f0b3b0b2f3824439981951266425512e51e7ff36669a652fa

C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\SET69A3.tmp

MD5 d5e0819228c5c2fbee1130b39f5908f3
SHA1 ce83de8e675bfbca775a45030518c2cf6315e175
SHA256 52818c67be219bc3b05c58b40e51b99a65c2f4bcafe38a995610b4ec10928def
SHA512 bb397004f2256db781385de3e7e7b7993be8fbb2cb701ead99a7878c2bcca6c9ae4a7aa61c329aeeb6711c8c74081e971e85af38af6b32b58888c932fd51d218

C:\Windows\System32\DriverStore\Temp\{ac4d359a-d865-6f44-bc0c-b053c1bd1d6e}\SET6992.tmp

MD5 7d55ad6b428320f191ed8529701ac2fa
SHA1 515c36115e6eba2699afbf196ae929f56dc8fe4c
SHA256 753a1386e7b37ee313db908183afe7238f1a2aec5e6c1e59e9c11d471b6aaa8d
SHA512 a260aae4ff4f064b10388d88bb0cb9ea547ed0bc02c88dc1770935207e0429471d8cd60fcc5f9ee51ecd34767bf7d44c75ea6fbe427c39cc4114aad25100f40d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\datareporting\glean\pending_pings\39ee2a5f-927a-4603-845d-dd7d27b74930

MD5 4659dc66535a226451f8cfd16d8264c6
SHA1 e72abcc31af8ffa16de5274ddd445f352b825471
SHA256 ee2a857e211f75cb49a1cb328a918a957ee528491746043dd3823fe03cdaae38
SHA512 2e44d775790ff16937699c9f6a442175cf69beb5fe143de13b19d32d8974608664f3d3f6c981064bdfcf3ad0ddf1a93548900ad4b7d0ef43573627ad1ee07030

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\datareporting\glean\pending_pings\81c2b5a4-8dfd-4961-9ff3-14bfd367b25e

MD5 29de03698b1d0b0f85c44c77da1c8afb
SHA1 b558e600cf037d2e56f3e49941999b8e246a04fd
SHA256 71a977826c65957f83d7c3eee609c393dce944e30c895220a8cb64b70abc8ab1
SHA512 a286b8fa7417951e958827879465075c536146caddf456c67a33ae85494b3367ea744822301346669983907f81cf5c1109a58cd450521779baa5bf27464b0330

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\datareporting\glean\pending_pings\2ebf672b-cd15-4436-a44b-9ab4b43a9d39

MD5 38d0b9edaf536ce4c3c01efc32bb906d
SHA1 2cc32f8ddd7c1b3bafc879124e6e03cd4b06aa4b
SHA256 117d92e1ab289cf8590ff97e62f4d5562a7f60c8978a1e1929c22c7f8e20bdc4
SHA512 9d1294f7e9cfa60d18992b0e7f132fb32dbe279b23d93ce95ef2095077db027e983617999ac86c059291e203071c369f306c38f2629154194aa186484bf6a0af

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\datareporting\glean\pending_pings\b14baacd-b41b-4327-936e-2f606a8a8698

MD5 ab10199e6c8227cd3bd203e2a0ae103c
SHA1 1aa228555d7660e24cd7548384404e380197d5d5
SHA256 0d178aa40fd6e71bfcb7befa987b042d610866b97d24751e3c51039898786a7b
SHA512 e6570dc436ccf0be9688924979ecdabaf5b874401754a4a4797f1d370b8e6a38292704ec59f2e580b2d53bded8b0c306835ad8a138f5d8720c71b3d9261231cd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\datareporting\glean\pending_pings\9bda6808-98a0-4f95-a120-493b96acc635

MD5 5953a2b9d1beb10034d4c07af3606d48
SHA1 3f5f54b36c9ec2c38705712e9ea2eece4fd6b2c1
SHA256 2b90208a896bb473142c9d5ca27d3fd0b7658e3debcfcd3045b31cb89781ca45
SHA512 07e16622a8178cef10cb8c7dcffd1ca944f9a7869c644411907b53bd3cbfd99ab1910cfd881dbfdf057604526d1eef5d70734be5f487bbe6cf145b4b0a418cff

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\activity-stream.discovery_stream.json

MD5 29bbc2a3e7c2cc476db9c31e001ac4f9
SHA1 e44699ba7d6479b0a350c5f96d65d1cb67a5cc10
SHA256 46e7edf72246fa0d6931cfed239ab1d6bb7296e0a80f98e04b81d20d6f82f8de
SHA512 5bab28ec1a5ddc7f1ff02e43ac950eb450fe337940a4118ffd50a32ce9a2dceef0ee3338dcc23a3da20abfb3c034280ce0e25b83990ef1d4cf5f7be0f693f3c4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\datareporting\glean\pending_pings\4818ebf8-2f1c-4fca-a537-f01ca9aaa089

MD5 fe9ba87cd2f8b163add3ff2ce8b6e856
SHA1 09c9e8e5853b9776bc84722a39e7c1d15b6d0445
SHA256 27ca94bfd3c9e73b5019ab1e8191764075d160bd589429f8df3844842f9f988d
SHA512 99f6af311f5a9980a2c827358f16d5fb412663db2be362b92ed09e8536cdb6cd25ad4eecca195f64f8cbb43b0cdbacd2fc69f162d0928fd4fc067a1e5a94e890

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\datareporting\glean\events\events

MD5 88727251a528131cb5653fbf056ca4f7
SHA1 64c34bed8eb47b9234043ffd345b607cc0c36ab1
SHA256 dbf989b5501a4144afdacb9b5db4f70379d4cb2aba131f23e827aa582c463f0a
SHA512 9e4cc2524db08912188a4b159105f533a88caac579e00756dd83c4b5de627e66c27aff0c34db950cf2c4ac3b5d94c9a7fc980775c778dd6080f7ff7b5f58eba1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\datareporting\glean\db\data.safe.tmp

MD5 3d258df7e1ea771a00b06efac04e2d98
SHA1 53b37e93b5527e411696a1a8ac03eaea0da3c1d1
SHA256 cf519c167019692d267cc31f3fe45668e9959d2fcaadce6bcac5573e83835273
SHA512 93ea7608eec6293916cec48f20ff74a1609c2c4ac7cb58b65d0c905b8b2209e4495ea2a826db027aff29c7acc81c01e738ffd7110f08ce0f77edbcce90b899d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\datareporting\glean\db\data.safe.tmp

MD5 91e91412465dbc8ed0b940fdfa7df687
SHA1 62505ff1bd8d2f8d16dadc88c5a2240c6b818f3a
SHA256 8b10caab35d1e808597274ee76725f48002a2fd427e592657ded67748eeb0562
SHA512 98494781781a2af5b2d85cc0549d4daebe2e32b3b6903530ff5c26efc3ed4080dac618147eefe5ab7d3c6c29e39bab53f7e22b1515f0845303a077f4300f287b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\prefs.js

MD5 7f2e01ad855b0c9ff1fbf907f47e1d8e
SHA1 491539a9703ac4f953d7ebf736cc80ab7c2f4601
SHA256 dd9115ff117372375572854b6c1b6519d5072899ceb2e4b19e2e14c90c280c92
SHA512 d688891fcfba468726ce48303c33da058a2ecfde66350b05ae04e40dfa7953d8bd6360d361e945485e9b300b8754258d1144dfd0d61182659a9827a80aa07d97

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\AlternateServices.bin

MD5 4b169a2359b2d8bdc7a2870279c03a4b
SHA1 817709a87b9597f85770a242e7ca0d56575251fb
SHA256 73c6b640f8b6f55d1c9fcfb8014501c5b0b7de70aff9aa1d4ca63430a434fd36
SHA512 ec1dddadb3fba91e88b90d0db7d5e8c0209b8f3a5a7b2691c1134a595ba1ec022bdc0dc64d9232a6c288ac64c7166d32efefa8e6a2a63d55c9fc4c81718b7b42

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\prefs-1.js

MD5 bc1fe76c543c29385d7a2ad32c08e09b
SHA1 c982e74d97701e94949c2e30c7c14c5a11336767
SHA256 1c3c1142ebc305ab57fa2e8f51336d77037dc2097f92250884cb3c8a6aa79574
SHA512 90763a7dccf4c59cbd91338ed6785c0ba81709b097feee6bb224cc9f1556d1b63466e41e66ccb6da988ecf55c71c707a60ea73bbe4182427175d4ab72135727e

memory/4452-1035-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe

MD5 d44f8056ffd0f578d97639602db50895
SHA1 58db1b4cae795038c58291fa433d974e319b2765
SHA256 a4fda3af1c386028b46629e6f5113b36aab7e76278ea6683b82eb575dfb9be7b
SHA512 e38f4cd19f3a5a227f2a15ff4f5c360125393980812969190435420fde90b5b25ec13c4f79ae5d4bf02f4bdb043a9d9e9e59ee92ca01ce1fcb1fbf327e37996f

C:\Users\Admin\AppData\Roaming\IDM\defextmap.dat

MD5 4be225f5ed8575cb3e70847863026660
SHA1 852fbb7d2739afe764613d45dc6f2234bc50f213
SHA256 9d1f79719b84eec484602b501d3d9eab89336c25b6d0cc586957bc2e10e845a1
SHA512 82ab7efa6f900229d8dae2d72ab039651b8af853b1128b36bf172109f8456c6cd3afdfa3ebbec86624c91cf4db55181bf30befe90195b0f2b7ae782d8e090596

C:\Users\Admin\AppData\Roaming\IDM\urlexclist.dat

MD5 3cf29c53c8d733d26794661e477fb5b9
SHA1 94eae66f2a322b5a4c1a6584c036e7b3b88fd2ac
SHA256 9efd5d506f16932728de5c0fb7dc0e4b75713920bbcefb108a610c6c1ae45430
SHA512 2321fe2f6188cb2590ec2793145f75e1666c41221b29c1d18358311d378f86f2e5a6575028accfc721f9db3e2b27981d857d556bdddd32bf6ea1233af355d94c

memory/4492-1059-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl

MD5 5e555f385b402c3165f0e0a3dafba79d
SHA1 cdf96d54736cecb2ea9777a2b38db1c5b79ea875
SHA256 f5dd03cc85bb71f8c3efdb45cfe763a12c7ee7b8d8cc8743b46caec51e54af19
SHA512 0377d2ed8083a1e2b94bd3131ab0cb1aad52138fc397638bf84a0196ef54832daaed47564fb33569d8231b749fa8c5ff48a59622991178f6b210b8ddef028886

memory/4492-1073-0x0000000000400000-0x000000000042B000-memory.dmp

memory/4480-1075-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4720-1076-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\cache2\entries\C9AD8D046AE823121AEB5E0FE6D1B61D65686C5C

MD5 a8fa4991d7816207b297bcb99801b0e2
SHA1 8e20dda5aba71eab5c3300749ec47842208907c5
SHA256 ba7ccab809810c68e7a675d050370c8845c0a2584bf5bd345b5aec1d48227d7d
SHA512 518f0809d09172a6cfc907543b90dd5ce3e4f911f5c218383b6cd261841352f2305492632aefab29f54a1acb1c9fe75696d3becf0dc5114b37b70d85c49a973c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\sessionstore-backups\recovery.baklz4

MD5 e379a58ad2d26aade8f65ea9783aa03c
SHA1 5d8585b11314bf5f84e65f8a67270af3b2307c0e
SHA256 fdedfc2a79ff78464a60d68567195a4702280b50ff6bdc489fbfe5e0092c8b27
SHA512 f866b72375845bb32800942d250d7e91fab8b750a87c938fc8c2fa01b2050fd48b04157d0b7d4942137f72523e8581a208f21d0fdd4aa6461db4ce938f37b048

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\prefs-1.js

MD5 5697721169f4044ca6bf135448001e57
SHA1 ffdc4259e8c83d332bbc24e2e927642e888394a3
SHA256 2a08a79e2b7f567de38e69cb011e15dacdd2868cce54bf5af162820fd1b4a0db
SHA512 fc722ad309d3b92cc8cf524ad4a9b421661b79de79dea0d208650150f1ed296e3a801aed220f36e14b38e389096aa850bf1284bc8fa2fd1d74b2da4f112f5f45

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\cache2\entries\CD39AD244C65ED2DD0F139D0BABEEB26DFBD83CC

MD5 e025a907ba2519124f7698bf80c082e9
SHA1 4f131e90883b4f22313e023145fd41b1dc3690a1
SHA256 40b41ee32028fb05bd049b1da18ab12517b4dee5c30c044d6f53cd5bd37c5207
SHA512 f88ef337ccac0b6cce549ad54f185d95257a968833270a3b67672873e1ddc68899e71bc1b597cf57c40726e922245fd619636d63905bc70b1058784c758d6512

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 25e8156b7f7ca8dad999ee2b93a32b71
SHA1 db587e9e9559b433cee57435cb97a83963659430
SHA256 ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986
SHA512 1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\extensions.json

MD5 f678b340816a867eb32902b93ea52281
SHA1 d2e56699e7ef15d6835d14bd765865acb4275c89
SHA256 46bc015730d19c99b619e663c3b621ee83c73050ea43a574708c6e1e12e10524
SHA512 64fe6675e79745f3ccb99245144241352235b70275f45ff174f9e2dd9df4b10a2d7b7e68a37513a1bb0b0956840b33622b97c2602d5a20153aa247b9b48c58d9

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 e690f995973164fe425f76589b1be2d9
SHA1 e947c4dad203aab37a003194dddc7980c74fa712
SHA256 87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171
SHA512 77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

MD5 ae29912407dfadf0d683982d4fb57293
SHA1 0542053f5a6ce07dc206f69230109be4a5e25775
SHA256 fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6
SHA512 6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

MD5 626073e8dcf656ac4130e3283c51cbba
SHA1 7e3197e5792e34a67bfef9727ce1dd7dc151284c
SHA256 37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651
SHA512 eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 bcceccab13375513a6e8ab48e7b63496
SHA1 63d8a68cf562424d3fc3be1297d83f8247e24142
SHA256 a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9
SHA512 d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

MD5 32aeacedce82bafbcba8d1ade9e88d5a
SHA1 a9b4858d2ae0b6595705634fd024f7e076426a24
SHA256 4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce
SHA512 67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x8h9ktxo.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

MD5 1b32d1ec35a7ead1671efc0782b7edf0
SHA1 8e3274b9f2938ff2252ed74779dd6322c601a0c8
SHA256 3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648
SHA512 ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-03 05:28

Reported

2025-07-03 05:31

Platform

win11-20250610-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe"

Signatures

Modifies visiblity of hidden/system files in Explorer

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" \??\c:\windows\resources\svchost.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\idmwfp.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\idmwfp.sys C:\Windows\system32\DrvInst.exe N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Windows\CurrentVersion\Run\IDMan = "C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe /onboot" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\themes\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO" \??\c:\windows\resources\svchost.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv = "grpconv -o" C:\Windows\system32\RUNDLL32.EXE N/A

Checks installed software on the system

discovery

Installs/modifies Browser Helper Object

stealer adware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM Helper" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}\NoExplorer = "1" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\Temp\{c7628e82-f492-cc44-b8f6-df12b6754481}\SETF6A6.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{c7628e82-f492-cc44-b8f6-df12b6754481} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\themes\explorer.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{c7628e82-f492-cc44-b8f6-df12b6754481}\SETF695.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{c7628e82-f492-cc44-b8f6-df12b6754481}\SETF696.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{c7628e82-f492-cc44-b8f6-df12b6754481}\idmwfp.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\SysWOW64\explorer.exe \??\c:\windows\resources\svchost.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{c7628e82-f492-cc44-b8f6-df12b6754481}\idmwfp64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{c7628e82-f492-cc44-b8f6-df12b6754481}\SETF696.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{c7628e82-f492-cc44-b8f6-df12b6754481}\SETF6A6.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp64.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{c7628e82-f492-cc44-b8f6-df12b6754481}\SETF695.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{c7628e82-f492-cc44-b8f6-df12b6754481}\idmwfp.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_large_3.bmp C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_th.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_large_3_hdpi15.bmp C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_es.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmcchandler7.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMSetup2.log C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_cz.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_sk.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMShellExt.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idman.chm C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmmkb.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_src.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_cz.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_cz.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\scheduler.chm C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_iw.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmvs.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmindex.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmvconv.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_gr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_hu.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_hu.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmfc.dat C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_ug.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IEGetVL2.htm C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Toolbar\3d_style_3.tbi C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_pt.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_bg.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_sk.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmnmcl.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_kr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_chn2.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.json C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMEdgeExt.crx C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_mm.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_sr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmcchandler2.dll C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
File created C:\Program Files (x86)\Internet Download Manager\idmfsa.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_th.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMFType.dat C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_sk.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmwfp.inf C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmtdi64.sys C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMMsgHost.exe C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmcchandler2_64.dll C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_fr.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmtdi32.sys C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\IDMOpExt.nex C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_sw.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_ge.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmantypeinfo.tlb C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_ptbr.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\idmwfp.cat C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\idm_pl.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_fa.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\inst_dk.lng C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
File created C:\Program Files (x86)\Internet Download Manager\Languages\tips_vn.txt C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Resources\Themes\icsys.icn.exe C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
File opened for modification \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\RUNDLL32.EXE N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Resources\tjud.exe \??\c:\windows\resources\themes\explorer.exe N/A
File opened for modification \??\c:\windows\resources\themes\explorer.exe C:\Windows\Resources\Themes\icsys.icn.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\themes\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Resources\Themes\icsys.icn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\spoolsv.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe  N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\windows\resources\themes\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\Uninstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_HL-DT-ST_DVD+-RW\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_HL-DT-ST_DVD+-RW\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\runonce.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Windows\system32\runonce.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\contexts = "243" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM\ = "C:\\Program Files (x86)\\Internet Download Manager\\IEExt.htm" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppName = "IEMonitor.exe" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\DownloadUI = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}\AppName = "IDMan.exe" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}\AppPath = "C:\\Program Files (x86)\\Internet Download Manager" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\AppName = "idmBroker.exe" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}\AppName = "IDMan.exe" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-903960561-1545645218-4290906778-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}\Policy = "3" C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ = "IDM integration (IDMIEHlprObj Class)" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Control C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\ = "IIDMHelperLinksStorage" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor.1 C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BC69364C-34D7-4225-B16F-8595C743C775}\TypeLib C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\ = "IIDMEFSAgent3" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{42FD0451-B21A-4EE0-8B4F-6F2DA05F6FD1}\ProxyStubClsid32\ = "{C950922F-897A-4E13-BA38-66C8AF2E0BF7}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib\ = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{28670AE0-CAF4-4836-8418-0F456023EBF7}\ = "IIDMEFSAgent5" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage.1\CLSID\ = "{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0 C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib\ = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{42FD0451-B21A-4EE0-8B4F-6F2DA05F6FD1}\NumMethods\ = "18" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Internet Download Manager" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32\ = "C:\\Program Files (x86)\\Internet Download Manager\\idmfsa.dll" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMIEHlprObj\CLSID\ = "{0055C089-8582-441B-A0BF-17B458C2A3A8}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMIECC.IDMHelperLinksStorage\CLSID\ = "{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor.1\Insertable C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib\ = "{6A89524B-E1B6-4D71-972A-8FD53F240936}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMGetAll.IDMAllLinksProcessor\ = "IDMAllLinksProcessor Class" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32\ = "C:\\Program Files (x86)\\Internet Download Manager\\downlWithIDM.dll" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DownlWithIDM.LinkProcessor\CurVer C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47} C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\NumMethods\ = "14" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\ = "IDM Shell Extension" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID\ = "IDMGetAll.IDMAllLinksProcessor.1" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\TypeLib C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\ROTFlags = "1" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\TypeLib C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{3C085E26-7DF6-4A34-ADA6-877D06BAE9A8} C:\Program Files (x86)\Internet Download Manager\idmBroker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\regsvr32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32 C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ = "IDMHelperLinksStorage Class" C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ = "VLinkProcessor Class" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\IDMan.CIDMLinkTransmitter\CLSID\ = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\Elevation\Enabled = "1" C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038} C:\Windows\system32\regsvr32.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp N/A
Token: SeRestorePrivilege N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\RUNDLL32.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\RUNDLL32.EXE N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\regsvr32.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A C:\Windows\Resources\Themes\icsys.icn.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\spoolsv.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A \??\c:\windows\resources\themes\explorer.exe N/A
N/A N/A \??\c:\windows\resources\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A
N/A N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2932 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 
PID 2932 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 
PID 2932 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 
PID 2932 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 2932 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 2932 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe C:\Windows\Resources\Themes\icsys.icn.exe
PID 668 wrote to memory of 4940 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 668 wrote to memory of 4940 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 668 wrote to memory of 4940 N/A C:\Windows\Resources\Themes\icsys.icn.exe \??\c:\windows\resources\themes\explorer.exe
PID 4152 wrote to memory of 5048 N/A \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe  C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
PID 4152 wrote to memory of 5048 N/A \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe  C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
PID 4152 wrote to memory of 5048 N/A \??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe  C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
PID 4940 wrote to memory of 4976 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 4940 wrote to memory of 4976 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 4940 wrote to memory of 4976 N/A \??\c:\windows\resources\themes\explorer.exe \??\c:\windows\resources\spoolsv.exe
PID 4976 wrote to memory of 5272 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 4976 wrote to memory of 5272 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 4976 wrote to memory of 5272 N/A \??\c:\windows\resources\spoolsv.exe \??\c:\windows\resources\svchost.exe
PID 5272 wrote to memory of 2404 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 5272 wrote to memory of 2404 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 5272 wrote to memory of 2404 N/A \??\c:\windows\resources\svchost.exe \??\c:\windows\resources\spoolsv.exe
PID 556 wrote to memory of 1992 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\themes\explorer.exe
PID 556 wrote to memory of 1992 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\themes\explorer.exe
PID 556 wrote to memory of 1992 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\themes\explorer.exe
PID 4308 wrote to memory of 4948 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\svchost.exe
PID 4308 wrote to memory of 4948 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\svchost.exe
PID 4308 wrote to memory of 4948 N/A C:\Windows\system32\cmd.exe \??\c:\windows\resources\svchost.exe
PID 5048 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 5048 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 5048 wrote to memory of 3772 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 5048 wrote to memory of 5872 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 5048 wrote to memory of 5872 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 5048 wrote to memory of 5872 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 5048 wrote to memory of 5288 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 5048 wrote to memory of 5288 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 5048 wrote to memory of 5288 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Windows\SysWOW64\regsvr32.exe
PID 3772 wrote to memory of 3700 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 3772 wrote to memory of 3700 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5872 wrote to memory of 1592 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5872 wrote to memory of 1592 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5288 wrote to memory of 2324 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5288 wrote to memory of 2324 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5048 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
PID 5048 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
PID 5048 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
PID 5048 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PID 5048 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PID 5048 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PID 2848 wrote to memory of 4904 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2848 wrote to memory of 4904 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2848 wrote to memory of 4904 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2848 wrote to memory of 5268 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2848 wrote to memory of 5268 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2848 wrote to memory of 5268 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2848 wrote to memory of 1128 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2848 wrote to memory of 1128 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2848 wrote to memory of 1128 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2848 wrote to memory of 5064 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2848 wrote to memory of 5064 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2848 wrote to memory of 5064 N/A C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4904 wrote to memory of 4964 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 4904 wrote to memory of 4964 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5268 wrote to memory of 5060 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe
PID 5268 wrote to memory of 5060 N/A C:\Windows\SysWOW64\regsvr32.exe C:\Windows\system32\regsvr32.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe

"C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe"

\??\c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 

c:\users\admin\appdata\local\temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 

C:\Windows\Resources\Themes\icsys.icn.exe

C:\Windows\Resources\Themes\icsys.icn.exe

\??\c:\windows\resources\themes\explorer.exe

c:\windows\resources\themes\explorer.exe

C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp

"C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp" -d "C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\"

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe SE

\??\c:\windows\resources\svchost.exe

c:\windows\resources\svchost.exe

\??\c:\windows\resources\spoolsv.exe

c:\windows\resources\spoolsv.exe PR

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\resources\svchost.exe RO

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c c:\windows\resources\themes\explorer.exe RO

\??\c:\windows\resources\themes\explorer.exe

c:\windows\resources\themes\explorer.exe RO

\??\c:\windows\resources\svchost.exe

c:\windows\resources\svchost.exe RO

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Program Files (x86)\Internet Download Manager\idmBroker.exe

"C:\Program Files (x86)\Internet Download Manager\idmBroker.exe" -RegServer

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html

C:\Program Files (x86)\Internet Download Manager\Uninstall.exe

"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv

C:\Windows\system32\RUNDLL32.EXE

"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1952 -prefsLen 27097 -prefMapHandle 1956 -prefMapSize 270279 -ipcHandle 2040 -initialChannelId {00119b70-5ba1-4229-b521-fad7eee72dac} -parentPid 4496 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4496" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{c34b8fb7-ea32-864d-8be6-3bf562216f3b}\idmwfp.inf" "9" "4fc2928b3" "0000000000000140" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files (x86)\Internet Download Manager"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2424 -prefsLen 27133 -prefMapHandle 2428 -prefMapSize 270279 -ipcHandle 2436 -initialChannelId {a39f14c0-a71c-4f80-bfa8-4407b08c3115} -parentPid 4496 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4496" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket

C:\Windows\system32\DrvInst.exe

DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "0000000000000160" "WinSta0\Default"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c grpconv -o

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\system32\grpconv.exe

grpconv -o

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3816 -prefsLen 25164 -prefMapHandle 3820 -prefMapSize 270279 -jsInitHandle 3824 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3832 -initialChannelId {d2ec6e0c-e2e2-4bcf-96b0-6a55bce43f28} -parentPid 4496 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4496" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4008 -prefsLen 27274 -prefMapHandle 4012 -prefMapSize 270279 -ipcHandle 4080 -initialChannelId {a574a0f3-adf5-409b-813b-7898c2306727} -parentPid 4496 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4496" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3020 -prefsLen 34773 -prefMapHandle 1540 -prefMapSize 270279 -jsInitHandle 3304 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3192 -initialChannelId {6d4631ff-04dc-429a-9b0f-a2219b03b258} -parentPid 4496 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4496" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5040 -prefsLen 35010 -prefMapHandle 5056 -prefMapSize 270279 -ipcHandle 5064 -initialChannelId {7b01ef5b-f692-4b44-b18a-493049e942da} -parentPid 4496 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4496" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5468 -prefsLen 35062 -prefMapHandle 5472 -prefMapSize 270279 -jsInitHandle 5476 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5452 -initialChannelId {6a397be7-c804-46b1-9722-a590ee65b54a} -parentPid 4496 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4496" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5596 -prefsLen 32952 -prefMapHandle 5488 -prefMapSize 270279 -jsInitHandle 2460 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5496 -initialChannelId {1db4c0d8-c0a2-46fd-afcd-48abdda61112} -parentPid 4496 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4496" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5772 -prefsLen 32952 -prefMapHandle 5776 -prefMapSize 270279 -jsInitHandle 5780 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5788 -initialChannelId {199f7337-3f23-44cf-9be9-cdf3c1a746f4} -parentPid 4496 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4496" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5984 -prefsLen 32952 -prefMapHandle 5988 -prefMapSize 270279 -jsInitHandle 5992 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6008 -initialChannelId {d554fb85-03e6-4b1b-9636-df4138c3e71c} -parentPid 4496 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4496" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe

"C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe"

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" -Embedding

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Program Files (x86)\Internet Download Manager\Uninstall.exe

"C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv

C:\Windows\system32\RUNDLL32.EXE

"C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf

C:\Windows\system32\DrvInst.exe

DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\idmwfp.inf_amd64_8b0ebbc2b4585464\idmwfp.inf" "0" "4fc2928b3" "000000000000016C" "WinSta0\Default"

C:\Windows\system32\runonce.exe

"C:\Windows\system32\runonce.exe" -r

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe" -o

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\net.exe

"C:\Windows\System32\net.exe" start IDMWFP

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 start IDMWFP

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

C:\Windows\system32\regsvr32.exe

/s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.internetdownloadmanager.com udp
US 169.61.27.133:443 secure.internetdownloadmanager.com tcp
US 169.61.27.133:443 secure.internetdownloadmanager.com tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 merino.services.mozilla.com udp
US 34.36.137.203:443 mc.prod.ads.prod.webservices.mozgcp.net udp
US 34.36.137.203:443 mc.prod.ads.prod.webservices.mozgcp.net udp
US 34.110.138.217:443 merino.services.mozilla.com udp
US 8.8.8.8:53 addons.mozilla.org udp
US 151.101.65.91:443 addons.mozilla.org tcp
US 151.101.65.91:443 addons.mozilla.org tcp
US 8.8.8.8:53 cloudflare-dns.com udp
US 34.107.221.82:80 detectportal.firefox.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com udp
N/A 127.0.0.1:50325 tcp
N/A 127.0.0.1:50386 tcp
US 35.190.72.216:443 location.services.mozilla.com udp
US 151.101.131.19:443 mozilla-download.fastly-edge.com tcp
FI 62.115.252.122:80 ciscobinary.openh264.org tcp
US 34.104.35.123:443 edgedl.me.gvt1.com tcp
US 169.61.27.133:443 registeridm.com tcp

Files

memory/2932-0-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2025-07-03_0f57924ddfed66ab424aa46d47be0828_elex_rhadamanthys_stop_swisyn.exe 

MD5 85411533ad487aaae811a7502d6eee15
SHA1 5579a22f8e415ce186a7f547de47761493e68af5
SHA256 28125dfe798eef1bdf40e36ef5ef70573def5f439cfbf673cfc22c3a8cd75610
SHA512 4f1e74ac61fc8c8a3c00a6c0f8113b3332468d23ea687a2d496deda9dfa2cab34fc0784cbc6886cbba64bec4eb906f9f93cea572bca479fa3e2c950596e1ff69

C:\Windows\Resources\Themes\icsys.icn.exe

MD5 b6c42a057794db20c7c2f59861879bf0
SHA1 cf8af3c20e5239d21ef50c980871f4f275157a99
SHA256 38cd5fa4d593c4b3907e28c29071ff05c75be65ed6a21822ef89a7b75fb94302
SHA512 c91e6b2ab85169bd2d29bfbf7ecb48bba2a5744146cdb2879e41c7736b109541165d716c769f2c9cc0ddd524283823c0062823f517f7a2fd33240243a83ff329

C:\Windows\Resources\Themes\explorer.exe

MD5 a6bce5f918100ec53d5608957d59aec0
SHA1 4184e0a0da1cc14fda402e1956922e019833f035
SHA256 c1b4ffaf69c21c4f37ef911b4b68439a8341013320ad40bbec24a9ef23a65bb2
SHA512 f83131d6d202030973d27e9805fc964c70e39e0f9b2736d36a3bc491c70478511046c2b690b5ca909b822b10f90381fc35c4e5da9b857214b9f344545c2b5c55

memory/4940-20-0x0000000000400000-0x000000000041F000-memory.dmp

memory/5048-25-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp

MD5 1c734d0ded634d8e17a87aba3d44f41d
SHA1 4974769d1b1442c48dd6b6fb8b3741df36f21425
SHA256 645ee6e64ed04825b25964d992d0205963498bb9d61f5a52be7e76ddb2074003
SHA512 20239782f4e30157fdfc02a3793ac7bde7ed74400de4cffa812805d680789ea7be5c2c765924d32f74807d80100cccc14b453d3d7e006dd4aeee60dec98af4c9

C:\Windows\Resources\spoolsv.exe

MD5 bc243f288bde741d11357be7adcd03c2
SHA1 7bc2dc8cb74e9f2c2da9f58fe2250d5bb3e5444a
SHA256 5f53d3c45676d04bf76fb503635a9f914ca916ab3706f4a374eda040b4d7c9ad
SHA512 23a17d2e10ec0270cc98b1685b2d6f62d6f38603e8349ea4e042d556b8faeefd40a94238a74785f13fae5cf854e4403ac8d0e295594df605a9ac90b97b90ebfe

C:\Windows\Resources\svchost.exe

MD5 59a2bc12e5ecc17d82715111b832d309
SHA1 7fde930d3f64300f6fbc686fda2379b6070e6f3c
SHA256 fec66ea24cc39b54ba7ec5fc79593373183c7ba36d24d6a18694ed9d8be6524c
SHA512 10e77ba82e03f8371ea5a4f9932d6568a3fa2e649d84b34f5967d5765a970577eeb1d74615b02116fefb8a077a77bb0e3d260c8b6de498c8cdb00bce4f2fb798

memory/2404-46-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4976-47-0x0000000000400000-0x000000000041F000-memory.dmp

memory/2932-49-0x0000000000400000-0x000000000041F000-memory.dmp

memory/668-48-0x0000000000400000-0x000000000041F000-memory.dmp

memory/1992-58-0x0000000000400000-0x000000000041F000-memory.dmp

memory/4948-59-0x0000000000400000-0x000000000041F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

MD5 d0b3f5b0ac6ffe251d2a0d93150cf2f5
SHA1 ac3565b7da1198595b587e0a2015bc73be815ff3
SHA256 c9a75d2f6a98076c64a823a33bc6e92960f4a54e207505594781d8f35c539f76
SHA512 9a0e6f8fa53afecfea7ef4a0500b733306f996c7f4a406573845e6076a47e4c47a6a104b83bafd98adea49705446fd1eb46ae7ee7f2a82456a39fbd28d9d0b85

C:\Users\Admin\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log

MD5 95603374b9eb7270e9e6beca6f474427
SHA1 2448e71bcdf4fdbe42558745a62f25ed0007ce62
SHA256 4ff66e3c1e781d92abb757f537af13b1fb3fa167b86d330b7ed302728c7da53a
SHA512 d3987f207ad05e142d864b3ffe4ff6758d22b56f75d60ebcd79e0c760cf27106d7ff74bfbc7569389710e50602d3359b4ab20ddc14fbafcf526478dc85bfe593

C:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll

MD5 d04845fab1c667c04458d0a981f3898e
SHA1 f30267bb7037a11669605c614fb92734be998677
SHA256 33a8a6b9413d60a38237bafc4c331dfebf0bf64f8057abc335b4a6a6b95c9381
SHA512 ccd166dbe9aaba3795963af7d63b1a561de90153c2eaefb12f3e9f9ddebd9b1f7861ee76f45b4ef19d41ca514f3796e98b3c3660596730be8d8eb9e1048ef59e

C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

MD5 23efcfffee040fdc1786add815ccdf0a
SHA1 0d535387c904eba74e3cb83745cb4a230c6e0944
SHA256 9a9989644213043f2cfff177b907ef2bdd496c2f65803d8f158eae9034918878
SHA512 cf69ed7af446a83c084b3bd4b0a3dbb5f013d93013cd7f2369fc8a075fe05db511cfe6b6afdef78026f551b53ad0cb7c786193c579b7f868dd0840b53dbb5e9f

C:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll

MD5 b94d0711637b322b8aa1fb96250c86b6
SHA1 4f555862896014b856763f3d667bce14ce137c8b
SHA256 38ac192d707f3ec697dd5fe01a0c6fc424184793df729f427c0cf5dfab6705fe
SHA512 72cdb05b4f45e9053ae2d12334dae412e415aebd018568c522fa5fe0f94dd26c7fe7bb81ccd8d6c7b5b42c795b3207dffa6345b8db24ce17beb601829e37a369

C:\Program Files (x86)\Internet Download Manager\idmfsa.dll

MD5 79fef25169ac0a6c61e1ed17409f8c1e
SHA1 c19f836fca8845adf9ae21fb7866eedb8c576eb8
SHA256 801d3a802a641212b54c9f0ef0d762b08bcca9ab4f2c8603d823a1c1bc38c75a
SHA512 49bf489d6836b4327c6ebad722f733f66722aadb89c4eac038231e0f340d48bb8c4fe7ce70437213a54e21bce40a4a564a72a717f67e32af09b3f9aa59050aab

C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

MD5 e032a50d2cf9c5bf6ff602c1855d5a08
SHA1 f1292134eaad69b611a3d7e99c5a317c191468aa
SHA256 d0c6d455d067e8717efe2cfb9bdcbeae27b48830fe77e9d45c351fbfb164716d
SHA512 77099b44e4822b4a556b4ea6417cf0a131ffb5ee65c3f7537ab4cdc9939f806b15d21972ea4d14a0d95cf946013b9997a9127d798016f68bcd957bbffdab6c11

C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll

MD5 597164da15b26114e7f1136965533d72
SHA1 9eeaa7f7de2d04415b8c435a82ee7eea7bbf5c8a
SHA256 117abaeb27451944c72ffee804e674046c58d769bd2e940c71e66edec0725bd1
SHA512 7a2d31a1342286e1164f80c6da3a9c07418ebeafb9b4d5b702c0f03065ee26949da22193eb403c8aeec012b6f1c5ff21179104943943302972492fcdccc850d9

C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll

MD5 13c99cbf0e66d5a8003a650c5642ca30
SHA1 70f161151cd768a45509aff91996046e04e1ac2d
SHA256 8a51ece1c4c8bcb8c56ca10cb9d97bff0dfe75052412a8d8d970a5eb6933427b
SHA512 f3733ef2074f97768c196ad662565b28e9463c2c8cf768166fed95350b21c2eb6845d945778c251093c00c65d7a879186843eb334a8321b9956738d9257ce432

C:\Program Files (x86)\Internet Download Manager\idmBroker.exe

MD5 e2f17e16e2b1888a64398900999e9663
SHA1 688d39cb8700ceb724f0fe2a11b8abb4c681ad41
SHA256 97810e0b3838a7dca94d73a8b9e170107642b064713c084c231de6632cb68a9c
SHA512 8bde415db03463398e5e546a89c73fff9378f34f5c2854a7c24d7e6e58d5cdf7c52218cb3fc8f1b4052ce473bb522a2e7e2677781bcdec3216284f22d65fc40b

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

MD5 4bd90f209b82c3ec374c59ec9044118c
SHA1 10b3d9d45c4de77b997c5f6abeee31dbc6bba796
SHA256 11f663edbeea5d54efbdcfd9fa5444ef217b5fc4a844f70c0f5d8455bfee7e25
SHA512 1c634160c8e1dc72f19724f784e0ef4ab705d047a940aeb8a9dc1a42bf81181fb479f074b1f9ccccb552f21958c23f9fb28385d8316d7d5b4fc3900dae766c2f

memory/5048-492-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Program Files (x86)\Internet Download Manager\idmvs.dll

MD5 e7ca61c2ee52033e38d6a4d607472e3a
SHA1 0fe77bd275f3e8a36ed1335e968d6bc11deda6ba
SHA256 a2e28177b51a556742a164955f8b62dcf2bdf848c2f6907fea0c92ee8e4ccddd
SHA512 7cc8a42e8eaa0a46d4cfdb1d22de234e3004e7e46dd196b7fefc315faaa48ceb6eb7faa6d4b0d6ce2e6f269f163cf80c37f68a3e8e8a3b56f914080d9ca824aa

C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll

MD5 a3c44204992e307d121df09dd6a1577c
SHA1 9482d8ffda34904b1dfd0226b374d1db41ca093d
SHA256 48e5c5916f100880e68c9e667c4457eb0065c5c7ab40fb6d85028fd23d3e4838
SHA512 f700cf7accab0333bc412f68cdcfb25d68c693a27829bc38a655d52cb313552b59f9243fc51357e9dccd92863deecb529cc68adbc40387aad1437d625fd577f1

C:\Program Files (x86)\Internet Download Manager\IDMNetMon64.dll

MD5 3ffb2e17429f183cd312509ae93eee93
SHA1 ed190aa09b5c8f7122afb02dd98c4c56d16f2a67
SHA256 836f1f880c0020f2821211c64f35c11c0cf4a044d06d4fa26a9c3c10cc6bd0fd
SHA512 bc32e9bca091179ecdad8dac68ff05848f7de0ce954e3fb7509f7a959317e1e7bc2d89d77a6ce3eb2534fa95c651709cc2a483470b2e55cabfc0bf63815d0071

C:\Users\Admin\AppData\Local\Temp\{C34B8~1\idmwfp.cat

MD5 d5e0819228c5c2fbee1130b39f5908f3
SHA1 ce83de8e675bfbca775a45030518c2cf6315e175
SHA256 52818c67be219bc3b05c58b40e51b99a65c2f4bcafe38a995610b4ec10928def
SHA512 bb397004f2256db781385de3e7e7b7993be8fbb2cb701ead99a7878c2bcca6c9ae4a7aa61c329aeeb6711c8c74081e971e85af38af6b32b58888c932fd51d218

C:\Users\Admin\AppData\Local\Temp\{C34B8~1\idmwfp64.sys

MD5 7d55ad6b428320f191ed8529701ac2fa
SHA1 515c36115e6eba2699afbf196ae929f56dc8fe4c
SHA256 753a1386e7b37ee313db908183afe7238f1a2aec5e6c1e59e9c11d471b6aaa8d
SHA512 a260aae4ff4f064b10388d88bb0cb9ea547ed0bc02c88dc1770935207e0429471d8cd60fcc5f9ee51ecd34767bf7d44c75ea6fbe427c39cc4114aad25100f40d

C:\Windows\System32\DriverStore\Temp\{c7628e82-f492-cc44-b8f6-df12b6754481}\SETF6A6.tmp

MD5 f8f346d967dcb225c417c4cf3ab217a0
SHA1 daca3954f2a882f220b862993b0d5ddf0f207e34
SHA256 a54e0ac05254a464180e30f21a6b26651e7495427353bba9c246ba1d2388e7cc
SHA512 760c2914f3e937a2a3443a032cf74b68b6d24d082d0f50d65058a0fd87d8eeab229fb8d3105e442f0b3b0b2f3824439981951266425512e51e7ff36669a652fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\datareporting\glean\pending_pings\2fbcfb59-974f-469e-a17e-f4466d6adb72

MD5 882ddaac7ca1b80a4f03000f6a4b401a
SHA1 f55ddb3de2ea4e6a9cb6d33aae05d3e049a4dc0e
SHA256 86707d3376914f73e96c7686a271cfbec46add14e9f52bc6218c4cb726844b14
SHA512 42c106149385c6a8f48879faf93a08c8c2d828bbb6fb0df0767aa49a17fbf06cca3f698f7bc6d947c97f8ec5a2d8ad5a166a817b54bfac58b378fb5f1c17770f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\activity-stream.discovery_stream.json.tmp

MD5 8664815c3c602cc6ca8f33ec6ce2b236
SHA1 2878c8799356d8d85e2307e1046a227cdd86f4d5
SHA256 d02109f9451dd8a4a3bad1059fab9d06726563a9587bd19da320cb3edd964a12
SHA512 d75ffcc5838c6821c21b6ac528393d4e07a9521e50e6351a50c2714ab8b15edeb5cbdce36585e804f547880c8f3051f4b89a6cff9028e224720a71a5f08327ec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\datareporting\glean\db\data.safe.tmp

MD5 65cde86cc7528e46c76e41c2894e0f30
SHA1 2a56a2c7d3cfb238015925524da750c8116806b4
SHA256 13a43cb6f3720d255b5efbfa57737b91980f27e38cc69b6150acd99ebc93e3f7
SHA512 05c869bf57ee90a55c3525e3c8c332cac59075f014aefe74078ab3461d734ef3d4359681eb90603e04cdeca9fe91fa31f167f0fc5702c5c7316d6751f072bea3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\datareporting\glean\pending_pings\eada3bab-ad33-4556-b7fd-dc35193b9ec4

MD5 885d1cc8581c053d006841017ba90ae2
SHA1 33ba4f79dcd081c25fbd60ba3ed49214de5a7427
SHA256 d5a429d6aa9ecc94904bc3f6bacbb92a0f1f565dafae73aa4e412651daae4e8e
SHA512 d60a58dd062eb83149f30dd104be004720485d8a063c6b02829a36aaa0afda68d27e07746d96654ec8287a229890d067e86fe7968eb49086b001f9c73b3d0e23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\datareporting\glean\events\events

MD5 75c9a90d31d50362ff6e5a16b26b1263
SHA1 387c86df900bc402974bd1c45d7f94b3d912d197
SHA256 69fa980e9f470054736a6126db8e98b3de0477083c9f1d9b13f262bedb2ca9e6
SHA512 d31f650d1541d88e01c3ef9b8909afb6f38d560a23cd549816528849e9b9622ae98fbab6b708eb6fe90b9ab358e85ab7df9756422ff349ca0e213f2d7dd6169a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\datareporting\glean\pending_pings\dfd5c8e0-f2fa-42ab-b42a-520210a0f566

MD5 c4e6b2d43039f4ffadcbab26bc24cc37
SHA1 e36a328f0cbe528252b775f142f97ccee00cfaed
SHA256 8c90d1c491da60da84b42bc8a2eec876fb4ae8e4e4c8c84ffdd01f2e5d490c2e
SHA512 ef90d4551490ca3c3852c057a40c33d5fc9b9746ee47dc104f488ff7db862d65bdd0531d8ed3a30309960ef9277facdc95189652aca85048039e38b59698a3de

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\datareporting\glean\pending_pings\47e469a6-e797-4a6d-b146-2d2160ac9fcd

MD5 9c64d252b54d42082a8a3aa620af2ffc
SHA1 ed38678c81bf64b34ed96067f1db0f3dc76b7eb2
SHA256 f4fa78e90846072783c67db3f784ed9ae0294334463dabbe62a4dd80279f39c7
SHA512 9065104731710a7dea1efda00cccc3b579d7ae9930364bc449ff491d1e6ba477a139640fd64f1f565af5614d6b80689f1371c70e9deab0767398ee6723b74f39

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\datareporting\glean\pending_pings\7526dafe-386a-4e9e-ad17-f6eb747f58a8

MD5 7501a3acd068eac46191ca9b09227b41
SHA1 619009f03b43f8d887c7ace96c509f2b56329994
SHA256 16bee6b78fb937c7d69cbbb7aa1e690404c3867ea59637d363da7c545ef80394
SHA512 38c3e5fc2dd1118e50c1bb08eca41c678eba9d4bd4c84d232524a5802644abaf96117d0ca669dbaaf9e2de828680ccc132cccdb7bd287360e4414f8ca63d4cdf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\datareporting\glean\pending_pings\960fd46a-94ca-4168-a061-99730e6e1b8d

MD5 ed2fc5b1076804d2da31f5fbd72cb0da
SHA1 72cb896c5c16d6f2a14c461f08b0d632dcf26540
SHA256 7d2efba485a7abe88176592c15d006ab3cbda101d1db0b2f3b0f7ed4dca1728b
SHA512 f416b9d15951f9270bcc900d9cb87476bc0fac3f7538e7d22fa551ceb9f7210b543fefcbdda7bd2e7c222333e28ba70131dddebb69fbb6a5bec6103f69e6c258

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\AlternateServices.bin

MD5 19d3c5bb0a7d21cbeceb9261f140b225
SHA1 af2fc1064fc202f649f2d47daadfe9ccd94b72f7
SHA256 feb1a0f0b6059ea7d9c6135bbc68c04ac9b697685466ac80b190054bc9c288a1
SHA512 0a5be74070ddeb5730094c9e853451e26c9f905f2fd881b3c7c7e36c08628128539d0e39a8f927cfca0e3dc1f52372b113e5c5498c6fb024fc7b75f69f7f254f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\datareporting\glean\db\data.safe.tmp

MD5 11de82a21070cec5851691394f1d0bb7
SHA1 48d72d06704d7e4be52c09560d68d282adbc1a99
SHA256 a6e7f13d9882eba6ac90ca5cdb2ed1a85fbfc93f4ff51de403cff2ce3b5dc3dc
SHA512 5073348dc5a65097aa226137dd9af5f950947c429b21da6d7f569abe84876b3ea250f15b54add07b99a83b89e0467b73222cc8d3cdfa857becd4a91274a155c7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\prefs.js

MD5 59e604c7323953f216ef804ef810fe30
SHA1 76d1db0fd0eb4bd676a9b8b1a694deac60cab0cf
SHA256 b4bcb578a958c410ebbea6ad2e8f61da44474e93429cdd87ca89c2cf67270dbc
SHA512 a7b5847c1c8a8038a95b1df0b7c85404262f26848802a583282cf9b766ac2dbf0ed999e99615628e5d5a259bf79902fd1a765d8938db51b71b759868299a5a12

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\prefs-1.js

MD5 1bf38a1c823503ce9d5b34d4a079ddc6
SHA1 0456079684f71cf084f0766a4bca9873e783d75c
SHA256 5fb30626b584d410cd453d504ed64163fff783c0f6f69e2b0407ef5685632c6f
SHA512 69599ad67e79c19d71c766e465577771d640ab8b57be9106144768ffacdb02502cfe2acf02e8f0217cbc0c79d900ec2d29f73c98905185dc01f59e105d44258f

memory/5152-1023-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe

MD5 d44f8056ffd0f578d97639602db50895
SHA1 58db1b4cae795038c58291fa433d974e319b2765
SHA256 a4fda3af1c386028b46629e6f5113b36aab7e76278ea6683b82eb575dfb9be7b
SHA512 e38f4cd19f3a5a227f2a15ff4f5c360125393980812969190435420fde90b5b25ec13c4f79ae5d4bf02f4bdb043a9d9e9e59ee92ca01ce1fcb1fbf327e37996f

C:\Users\Admin\AppData\Roaming\IDM\defextmap.dat

MD5 4be225f5ed8575cb3e70847863026660
SHA1 852fbb7d2739afe764613d45dc6f2234bc50f213
SHA256 9d1f79719b84eec484602b501d3d9eab89336c25b6d0cc586957bc2e10e845a1
SHA512 82ab7efa6f900229d8dae2d72ab039651b8af853b1128b36bf172109f8456c6cd3afdfa3ebbec86624c91cf4db55181bf30befe90195b0f2b7ae782d8e090596

C:\Users\Admin\AppData\Roaming\IDM\urlexclist.dat

MD5 3cf29c53c8d733d26794661e477fb5b9
SHA1 94eae66f2a322b5a4c1a6584c036e7b3b88fd2ac
SHA256 9efd5d506f16932728de5c0fb7dc0e4b75713920bbcefb108a610c6c1ae45430
SHA512 2321fe2f6188cb2590ec2793145f75e1666c41221b29c1d18358311d378f86f2e5a6575028accfc721f9db3e2b27981d857d556bdddd32bf6ea1233af355d94c

memory/3720-1052-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl

MD5 2f35eb57142b74c4abe963bca15390ed
SHA1 682a5f25d54b37bcdb72eb8a86a74a23878e16a6
SHA256 9071d9f117ddf8724b129935ea8b4e989704a50c482add2f6b5f723252d46aaa
SHA512 d35e1dd34b49ebf8c75816597461e4d6300f53436b3c51e8626ba42775dd54262ab651205ea9966679cbef4c3decac8a528ee6a03e9e3ae978c9a4134937eae1

memory/3720-1057-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 25e8156b7f7ca8dad999ee2b93a32b71
SHA1 db587e9e9559b433cee57435cb97a83963659430
SHA256 ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986
SHA512 1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\extensions.json

MD5 787083013dad681c36c22872f4804ae3
SHA1 570bab6e943a633b18c1394ffb21d0e5625a3df4
SHA256 254d41e96520b40cda5795f11d259a4bd296a6a692561d1d095c757c006538c1
SHA512 60795c4ec98ac8d6dd8d0ace9aa670b1bd637a34ced64bee5699fd171c037c269cafcc82036462982e0758017cbcf2d2b704804c360cbeda9e716dc1968d4445

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 e690f995973164fe425f76589b1be2d9
SHA1 e947c4dad203aab37a003194dddc7980c74fa712
SHA256 87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171
SHA512 77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

MD5 ae29912407dfadf0d683982d4fb57293
SHA1 0542053f5a6ce07dc206f69230109be4a5e25775
SHA256 fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6
SHA512 6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

MD5 626073e8dcf656ac4130e3283c51cbba
SHA1 7e3197e5792e34a67bfef9727ce1dd7dc151284c
SHA256 37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651
SHA512 eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\prefs-1.js

MD5 5baa9f820890be83be5ca3443cf6bf29
SHA1 58d08b858d818ac7f097e889283aab7a8cdadc6f
SHA256 41c0d0b541017cae3dc9cce13ee532a2538c3d32d86c8413e944ad325c1db358
SHA512 76531ad1a0504dc48cb0bd50d1dc0ca77663f7dac42c67ff9e434894b1c729cb177c3593a50f83ef4e8db05acfaefea2d21adfffc4c8793a3aa057412ae45a18

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\cache2\entries\C9AD8D046AE823121AEB5E0FE6D1B61D65686C5C

MD5 0a9a836e6c13332fe388b183a97b4e9f
SHA1 1cecbf6f83a8994d5d63b4569bdaec26a8371dcd
SHA256 46fd26ca5870f9aea7bc36c90673f30932e3567a50cb37c4374856e2c97cdab4
SHA512 04117d4436bc22989f5d2b957c397abd02f8404bd7c9a532397cf3900a345c9a088602be0900684391bd423040b09ee97a47519041b09be342d5979474a3f915

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\sessionstore-backups\recovery.baklz4

MD5 9fb9d1f943f1443767123115cde20463
SHA1 cfdfd689cae9b6920701ae982311b6c86e1d2cd7
SHA256 f78fd41d3ee916c99404e7a0c96d2a7f4fea505bca40ec6ddccb03cddebd6905
SHA512 ea4ee3113779f6dbab4c3d91fdfbfc5daa5ea84b1902fb2d5dc84e59ec5de71ef373a76a7a289c9556d1ec951ca129e303ef7cb0ab166cc9b1fddfa7ce8711a6

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 bcceccab13375513a6e8ab48e7b63496
SHA1 63d8a68cf562424d3fc3be1297d83f8247e24142
SHA256 a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9
SHA512 d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\cache2\entries\CD39AD244C65ED2DD0F139D0BABEEB26DFBD83CC

MD5 c4e8a930f5c38d663dc4dcc8f9155d82
SHA1 d0c9ae5f1bbda1365fec6006024c173e6763fa66
SHA256 9f76f5dcd5d3a6ac0e8a0f6d860ed2cd175b345309d9e6aab2e5bb48889fecd1
SHA512 adbc050d843cbf0ae76f894d01d83a609c900808b9a5fd02cbb2fd4efbf8b226ff4cf95be986806f34502d5050458b303c6cf4ff2bbb2f5704d0011778d575ae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

MD5 32aeacedce82bafbcba8d1ade9e88d5a
SHA1 a9b4858d2ae0b6595705634fd024f7e076426a24
SHA256 4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce
SHA512 67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c8mmgl7g.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

MD5 1b32d1ec35a7ead1671efc0782b7edf0
SHA1 8e3274b9f2938ff2252ed74779dd6322c601a0c8
SHA256 3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648
SHA512 ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

memory/4940-1337-0x0000000000400000-0x000000000041F000-memory.dmp

memory/5272-1355-0x0000000000400000-0x000000000041F000-memory.dmp