File name:

Internet_Download_Manager_IDM_v6.42_Build_31.zip

Full analysis: https://app.any.run/tasks/2663d04f-36de-4c55-b34e-ce51c42831b8
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: March 29, 2025, 13:12:03
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
arch-doc
idm
tool
arch-scr
arch-html
stealer
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

7A196B476E286A7D81CE4D2930145320

SHA1:

9A6FB25A5FAC2A0930626BE922DD73A7C8EADDA6

SHA256:

C20898F2BC2072793E9D7EC62CD852A9A9A50CE2B38A1C3E2D4A4F340E886EF0

SSDEEP:

196608:AqcSqo9YRb/u/CITnXsK0k2v0k1HD1rP0H:Aql/YR/+9Iv0kRCH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 7148)

    • Registers / Runs the DLL via REGSVR32.EXE

      • IDMan.exe (PID: 1764)
      • IDM1.tmp (PID: 6004)
      • Uninstall.exe (PID: 6656)
      • IDMan.exe (PID: 7292)

    • Starts NET.EXE for service management

      • net.exe (PID: 7800)
      • Uninstall.exe (PID: 6656)

    • Changes the autorun value in the registry

      • rundll32.exe (PID: 968)
      • IDMan.exe (PID: 1764)

    • Actions looks like stealing of personal data

      • IDMan.exe (PID: 7292)
      • IDMan.exe (PID: 7956)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 7148)
      • IDM1.tmp (PID: 6004)
      • IDMan.exe (PID: 1764)
      • Uninstall.exe (PID: 6656)
      • IDMan.exe (PID: 7292)
      • IDMan.exe (PID: 7956)

    • Starts application with an unusual extension

      • idman642build31.exe (PID: 5728)

    • The process creates files with name similar to system file names

      • IDM1.tmp (PID: 6004)

    • Creates/Modifies COM task schedule object

      • IDM1.tmp (PID: 6004)
      • regsvr32.exe (PID: 5596)
      • regsvr32.exe (PID: 5776)
      • regsvr32.exe (PID: 5244)
      • IDMan.exe (PID: 1764)
      • regsvr32.exe (PID: 2344)
      • regsvr32.exe (PID: 6760)
      • regsvr32.exe (PID: 4528)
      • regsvr32.exe (PID: 3332)
      • regsvr32.exe (PID: 7192)

    • Creates a software uninstall entry

      • IDM1.tmp (PID: 6004)

    • Executable content was dropped or overwritten

      • IDMan.exe (PID: 1764)
      • rundll32.exe (PID: 968)
      • drvinst.exe (PID: 7280)
      • dllhost.exe (PID: 7716)

    • Uses RUNDLL32.EXE to load library

      • Uninstall.exe (PID: 6656)

    • Drops a system driver (possible attempt to evade defenses)

      • rundll32.exe (PID: 968)
      • drvinst.exe (PID: 7280)

    • Creates files in the driver directory

      • drvinst.exe (PID: 7280)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 7996)
      • Uninstall.exe (PID: 6656)

    • Start notepad (likely ransomware note)

      • WinRAR.exe (PID: 7148)

  • INFO

    • Local mutex for internet shortcut management

      • WinRAR.exe (PID: 7148)

    • Checks supported languages

      • idman642build31.exe (PID: 5728)
      • IDM1.tmp (PID: 6004)
      • idmBroker.exe (PID: 6248)
      • IDMan.exe (PID: 1764)
      • Uninstall.exe (PID: 6656)
      • drvinst.exe (PID: 7280)
      • drvinst.exe (PID: 7996)
      • MediumILStart.exe (PID: 7380)
      • IDMan.exe (PID: 7292)
      • IDMan.exe (PID: 7956)

    • Reads the computer name

      • idman642build31.exe (PID: 5728)
      • IDM1.tmp (PID: 6004)
      • idmBroker.exe (PID: 6248)
      • IDMan.exe (PID: 1764)
      • Uninstall.exe (PID: 6656)
      • drvinst.exe (PID: 7280)
      • drvinst.exe (PID: 7996)
      • MediumILStart.exe (PID: 7380)
      • IDMan.exe (PID: 7292)
      • IDMan.exe (PID: 7956)

    • Manual execution by a user

      • idman642build31.exe (PID: 5728)
      • idman642build31.exe (PID: 3096)
      • firefox.exe (PID: 5552)
      • WinRAR.exe (PID: 3140)
      • IDMan.exe (PID: 7956)
      • regedit.exe (PID: 4920)
      • firefox.exe (PID: 8088)
      • regedit.exe (PID: 2332)

    • Create files in a temporary directory

      • idman642build31.exe (PID: 5728)
      • IDM1.tmp (PID: 6004)
      • IDMan.exe (PID: 1764)
      • rundll32.exe (PID: 968)
      • IDMan.exe (PID: 7292)
      • IDMan.exe (PID: 7956)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7148)
      • WinRAR.exe (PID: 3140)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 7148)
      • IDMan.exe (PID: 1764)
      • rundll32.exe (PID: 968)
      • drvinst.exe (PID: 7280)
      • WinRAR.exe (PID: 3140)
      • dllhost.exe (PID: 7716)

    • INTERNETDOWNLOADMANAGER mutex has been found

      • IDM1.tmp (PID: 6004)
      • IDMan.exe (PID: 1764)
      • IDMan.exe (PID: 7292)
      • IDMan.exe (PID: 7956)

    • Creates files in the program directory

      • IDM1.tmp (PID: 6004)
      • IDMan.exe (PID: 1764)

    • Creates files or folders in the user directory

      • IDM1.tmp (PID: 6004)
      • IDMan.exe (PID: 1764)
      • IDMan.exe (PID: 7292)
      • IDMan.exe (PID: 7956)

    • Process checks computer location settings

      • IDM1.tmp (PID: 6004)
      • IDMan.exe (PID: 1764)
      • Uninstall.exe (PID: 6656)
      • IDMan.exe (PID: 7292)

    • Reads the machine GUID from the registry

      • IDMan.exe (PID: 1764)
      • drvinst.exe (PID: 7280)
      • IDMan.exe (PID: 7292)
      • IDMan.exe (PID: 7956)

    • Reads the software policy settings

      • IDMan.exe (PID: 1764)
      • drvinst.exe (PID: 7280)
      • IDMan.exe (PID: 7292)
      • slui.exe (PID: 5740)
      • slui.exe (PID: 6668)
      • IDMan.exe (PID: 7956)

    • Disables trace logs

      • IDMan.exe (PID: 1764)
      • IDMan.exe (PID: 7292)
      • IDMan.exe (PID: 7956)

    • Checks proxy server information

      • IDMan.exe (PID: 1764)
      • IDMan.exe (PID: 7292)
      • slui.exe (PID: 6668)
      • IDMan.exe (PID: 7956)

    • Application launched itself

      • firefox.exe (PID: 5552)
      • firefox.exe (PID: 5244)
      • firefox.exe (PID: 8088)
      • firefox.exe (PID: 8168)

    • Reads the time zone

      • runonce.exe (PID: 6436)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 6436)
      • dllhost.exe (PID: 7716)
      • notepad.exe (PID: 8004)

    • Reads Microsoft Office registry keys

      • WinRAR.exe (PID: 7148)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:03:28 07:07:08
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Crack/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
210
Monitored processes
73
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe rundll32.exe no specs idman642build31.exe no specs idman642build31.exe idm1.tmp no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs idmbroker.exe no specs regsvr32.exe no specs regsvr32.exe no specs idman.exe regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe uninstall.exe no specs rundll32.exe firefox.exe no specs firefox.exe no specs drvinst.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs drvinst.exe no specs runonce.exe no specs grpconv.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs regsvr32.exe no specs regsvr32.exe no specs firefox.exe no specs mediumilstart.exe no specs idman.exe regsvr32.exe no specs regsvr32.exe no specs slui.exe winrar.exe Copy/Move/Rename/Delete/Link Object notepad.exe no specs regedit.exe no specs regedit.exe idman.exe firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"C:\Windows\SysWOW64\regsvr32.exeIDM1.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
664"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5008 -childID 3 -isForBrowser -prefsHandle 5004 -prefMapHandle 5000 -prefsLen 31661 -prefMapSize 244687 -jsInitHandle 1344 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {570bdb1b-54b5-4426-a145-dc2cbf6a913a} 8168 "\\.\pipe\gecko-crash-server-pipe.8168" 26b2e6b5150 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140_1.dll
856"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"C:\Windows\SysWOW64\regsvr32.exeIDM1.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
920"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"C:\Windows\SysWOW64\regsvr32.exeIDMan.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
968"C:\WINDOWS\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.infC:\Windows\System32\rundll32.exe
Uninstall.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shcore.dll
1096"C:\Windows\System32\grpconv.exe" -oC:\Windows\System32\grpconv.exerunonce.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1300"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"C:\Windows\SysWOW64\regsvr32.exeIDMan.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1348"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6140 -childID 8 -isForBrowser -prefsHandle 6112 -prefMapHandle 6136 -prefsLen 31661 -prefMapSize 244687 -jsInitHandle 1344 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf6c1f45-a1cb-475e-8014-da438e79ed8c} 8168 "\\.\pipe\gecko-crash-server-pipe.8168" 26b2a869bd0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
1764"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtrC:\Program Files (x86)\Internet Download Manager\IDMan.exe
IDM1.tmp
User:
admin
Company:
Tonec Inc.
Integrity Level:
HIGH
Description:
Internet Download Manager (IDM)
Exit code:
1
Version:
6, 42, 31, 2
Modules
Images
c:\program files (x86)\internet download manager\idman.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2148"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 6 -isForBrowser -prefsHandle 5556 -prefMapHandle 5600 -prefsLen 31661 -prefMapSize 244687 -jsInitHandle 1344 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f20c0404-b914-4cdd-a386-751e7c1685c9} 8168 "\\.\pipe\gecko-crash-server-pipe.8168" 26b2e59dd90 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
Total events
56 416
Read events
55 264
Write events
949
Delete events
203

Modification events

(PID) Process:(7148) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(7148) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(7148) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(7148) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Internet_Download_Manager_IDM_v6.42_Build_31.zip
(PID) Process:(7148) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7148) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7148) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7148) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6004) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
Operation:writeName:UninstallString
Value:
C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
(PID) Process:(6004) IDM1.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager
Operation:writeName:DisplayName
Value:
Internet Download Manager
Executable files
19
Suspicious files
566
Text files
52
Unknown types
0

Dropped files

PID
Process
Filename
Type
6004IDM1.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnkbinary
MD5:39B97E44132568D8A57122D35827CC75
SHA256:63E3CD982A86A24B3A08E9DA6514DE7BEC3B276A46A4D62A89C0A851CD632713
6004IDM1.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnkbinary
MD5:C3B95CF15739530EC54BA9ABB0816BDC
SHA256:2159B9C014B774C515051BACA7CF7DF44392F46FC7ACF6063C3FB94B98E712D7
6004IDM1.tmpC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnkbinary
MD5:DD0DEA4099966F37F16D6A2BEA77733C
SHA256:6A4BFD27B3E1DEC2028FFD0FB75B749311F45995EB4101F532ADE0DE4B567AA2
7148WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7148.25180\Setup\idman642build31.exeexecutable
MD5:9816FB2793CA2C9A018E747DE75C6D56
SHA256:76575DB4A0F5C391E4E69C38A2AC64C0C0F2A0FE406BD40E316155914E1EF4C3
6004IDM1.tmpC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnkbinary
MD5:F55D95C395F1465F4854378DCE68F5A4
SHA256:8E0F0F1586ACBC278DA79F6CA203C2546A4102231F6AA06C5107409952C3A0AC
6004IDM1.tmpC:\Users\admin\Desktop\Internet Download Manager.lnkbinary
MD5:9FC21EFD128FD86F81378BE532991B73
SHA256:266035656E5B10EE22CDE40A3DDD85F73043074B3FFCDF96565A3D89B7F9A2CB
6004IDM1.tmpC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnkbinary
MD5:0D75ABA07CEE535C2CF18606697DE86C
SHA256:AA4202613B2403C8AE9A15D5FD03BB25DE3F154F022E1B97E44BDE538C039F9F
1764IDMan.exeC:\Users\admin\AppData\Roaming\IDM\defextmap.datbinary
MD5:F99738E2E6D82E6D4097097701B06758
SHA256:40561661E580840B52C7E46496335B2A68D65981CE888A825977913D724ECB53
6004IDM1.tmpC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnkbinary
MD5:68F99ED43406197574FD3AA91FAA87B2
SHA256:7B09C8AB9906258221E123A8B6B88666C52811ED352B8EDDFF1F4887DD6618E7
6004IDM1.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnkbinary
MD5:9AE0A99906C0B5EFB30E072B58EE0D0F
SHA256:A42EC2348D409B3D48D51C9C4FDACDF74FDF9D9BC0D11B65C04BE41C50D05627
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
141
DNS requests
221
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5244
firefox.exe
POST
200
2.19.120.159:80
http://r10.o.lencr.org/
unknown
whitelisted
5244
firefox.exe
POST
200
2.19.120.159:80
http://r10.o.lencr.org/
unknown
whitelisted
5244
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
5244
firefox.exe
POST
200
2.19.120.133:80
http://r11.o.lencr.org/
unknown
whitelisted
5244
firefox.exe
POST
200
142.250.186.99:80
http://o.pki.goog/s/wr3/cgo
unknown
whitelisted
5244
firefox.exe
POST
200
142.250.186.99:80
http://o.pki.goog/s/wr3/UTA
unknown
whitelisted
5244
firefox.exe
POST
200
142.250.186.99:80
http://o.pki.goog/we2
unknown
whitelisted
5244
firefox.exe
POST
200
142.250.186.99:80
http://o.pki.goog/we2
unknown
whitelisted
5244
firefox.exe
POST
200
2.19.120.159:80
http://r10.o.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2112
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.160.20:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6744
SIHClient.exe
52.149.20.212:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
whitelisted
google.com
  • 142.250.185.78
whitelisted
client.wns.windows.com
  • 20.198.162.78
whitelisted
login.live.com
  • 20.190.160.20
  • 40.126.32.140
  • 20.190.160.131
  • 40.126.32.76
  • 40.126.32.74
  • 20.190.160.128
  • 20.190.160.5
  • 20.190.160.65
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
www.microsoft.com
  • 23.209.214.100
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Internet_Download_Manager_IDM_v6.42_Build_31.zip