Worm.Win32.AutoItGen_7b2cc96d9c

by malwarelabrobot on February 20th, 2015 in Malware Descriptions.

WormAutoItGen.YR (Lavasoft MAS)
Behaviour: Worm

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 7b2cc96d9ce4510fdc90164e82cbe43a
SHA1: f8e2ea2242dd9e64af9c0273e3d9453348c67b8b
SHA256: 79c79bb3260dac2a68c4f26b3fd34e1ce7e8a0b950ac0c3aa087d0db2e09298f
SSDeep: 196608:SSB5pUDd37VLB jkgorERYEqjh6sgg664JCW4Mx2mr7WTFz:xC5Bojk3rE PFeK4JClMx2c7aFz
Size: 6365008 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171, UPolyXv05_v6
Company: Tonec Inc.
Created at: 2015-02-04 09:17:19
Analyzed on: Windows7Ada SP1 64-bit

Summary:

Worm. A program that is primarily replicating on networks or removable drives.

Payload

No specific payload has been found.

Process activity

The Worm creates the following process(es):

IEMonitor.exe:1428
IDM1.tmp:656
idmBroker.exe:1952
RUNDLL32.EXE:2424
runonce.exe:656
IELowutil.exe:2524
regsvr32.exe:1984
regsvr32.exe:1992
regsvr32.exe:1300
regsvr32.exe:2904
regsvr32.exe:2044
regsvr32.exe:712
regsvr32.exe:2184
regsvr32.exe:2948
regsvr32.exe:1976
Uninstall.exe:168
IDMan.exe:2156
IDMan.exe:1808
%original file name%.exe:2600

The Worm injects its code into the following process(es):
No processes have been created.

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process IDM1.tmp:656 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log (63672 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk (2 bytes)
%Program Files% (x86)\Internet Download Manager\IDMSetup2.log (19 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Internet Download Manager.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk (2 bytes)

The process RUNDLL32.EXE:2424 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Windows\System32\drivers\SET9176.tmp (673 bytes)

The process runonce.exe:656 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl (712 bytes)

The process IDMan.exe:2156 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components11\idmmzcc64.dll (5200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\defextmap.dat (2 bytes)
%Program Files% (x86)\Internet Download Manager\idmcchandler2_64.dll (6146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components\idmhelper5.js (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components\idmmzcc.dll (5392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\META-INF\zigbert.sf (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\chrome.manifest (2 bytes)
C:\Users\"%CurrentUserName%"\ntuser.dat.LOG1 (5504 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmmzcc64.dll (3856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\Scheduler\s_1.dt (304 bytes)
%Program Files% (x86)\Internet Download Manager\idmcchandler2.dll (4210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\install.rdf (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components\iIDMHelper5.xpt (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\urlexclist.dat (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmhelper.js (2 bytes)
C:\Users\"%CurrentUserName%"\NTUSER.DAT (6496 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components11\idmmzcc.dll (3856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\install.js (1400 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\DMCache\settings.bak (1200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmcchandler2_64.dll (60352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmcchandler2.dll (43936 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\META-INF\manifest.mf (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmmzcc.dll (5392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\iIDMMzCC.xpt (1138 bytes)
C:\Windows (288 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\chrome\idmmzcc.jar (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\iIDMHelper.xpt (662 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\icon.png (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components\iIDMMzCC.xpt (1138 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\META-INF\zigbert.rsa (392 bytes)

The process IDMan.exe:1808 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\urlexclist.dat (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\DwnlData\"%CurrentUserName%"\www_internetdownloadmanager_com_1\www_internetdownloadmanager_com (1842 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\defextmap.dat (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\DwnlData\"%CurrentUserName%"\www_internetdownloadmanager_com_1\log_1.log (5212 bytes)

The process %original file name%.exe:2600 makes changes in the file system.
The Worm creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp (179 bytes)

Registry activity

The process IEMonitor.exe:1428 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\DownloadManager]
"RunIEMonitor" = "0"

The process IDM1.tmp:656 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCR\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\TypeLib]
"(Default)" = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}"

[HKCR\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Wow6432Node\Interface\{BC69364C-34D7-4225-B16F-8595C743C775}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID]
"(Default)" = "IDMIECC.IDMIEHlprObj"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.LinkProcessor"

[HKCR\Wow6432Node\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Idmfsa.IDMEFSAgent.1]
"(Default)" = "IDMEFSAgent Class"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}]
"Policy" = "3"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}]
"AppPath" = "%Program Files% (x86)\Internet Download Manager"

[HKCR\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"(Default)" = "IDMan.CIDMLinkTransmitter"

[HKCR\IDMGetAll.IDMAllLinksProcessor.1]
"(Default)" = "IDMAllLinksProcessor Class"

[HKCR\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll, 101"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\31ec1c24\PUPautoinsaller_v1.exe, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\31ec1c24\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\6c88b866\python.dll, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\VMwareDnD\6c88b866\, , \??\C:\Users\"%CurrentUserName%"\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp,"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\Internet Download Manager"

[HKCR\Wow6432Node\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\"

[HKCR\Wow6432Node\Interface\{BC69364C-34D7-4225-B16F-8595C743C775}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\idmfsa.dll"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\VersionIndependentProgID]
"(Default)" = "Idmfsa.IDMEFSAgent"

[HKCR\DownlWithIDM.VLinkProcessor\CLSID]
"(Default)" = "{CDD67718-A430-4AB9-A939-83D9074B0038}"

[HKCR\DownlWithIDM.V2LinkProcessor]
"(Default)" = "V2LinkProcessor Class"

[HKCR\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\TypeLib]
"Version" = "1.0"

[HKCR\DownlWithIDM.IDMDwnlMgr]
"(Default)" = "IDMDwnlMgr Class"

[HKCR\Wow6432Node\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\DownlWithIDM.LinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.LinkProcessor.1"

[HKCR\Idmfsa.IDMEFSAgent\CurVer]
"(Default)" = "Idmfsa.IDMEFSAgent.1"

[HKCR\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\TypeLib]
"Version" = "1.0"

[HKCR\IDMIECC.IDMIEHlprObj]
"(Default)" = "IDMIEHlprObj Class"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
"NoExplorer" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}]
"Policy" = "3"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKCR\DownlWithIDM.LinkProcessor.1\CLSID]
"(Default)" = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"

[HKCR\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"ROTFlags" = "1"

[HKCR\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKCR\Wow6432Node\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\ProgID]
"(Default)" = "Idmfsa.IDMEFSAgent.1"

[HKCR\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}]
"(Default)" = "IIDMEFSAgent3"

[HKCR\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\TypeLib]
"(Default)" = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID]
"(Default)" = "IDMIECC.IDMHelperLinksStorage.1"

[HKCR\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\"

[HKCR\IDMIECC.IDMHelperLinksStorage.1]
"(Default)" = "IDMHelperLinksStorage Class"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
"(Default)" = "IDM Helper"

[HKCR\Wow6432Node\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}]
"(Default)" = "IIDMHelperLinksStorage"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"LocalizedString" = "@%Program Files% (x86)\Internet Download Manager\idmfsa.dll,-100"

[HKCR\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKCR\Interface\{BC69364C-34D7-4225-B16F-8595C743C775}]
"(Default)" = "IVLinkProcessor"

[HKCR\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
"(Default)" = "IDM integration (IDMIEHlprObj Class)"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.V2LinkProcessor"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\idmfsa.dll"

[HKCR\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}]
"(Default)" = "ICIDMLinkTransmitter2"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager]
"URLInfoAbout" = "http://www.internetdownloadmanager.com"

[HKCR\Wow6432Node\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\idmfsa.dll"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager]
"Publisher" = "Tonec Inc."

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\Elevation]
"Enabled" = "1"

[HKCR\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\TypeLib]
"(Default)" = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}"

[HKCR\Wow6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\ProxyStubClsid32]
"(Default)" = "{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"

[HKCR\DownlWithIDM.VLinkProcessor.1\CLSID]
"(Default)" = "{CDD67718-A430-4AB9-A939-83D9074B0038}"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib]
"(Default)" = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}"

[HKCR\DownlWithIDM.V2LinkProcessor\CLSID]
"(Default)" = "{4764030F-2733-45B9-AE62-3D1F4F6F2861}"

[HKCR\Interface\{BC69364C-34D7-4225-B16F-8595C743C775}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC.dll"

[HKCR\TypeLib\{5518B636-6884-48CA-A9A7-1CFD3F3BA916}\1.0]
"(Default)" = "idmfsa 1.0 Type Library"

[HKCR\Wow6432Node\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94}]
"(Default)" = "IIDMIEHlprObj"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\VersionIndependentProgID]
"(Default)" = "IDMIECC.IDMHelperLinksStorage"

[HKCR\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}]
"(Default)" = "IIDMAllLinksProcessor"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version]
"(Default)" = "1.0"

[HKCR\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94}]
"(Default)" = "IIDMIEHlprObj"

[HKCR\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\Wow6432Node\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}]
"(Default)" = "IV2LinkProcessor"

[HKCR\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\DownlWithIDM.LinkProcessor\CLSID]
"(Default)" = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}]
"(Default)" = "IDMHelperLinksStorage Class"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\Wow6432Node\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\IDMIECC.IDMIEHlprObj\CLSID]
"(Default)" = "{0055C089-8582-441B-A0BF-17B458C2A3A8}"

[HKCR\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}\TypeLib]
"(Default)" = "{ECF21EAB-3AA8-4355-82BE-F777990001DD}"

[HKCR\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"AppID" = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"

[HKCR\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKCR\IDMan.CIDMLinkTransmitter\CLSID]
"(Default)" = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"

[HKCR\Interface\{BC69364C-34D7-4225-B16F-8595C743C775}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\Interface\{98D060EC-53AF-4F61-8180-43C507C9FF94}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID]
"(Default)" = "IDMIECC.IDMIEHlprObj.1"

[HKCR\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMan.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
"AppName" = "IDMan.exe"

[HKCR\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32]
"(Default)" = "{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"

[HKCR\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0]
"(Default)" = "downlWithIDM 1.0 Type Library"

[HKCR\DownlWithIDM.VLinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.VLinkProcessor.1"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCR\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"(Default)" = "IDMan"

[HKCR\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}]
"(Default)" = "ICIDMLinkTransmitter"

[HKCR\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0]
"(Default)" = "IDMan 1.0 Type Library"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\Wow6432Node\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\DownlWithIDM.IDMDwnlMgr.1\CLSID]
"(Default)" = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"

[HKCR\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\IDMIECC.IDMHelperLinksStorage]
"(Default)" = "IDMHelperLinksStorage Class"

[HKCR\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\NumMethods]
"(Default)" = "13"

[HKCR\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\"

[HKCR\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"AppID" = "{0F947660-8606-420A-BAC6-51B84DD22A47}"

[HKCR\Wow6432Node\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}]
"(Default)" = "ICIDMLinkTransmitter2"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\DownlWithIDM.IDMDwnlMgr\CLSID]
"(Default)" = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"

[HKCR\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\TypeLib]
"(Default)" = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager]
"UninstallString" = "%Program Files% (x86)\Internet Download Manager\Uninstall.exe"

[HKCR\Wow6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\TypeLib]
"(Default)" = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}"

[HKCR\AppID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"DllSurrogate" = ""

[HKCR\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}]
"(Default)" = "IIDMEFSAgent"

[HKCR\Wow6432Node\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\TypeLib]
"(Default)" = "{ECF21EAB-3AA8-4355-82BE-F777990001DD}"

[HKCR\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\Internet Download Manager"

[HKCR\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}]
"(Default)" = "ICIDMLinkTransmitter"

[HKCR\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKCR\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}]
"(Default)" = "IIDMEFSAgent2"

[HKCR\DownlWithIDM.VLinkProcessor.1]
"(Default)" = "VLinkProcessor Class"

[HKCR\IDMIECC.IDMIEHlprObj\CurVer]
"(Default)" = "IDMIECC.IDMIEHlprObj.1"

[HKCR\IDMGetAll.IDMAllLinksProcessor\CurVer]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor.1"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC.dll"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.VLinkProcessor"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{F6E1B27E-F2DA-4919-9DBD-CAB90A1D662B}]
"AppName" = "IDMan.exe"

[HKCR\Wow6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\NumMethods]
"(Default)" = "14"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
"Policy" = "3"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.IDMDwnlMgr"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor.1"

[HKCR\Wow6432Node\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\Wow6432Node\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}]
"(Default)" = "IIDMAllLinksProcessor"

[HKCR\Wow6432Node\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\TypeLib]
"(Default)" = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}"

[HKCR\AppID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"(Default)" = "IDM Elevated FS Assistant"

[HKCR\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\TypeLib]
"(Default)" = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCR\TypeLib\{ECF21EAB-3AA8-4355-82BE-F777990001DD}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDManTypeInfo.tlb"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}]
"(Default)" = "LinkProcessor Class"

[HKCR\Wow6432Node\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\DownlWithIDM.V2LinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.V2LinkProcessor.1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager]
"DisplayName" = "Internet Download Manager"

[HKCR\IDMIECC.IDMIEHlprObj.1\CLSID]
"(Default)" = "{0055C089-8582-441B-A0BF-17B458C2A3A8}"

[HKCR\Wow6432Node\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\IDMGetAll.IDMAllLinksProcessor\CLSID]
"(Default)" = "{5312C54E-A385-46B7-B200-ABAF81B03935}"

[HKCR\Interface\{4BD46AAE-C51F-4BF7-8BC0-2E86E33D1873}\TypeLib]
"(Default)" = "{ECF21EAB-3AA8-4355-82BE-F777990001DD}"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID]
"(Default)" = "DownlWithIDM.IDMDwnlMgr.1"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMGetAll.dll"

[HKCR\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}]
"(Default)" = "IIDMEFSAgent2"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}]
"(Default)" = "V2LinkProcessor Class"

[HKCR\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}]
"(Default)" = "IIDMHelperLinksStorage"

[HKCR\IDMIECC.IDMHelperLinksStorage\CurVer]
"(Default)" = "IDMIECC.IDMHelperLinksStorage.1"

[HKCR\Wow6432Node\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\DownlWithIDM.VLinkProcessor]
"(Default)" = "VLinkProcessor Class"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
"AppPath" = "%Program Files% (x86)\Internet Download Manager"

[HKCR\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\TypeLib]
"(Default)" = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ProgID]
"(Default)" = "DownlWithIDM.VLinkProcessor.1"

[HKCR\Wow6432Node\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKCR\DownlWithIDM.V2LinkProcessor.1]
"(Default)" = "V2LinkProcessor Class"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}]
"AppPath" = "%Program Files% (x86)\Internet Download Manager"

[HKCR\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMGetAll.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCR\DownlWithIDM.IDMDwnlMgr.1]
"(Default)" = "IDMDwnlMgr Class"

[HKCR\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\TypeLib]
"(Default)" = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC.dll"

[HKCR\DownlWithIDM.LinkProcessor.1]
"(Default)" = "LinkProcessor Class"

[HKCR\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0]
"(Default)" = "IDMIECC 1.0 Type Library"

[HKCR\Interface\{BC69364C-34D7-4225-B16F-8595C743C775}\TypeLib]
"Version" = "1.0"

[HKCR\Idmfsa.IDMEFSAgent]
"(Default)" = "IDMEFSAgent Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager]
"HelpLink" = "http://www.internetdownloadmanager.com/contact_us.html"

[HKCR\Wow6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}]
"(Default)" = "IIDMEFSAgent3"

[HKCR\Wow6432Node\Interface\{33AEF752-FB86-4787-9ED1-6010528F5FA3}\TypeLib]
"Version" = "1.0"

[HKCR\DownlWithIDM.V2LinkProcessor.1\CLSID]
"(Default)" = "{4764030F-2733-45B9-AE62-3D1F4F6F2861}"

[HKCR\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}]
"(Default)" = "IIDMEFSAgent"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID]
"(Default)" = "DownlWithIDM.LinkProcessor.1"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}]
"AppName" = "IEMonitor.exe"

[HKCR\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}\TypeLib]
"(Default)" = "{ECF21EAB-3AA8-4355-82BE-F777990001DD}"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager]
"DisplayIcon" = "%Program Files% (x86)\Internet Download Manager\IDMan.exe"

[HKCR\IDMIECC.IDMIEHlprObj.1]
"(Default)" = "IDMIEHlprObj Class"

[HKCR\IDMGetAll.IDMAllLinksProcessor]
"(Default)" = "IDMAllLinksProcessor Class"

[HKCR\Wow6432Node\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\Wow6432Node\Interface\{BC69364C-34D7-4225-B16F-8595C743C775}]
"(Default)" = "IVLinkProcessor"

[HKCR\Wow6432Node\Interface\{BC69364C-34D7-4225-B16F-8595C743C775}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}]
"(Default)" = "IDMDwnlMgr Class"

[HKCR\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}]
"(Default)" = "ILinkProcessor"

[HKCR\IDMGetAll.IDMAllLinksProcessor.1\CLSID]
"(Default)" = "{5312C54E-A385-46B7-B200-ABAF81B03935}"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\IDMIECC.IDMHelperLinksStorage.1\CLSID]
"(Default)" = "{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"

[HKCR\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{C7798BD6-34AF-4925-B01C-450C9EAD2DD9}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{72B7361C-3568-4392-BCCD-D912CD5C1169}]
"(Default)" = "IV2LinkProcessor"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}]
"(Default)" = "VLinkProcessor Class"

[HKCR\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\NumMethods]
"(Default)" = "12"

[HKCR\DownlWithIDM.IDMDwnlMgr\CurVer]
"(Default)" = "DownlWithIDM.IDMDwnlMgr.1"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\ProgID]
"(Default)" = "DownlWithIDM.V2LinkProcessor.1"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}]
"(Default)" = "IDMAllLinksProcessor Class"

[HKCR\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"RunAs" = "Interactive User"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"(Default)" = "IDMEFSAgent Class"

[HKCR\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\ProxyStubClsid32]
"(Default)" = "{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"

[HKCR\Idmfsa.IDMEFSAgent\CLSID]
"(Default)" = "{0F947660-8606-420A-BAC6-51B84DD22A47}"

[HKCR\Wow6432Node\Interface\{356E6235-B055-46D9-8B32-BDC2266C9DAB}]
"(Default)" = "ILinkProcessor"

[HKCR\Interface\{94D09862-1875-4FC9-B434-91CF25C840A1}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\DownlWithIDM.LinkProcessor]
"(Default)" = "LinkProcessor Class"

[HKCR\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0]
"(Default)" = "IDMGetAll 1.0 Type Library"

[HKCR\IDMIECC.IDMHelperLinksStorage\CLSID]
"(Default)" = "{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"

[HKCR\Idmfsa.IDMEFSAgent.1\CLSID]
"(Default)" = "{0F947660-8606-420A-BAC6-51B84DD22A47}"

[HKCR\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus]
"(Default)" = "0"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
"NoExplorer" = "1"

"(Default)" = "IDM Helper"

The Worm deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process idmBroker.exe:1952 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCR\idmBroker.OptionsReader]
"(Default)" = "OptionsReader Class"

[HKCR\idmBroker.OptionsReader\CurVer]
"(Default)" = "idmBroker.OptionsReader.1"

[HKCR\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}]
"(Default)" = "OptionsReader Class"

[HKCR\Wow6432Node\Interface\{2223E76A-0894-4502-841F-0CF7517A713B}\TypeLib]
"(Default)" = "{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}"

[HKCR\Interface\{2223E76A-0894-4502-841F-0CF7517A713B}\TypeLib]
"Version" = "1.0"

[HKCR\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\idmBroker.exe"

[HKCR\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\VersionIndependentProgID]
"(Default)" = "idmBroker.OptionsReader"

[HKCR\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\idmBroker.exe"

[HKCR\Interface\{2223E76A-0894-4502-841F-0CF7517A713B}\TypeLib]
"(Default)" = "{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}"

[HKCR\Wow6432Node\Interface\{2223E76A-0894-4502-841F-0CF7517A713B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\AppID\{3C085E26-7DF6-4A34-ADA6-877D06BAE9A8}]
"(Default)" = "idmBroker"

[HKCR\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0]
"(Default)" = "idmBroker 1.0 Type Library"

[HKCR\Wow6432Node\Interface\{2223E76A-0894-4502-841F-0CF7517A713B}]
"(Default)" = "IOptionsReader"

[HKCR\idmBroker.OptionsReader.1]
"(Default)" = "OptionsReader Class"

[HKCR\Interface\{2223E76A-0894-4502-841F-0CF7517A713B}]
"(Default)" = "IOptionsReader"

[HKCR\Wow6432Node\Interface\{2223E76A-0894-4502-841F-0CF7517A713B}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}]
"Policy" = "3"

[HKCR\Interface\{2223E76A-0894-4502-841F-0CF7517A713B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\idmBroker.OptionsReader.1\CLSID]
"(Default)" = "{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"

[HKCR\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\TypeLib]
"(Default)" = "{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}"

[HKCR\TypeLib\{13D4E387-BAB7-47E7-B3D7-3F01ABC463EA}\1.0\HELPDIR]
"(Default)" = "%Program Files% (x86)\Internet Download Manager"

[HKCR\AppID\idmBroker.EXE]
"AppID" = "{3C085E26-7DF6-4A34-ADA6-877D06BAE9A8}"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}]
"AppName" = "idmBroker.exe"

[HKCR\Wow6432Node\CLSID\{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}\ProgID]
"(Default)" = "idmBroker.OptionsReader.1"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B}]
"AppPath" = "%Program Files% (x86)\Internet Download Manager"

[HKCR\idmBroker.OptionsReader\CLSID]
"(Default)" = "{D0FB58BB-2C07-492F-8BD0-A587E4874B4E}"

The process RUNDLL32.EXE:2424 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalAssocChangedCounter" = "52"

[HKLM\SYSTEM\Setup\SetupapiLogStatus]
"setupapi.app.log" = "4096"

To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv" = "grpconv -o"

The process runonce.exe:656 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Worm deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The Worm disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"

The process IELowutil.exe:2524 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content]
"CachePrefix" = ""

The process regsvr32.exe:1984 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMShellExt64.dll"
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
"(Default)" = "IDM Shell Extension"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalAssocChangedCounter" = "53"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IDM Shell Extension]
"(Default)" = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"

The process regsvr32.exe:1992 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMShellExt64.dll"
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
"(Default)" = "IDM Shell Extension"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalAssocChangedCounter" = "54"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IDM Shell Extension]
"(Default)" = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"

The process regsvr32.exe:1300 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC64.dll"

[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID]
"(Default)" = "IDMIECC.IDMHelperLinksStorage.1"

[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}]
"(Default)" = "IDMHelperLinksStorage Class"

[HKCR\IDMIECC.IDMIEHlprObj\CurVer]
"(Default)" = "IDMIECC.IDMIEHlprObj.1"

[HKCR\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC64.dll"

[HKCR\IDMIECC.IDMHelperLinksStorage.1]
"(Default)" = "IDMHelperLinksStorage Class"

[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
"(Default)" = "IDM integration (IDMIEHlprObj Class)"

[HKCR\IDMIECC.IDMIEHlprObj.1]
"(Default)" = "IDMIEHlprObj Class"

[HKCR\IDMIECC.IDMIEHlprObj\CLSID]
"(Default)" = "{0055C089-8582-441B-A0BF-17B458C2A3A8}"

[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKCR\IDMIECC.IDMIEHlprObj.1\CLSID]
"(Default)" = "{0055C089-8582-441B-A0BF-17B458C2A3A8}"

[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC64.dll"

[HKCR\IDMIECC.IDMHelperLinksStorage.1\CLSID]
"(Default)" = "{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"

[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID]
"(Default)" = "IDMIECC.IDMIEHlprObj.1"

[HKCR\IDMIECC.IDMIEHlprObj]
"(Default)" = "IDMIEHlprObj Class"

[HKCR\IDMIECC.IDMHelperLinksStorage\CurVer]
"(Default)" = "IDMIECC.IDMHelperLinksStorage.1"

[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\VersionIndependentProgID]
"(Default)" = "IDMIECC.IDMHelperLinksStorage"

[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID]
"(Default)" = "IDMIECC.IDMIEHlprObj"

[HKCR\IDMIECC.IDMHelperLinksStorage]
"(Default)" = "IDMHelperLinksStorage Class"

[HKCR\IDMIECC.IDMHelperLinksStorage\CLSID]
"(Default)" = "{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"

[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

The Worm deletes the following registry key(s):

[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib]
[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\Programmable]
[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\VersionIndependentProgID]
[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib]
[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID]
[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID]
[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID]
[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable]
[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories]
[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32]
[HKCR\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}]

The process regsvr32.exe:2904 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID]
"(Default)" = "DownlWithIDM.IDMDwnlMgr.1"

[HKCR\DownlWithIDM.VLinkProcessor.1]
"(Default)" = "VLinkProcessor Class"

[HKCR\DownlWithIDM.IDMDwnlMgr.1]
"(Default)" = "IDMDwnlMgr Class"

[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus]
"(Default)" = "0"

[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.IDMDwnlMgr"

[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM64.dll"

[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}]
"(Default)" = "VLinkProcessor Class"

[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus\1]
"(Default)" = "131473"

[HKCR\DownlWithIDM.IDMDwnlMgr\CurVer]
"(Default)" = "DownlWithIDM.IDMDwnlMgr.1"

[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM64.dll, 101"

[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\DownlWithIDM.V2LinkProcessor.1\CLSID]
"(Default)" = "{4764030F-2733-45B9-AE62-3D1F4F6F2861}"

[HKCR\DownlWithIDM.V2LinkProcessor\CLSID]
"(Default)" = "{4764030F-2733-45B9-AE62-3D1F4F6F2861}"

[HKCR\DownlWithIDM.LinkProcessor.1]
"(Default)" = "LinkProcessor Class"

[HKCR\DownlWithIDM.VLinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.VLinkProcessor.1"

[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ProgID]
"(Default)" = "DownlWithIDM.VLinkProcessor.1"

[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}]
"(Default)" = "IDMDwnlMgr Class"

[HKCR\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\ProgID]
"(Default)" = "DownlWithIDM.V2LinkProcessor.1"

[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}]
"(Default)" = "LinkProcessor Class"

[HKCR\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version]
"(Default)" = "1.0"

[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\DownlWithIDM.LinkProcessor\CLSID]
"(Default)" = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"

[HKCR\DownlWithIDM.LinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.LinkProcessor.1"

[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\DownlWithIDM.V2LinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.V2LinkProcessor.1"

[HKCR\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM64.dll"
"ThreadingModel" = "Apartment"

[HKCR\DownlWithIDM.VLinkProcessor\CLSID]
"(Default)" = "{CDD67718-A430-4AB9-A939-83D9074B0038}"

[HKCR\DownlWithIDM.V2LinkProcessor]
"(Default)" = "V2LinkProcessor Class"

[HKCR\DownlWithIDM.IDMDwnlMgr]
"(Default)" = "IDMDwnlMgr Class"

[HKCR\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.V2LinkProcessor"

[HKCR\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}]
"(Default)" = "V2LinkProcessor Class"

[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM64.dll"

[HKCR\DownlWithIDM.LinkProcessor.1\CLSID]
"(Default)" = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"

[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.VLinkProcessor"

[HKCR\DownlWithIDM.VLinkProcessor]
"(Default)" = "VLinkProcessor Class"

[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID]
"(Default)" = "DownlWithIDM.LinkProcessor.1"

[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM64.dll"

[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\DownlWithIDM.IDMDwnlMgr.1\CLSID]
"(Default)" = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"

[HKCR\DownlWithIDM.V2LinkProcessor.1]
"(Default)" = "V2LinkProcessor Class"

[HKCR\DownlWithIDM.LinkProcessor]
"(Default)" = "LinkProcessor Class"

[HKCR\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM64.dll"

[HKCR\DownlWithIDM.IDMDwnlMgr\CLSID]
"(Default)" = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"

[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.LinkProcessor"

[HKCR\DownlWithIDM.VLinkProcessor.1\CLSID]
"(Default)" = "{CDD67718-A430-4AB9-A939-83D9074B0038}"

The process regsvr32.exe:2044 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCR\IDMGetAll.IDMAllLinksProcessor.1\CLSID]
"(Default)" = "{5312C54E-A385-46B7-B200-ABAF81B03935}"

[HKCR\IDMGetAll.IDMAllLinksProcessor.1]
"(Default)" = "IDMAllLinksProcessor Class"

[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMGetAll64.dll"

[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib]
"(Default)" = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}"

[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor"

[HKCR\IDMGetAll.IDMAllLinksProcessor\CLSID]
"(Default)" = "{5312C54E-A385-46B7-B200-ABAF81B03935}"

[HKCR\IDMGetAll.IDMAllLinksProcessor]
"(Default)" = "IDMAllLinksProcessor Class"

[HKCR\IDMGetAll.IDMAllLinksProcessor\CurVer]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor.1"

[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor.1"

[HKCR\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMGetAll64.dll"

[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}]
"(Default)" = "IDMAllLinksProcessor Class"

The Worm deletes the following registry key(s):

[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID]
[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID]
[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib]
[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}]
[HKCR\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\Programmable]

The process regsvr32.exe:712 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

The Worm deletes the following registry key(s):

[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories]
[HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]

The process regsvr32.exe:2184 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

The Worm deletes the following registry key(s):

[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\VersionIndependentProgID]
[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ProgID]
[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Programmable]
[HKCR\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID]
[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Insertable]
[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}]
[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus\1]
[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\Programmable]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID]
[HKCR\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\ProgID]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Control]
[HKCR\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\Programmable]
[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\Programmable]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\TypeLib]
[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus]
[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib]
[HKCR\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}]
[HKCR\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID]
[HKCR\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib]
[HKCR\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
[HKCR\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}]
[HKCR\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]

The process regsvr32.exe:2948 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

The process regsvr32.exe:1976 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMShellExt64.dll"
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
"(Default)" = "IDM Shell Extension"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"GlobalAssocChangedCounter" = "55"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IDM Shell Extension]
"(Default)" = "{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{CDC95B92-E27C-4745-A8C5-64A52A78855D}" = "IDM Shell Extension"

The process Uninstall.exe:168 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Wow6432Node\Internet Download Manager]
"AdvIntDriverEnabled2" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\IDMWFP]
"Start" = "2"

The Worm deletes the following value(s) in system registry:

The process IDMan.exe:2156 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\Backup_IDM\IDMBI\Firefox\0]
"isff15" = "1"

[HKCU\Software\DownloadManager\SpecialKeys]
"CtrlF" = "0"

[HKCU\Software\DownloadManager\DwnlPanel]
"MKV" = "1"

[HKCU\Software\Backup_IDM\ListSettings]
"Referer" = "C8 00 00 00 00 00 00 00"

[HKCU\Software\DownloadManager\SpecialKeys]
"CtrlP" = "0"

[HKCU\Software\DownloadManager\IDMBI\Firefox]
"int" = "1"

[HKCU\Software\DownloadManager]
"radxcnt" = "1"

[HKCU\Software\Backup_IDM\SpecialKeys]
"AltF" = "0"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID]
"(Default)" = "IDMIECC.IDMIEHlprObj"

[HKCU\Software\Backup_IDM\DwnlPanel]
"F4V" = "1"

[HKCU\Software\Backup_IDM\SpecialKeys]
"CtrlF" = "0"

[HKCU\Software\Backup_IDM\FoldersTree\Compressed]
"forSiteOnly" = "0"

[HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn]
"Path" = "%Program Files% (x86)\Internet Download Manager\IDMGCExt.crx"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll, 101"

[HKCU\Software\Backup_IDM\SpecialKeys]
"InsF" = "1"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Backup_IDM\FoldersTree\Video]
"pathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"

[HKCU\Software\Backup_IDM]
"intAOFRWE" = "1"

[HKCU\Software\Backup_IDM\SpecialKeys]
"CtrlP" = "0"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\VersionIndependentProgID]
"(Default)" = "Idmfsa.IDMEFSAgent"

[HKCR\DownlWithIDM.VLinkProcessor\CLSID]
"(Default)" = "{CDD67718-A430-4AB9-A939-83D9074B0038}"

[HKCU\Software\DownloadManager\FoldersTree\Music]
"pathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"

[HKCR\DownlWithIDM.V2LinkProcessor]
"(Default)" = "V2LinkProcessor Class"

[HKCR\Idmfsa.IDMEFSAgent\CurVer]
"(Default)" = "Idmfsa.IDMEFSAgent.1"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"LocalizedString" = "@%Program Files% (x86)\Internet Download Manager\idmfsa.dll,-100"

[HKCU\Software\DownloadManager]
"FSSettingsChecked" = "1"
"RememberLastSave" = "1"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\ProgID]
"(Default)" = "Idmfsa.IDMEFSAgent.1"

[HKCR\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\NumMethods]
"(Default)" = "12"

[HKCU\Software\DownloadManager]
"LargeButtons" = "0"

[HKCR\IDMIECC.IDMHelperLinksStorage.1]
"(Default)" = "IDMHelperLinksStorage Class"

[HKCU\Software\Backup_IDM\IDMBI\chrome]
"int" = "1"

[HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn]
"Version" = "6.21.16"

[HKCU\Software\Mozilla\Firefox\Extensions]
"[email protected]" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5"

[HKCU\Software\Backup_IDM\IDMBI\IEXPLORE]
"int" = "1"

[HKCU\Software\DownloadManager\IDMBI\OPERA]
"Name" = "Opera"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Backup_IDM\FoldersTree\Documents]
"ID" = "5"

[HKCU\Software\DownloadManager\DwnlPanel]
"WEBM" = "1"

[HKCR\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
"ThreadingModel" = "Both"

[HKCU\Software\DownloadManager\DwnlPanel]
"FLV" = "1"

[HKCU\Software\DownloadManager\menuExt]
"ffdownl10FLV_v" = "2"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version]
"(Default)" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
"AppName" = "IDMan.exe"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}]
"(Default)" = "IDMHelperLinksStorage Class"

[HKCU\Software\DownloadManager\IDMBI\Firefox\0]
"vers" = "29.0.1"

[HKCR\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"AppID" = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\TypeLib]
"(Default)" = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}"

[HKCU\Software\Backup_IDM\DwnlPanel]
"OGV" = "1"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID]
"(Default)" = "IDMIECC.IDMIEHlprObj.1"

[HKCR\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32]
"(Default)" = "{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"AppID" = "{0F947660-8606-420A-BAC6-51B84DD22A47}"

[HKCU\Software\Backup_IDM\DwnlPanel]
"OGG" = "1"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus\1]
"(Default)" = "131473"

[HKCU\Software\DownloadManager\FoldersTree\Documents]
"forSiteOnly" = "0"

[HKCU\Software\DownloadManager\FoldersTree\Video]
"sites" = ""

[HKCR\DownlWithIDM.IDMDwnlMgr.1\CLSID]
"(Default)" = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"

[HKCU\Software\DownloadManager\FoldersTree\Video]
"forSiteOnly" = "0"

[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IEExt.htm"

[HKCU\Software\Backup_IDM\IDMBI\Firefox]
"Name" = "Mozilla Firefox"

[HKCU\Software\DownloadManager\FoldersTree\Documents]
"mask" = "doc pdf ppt pps"

[HKCU\Software\DownloadManager\FoldersTree\Compressed]
"forSiteOnly" = "0"

[HKCR\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}]
"(Default)" = "IIDMEFSAgent"

[HKCU\Software\Backup_IDM\ListSettings]
"LastTry" = "41 00 00 00 01 00 00 00"

[HKCU\Software\Backup_IDM]
"FSSettingsChecked" = "1"

[HKCR\DownlWithIDM.LinkProcessor.1]
"(Default)" = "LinkProcessor Class"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor.1"

[HKCU\Software\DownloadManager]
"lastintres" = "1"

[HKCU\Software\Backup_IDM]
"FSPSSettingsChecked" = "1"

[HKCR\DownlWithIDM.V2LinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.V2LinkProcessor.1"

[HKCU\Software\DownloadManager\FoldersTree\Music]
"rememberLastPath" = "0"

[HKCU\Software\DownloadManager\FoldersTree\Compressed]
"pathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"

[HKCR\IDMIECC.IDMIEHlprObj.1\CLSID]
"(Default)" = "{0055C089-8582-441B-A0BF-17B458C2A3A8}"

[HKCU\Software\DownloadManager\DwnlPanel]
"OGV" = "1"
"OGG" = "1"

[HKCU\Software\Backup_IDM\FoldersTree\Programs]
"sites" = ""

[HKCU\Software\Backup_IDM]
"FtpPasive" = "0"

[HKCU\Software\DownloadManager\FoldersTree\Music]
"sites" = ""

[HKCU\Software\DownloadManager]
"UseFtpProxy" = "0"

[HKCU\Software\DownloadManager\IDMBI\Firefox\0]
"bEnabled" = "0"

[HKCU\Software\Backup_IDM\DwnlPanel]
"TS" = "1"
"FLV" = "1"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM]
"Contexts" = "243"

[HKCU\Software\DownloadManager\IDMBI\Firefox\0]
"bExtensionInstalled" = "0"

[HKCU\Software\DownloadManager]
"LocalPathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"

[HKCR\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\ProxyStubClsid32]
"(Default)" = "{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"

[HKCU\Software\Backup_IDM\ListSettings]
"dateAdded" = "41 00 00 00 00 00 00 00"

[HKCR\AppID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"DllSurrogate" = ""

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID]
"(Default)" = "DownlWithIDM.LinkProcessor.1"

[HKCU\Software\DownloadManager\SpecialKeys]
"UseKeyToForce" = "0"

[HKCU\Software\DownloadManager]
"CommonAppDataIDMFolder" = "C:\ProgramData\IDM\"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IDMan_RASAPI32]
"FileTracingMask" = "4294901760"

[HKCR\IDMIECC.IDMIEHlprObj.1]
"(Default)" = "IDMIEHlprObj Class"

[HKCU\Software\DownloadManager\FoldersTree\Compressed]
"ID" = "7"

[HKCU\Software\Backup_IDM]
"nDESC7" = "1"

[HKCU\Software\DownloadManager]
"ExePath" = "%Program Files% (x86)\Internet Download Manager\IDMan.exe"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\IDMIECC.IDMHelperLinksStorage.1\CLSID]
"(Default)" = "{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"

[HKCU\Software\Backup_IDM]
"nDESC8" = "1"
"CommonAppDataIDMFolder" = "C:\ProgramData\IDM\"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\ProgID]
"(Default)" = "DownlWithIDM.V2LinkProcessor.1"

[HKCU\Software\DownloadManager\DwnlPanel]
"3gp" = "1"

[HKCR\IDMIECC.IDMHelperLinksStorage\CLSID]
"(Default)" = "{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"

[HKCU\Software\Backup_IDM\ListSettings]
"Status" = "41 00 00 00 01 00 00 00"

[HKCU\Software\Backup_IDM]
"AppDataIDMFolder" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\"

[HKCU\Software\Backup_IDM\IDMBI\Firefox\0]
"EXE" = "%Program Files% (x86)\Mozilla Firefox\firefox.exe"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IDMan_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.LinkProcessor"

[HKCR\Idmfsa.IDMEFSAgent.1]
"(Default)" = "IDMEFSAgent Class"

[HKCU\Software\Backup_IDM\FoldersTree\Video]
"forSiteOnly" = "0"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}]
"(Default)" = "VLinkProcessor Class"

[HKCU\Software\DownloadManager\menuExt]
"ffdownl10FLVa_str" = "Download FLV videos with IDM from 10 last requested"

[HKCU\Software\DownloadManager\ListSettings]
"TransferRate" = "5F 00 00 00 01 00 00 00"

[HKCU\Software\Backup_IDM\ListSettings]
"FileName" = "96 00 00 00 01 00 00 00"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IDMan_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKCR\DownlWithIDM.LinkProcessor.1\CLSID]
"(Default)" = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"

[HKCU\Software\Backup_IDM\FoldersTree\Documents]
"forSiteOnly" = "0"

[HKCR\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"ROTFlags" = "1"

[HKCU\Software\DownloadManager\DwnlPanel]
"wav" = "1"

[HKCU\Software\Backup_IDM\DwnlPanel]
"WMA" = "1"

[HKCU\Software\DownloadManager]
"mzcc_ext_vers" = "7393"
"EnableDriver" = "1"

[HKCU\Software\Backup_IDM\FoldersTree\Compressed]
"rememberLastPath" = "0"

[HKCR\IDMIECC.IDMIEHlprObj\CurVer]
"(Default)" = "IDMIECC.IDMIEHlprObj.1"

[HKCR\DownlWithIDM.VLinkProcessor.1\CLSID]
"(Default)" = "{CDD67718-A430-4AB9-A939-83D9074B0038}"

[HKCU\Software\Backup_IDM\menuExt]
"ffdownlFLVa_str" = "Download last requested FLV video with IDM"

[HKCR\DownlWithIDM.VLinkProcessor.1]
"(Default)" = "VLinkProcessor Class"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.V2LinkProcessor"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor"

[HKCU\Software\DownloadManager]
"isSSW_OK" = "0"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\Elevation]
"Enabled" = "1"

[HKCR\Wow6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\ProxyStubClsid32]
"(Default)" = "{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib]
"(Default)" = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}"

[HKCU\Software\DownloadManager\menuExt]
"ffdownlFLVa_str" = "Download last requested FLV video with IDM"

[HKCR\DownlWithIDM.V2LinkProcessor\CLSID]
"(Default)" = "{4764030F-2733-45B9-AE62-3D1F4F6F2861}"

[HKCU\Software\DownloadManager\menuExt]
"iedownl1_str" = "Download with IDM"

[HKCU\Software\Backup_IDM]
"LstCheck" = "02/19/15"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Backup_IDM]
"MonitorUrlClipboard" = "0"

[HKCR\DownlWithIDM.LinkProcessor\CLSID]
"(Default)" = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"

[HKCU\Software\Backup_IDM\menuExt]
"ffdownlFLV_str" = "Download last requested FLV video"

[HKCU\Software\Backup_IDM\ListSettings]
"Description" = "C8 00 00 00 01 00 00 00"

[HKCU\Software\Backup_IDM\IDMBI\NETSCP]
"int" = "1"

[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM]
"Contexts" = "243"

[HKCU\Software\DownloadManager\DwnlPanel]
"TS" = "1"

[HKCU\Software\DownloadManager]
"intAOFRWE" = "1"

[HKCU\Software\DownloadManager\menuExt]
"iedownlAll_str" = "Download all links with IDM"

[HKCR\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMan.exe"

[HKCU\Software\Backup_IDM\IDMBI\Firefox]
"found" = "1"

[HKCU\Software\DownloadManager\FoldersTree\Programs]
"pathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"

[HKCU\Software\Backup_IDM\FoldersTree\Video]
"sites" = ""

[HKCU\Software\DownloadManager\IDMBI\IEXPLORE]
"int" = "1"

[HKCU\Software\Backup_IDM]
"idmvers" = "v6.22 Trial"

[HKCU\Software\DownloadManager\FoldersTree\Documents]
"rememberLastPath" = "0"

[HKCU\Software\DownloadManager\DwnlPanel]
"AVI" = "1"
"F4V" = "1"

[HKCU\Software\DownloadManager\ListSettings]
"dateAdded" = "41 00 00 00 00 00 00 00"

[HKCU\Software\DownloadManager]
"nDESC7" = "1"

[HKCR\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}]
"(Default)" = "PSFactoryBuffer"

[HKCU\Software\DownloadManager\ListSettings]
"Order" = "00 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00"

[HKCU\Software\DownloadManager]
"TempPath" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\"

[HKCU\Software\Backup_IDM\IDMBI\Firefox\0]
"isExtensionSupported" = "1"

[HKCU\Software\DownloadManager\FoldersTree\Programs]
"ID" = "1"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCU\Software\DownloadManager\ListSettings]
"SaveTo" = "C8 00 00 00 00 00 00 00"

[HKCU\Software\Backup_IDM\IDMBI\Safari]
"Name" = "Apple Safari"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC.dll"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
"(Default)" = "IDM integration (IDMIEHlprObj Class)"

[HKCU\Software\DownloadManager\FoldersTree\Documents]
"sites" = ""

[HKCU\Software\DownloadManager]
"mzcc_vers" = "62119"

[HKCU\Software\Backup_IDM\SpecialKeys]
"CheckMouse" = "0"

[HKCU\Software\Backup_IDM\DwnlPanel]
"ASF" = "1"

[HKCU\Software\Backup_IDM]
"ToolbarStyle" = "3D Style"

[HKCU\Software\DownloadManager\DwnlPanel]
"WMA" = "1"

[HKCR\IDMGetAll.IDMAllLinksProcessor\CLSID]
"(Default)" = "{5312C54E-A385-46B7-B200-ABAF81B03935}"

[HKCU\Software\DownloadManager]
"Extensions" = "3GP 7Z AAC ACE AIF ARJ ASF AVI BIN BZ2 EXE GZ GZIP IMG ISO LZH M4A M4V MKV MOV MP3 MP4 MPA MPE MPEG MPG MSI MSU OGG OGV PDF PLJ PPS PPT QT R0* R1* RA RAR RM RMVB SEA SIT SITX TAR TIF TIFF WAV WMA WMV Z ZIP"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID]
"(Default)" = "DownlWithIDM.IDMDwnlMgr.1"

[HKCU\Software\DownloadManager\DwnlPanel]
"WMV" = "1"

[HKCU\Software\Backup_IDM\FoldersTree\Documents]
"sites" = ""

[HKCR\DownlWithIDM.VLinkProcessor]
"(Default)" = "VLinkProcessor Class"

[HKCU\Software\DownloadManager]
"idmvers" = "v6.22 Trial"

[HKCU\Software\Backup_IDM]
"LargeButtons" = "1"

[HKCU\Software\DownloadManager\menuExt]
"ffdownlFLV_str" = "Download last requested FLV video"

[HKCR\DownlWithIDM.V2LinkProcessor.1]
"(Default)" = "V2LinkProcessor Class"

[HKCU\Software\DownloadManager\IDMBI\Mozilla]
"Name" = "Mozilla"

[HKCU\Software\DownloadManager\ListSettings]
"FileName" = "96 00 00 00 01 00 00 00"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC.dll"

[HKCU\Software\DownloadManager\DwnlPanel]
"qt" = "1"

[HKCU\Software\DownloadManager\FoldersTree\Documents]
"pathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"

[HKCU\Software\Backup_IDM\FoldersTree\Music]
"pathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"
"rememberLastPath" = "0"

[HKCU\Software\Backup_IDM]
"ExceptionServers" = "*.update.microsoft.com download.windowsupdate.com siteseal.thawte.com ecom.cimetz.com *.voice2page.com"

[HKCU\Software\Backup_IDM\menuExt]
"ffdownlAll_str" = "Download all links with IDM"

[HKCU\Software\DownloadManager\IDMBI\Firefox\0]
"EXE" = "%Program Files% (x86)\Mozilla Firefox\firefox.exe"

[HKCU\Software\DownloadManager\FoldersTree\Video]
"rememberLastPath" = "0"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IDMan_RASAPI32]
"EnableFileTracing" = "0"

[HKCU\Software\DownloadManager\ListSettings]
"Description" = "C8 00 00 00 01 00 00 00"

[HKCU\Software\DownloadManager\FoldersTree\Compressed]
"rememberLastPath" = "0"

[HKCR\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"RunAs" = "Interactive User"

[HKCR\Idmfsa.IDMEFSAgent\CLSID]
"(Default)" = "{0F947660-8606-420A-BAC6-51B84DD22A47}"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
"Policy" = "3"

[HKCU\Software\Backup_IDM\menuExt]
"ffdownl10FLV_str" = "Choose from 10 last requested FLV videos"

[HKCU\Software\DownloadManager]
"sortOrder" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}]
"AppName" = "IEMonitor.exe"

[HKCR\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCU\Software\DownloadManager\IDMBI\chrome]
"int" = "1"

[HKCR\Idmfsa.IDMEFSAgent.1\CLSID]
"(Default)" = "{0F947660-8606-420A-BAC6-51B84DD22A47}"

[HKCU\Software\Backup_IDM]
"UseHttpProxy" = "0"

[HKCU\Software\Backup_IDM\FoldersTree\Music]
"sites" = ""

[HKCU\Software\Backup_IDM\SpecialKeys]
"UseKeyToForce" = "0"

[HKCU\Software\Backup_IDM\DwnlPanel]
"qt" = "1"

[HKCU\Software\DownloadManager\DwnlPanel]
"ASF" = "1"

[HKCR\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"(Default)" = "IDMan.CIDMLinkTransmitter"

[HKCR\IDMGetAll.IDMAllLinksProcessor.1]
"(Default)" = "IDMAllLinksProcessor Class"

[HKCU\Software\DownloadManager]
"AppDataIDMFolder" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\"

[HKCU\Software\Backup_IDM\IDMBI\Safari]
"int" = "1"

[HKCU\Software\Backup_IDM]
"LaunchOnStart" = "1"

[HKCU\Software\Backup_IDM\SpecialKeys]
"AltP" = "1"

[HKCU\Software\Backup_IDM\ListSettings]
"SaveTo" = "C8 00 00 00 00 00 00 00"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Backup_IDM\FoldersTree\Compressed]
"mask" = "zip rar r0* r1* arj gz sit sitx sea ace bz2 7z"

[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IEGetAll.htm"

[HKCU\Software\DownloadManager]
"FindApps" = "0"

[HKCU\Software\DownloadManager\menuExt]
"ffdownl10FLV_str" = "Choose from 10 last requested FLV videos"

[HKCU\Software\DownloadManager]
"ExceptionServers" = "*.update.microsoft.com download.windowsupdate.com siteseal.thawte.com ecom.cimetz.com *.voice2page.com"

[HKCU\Software\DownloadManager\IDMBI\Safari]
"int" = "1"

[HKCU\Software\Backup_IDM\FoldersTree\Video]
"rememberLastPath" = "0"

[HKCU\Software\DownloadManager\SpecialKeys]
"CheckMouse" = "0"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID]
"(Default)" = "IDMIECC.IDMHelperLinksStorage.1"

[HKCU\Software\DownloadManager\FoldersTree\Video]
"ID" = "3"

[HKCU\Software\DownloadManager\FoldersTree\Programs]
"forSiteOnly" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}]
"AppPath" = "%Program Files% (x86)\Internet Download Manager"

[HKCU\Software\Backup_IDM\IDMBI\Mozilla]
"Name" = "Mozilla"

[HKCU\Software\DownloadManager\FoldersTree\Compressed]
"mask" = "zip rar r0* r1* arj gz sit sitx sea ace bz2 7z"

[HKCU\Software\Backup_IDM\menuExt]
"ffdownl10FLVa_str" = "Download FLV videos with IDM from 10 last requested"

[HKCU\Software\DownloadManager\FoldersTree\Programs]
"sites" = ""

[HKCU\Software\Backup_IDM]
"ExePath" = "%Program Files% (x86)\Internet Download Manager\IDMan.exe"

[HKCU\Software\Backup_IDM\FoldersTree\Music]
"mask" = "mp3 wav wma mpa ram ra aac aif m4a"

[HKCR\DownlWithIDM.LinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.LinkProcessor.1"

[HKCR\IDMIECC.IDMIEHlprObj\CLSID]
"(Default)" = "{0055C089-8582-441B-A0BF-17B458C2A3A8}"

[HKCU\Software\Backup_IDM\IDMBI\Firefox\0]
"bPluginInstalled" = "0"

[HKCU\Software\Backup_IDM\SpecialKeys]
"SkipHtml" = "1"

[HKCU\Software\Backup_IDM\FoldersTree\Documents]
"rememberLastPath" = "0"

[HKCR\IDMan.CIDMLinkTransmitter\CLSID]
"(Default)" = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"

[HKCU\Software\DownloadManager\FoldersTree\Compressed]
"sites" = ""

[HKCU\Software\Backup_IDM\FoldersTree\Programs]
"pathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"

[HKCU\Software\DownloadManager\IDMBI\OPERA]
"int" = "1"

[HKCR\DownlWithIDM.VLinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.VLinkProcessor.1"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCU\Software\Backup_IDM\IDMBI\Mozilla]
"int" = "1"

[HKCU\Software\Backup_IDM\menuExt]
"ffdownlFLV_v" = "2"

[HKCU\Software\Backup_IDM\IDMBI\chrome]
"Name" = "Google Chrome"

[HKCU\Software\Backup_IDM\DwnlPanel]
"AVI" = "1"

[HKCU\Software\DownloadManager\SpecialKeys]
"ShiftF" = "0"

[HKCU\Software\DownloadManager\ListSettings]
"Status" = "41 00 00 00 01 00 00 00"

[HKCU\Software\Backup_IDM\menuExt]
"ffdownlppFLV_str" = "Download FLV video with IDM"

[HKCU\Software\DownloadManager]
"LstCheck" = "02/19/15"

[HKCU\Software\DownloadManager\DwnlPanel]
"mpeg" = "1"

[HKCU\Software\DownloadManager\SpecialKeys]
"ShiftP" = "0"

[HKCU\Software\DownloadManager\IDMBI\IEXPLORE]
"Name" = "Internet Explorer"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCU\Software\Backup_IDM\DwnlPanel]
"3gp" = "1"

[HKCR\AppID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"(Default)" = "IDM Elevated FS Assistant"

[HKCU\Software\DownloadManager\ListSettings]
"Size" = "4B 00 00 00 01 00 00 00"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}]
"(Default)" = "LinkProcessor Class"

[HKCU\Software\Backup_IDM\IDMBI\Firefox]
"int" = "1"

[HKLM\SOFTWARE\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn]
"Path" = "%Program Files% (x86)\Internet Download Manager\IDMGCExt.crx"

[HKCU\Software\Backup_IDM\IDMBI\OPERA]
"Name" = "Opera"

[HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn]
"Version" = "6.21.16"

[HKCU\Software\Backup_IDM\SpecialKeys]
"ShiftF" = "0"

[HKCU\Software\DownloadManager\DwnlPanel]
"RM" = "1"

[HKCR\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}]
"(Default)" = "IIDMEFSAgent2"

[HKCR\IDMIECC.IDMHelperLinksStorage\CurVer]
"(Default)" = "IDMIECC.IDMHelperLinksStorage.1"

[HKCU\Software\Backup_IDM\SpecialKeys]
"ShiftP" = "0"

[HKCU\Software\DownloadManager\ListSettings]
"Timeleft" = "4B 00 00 00 01 00 00 00"

[HKCU\Software\Backup_IDM\FoldersTree\Music]
"ID" = "2"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ProgID]
"(Default)" = "DownlWithIDM.VLinkProcessor.1"

[HKCU\Software\DownloadManager\menuExt]
"ffdownlppFLV_str" = "Download FLV video with IDM"

[HKCU\Software\Backup_IDM]
"windowPlacementV6" = "2C 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF"

[HKCU\Software\DownloadManager\FoldersTree\Music]
"forSiteOnly" = "0"

[HKCU\Software\Backup_IDM\FoldersTree\Music]
"forSiteOnly" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}]
"AppPath" = "%Program Files% (x86)\Internet Download Manager"

[HKCU\Software\DownloadManager\menuExt]
"ffdownlFLV_v" = "2"

[HKCU\Software\DownloadManager]
"MonitorUrlClipboard" = "0"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMGetAll.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCR\DownlWithIDM.IDMDwnlMgr.1]
"(Default)" = "IDMDwnlMgr Class"

[HKCU\Software\Backup_IDM]
"sortOrder" = "0"

[HKCU\Software\Microsoft\Internet Explorer]
"DownloadUI" = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"

[HKCR\IDMIECC.IDMHelperLinksStorage]
"(Default)" = "IDMHelperLinksStorage Class"

[HKCU\Software\DownloadManager\IDMBI\Safari]
"Name" = "Apple Safari"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCR\Wow6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}]
"(Default)" = "IIDMEFSAgent3"

[HKCU\Software\DownloadManager\menuExt]
"ffdownlAll_str" = "Download all links with IDM"

[HKCU\Software\DownloadManager\DwnlPanel]
"m4a" = "1"

[HKCR\IDMGetAll.IDMAllLinksProcessor]
"(Default)" = "IDMAllLinksProcessor Class"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.IDMDwnlMgr"

[HKCU\Software\DownloadManager\DwnlPanel]
"M4V" = "1"

[HKCU\Software\Backup_IDM\SpecialKeys]
"UseKeyToPrevent" = "1"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IDMan_RASAPI32]
"MaxFileSize" = "1048576"

[HKCU\Software\Backup_IDM\DwnlPanel]
"MKV" = "1"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}]
"(Default)" = "IDMAllLinksProcessor Class"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer]
"DownloadUI" = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"

[HKCU\Software\Backup_IDM\IDMBI\IEXPLORE]
"Name" = "Internet Explorer"

[HKCR\DownlWithIDM.LinkProcessor]
"(Default)" = "LinkProcessor Class"

[HKCU\Software\DownloadManager\IDMBI\chrome]
"Name" = "Google Chrome"

[HKCU\Software\DownloadManager\FoldersTree\Music]
"ID" = "2"

[HKCU\Software\DownloadManager\IDMBI\Firefox\0]
"bPluginInstalled" = "0"

[HKCU\Software\DownloadManager\ListSettings]
"Referer" = "C8 00 00 00 00 00 00 00"

[HKCU\Software\Backup_IDM\FoldersTree\Programs]
"ID" = "1"

[HKCU\Software\DownloadManager\FoldersTree\Video]
"mask" = "avi mpg mpe mpeg asf wmv mov qt rm mp4 flv m4v webm ogv ogg"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\idmfsa.dll"

[HKCU\Software\DownloadManager\IDMBI\NETSCP]
"int" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}]
"Policy" = "3"

[HKCU\Software\DownloadManager\SpecialKeys]
"AltP" = "1"

[HKCU\Software\Backup_IDM\DwnlPanel]
"mpeg" = "1"

[HKCU\Software\DownloadManager\IDMBI\Firefox\0]
"isff15" = "1"

[HKCU\Software\DownloadManager\IDMBI\NETSCP]
"Name" = "Netscape 6 and later"

[HKCU\Software\Backup_IDM\FoldersTree\Documents]
"pathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\DownloadManager\SpecialKeys]
"AltF" = "0"

[HKCU\Software\Backup_IDM\DwnlPanel]
"mp4" = "1"
"mp3" = "1"

[HKCU\Software\DownloadManager\IDMBI\Firefox]
"found" = "1"

[HKCU\Software\DownloadManager\SpecialKeys]
"UseKeyToPrevent" = "1"

[HKCU\Software\Backup_IDM]
"LocalPathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"

[HKCU\Software\Backup_IDM\DwnlPanel]
"mpg" = "1"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}]
"(Default)" = "IDMDwnlMgr Class"

[HKCR\IDMIECC.IDMIEHlprObj]
"(Default)" = "IDMIEHlprObj Class"

[HKCU\Software\DownloadManager\menuExt]
"ffdownl1_str" = "Download with IDM"

[HKCR\DownlWithIDM.IDMDwnlMgr]
"(Default)" = "IDMDwnlMgr Class"

[HKCU\Software\DownloadManager\SpecialKeys]
"SkipHtml" = "1"

[HKCU\Software\Backup_IDM]
"Extensions" = "3GP 7Z AAC ACE AIF ARJ ASF AVI BIN BZ2 EXE GZ GZIP IMG ISO LZH M4A M4V MKV MOV MP3 MP4 MPA MPE MPEG MPG MSI MSU OGG OGV PDF PLJ PPS PPT QT R0* R1* RA RAR RM RMVB SEA SIT SITX TAR TIF TIFF WAV WMA WMV Z ZIP"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\VersionIndependentProgID]
"(Default)" = "IDMIECC.IDMHelperLinksStorage"

[HKCU\Software\Backup_IDM\ListSettings]
"Queue" = "14 00 00 00 01 00 00 00"

[HKCU\Software\Backup_IDM]
"mzcc_ext_vers" = "7393"

[HKCU\Software\Backup_IDM\ListSettings]
"TransferRate" = "5F 00 00 00 01 00 00 00"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
"AppPath" = "%Program Files% (x86)\Internet Download Manager"

[HKCU\Software\Backup_IDM\IDMBI\Firefox\0]
"bExtensionInstalled" = "0"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.VLinkProcessor"

[HKCU\Software\Backup_IDM\DwnlPanel]
"wav" = "1"

[HKCU\Software\Backup_IDM]
"mzcc_vers" = "62119"
"RememberLastSave" = "1"

[HKCU\Software\Mozilla\SeaMonkey\Extensions]
"[email protected]" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5"

[HKCU\Software\DownloadManager]
"ToolbarStyle" = "3D Style"

[HKCU\Software\Backup_IDM]
"PanelExceptionServers" = "*.gstatic.com"

[HKCU\Software\DownloadManager\ListSettings]
"LastTry" = "41 00 00 00 01 00 00 00"

[HKCR\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\idmfsa.dll"

[HKCR\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\NumMethods]
"(Default)" = "13"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCU\Software\Backup_IDM\menuExt]
"iedownlAll_str" = "Download all links with IDM"

[HKCU\Software\Backup_IDM\DwnlPanel]
"RM" = "1"
"mov" = "1"

[HKCU\Software\Backup_IDM]
"TempPath" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKCR\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"(Default)" = "IDMan"

[HKCU\Software\DownloadManager\FoldersTree\Programs]
"rememberLastPath" = "0"

[HKCU\Software\Backup_IDM]
"radxcnt" = "1"

[HKCU\Software\Backup_IDM\FoldersTree\Programs]
"forSiteOnly" = "0"

[HKCU\Software\Backup_IDM\IDMBI\OPERA]
"int" = "1"

[HKCU\Software\DownloadManager]
"windowPlacementV6" = "2C 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF"

[HKCU\Software\Backup_IDM\DwnlPanel]
"WEBM" = "1"
"WMV" = "1"

[HKCU\Software\DownloadManager\ConfigTime]
"(Default)" = "1424315862"

[HKCU\Software\Backup_IDM]
"lastintres" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}]
"AppName" = "IDMan.exe"

[HKCR\DownlWithIDM.IDMDwnlMgr\CLSID]
"(Default)" = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"

[HKCU\Software\Backup_IDM\FoldersTree\Compressed]
"ID" = "7"
"sites" = ""

[HKCU\Software\DownloadManager\SpecialKeys]
"InsF" = "1"

[HKCU\Software\DownloadManager\FoldersTree\Documents]
"ID" = "5"

[HKCU\Software\DownloadManager\DwnlPanel]
"mov" = "1"

[HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}]
"Therad" = "1"

[HKCR\IDMGetAll.IDMAllLinksProcessor\CurVer]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor.1"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCU\Software\DownloadManager]
"FSPSSettingsChecked" = "1"

[HKCR\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC.dll"

[HKCR\Wow6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\NumMethods]
"(Default)" = "14"

[HKCU\Software\DownloadManager]
"nDESC8" = "1"

[HKCU\Software\Backup_IDM]
"EnableDriver" = "1"
"UseFtpProxy" = "0"

[HKCU\Software\DownloadManager\IDMBI\Mozilla]
"int" = "1"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\DownloadManager]
"FtpPasive" = "0"

[HKCR\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMGetAll.dll"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}]
"(Default)" = "V2LinkProcessor Class"

[HKCU\Software\Backup_IDM\FoldersTree\Programs]
"mask" = "exe msi"

[HKCU\Software\DownloadManager\ListSettings]
"Queue" = "14 00 00 00 01 00 00 00"

[HKCU\Software\Backup_IDM\menuExt]
"ffdownl1_str" = "Download with IDM"

[HKCU\Software\Backup_IDM\FoldersTree\Video]
"mask" = "avi mpg mpe mpeg asf wmv mov qt rm mp4 flv m4v webm ogv ogg"

[HKCU\Software\Backup_IDM\IDMBI\Firefox\0]
"vers" = "29.0.1"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}]
"Policy" = "3"

[HKCU\Software\DownloadManager\FoldersTree\Programs]
"mask" = "exe msi"

[HKCU\Software\Backup_IDM]
"isSSW_OK" = "0"

[HKCU\Software\Backup_IDM\menuExt]
"iedownl1_str" = "Download with IDM"

[HKCU\Software\DownloadManager\DwnlPanel]
"mpg" = "1"

[HKCU\Software\DownloadManager\IDMBI\Firefox\0]
"isExtensionSupported" = "1"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IDMan_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKCR\Idmfsa.IDMEFSAgent]
"(Default)" = "IDMEFSAgent Class"

[HKCU\Software\Backup_IDM\FoldersTree\Programs]
"rememberLastPath" = "0"

[HKCR\DownlWithIDM.V2LinkProcessor.1\CLSID]
"(Default)" = "{4764030F-2733-45B9-AE62-3D1F4F6F2861}"

[HKCU\Software\DownloadManager\IDMBI\Firefox]
"Name" = "Mozilla firefox"

[HKCU\Software\Backup_IDM\IDMBI\NETSCP]
"Name" = "Netscape 6 and later"

[HKCU\Software\DownloadManager]
"UseHttpProxy" = "0"

[HKCU\Software\Backup_IDM\FoldersTree\Documents]
"mask" = "doc pdf ppt pps"

[HKCU\Software\DownloadManager]
"LaunchOnStart" = "1"

[HKCU\Software\Backup_IDM]
"FindApps" = "0"

[HKCU\Software\Backup_IDM\ListSettings]
"Order" = "00 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00"

[HKCU\Software\Backup_IDM\FoldersTree\Compressed]
"pathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"

[HKCU\Software\DownloadManager]
"PanelExceptionServers" = "*.gstatic.com"

[HKCR\IDMGetAll.IDMAllLinksProcessor.1\CLSID]
"(Default)" = "{5312C54E-A385-46B7-B200-ABAF81B03935}"

[HKCU\Software\Backup_IDM\menuExt]
"ffdownl10FLV_v" = "2"

[HKCU\Software\Backup_IDM\FoldersTree\Video]
"ID" = "3"

[HKCU\Software\DownloadManager\FoldersTree\Video]
"pathW" = "43 00 3A 00 5C 00 55 00 73 00 65 00 72 00 73 00"

[HKCU\Software\Backup_IDM\IDMBI\Firefox\0]
"bEnabled" = "0"

[HKCU\Software\DownloadManager\FoldersTree\Music]
"mask" = "mp3 wav wma mpa ram ra aac aif m4a"

[HKCR\DownlWithIDM.IDMDwnlMgr\CurVer]
"(Default)" = "DownlWithIDM.IDMDwnlMgr.1"

[HKCU\Software\Backup_IDM\ListSettings]
"Timeleft" = "4B 00 00 00 01 00 00 00"
"Size" = "4B 00 00 00 01 00 00 00"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"(Default)" = "IDMEFSAgent Class"

[HKCU\Software\Backup_IDM\DwnlPanel]
"M4V" = "1"

[HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}]
"Model" = "49"

[HKCU\Software\DownloadManager\DwnlPanel]
"mp4" = "1"

[HKCU\Software\Backup_IDM\DwnlPanel]
"m4a" = "1"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus]
"(Default)" = "0"

[HKCU\Software\DownloadManager\DwnlPanel]
"mp3" = "1"

To automatically run itself each time Windows is booted, the Worm adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Idman" = "%Program Files% (x86)\Internet Download Manager\IDMan.exe /onboot"

The Worm deletes the following registry key(s):

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID]
[HKCU\Software\Backup_IDM\IDMBI\Safari]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\Programmable]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\ProgID]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Control]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\Elevation]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\Programmable]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
[HKCU\Software\Backup_IDM\SpecialKeys]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
[HKCU\Software\Backup_IDM\FoldersTree\Programs]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib]
[HKCU\Software\Backup_IDM\maxID]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID]
[HKCR\AppID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
[HKCU\Software\Backup_IDM\IDMBI\Mozilla]
[HKCU\Software\Backup_IDM\ListSettings]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\TypeLib]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib]
[HKCU\Software\Backup_IDM\Passwords]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\VersionIndependentProgID]
[HKCU\Software\Backup_IDM\menuExt]
[HKCU\Software\Backup_IDM\FoldersTree\Music]
[HKCU\Software\Backup_IDM\IDMBI\Firefox\0]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib]
[HKCU\Software\Backup_IDM\MCN]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\Programmable]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus]
[HKCU\Software\Backup_IDM\IDMBI\NETSCP]
[HKCU\Software\Backup_IDM\FoldersTree\Compressed]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\Programmable]
[HKCU\Software\Backup_IDM]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ProgID]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories]
[HKCU\Software\Backup_IDM\DwnlPanel]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\ProgID]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\Programmable]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\TypeLib]
[HKCU\Software\Backup_IDM\IDMBI\Firefox]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}]
[HKCU\Software\Backup_IDM\IDMBI\IEXPLORE]
[HKCU\Software\Backup_IDM\FoldersTree]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Programmable]
[HKCU\Software\Backup_IDM\IDMBI\chrome]
[HKCU\Software\Backup_IDM\FoldersTree\Documents]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}]
[HKCU\Software\Backup_IDM\FoldersTree\Video]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}]
[HKCU\Software\Backup_IDM\IDMBI\OPERA]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\Programmable]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Insertable]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
[HKCU\Software\Backup_IDM\IDMBI]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus\1]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID]

The Worm deletes the following value(s) in system registry:

The process IDMan.exe:1808 makes changes in the system registry.
The Worm creates and/or sets the following values in system registry:

[HKCU\Software\DownloadManager\1]
"TPswitch" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDecision" = "0"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"LocalizedString" = "@%Program Files% (x86)\Internet Download Manager\idmfsa.dll,-100"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix" = "Visited:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3D 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\DownloadManager]
"radxcnt" = "2"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\idmfsa.dll"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID]
"(Default)" = "IDMIECC.IDMIEHlprObj"

[HKCU\Software\DownloadManager\1]
"FileName" = "update608.txt?v=622"
"FRCType" = "text/plain"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.LinkProcessor"

[HKCR\Idmfsa.IDMEFSAgent.1]
"(Default)" = "IDMEFSAgent Class"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}]
"Policy" = "3"

[HKCR\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"(Default)" = "IDMan.CIDMLinkTransmitter"

[HKCR\IDMGetAll.IDMAllLinksProcessor.1]
"(Default)" = "IDMAllLinksProcessor Class"

[HKCU\Software\DownloadManager]
"LastCheckQU" = "14 56 E5 54"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll, 101"

[HKCU\Software\DownloadManager\1]
"Path" = "/data/"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\DownloadManager\1]
"U0_u" = "tcidm"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix" = ""

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDetectedUrl" = ""

[HKCU\Software\DownloadManager\menuExt]
"ffdownl10FLVa_str" = "Download FLV videos with IDM from 10 last requested"

[HKCU\Software\DownloadManager\1]
"Host" = "www.internetdownloadmanager.com"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\VersionIndependentProgID]
"(Default)" = "Idmfsa.IDMEFSAgent"

[HKCR\DownlWithIDM.VLinkProcessor\CLSID]
"(Default)" = "{CDD67718-A430-4AB9-A939-83D9074B0038}"

[HKCR\DownlWithIDM.V2LinkProcessor]
"(Default)" = "V2LinkProcessor Class"

[HKCU\Software\DownloadManager\1]
"dateAdded" = "Feb 19 05:18:44 2015"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}]
"(Default)" = "IDMDwnlMgr Class"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}]
"(Default)" = "IDMHelperLinksStorage Class"

[HKCR\Idmfsa.IDMEFSAgent\CurVer]
"(Default)" = "Idmfsa.IDMEFSAgent.1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDecisionReason" = "1"

[HKCR\IDMIECC.IDMIEHlprObj]
"(Default)" = "IDMIEHlprObj Class"

[HKCU\Software\DownloadManager\1]
"bRetAfFR" = "0"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKCR\DownlWithIDM.LinkProcessor.1\CLSID]
"(Default)" = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"

[HKCU\Software\DownloadManager\menuExt]
"ffdownl10FLV_str" = "Choose from 10 last requested FLV videos"

[HKCR\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"ROTFlags" = "1"

[HKCU\Software\DownloadManager\menuExt]
"ffdownl1_str" = "Download with IDM"

[HKCR\DownlWithIDM.IDMDwnlMgr]
"(Default)" = "IDMDwnlMgr Class"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\ProgID]
"(Default)" = "Idmfsa.IDMEFSAgent.1"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
"AppPath" = "%Program Files% (x86)\Internet Download Manager"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID]
"(Default)" = "IDMIECC.IDMHelperLinksStorage.1"

[HKCR\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\NumMethods]
"(Default)" = "12"

[HKCU\Software\DownloadManager]
"LargeButtons" = "0"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\VersionIndependentProgID]
"(Default)" = "IDMIECC.IDMHelperLinksStorage"

[HKCU\Software\DownloadManager]
"EnableDriver" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDecisionTime" = "54 42 94 C6 F2 4B D0 01"

[HKCR\DownlWithIDM.VLinkProcessor.1\CLSID]
"(Default)" = "{CDD67718-A430-4AB9-A939-83D9074B0038}"

[HKCR\DownlWithIDM.VLinkProcessor.1]
"(Default)" = "VLinkProcessor Class"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
"(Default)" = "IDM integration (IDMIEHlprObj Class)"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor"

[HKCU\Software\DownloadManager]
"isSSW_OK" = "0"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\DownloadManager\1]
"LocalPath" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\DwnlData\"%CurrentUserName%"\www_internetdownloadmanager_com_1\"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\Elevation]
"Enabled" = "1"

[HKCR\Wow6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\ProxyStubClsid32]
"(Default)" = "{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib]
"(Default)" = "{37294E01-DB54-43AF-9D50-93FF7267DF5D}"

[HKCU\Software\DownloadManager]
"ToolbarStyle" = "3D Style"

[HKCR\DownlWithIDM.V2LinkProcessor\CLSID]
"(Default)" = "{4764030F-2733-45B9-AE62-3D1F4F6F2861}"

[HKCU\Software\DownloadManager\1]
"CISBU" = "0"

[HKCU\Software\DownloadManager\menuExt]
"iedownl1_str" = "Download with IDM"

[HKCR\IDMIECC.IDMHelperLinksStorage.1]
"(Default)" = "IDMHelperLinksStorage Class"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version]
"(Default)" = "1.0"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
"AppName" = "IDMan.exe"

[HKCU\Software\DownloadManager\menuExt]
"iedownlAll_str" = "Download all links with IDM"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\idmfsa.dll"

[HKCR\DownlWithIDM.LinkProcessor\CLSID]
"(Default)" = "{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}"

[HKCR\DownlWithIDM.LinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.LinkProcessor.1"

[HKCU\Software\DownloadManager\menuExt]
"ffdownlppFLV_str" = "Download FLV video with IDM"

[HKCR\IDMIECC.IDMIEHlprObj\CLSID]
"(Default)" = "{0055C089-8582-441B-A0BF-17B458C2A3A8}"

[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM]
"Contexts" = "243"

[HKCR\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"AppID" = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\TypeLib]
"(Default)" = "{5518B636-6884-48CA-A9A7-1CFD3F3BA916}"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib]
"(Default)" = "{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}"

[HKCR\IDMan.CIDMLinkTransmitter\CLSID]
"(Default)" = "{AC746233-E9D3-49CD-862F-068F7B7CCCA4}"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID]
"(Default)" = "IDMIECC.IDMIEHlprObj.1"

[HKCR\Wow6432Node\CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}\LocalServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMan.exe"

[HKCR\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"(Default)" = "IDMan"

[HKCR\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}\ProxyStubClsid32]
"(Default)" = "{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"AppID" = "{0F947660-8606-420A-BAC6-51B84DD22A47}"

[HKCR\DownlWithIDM.VLinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.VLinkProcessor.1"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCU\Software\DownloadManager\1]
"CategoryID" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadNetworkName" = "Network"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix" = "Cookie:"

[HKCU\Software\DownloadManager\1]
"cFlags" = "0"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus\1]
"(Default)" = "131473"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDecisionTime" = "54 42 94 C6 F2 4B D0 01"

[HKCR\DownlWithIDM.IDMDwnlMgr.1\CLSID]
"(Default)" = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"

[HKCR\IDMIECC.IDMHelperLinksStorage]
"(Default)" = "IDMHelperLinksStorage Class"

[HKCR\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\NumMethods]
"(Default)" = "13"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}]
"AppName" = "IDMan.exe"

[HKCR\DownlWithIDM.IDMDwnlMgr\CLSID]
"(Default)" = "{7D11E719-FF90-479C-B0D7-96EB43EE55D7}"

[HKCR\Wow6432Node\Interface\{6EDC7F8E-EB3D-4F9A-B693-216F07C94D74}]
"(Default)" = "IIDMEFSAgent"

[HKCU\Software\DownloadManager]
"tvfrdt" = "BF 49 09 68"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCU\Software\DownloadManager\1]
"Downloaded" = "00 00 00 00 00 00 00 00"
"FileSize" = "02 19 00 00 00 00 00 00"

[HKCR\IDMIECC.IDMIEHlprObj\CurVer]
"(Default)" = "IDMIECC.IDMIEHlprObj.1"

[HKCR\IDMGetAll.IDMAllLinksProcessor\CurVer]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor.1"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC.dll"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.VLinkProcessor"

[HKCR\TypeLib\{3BDFC55C-ED33-43BB-9A77-57C2AF4B56EF}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC.dll"

[HKCR\Wow6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}\NumMethods]
"(Default)" = "14"

[HKCR\DownlWithIDM.LinkProcessor.1]
"(Default)" = "LinkProcessor Class"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID]
"(Default)" = "IDMGetAll.IDMAllLinksProcessor.1"

[HKCU\Software\DownloadManager\1]
"FRFileSize" = "02 19 00 00 00 00 00 00"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\AppID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"(Default)" = "IDM Elevated FS Assistant"

[HKCU\Software\DownloadManager]
"lastintres" = "0"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.V2LinkProcessor"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}]
"(Default)" = "LinkProcessor Class"

[HKCU\Software\DownloadManager\1\ChList]
"0" = "00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00"

[HKCR\DownlWithIDM.V2LinkProcessor\CurVer]
"(Default)" = "DownlWithIDM.V2LinkProcessor.1"

[HKCR\IDMIECC.IDMIEHlprObj.1\CLSID]
"(Default)" = "{0055C089-8582-441B-A0BF-17B458C2A3A8}"

[HKCU\Software\DownloadManager\1]
"bGICompl" = "1"

[HKCU\Software\DownloadManager]
"trayIcon" = "1"

[HKCR\IDMGetAll.IDMAllLinksProcessor\CLSID]
"(Default)" = "{5312C54E-A385-46B7-B200-ABAF81B03935}"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID]
"(Default)" = "DownlWithIDM.IDMDwnlMgr.1"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{37294E01-DB54-43AF-9D50-93FF7267DF5D}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMGetAll.dll"

[HKCR\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}]
"(Default)" = "IIDMEFSAgent2"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}]
"(Default)" = "V2LinkProcessor Class"

[HKCU\Software\DownloadManager]
"rshext" = "1"

[HKCR\IDMIECC.IDMHelperLinksStorage\CurVer]
"(Default)" = "IDMIECC.IDMHelperLinksStorage.1"

[HKCR\DownlWithIDM.VLinkProcessor]
"(Default)" = "VLinkProcessor Class"

[HKCU\Software\DownloadManager\1]
"ua" = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)"
"LocalFileName" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\DwnlData\"%CurrentUserName%"\www_internetdownloadmanager_com_1\www_internetdownloadmanager_com"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDecision" = "0"

[HKCU\Software\DownloadManager]
"idmvers" = "v6.22 Trial"

[HKCU\Software\DownloadManager\menuExt]
"ffdownlFLV_str" = "Download last requested FLV video"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ProgID]
"(Default)" = "DownlWithIDM.VLinkProcessor.1"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}]
"Policy" = "3"

[HKCR\DownlWithIDM.V2LinkProcessor.1]
"(Default)" = "V2LinkProcessor Class"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}]
"AppPath" = "%Program Files% (x86)\Internet Download Manager"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}]
"AppPath" = "%Program Files% (x86)\Internet Download Manager"

[HKCU\Software\DownloadManager\1]
"U0_EncP" = "67 7C 46 58 60 3D 64 37 4B 5C 63 3D 3B 7E 7C 77"
"Status" = "1"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM]
"Contexts" = "243"

[HKCU\Software\DownloadManager\1]
"Port" = "80"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMGetAll.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCR\DownlWithIDM.IDMDwnlMgr.1]
"(Default)" = "IDMDwnlMgr Class"

[HKCU\Software\DownloadManager\1]
"lastTryDate" = "Feb 19 05:18:44 2015"
"LastModified" = "Fri, 06 Feb 2015 15:32:44 GMT"

[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IDMIECC.dll"

[HKCU\Software\Mozilla\SeaMonkey\Extensions]
"[email protected]" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5"

[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with IDM]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IEExt.htm"

[HKCR\Wow6432Node\Interface\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\ProxyStubClsid32]
"(Default)" = "{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}"

[HKCU\Software\DownloadManager\1]
"PD" = "lng=9"

[HKCR\Idmfsa.IDMEFSAgent]
"(Default)" = "IDMEFSAgent Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCR\Wow6432Node\Interface\{A87AB5DD-211B-4284-8CBD-B92F77A5DE14}]
"(Default)" = "IIDMEFSAgent3"

[HKCR\AppID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"DllSurrogate" = ""

[HKCR\DownlWithIDM.V2LinkProcessor.1\CLSID]
"(Default)" = "{4764030F-2733-45B9-AE62-3D1F4F6F2861}"

[HKCU\Software\DownloadManager\maxID]
"maxId" = "1"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID]
"(Default)" = "DownlWithIDM.LinkProcessor.1"

[HKCU\Software\DownloadManager\menuExt]
"ffdownlAll_str" = "Download all links with IDM"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}]
"AppName" = "IEMonitor.exe"

[HKCU\Software\DownloadManager\ConfigTime]
"(Default)" = "1424315864"

[HKCU\Software\DownloadManager\1]
"EncPassword" = "67 7C 46 58 60 3D 64 37 4B 5C 63 3D 3B 7E 7C 77"

[HKCR\IDMIECC.IDMIEHlprObj.1]
"(Default)" = "IDMIEHlprObj Class"

[HKCR\IDMGetAll.IDMAllLinksProcessor]
"(Default)" = "IDMAllLinksProcessor Class"

[HKCR\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\VersionIndependentProgID]
"(Default)" = "DownlWithIDM.IDMDwnlMgr"

[HKCU\Software\DownloadManager\1]
"bOUD_Ch" = "1"

[HKCR\IDMGetAll.IDMAllLinksProcessor.1\CLSID]
"(Default)" = "{5312C54E-A385-46B7-B200-ABAF81B03935}"

[HKCU\Software\DownloadManager\1]
"LogFileName" = "C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\DwnlData\"%CurrentUserName%"\www_internetdownloadmanager_com_1\log_1.log"

[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCU\Software\DownloadManager]
"ExePath" = "%Program Files% (x86)\Internet Download Manager\IDMan.exe"

[HKCU\Software\DownloadManager\menuExt]
"ffdownlFLVa_str" = "Download last requested FLV video with IDM"

[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib]
"(Default)" = "{6A89524B-E1B6-4D71-972A-8FD53F240936}"

[HKCR\IDMIECC.IDMHelperLinksStorage.1\CLSID]
"(Default)" = "{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"

[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}]
"(Default)" = "VLinkProcessor Class"

[HKCR\Wow6432Node\CLSID\{6B9EB066-DA1F-4C0A-AC62-01AC892EF175}]
"(Default)" = "PSFactoryBuffer"

[HKCU\Software\DownloadManager\1]
"AccLngH" = "en-US"
"User" = "tcidm"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDecisionReason" = "1"

[HKCR\DownlWithIDM.IDMDwnlMgr\CurVer]
"(Default)" = "DownlWithIDM.IDMDwnlMgr.1"

[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\ProgID]
"(Default)" = "DownlWithIDM.V2LinkProcessor.1"

[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}]
"(Default)" = "IDMAllLinksProcessor Class"

[HKCR\AppID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}]
"RunAs" = "Interactive User"

[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
"(Default)" = "IDMEFSAgent Class"

[HKCR\Idmfsa.IDMEFSAgent\CLSID]
"(Default)" = "{0F947660-8606-420A-BAC6-51B84DD22A47}"

[HKCU\Software\DownloadManager\1]
"U0_PD" = "lng=9"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}]
"Policy" = "3"

[HKCR\DownlWithIDM.LinkProcessor]
"(Default)" = "LinkProcessor Class"

[HKCR\IDMIECC.IDMHelperLinksStorage\CLSID]
"(Default)" = "{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}"

[HKCR\Idmfsa.IDMEFSAgent.1\CLSID]
"(Default)" = "{0F947660-8606-420A-BAC6-51B84DD22A47}"

[HKCR\TypeLib\{6A89524B-E1B6-4D71-972A-8FD53F240936}\1.0\0\win32]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\downlWithIDM.dll"

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus]
"(Default)" = "0"

[HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download all links with IDM]
"(Default)" = "%Program Files% (x86)\Internet Download Manager\IEGetAll.htm"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Worm deletes the following registry key(s):

[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ProgID]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\ProgID]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\Programmable]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\TypeLib]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\ProgID]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Control]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\Elevation]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\TypeLib]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\Programmable]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\TypeLib]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\VersionIndependentProgID]
[HKCR\AppID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\TypeLib]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Version]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\TypeLib]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\TypeLib]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\Programmable]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Programmable]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\ProgID]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}\Programmable]
[HKCU\Software\DownloadManager\1]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\ProgID]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\ProgID]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories]
[HKCR\Wow6432Node\CLSID\{0F947660-8606-420A-BAC6-51B84DD22A47}\ProgID]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\ProgID]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}\Programmable]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\TypeLib]
[HKCR\Wow6432Node\CLSID\{7D11E719-FF90-479C-B0D7-96EB43EE55D7}]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Programmable]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\TypeLib]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}]
[HKCU\Software\DownloadManager\1\ChList]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\Programmable]
[HKCR\Wow6432Node\CLSID\{4764030F-2733-45B9-AE62-3D1F4F6F2861}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\Insertable]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\InprocServer32]
[HKCR\Wow6432Node\CLSID\{5312C54E-A385-46B7-B200-ABAF81B03935}]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\ToolboxBitmap32]
[HKCR\Wow6432Node\CLSID\{CDD67718-A430-4AB9-A939-83D9074B0038}\VersionIndependentProgID]
[HKCR\Wow6432Node\CLSID\{52F6F7BD-DF73-44B3-AE13-89E1E1FB8F6A}\MiscStatus\1]
[HKCR\Wow6432Node\CLSID\{436D67E1-2FB3-4A6C-B3CD-FF8A41B0664D}]
[HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}\VersionIndependentProgID]

The Worm deletes the following value(s) in system registry:

[HKCU\Software\DownloadManager\1]
"Password"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{EE1E4E39-627C-4D52-9D86-A515AB38A003}]
"WpadDetectedUrl"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoDetect"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\DownloadManager\1]
"PDCType"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-50-56-ef-0d-5d]
"WpadDetectedUrl"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\DownloadManager\1]
"lastResult"

[HKCU\Software\DownloadManager]
"ToolbarStyle"

Dropped PE files

MD5	File path
c976ceb4be1daf3a848c11a4adf224ba	c:\Program Files (x86)\Internet Download Manager\IDMFType64.dll
8c6af35602856595601f3cffc70317d8	c:\Program Files (x86)\Internet Download Manager\IDMGetAll.dll
ac822be8ffb08e7ea2ad573b9f87ea71	c:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll
3be0a7a801eeb514fa9861160caaa80c	c:\Program Files (x86)\Internet Download Manager\IDMGrHlp.exe
a812ae8b0ad5a21812507fd98b71038e	c:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
039320696d7d792e0a4e7883ac371b18	c:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
1c7c9f16762bb5d75b4e43b0bd9ac78d	c:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
a4dfd052a0b21ddee2b0d861dcfde470	c:\Program Files (x86)\Internet Download Manager\IDMNetMon.dll
686a76b1445d07ce408b66d2468c02c3	c:\Program Files (x86)\Internet Download Manager\IDMNetMon64.dll
019ab25686601f42444208fefc86bc59	c:\Program Files (x86)\Internet Download Manager\IDMShellExt.dll
22ece0bc222b54ca73ae37d7a65ea93f	c:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
5175b78e61fd619ab25c4eee1d2deaf3	c:\Program Files (x86)\Internet Download Manager\IDMan.exe
e9c6ef9437ecb30911488f9313ad821a	c:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
5e07a4a8d694c07154320dbd41740ac5	c:\Program Files (x86)\Internet Download Manager\MediumILStart.exe
7b23613e34913818a64a92f3ee63632f	c:\Program Files (x86)\Internet Download Manager\Uninstall.exe
50c2e62660c7c1d26c60d320cc61f8a6	c:\Program Files (x86)\Internet Download Manager\downlWithIDM.dll
b06190af451b2037ff075aeb5d21e26f	c:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll
59499b4b9127191704faaf58e220f85d	c:\Program Files (x86)\Internet Download Manager\idmBroker.exe
dea89988ccd91c60692fa3de14f53cae	c:\Program Files (x86)\Internet Download Manager\idmbrbtn.dll
c103e0bbe07f2582a9f8142c5a3d6a87	c:\Program Files (x86)\Internet Download Manager\idmbrbtn64.dll
bab8cb7d533ac3fa418af4153f06a29f	c:\Program Files (x86)\Internet Download Manager\idmcchandler2.dll
e04723a39ddde7ebfb4a517a42b4a24f	c:\Program Files (x86)\Internet Download Manager\idmcchandler2_64.dll
8733245b8d7a0038f46f65f945584e6f	c:\Program Files (x86)\Internet Download Manager\idmfsa.dll
48db4bfce6f3476dfa6602546f5fb5d4	c:\Program Files (x86)\Internet Download Manager\idmftype.dll
ce284454c16cd202961bd4a7f1ff105d	c:\Program Files (x86)\Internet Download Manager\idmindex.dll
3b2574a4bcaab325288db198e4b9cae6	c:\Program Files (x86)\Internet Download Manager\idmmkb.dll
e27af2db1ecc042f1e3dbd8774e44819	c:\Program Files (x86)\Internet Download Manager\idmtdi32.sys
c1223d7cd849ea35c7cd27dc6220949b	c:\Program Files (x86)\Internet Download Manager\idmtdi64.sys
599327266bc2f7d2d6553912cc3528a1	c:\Program Files (x86)\Internet Download Manager\idmvconv.dll
b4efeefbac0f0c633146534fef393ddf	c:\Program Files (x86)\Internet Download Manager\idmvs.dll
4a77cbd9d0b1ca9c810f946dcc0771c4	c:\Program Files (x86)\Internet Download Manager\idmwfp32.sys
3f2013a2880fe503b1b3bc8212764923	c:\Program Files (x86)\Internet Download Manager\idmwfp64.sys
7b23613e34913818a64a92f3ee63632f	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp
4825955b4dadaa8f8fe05a2864bb6e6b	c:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components11\idmmzcc.dll
a43dd6fe91eb6a92d7c238a7a965f1cb	c:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components11\idmmzcc64.dll
bab8cb7d533ac3fa418af4153f06a29f	c:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmcchandler2.dll
e04723a39ddde7ebfb4a517a42b4a24f	c:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmcchandler2_64.dll
8fae57c6c9a27c01e9d4591f4e2cd6b2	c:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmmzcc.dll
8b640fb5a8a1a7358ae8beaa7c208d9a	c:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmmzcc64.dll
f4cb6977facfd7c51c5ae061b1d4289d	c:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components\idmmzcc.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Tonec Inc.
Product Name: Internet Download Manager installer
Product Version: 6, 22, 1, 1
Legal Copyright: (c) 1999-2015. Tonec, Inc. All rights reserved.
Legal Trademarks: Internet Download Manager (IDM)
Original Filename: installer.exe
Internal Name: installer
File Version: 6, 22, 1, 1
File Description: Internet Download Manager installer
Comments: Please visit http://www.internetdownloadmanager.com
Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	15232	15360	4.42346	e9f18db0f401d3aa2d8a679fff54b44e
.data	20480	7864	7168	2.51775	96985563343f82b18293805f8a57bd2b
.rsrc	28672	5712	6144	3.30481	a27adde288904afc2f580b1f3e3ed008

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 5
1b5559510c55cd3aabf5cde542fd970d
cab9e85a6308da8bcc34cd99ec0db2b6
bcc3522f455714dd46d260b1e1f2633f
b4131b77d13b265f7ebd7c67d26f2cb4
29b98ce3d7ef224a3daf6d86b4656437

URLs

URL	IP
hxxp://www.internetdownloadmanager.com/data/update608.txt?v=622	184.173.188.107
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?297fc310285a98a6
hxxp://a1363.dscg.akamai.net/pki/crl/products/microsoftrootcert.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/WinPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicrosoftTimeStampPCA.crl
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://a1621.g.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab?383efdfc288e4ebb
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=
hxxp://e6845.ce.akamaiedge.net/pca3.crl
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c=
hxxp://e8218.ce.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEANPMo8+/0+5j1NDgReI94o=
hxxp://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl	88.221.132.175
hxxp://crl.verisign.com/pca3.crl	23.43.133.163
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?297fc310285a98a6	88.221.132.177
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8=	23.43.139.27
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl	88.221.132.175
hxxp://crl.microsoft.com/pki/crl/products/WinPCA.crl	88.221.132.175
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY=	23.43.139.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI=	23.43.139.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEANPMo8+/0+5j1NDgReI94o=	23.43.139.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c=	23.43.139.27
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk=	23.43.139.27
hxxp://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl	88.221.132.175
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w=	23.43.139.27
hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?383efdfc288e4ebb	88.221.132.177

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

SURICATA UDPv4 invalid checksum
SURICATA IPv4 invalid checksum
ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted

Traffic

GET /pca3.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.verisign.com


HTTP/1.1 200 OK

Server: Apache

ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"

Last-Modified: Fri, 19 Dec 2014 01:00:19 GMT

Date: Thu, 19 Feb 2015 03:21:00 GMT

Content-Length: 933

Connection: keep-alive

Content-Type: application/pkix-crl

0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U
....Class 3 Public Primary Certification Authority..141210000000Z..150
331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y
.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.....
..fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R
.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....
u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2..
..{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N
....* [email protected]!..Y......w
`G........070411175657Z0!..Z`[email protected].*q..080403172017Z0!..l....I..
.Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1
..7<.....e..010207211822Z0...*.H............5..v...V.._)....A... ..
..>.5]....6.(.0uFW.*:T...6$.....R...Y.N.k........%Jn..I.j*.6.3~...r
../[email protected]?....0.A.HTTP/1.1 200 OK..Server: Apache.
.ETag: "66304c4a5660ab8615727e6bb27b3cdb:1418950819"..Last-Modified: F
ri, 19 Dec 2014 01:00:19 GMT..Date: Thu, 19 Feb 2015 03:21:00 GMT..Con
tent-Length: 933..Connection: keep-alive..Content-Type: application/pk
ix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc
.1705..U....Class 3 Public Primary Certification Authority..1412100000
00Z..150331235959Z0..x0!...v....a_>..2......020924164823Z0!.....A..
...{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y
..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!.

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEEES5jLHsYoCmjofrIA6uJ8= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=432458, public, no-transform, must-revalidate

Last-Modified: Tue, 17 Feb 2015 03:28:44 GMT

Expires: Tue, 24 Feb 2015 03:28:44 GMT

Date: Thu, 19 Feb 2015 03:21:06 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015021
7032844Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.A..2.....:...:......20150217032844Z....20150224032844Z0...*.H........
.....i...'..^o_..wr.[.?..Ux.ZCs..].u.z\)......\...b..A.!.p.=......e.. 
..M..r.L...i..=D.o."8...H.....f.I)s..5.q.eXd..[.`[email protected]}....?...KM.
k.s........&~P..'F..=n.0.......15.A...Be....Wl...@...&x.e.>]S..Z...
....`..&B...3..DZ..,...3.9R7.S`...z..EA...)Fs.EU.........#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...<<< skipped >>>

GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 01 Jul 2014 05:04:34 GMT

If-None-Match: "924558f3e994cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Wed, 28 Jan 2015 06:05:55 GMT

Accept-Ranges: bytes

ETag: "75565c7ac03ad01:0"

Server: Microsoft-IIS/8.5

VTag: 438743915800000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 554

Cache-Control: max-age=900

Date: Thu, 19 Feb 2015 03:20:26 GMT

Connection: keep-alive

0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Code Si
gning PCA..150127173215Z..150428055215Z.a0_0...U.#..0..........X..7.3.
..L...0... .....7.........0...U......Y0... .....7......150427174215Z0.
..*.H......................YIw.. ..(..y..O.G].B.."?.@...[1.}.X...]...e
.J....pP.I....!6...%.D.k...>c.|R.?.i..yt.z..B.........b....n..m5...
0....2..I!)v....z....y.#pXz.DO.....mF...e.'e...@.%...6./.bPZ...=....bp
[email protected]..@.. ...M....z....Q...{u. .W..HTT
P/1.1 200 OK..Content-Type: application/pkix-crl..Last-Modified: Wed, 
28 Jan 2015 06:05:55 GMT..Accept-Ranges: bytes..ETag: "75565c7ac03ad01
:0"..Server: Microsoft-IIS/8.5..VTag: 438743915800000000..P3P: CP="ALL
 IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT
 COM INT NAV ONL PHY PRE PUR UNI"..X-Powered-By: ASP.NET..Content-Leng
th: 554..Cache-Control: max-age=900..Date: Thu, 19 Feb 2015 03:20:26 G
MT..Connection: keep-alive..0..&0......0...*.H........0y1.0...U....US1
.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation
1#0!..U....Microsoft Code Signing PCA..150127173215Z..150428055215Z.a0
_0...U.#..0..........X..7.3...L...0... .....7.........0...U......Y0...
 .....7......150427174215Z0...*.H......................YIw.. ..(..y..O
.G].B.."?.@...[1.}.X...]...e.J....pP.I....!6...%.D.k...>c.|R.?.i..y
t.z..B.........b....n..m5...0....2..I!)v....z....y.#pXz.DO.....mF...e.
'e...@.%...6./[email protected]..

<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab?383efdfc288e4ebb HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 12 Mar 2014 20:20:10 GMT

If-None-Match: "0b96c77303ecf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com


HTTP/1.1 200 OK

Cache-Control: max-age=604800

Content-Type: application/octet-stream

Last-Modified: Fri, 23 Jan 2015 02:29:11 GMT

Accept-Ranges: bytes

ETag: "803565fb436d01:0"

Server: Microsoft-IIS/8.5

X-Powered-By: ASP.NET

X-Powered-By: ARR/2.5

X-Powered-By: ASP.NET

Content-Length: 57591

Date: Thu, 19 Feb 2015 03:20:26 GMT

Connection: keep-alive
MSCF............,...................I.................6Fm. .authroot.s
tl......8..CK...<T...g.v!M.d..f.%d..}K..5......dM*K..J.,%K"...!..=.
k..........{=/....{g.~...............'....6..N....w......(.$.>.7...
........'.....`.bx....^..$.'.^.K.C......<[email protected]
.....usXq.d.i.jF$.4.........KI.Q........A2m:..E.P|...(.^p..=G|.....m..
....  .6...H.e.....X'...%$r.Y.(..)........|...;...V^r.VM.._*X.I. ..4..
...*.....Y..`.0w.u...c.i.[..-...x..<.8.<.p..,..y.[v.Yn`......!.s
...4e......B...$.,..........w.Pd.)....,..#.%..h...8...`.A...8.i(.!.$/.
=.....i.\X.H......"...a...k...y6....F.._?\*.&..3.AJo.!..`....9....=.p.
u..u....f.f....w...?..S..I.;.....5._...F.f..G?$......."..kq.y'.6tJ.e%.
.G.n.....z<.pX"....1..g."........V:.H.-...!}LM..t..-.y.j&...n{..-.]
H. .....A.O.Xg..B...#[email protected]..*.....T...}o._./S..h@$
[email protected]..#.:?."....1..v.....&G...?O1x6"5.@..$.U...n.J...w
.Y.{..........E.N.&...&.rC..W.....M.........,.e.....&eI(/eSO.B..K...R.
 [email protected].....(..Y./;-..M5.0.H2.y....:...........a.U....%.S.).^.
...1.B..a..=...q...X .B....F.../..../.Z...'..t....C....,.^...N=..t%N|I
C.#.)6...q.E.J.i.E.>....".L........>...Vy.7.jxx......G........._
q.1^..H&.4Z......^.E.K 9.Xg...qO.6%>..T....;n..s.'u.-...=.........p
..p.Rn.........=.......F........d. d.AR.0U..........9b...=N..#....c.Ic
z......u.0............Y.q..b.wYE.......R...s..W....r].....hT....k.g..[
...s.....X..`=zb.>..../..=........J.N.h...(}.5.7. .;..=F..F...'.?..
2...3...=...B..`....{...f.`Kb..@..`Z.0!^8.t..<l.j..lI.P.q.>k<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?297fc310285a98a6 HTTP/1.1

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Thu, 05 Dec 2013 22:47:50 GMT

If-None-Match: "0af536cf2ce1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: ctldl.windowsupdate.com


HTTP/1.1 200 OK

Cache-Control: max-age=86400

Content-Type: application/octet-stream

Last-Modified: Thu, 03 Jul 2014 23:34:12 GMT

Accept-Ranges: bytes

ETag: "0b2464b1797cf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 6408

Date: Thu, 19 Feb 2015 03:19:54 GMT

Connection: keep-alive
MSCF............,...................O.......'#.........D.z .disallowed
cert.stl....2..'#CK...8T...g........g.k..".....mlI."d..m...P$"....e.J.
.......z.....\..........9g.9....~.........Q.Q......Q..DL.8.C.PS.K0.!P.
0........#.DY.8.....V.....$.C....a.0...........`......;.S.....0#...m..
. ..`0...?.!vR?.....d....`......_@..}....$...i..OR'..$....K..'Z....o.g
..*.Vc.....[nY e./.EJ...B.Y.......Ag......!....9......u..!..1Yy.......
r...Ss^@...M.Dtl\....i.k....3...B.Z.:.p.N....*......x,...ah/..].[....G
B..T..$A....SY..t.E5R..R...9!....*.*68V....1... ...Q{..."[email protected];
xd{.C.u?..e.U.=f.nx.........y.G..0.......\L .'.^....$......N=..m...Ujr
Zs...J.I.C....;......q_..e......?.T..2..bw....E.L.{...S...~.<......
...-.Q..|.l. .1..6r....[}!J..,...naPk.U.... ..{@LH..W....>.Sq...8.5
.,.z..0.jL.S..........]...yW_...Y.1..h.7...9{.....I......g.Y.,1...i8n.
6..........4.]...........=........^..n.K7...c.g).Z. .0..$7.ys.p...B.5.
].f...|(3!.|..P...j..^..j....#([email protected]..*.O..i..u....9..S.Y.n..HXW..
.F ..i...:.......!.] r......D..*ld.b.>>:Pp.....5:1 o=..5.'..4...
....hO....{.V.rx..V...%.}..u...6Wv-..".iV.b..B0.Q..,...E.Dy...x..5....
?Z.$L..1.....4...=.....g!....%..:..c..j..v~....._R.6.......;.#.Y*p..J.
4.#'..Vo...g^K...J....._.^..u...)....&/.....q....o......4.....S...,q..
...p.8IIe.....d|.3{)...M.0.X...4.."..P.......Hk.... ]!.!... ..#.x..<
;..X.........'.E(<b[.......#.. ....XiLl|[email protected] 
[email protected][email protected]..;.......mm....>~............j%..>
;.X.,V...J...C ....*..Z.8- RKGW...0./Z.__..)7g_'{.......pr......;.<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEGwkCSV07gf3g5QOsqmf+MY= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=574997, public, no-transform, must-revalidate

Last-Modified: Wed, 18 Feb 2015 19:04:19 GMT

Expires: Wed, 25 Feb 2015 19:04:19 GMT

Date: Thu, 19 Feb 2015 03:21:02 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015021
8190419Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
.l$.%t...............20150218190419Z....20150225190419Z0...*.H........
.....b..][.....N......q..].;..Q.).~.*......`.....~..8DBzTk).g...d.....
I?p....N.\.F...c..U..U9,M..mqt.|.R..l.......'H ...J...N........."..!..
F....0......`.....U.^.......e ..nL..L...|. ^f......b...t1.2.=......C..
.ol.......r:6..h.G..~...Cf...*.]Odiy.=.u....._._..o...#0...0...0......
....<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code Sign
ing 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...U..
..VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of u
se at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Class 3
 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.........{
(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(.......
...p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.}..
.r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....(n.
.i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U....0
.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisign.c
om/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp. by
 reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U........
0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H......<<< skipped >>>

GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Sat, 24 May 2014 05:04:51 GMT

If-None-Match: "96bfbfb1d77cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Wed, 07 Jan 2015 06:02:43 GMT

Accept-Ranges: bytes

ETag: "88c4768d3f2ad01:0"

Server: Microsoft-IIS/8.5

VTag: 438410416000000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 813

Cache-Control: max-age=900

Date: Thu, 19 Feb 2015 03:19:55 GMT

Connection: keep-alive
0..)0......0...*.H........0_1.0.....&...,d....com1.0.....&...,d....mic
rosoft1-0 ..U...$Microsoft Root Certificate Authority..150106214825Z..
150407100825Z0.0...a......../..100208014912Z._0]0...U.#..0......`@V'..
%..*..S.Y..0... .....7.......0...U......(0... .....7......150406215825
Z0...*.H..............vQ..r..L.Q.N..=#.......V;..r../\.m..<.."...F/
U....(:.....xm.....P.e.F..BE8......=...G....6t:...?...L..B.v..p.M.....
...z..Q.%J.6..I.......8...U. .g..=T=K....L..$w...^....y~..-a.'...*s#N.
o..Qs.$h..:duV'~....8.6..w..b3.... .~)...|.I.y".>R.nJq.ws...3.....f
}.E)\......EB.d\.2.....h...lMjT.7..lj.'lj.b....".L.Os6{[email protected].|7z
.. ......>..Q...([email protected]\]#..Y.*.......T. .C.....A'..
5FW.ETDvX..tE.....g5.....&..&.....x.^H;...../7..'9.t.I&<[.HX.j....Q
w......}...qy3..q`<.....LB.9w|....;..Qw..a ..=.C.:.........


GET /pki/crl/products/WinPCA.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Wed, 07 May 2014 05:04:02 GMT

If-None-Match: "a413fc3b169cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Sun, 21 Dec 2014 06:03:02 GMT

Accept-Ranges: bytes

ETag: "d2e35dc7e31cd01:0"

Server: Microsoft-IIS/8.5

VTag: 4389615400000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 561

Cache-Control: max-age=900

Date: Thu, 19 Feb 2015 03:19:55 GMT

Connection: keep-alive
0..-0......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U
....Redmond1.0...U....Microsoft Corporation1 0)..U..."Microsoft Window
s Verification PCA..141220223154Z..150321105154Z._0]0...U.#..0.......p
............<.J0... .....7.......0...U......30... .....7......15032
0224154Z0...*.H.............h.~oH#i.J.vh_.....A'B..g...........F....9c
.{[email protected].^ 4.r..Wv.Q.0.w..j....c9..w....I..%.~.l..F.......xo....
_...o...7BR.;<..\R/ .....b.(....~..]|.v.u.i.X.B....I......./*...P..
A..fi.}& .x.v{TFP[.G......A......L.o...)R.......V.u..V.../.Q..(L.]....
.uki~......


GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Mon, 05 May 2014 05:04:34 GMT

If-None-Match: "87fbb3811f68cf1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Type: application/pkix-crl

Last-Modified: Fri, 19 Dec 2014 06:02:00 GMT

Accept-Ranges: bytes

ETag: "9a9a44d511bd01:0"

Server: Microsoft-IIS/8.0

VTag: 438346843700000000

P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"

X-Powered-By: ASP.NET

Content-Length: 550

Cache-Control: max-age=900

Date: Thu, 19 Feb 2015 03:19:55 GMT

Connection: keep-alive
0.."0......0...*.H........0w1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Microsoft Corporation1!0...U....Microsoft Time-St
amp PCA..141218221600Z..150319103600Z._0]0...U.#..0...#[email protected].. .
.5..0... .....7.......0...U......10... .....7......150318222600Z0...*.
H............./..0Q~.r.}.E....&\....F.Z.C..#..F.s........<&\..9G..-
....j..N... .C.Fk....;l.....2.K5D.........-.>...(...g.0.S.[?...T4q&
gt;[email protected].('..e...Y..Bo..q..........I....'....i>
..y:.eH@h`..\...UA.m#.~.. ;.3..d..;..<..........p..s..J..N `Az.....
[email protected]..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECEGVSJuGyLhjhWQ8phawi51w= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1453

content-transfer-encoding: binary

Cache-Control: max-age=596412, public, no-transform, must-revalidate

Last-Modified: Thu, 19 Feb 2015 00:57:16 GMT

Expires: Thu, 26 Feb 2015 00:57:16 GMT

Date: Thu, 19 Feb 2015 03:20:59 GMT

Connection: keep-alive
0..........0..... .....0......0...0......T3t.%..O.E..~..F.=....2015021
9005716Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._)..a.
.eR&.....Y.)..".\....20150219005716Z....20150226005716Z0...*.H........
......4......P ..t........g&.w|......Ds.@.!d..........[..?*.c.........
......(.b.=...,. .....'...p.%.....c.#l.....A...[N.:.`3.Jp~.&...KHeZg..
.D...0..p...5D....x.D.T.....R.....%*o...$.;...`.4)........"o.k...1;..s
...]~=q....I....^...~-........W'.h.,..@[email protected](.q.....0...0...0..3...
..../...b.v..-....l}0...*.H........0_1.0...U....US1.0...U....VeriSign,
 Inc.1705..U....Class 3 Public Primary Certification Authority0...1412
02000000Z..151216235959Z0..1.0...U....US1.0...U....Symantec Corporatio
n1.0...U....Symantec Trust Network1?0=..U...6Symantec Class 3 PCA - G1
 OCSP Responder Certificate 30.."0...*.H.............0..........'.....
.Y..x.3B1.7..Q..`..d.. ....s..t.$a.....j2R.{ ,*..c{.3.....H..3-; )....
.0._...*..9M..V...... ...{m...-.......)..tR..{D....~...M...T..pS.p..^|
o....S..v.).)[email protected]#qh...u1T.].G0.]E...=._.....
. ........TE...Sa.s4........r...3.............0..0...U....0.0l..U. .e0
c0a..`.H...E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......
0...hXXp://VVV.symauth.com/rpa0...U.%..0... .......0...U........0... .
....0......0!..U....0...0.1.0...U....TGV-B-2730...*.H.............$..H
......oU....Y!.z{*.V.M..u.._z..3>.. 0....3..m.....e.......a..D.....
......e..F6:.y.....di.......<y.Z.......x}..q.2....UZ1 :,....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSpuCE3aK3GivZPzGQJ6L5BRyZofwQUl9BrqCZwyKE/lB8ILcQ1m6ShHvICEAxNF3PJUX7iAOhAP2oGxcI= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1790

content-transfer-encoding: binary

Cache-Control: max-age=557794, public, no-transform, must-revalidate

Last-Modified: Wed, 18 Feb 2015 14:14:11 GMT

Expires: Wed, 25 Feb 2015 14:14:11 GMT

Date: Thu, 19 Feb 2015 03:20:59 GMT

Connection: keep-alive
0..........0..... .....0......0...0........6?s....V....OlL".O..2015021
8141411Z0s0q0I0... ..........!7h....O.d...AG&h.....k.&p..?...-.5......
..M.s.Q~...@?j.......20150218141411Z....20150225141411Z0...*.H........
.....2..^...c.(g.-...K.=..."..c.........,..h.r..AML........u.'z...$i.@
....[^..2....b.....a.*.M...r..jh...w..\Gg.l...CRA.....@.<T...p. ..n
?...{K.....j.\........#o.*.....B|........}...^.....i...8.r/wM(.....J..
.......!ylI.U.T...D.Q........E.o..us.RL.y..:.....oxGa5...#0...0...0...
.......<o&S.-S..}...e.30...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use a
t hXXps://VVV.verisign.com/rpa (c)09100...U...'VeriSign Class 3 Code S
igning 2009-2 CA0...141205000000Z..150305235959Z0..1.0...U....US1.0...
U....VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms o
f use at hXXps://VVV.verisign.com/rpa (c)091<0:..U...3VeriSign Clas
s 3 Code Signing 2009-2 OCSP Responder0.."0...*.H.............0.......
..{(..t....2.Vf.....&;6).i*[email protected]._p.E.6.|.mk....(....
......p...........X.DF....^0N....b9.:..J. ZK.".^..\..p.'.$..JA..~QG.d.
}...r...gv... f...z.#..}..J...r9h.........LI-..^.......PUD.h<.l....
(n..i.....E.....2....^./Y......Y.m...'...hz..y..E..........0...0...U..
..0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.verisig
n.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS incorp.
 by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U.....
...0... .....0......0"..U....0...0.1.0...U....TGV-B-24710...*.H...<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/xkCfyHfJr7GQ6M658NRZ4SHo/AQUCPVR6Pv+PT1kNnxoz1t4qN+5xTcCEGC2x6sSmevembHfY1acIZk= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1697

content-transfer-encoding: binary

Cache-Control: max-age=400344, public, no-transform, must-revalidate

Last-Modified: Mon, 16 Feb 2015 18:33:24 GMT

Expires: Mon, 23 Feb 2015 18:33:24 GMT

Date: Thu, 19 Feb 2015 03:21:00 GMT

Connection: keep-alive
0..........0..... .....0......0...0...A0?1=0;..U...4VeriSign Class 3 C
ode Signing 2004 CA OCSP Responder..20150216183324Z0s0q0I0... ........
[email protected].!......Q...==d6|h.[x....7..`..........cV.!.....201502
16183324Z....20150223183324Z0...*[email protected]/.......;.
s.....p.C#D<o..9.......;..C..Kn........;lOQ=IH...........,s| i..l..
m..l.-7.m....C........."o...U..(x... ..q:Y.S H...!.. ......G h.sl,tJ..
L....Y..L)..#.P...u...X3qx.....2/..(P.1....~...\....w.U.EQ....?Y.....F
qVO....f..JZDp..Q....Bh........0...0...0..{.........[..I|.....Zm..0...
*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriSig
n Trust Network1;09..U...2Terms of use at hXXps://VVV.verisign.com/rpa
 (c)041.0,..U...%VeriSign Class 3 Code Signing 2004 CA0...140428000000
Z..150729235959Z0?1=0;..U...4VeriSign Class 3 Code Signing 2004 CA OCS
P Responder0.."0...*.H.............0.........Y....h..@..>.....%.-..
...O...' y.........x..Gw.xF.....?..Z..u,.X.&..........3C..H.l.....f..;
]s!.\"v...|....][email protected]. ..W....n..*..-
f?EY.......UN...r...........-_.%..,P;b.....)(.P.4...,.%....<..6....
.[r^X.EV..S...5#'Y.. .TD...........0...0...U.......0.0...U.%..0... ...
....0...U...........0... .....0......0f..U. ._0]0[..`.H...E....0L0#.. 
.........hXXps://d.symcb.com/cps0%.. .......0...hXXps://d.symcb.com/rp
a0!..U....0...0.1.0...U....TGV-B-1080...U......"...?....`>q..i1o...
0...U.#..0.....Q...==d6|h.[x....70...*.H.............B8@.$..wo......E.
....P52"b*@'C\.y.(...n....h.f..7f.....v...pb<...]..|..........k<<< skipped >>>

POST /data/update608.txt?v=622 HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)

Host: VVV.internetdownloadmanager.com

Accept: */*

Accept-Encoding: identity

Accept-Language: en-US

Accept-Charset: *

Referer: hXXp://VVV.internetdownloadmanager.com/data/

Authorization: Basic dGNpZG06aHNJV28yazhEU2wyNHFzeA==

Content-Type: application/x-www-form-urlencoded

Content-Length: 5

Cache-Control: no-cache

Pragma: no-cache

lng=9
HTTP/1.1 200 OK

Date: Thu, 19 Feb 2015 03:18:45 GMT

Server: Apache/2.2.15 (Red Hat)

Set-Cookie: IDM=37.57.16.189.1424315925216340; path=/; expires=Sat, 30-May-15 03:18:45 GMT; domain=.internetdownloadmanager.com

Last-Modified: Fri, 06 Feb 2015 15:32:44 GMT

ETag: "aa0fd6-1902-50e6d21bfdf00"

Accept-Ranges: bytes

Content-Length: 6402

Content-Type: text/plain; charset=UTF-8

02/05/15..Version 6.22 Final is available (Feb/05/2015)..What's new in
 version 6.22?..- Added support for Windows 10.- Fixed problems with c
orrupted video files from several types of video services.- Fixed bugs
..What's new in versions 6.21 and 6.21 Builds 2-18?..- Resolved compat
ibility issues with some applications.- Added support for Firefox 36 a
nd SeaMonkey 2.32.- Added support for SeaMonkey 2.31 and for Pale Moon
 25.- Improved the recognition of new types of videos.- Added a featur
e to wake up from sleep to download scheduled files in queue.- Added s
upport for Firefox 35.- Improved video recognition in Google Chrome.- 
Added support for Firefox 34 and SeaMonkey 2.30.- Fixed problems with 
Google Chrome extension for non-default zoom.- Fixed a freezing proble
m when assembling downloaded videos.- Added 64-bit support to "IDM Int
egration module" Chrome extension.- Added a feature to select a group 
of files in main IDM list and.  change their storage folder.- Fixed se
veral problems with erroneous interceptions of videos.- Improved the l
ogic of "Download this video" panel  .- Added a feature to search down
loads in IDM list.- Added high DPI support for Google chrome extension
.- Fixed detections of two separate video and audio streams in Chrome 
browser.- Improved IDM download engine.- Added support for Firefox 33 
and SeaMonkey 2.29..What's new in version 6.20 Build 5?..- Fixed an er
roneous interception of attendant content in Google Docs.- Fixed a cri
tical bug when saving and resuming several types of videos.- Fixed

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1762

content-transfer-encoding: binary

Cache-Control: max-age=492902, public, no-transform, must-revalidate

Last-Modified: Tue, 17 Feb 2015 20:13:42 GMT

Expires: Tue, 24 Feb 2015 20:13:42 GMT

Date: Thu, 19 Feb 2015 03:21:08 GMT

Connection: keep-alive
0..........0..... .....0......0...0......;O}a.!..u...au..eUNp..2015021
7201342Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...3
13..R...%V.......K3.....20150217201342Z....20150224201342Z0...*.H.....
........:7W...k..._..m<.L...._.L?.U..~9.>...1.X..8.o.%u..\..@].c
G..Y.....(..W ...d. ...!.=.s....#T05.....~#..Y...\.r.....Kpk.......L..
.g)...K...[..A:.[../.U.=.\.....qeY9..I.E.OI8.....b...Q4..]E......75}f&
lt;([email protected].....^.>. x4.5...A$....n......i.:.z.XxY..v....*.....
0...0...0...........2...'U.BM...g.B0...*.H........0..1.0...U....US1.0.
..U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2
006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Cla
ss 3 Public Primary Certification Authority - G50...141202000000Z..151
216235959Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Sy
mantec Trust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responde
r Certificate 30.."0...*.H.............0...............2&..PL...,..2..
..:..tH...`JG.%..*...s.c%[email protected]"1.5
?..s.....3[...u......]...R0..Z}....l..I.Y.....j\H.q...#.uw.4qz.#.J....
.@2$"..$l.B.......D.ye..(..2.........@...... ...."... E..0M,..b{.^..s'
....f.6.pr4.J........'j..........0...0...U.......0.0l..U. .e0c0a..`.H.
..E....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...http:
//VVV.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0.
.....0!..U....0...0.1.0...U....TGV-B-2760...U......;O}a.!..u...au..eUN
p0...U.#..0.....e......0..C9...3130...*.H.............(.&..Dgr.Ve.<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo/X8AUm7+PSp50CEANPMo8+/0+5j1NDgReI94o= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.verisign.com


HTTP/1.1 200 OK

Server: nginx/1.4.7

Content-Type: application/ocsp-response

Content-Length: 1725

content-transfer-encoding: binary

Cache-Control: max-age=419473, public, no-transform, must-revalidate

Last-Modified: Mon, 16 Feb 2015 23:48:43 GMT

Expires: Mon, 23 Feb 2015 23:48:43 GMT

Date: Thu, 19 Feb 2015 03:21:08 GMT

Connection: keep-alive

0..........0..... .....0......0...0......u\..3Oo?U...H.....O!..2015021
6234843Z0s0q0I0... ...................F....0.yV......{&.K......&......
..O2.>.O..SC.........20150216234843Z....20150223234843Z0...*.H.....
..........I..z..?.... a......._y...H.~.........v...h..... ...G[{L.:2!5
.E...<RYC.....U.%V.H.E.......E.H.2.........d;.....H..9.g.....$-....
.R..z.i..%.......vp".N...N...2....&>...:.{.......p.X_.............D
.. [email protected]_-.=Bm..T.i~.....[KPPo.p.H.....0...0.
..0........../...nj0...}..i..0...*.H........0..1.0...U....US1.0...U...
.VeriSign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of us
e at hXXps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Cod
e Signing 2010 CA0...141204000000Z..150304235959Z0..1.0...U....US1.0..
.U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1VeriSi
gn Class 3 Code Signing 2010 OCSP Responder0.."0...*.H.............0..
.......4.4...........o....?..f.........I.!.b.L...L..U.........rM.,....
.=..cR4d.~*..k..x......=.WT.<.A2n1.qZyM.M..Q_...8....9....d.... ...
'.........h..Z..I...(.b.jK..DO.ra..gb..j..A.(....mrzU.w.......Bv...l.:
s..L....y.....u..n.)W......Y!....Q...,.i|.....:.Mu..DD1.........0...0.
..U....0.0....U. ...0..0....`.H...E....0..0(.. .........hXXps://VVV.ve
risign.com/CPS0b.. .......0V0...VeriSign, Inc.0.....=VeriSign's CPS in
corp. by reference liab. ltd. (c)97 VeriSign0...U.%..0... .......0...U
........0... .....0......0"..U....0....

<<< skipped >>>

The Worm connects to the servers at the folowing location(s):

IDMan.exe_1808:

.text

`.rdata

@.data

.rsrc

UxSSh

SSShd

QSSShX

QPSShX

L$4PQSShL

FxSSh

t%Fj"V

RPSSh8

T$TQRSSh0

QRSSh

RPSSh

PQSSh

RPSSht

PQSShd

PQSShH

PQSShx

T$dQRSShh

PQSSh8

SSSSSh

D$8RPSSh

PQSSh,

T$LQRSSh

QRSSh8

PQSSht

jCSSSSh

PSSSh

SSSSh

PVSSh

QRSSh(,j

SSSShd

SShh8j

tdSSh

PQSShPHj

SShPHj

RSShPHj

PWSShHPj

T$DQRSSh<Pj

T$DQRSSh4Pj

T$\QRSSh(Pj

T$HQRSSh

L$HPQSSh

RSSSh

RVSSh

QPSSh

L$TPQSSh(ej

D$<RPSSh ej

D$,RPSShlej

!"#$%&'()* ,-./0

123456789:;<=

PQSShxfk

t~9.tz

T$0QRSShL

QRSSh|wk

RPSSh\wk

PQSShLwk

QRSSh8wk

RPSSh$wk

PQSShlwk

FtPh

U,RWSSh

PSSh(Pj

tCPWh,

>"u.Fj"V

T$4QRSSh

D$HRPSSh

u.hPjf

u$SShe

commctrl_DragListMsg

COMCTL32.DLL

CCmdTarget

GDI32.DLL

%*.*f

windows

CNotSupportedException

MSWHEEL_ROLLMSG

KERNEL32.DLL

ole32.dll

__MSVCRT_HEAP_SELECT

user32.dll

WS2_32.dll

GetWindowsDirectoryA

GetProcessHeap

GetWindowsDirectoryW

SetThreadExecutionState

GetCPInfo

PeekNamedPipe

KERNEL32.dll

ExitWindowsEx

MsgWaitForMultipleObjects

EnumWindows

GetKeyState

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

GetAsyncKeyState

USER32.dll

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GetViewportExtEx

GDI32.dll

comdlg32.dll

RegCloseKey

RegOpenKeyExA

RegCreateKeyExA

RegEnumKeyA

RegQueryInfoKeyA

RegDeleteKeyA

RegEnumKeyExA

RegNotifyChangeKeyValue

RegFlushKey

RegCreateKeyExW

RegLoadKeyA

RegRestoreKeyA

RegSaveKeyA

ADVAPI32.dll

ShellExecuteA

ShellExecuteExW

ShellExecuteExA

FindExecutableW

ShellExecuteW

SHFileOperationA

SHFileOperationW

SHELL32.dll

COMCTL32.dll

oledlg.dll

OLEPRO32.DLL

OLEAUT32.dll

InternetCombineUrlA

InternetCrackUrlA

InternetCanonicalizeUrlA

GetUrlCacheEntryInfoW

InternetCanonicalizeUrlW

WININET.dll

hXXps://secure.

hXXp://VVV.

%s&lng=%s

.internetdownloadmanager.com/

AboutD.htm

.xn--

PTF://

hXXps://

hXXp://

hXXp://%s

Unknown error during CAddUrlDlg::CAddUrlDlg()

Unknown error during CAddUrlDlg::OnInitDialog()

UnkErr in AddUrl 299

Unknown error during CAddUrlDlg::OnClose()

Unknown error during CAddUrlDlg::OnVerify()

Unknown error during CAddUrlDlg::OnCancel()

https

Unknown error during CAddUrlDlg::OnEditchangeUrl()

FtpPasword

FtpEncPassword

FtpUserName

UseFtpProxy

FtpPort

FtpProxy

HttpPasword

HttpEncPassword

HttpUserName

UseHttpProxy

HttpPort

HttpProxy

HttpsPasword

HttpsEncPassword

HttpsUserName

UseHttpsProxy

HttpsPort

HttpsProxy

http=

https=

Software\Microsoft\Windows\CurrentVersion\Internet Settings

%%0Ý

%s %s

fceb7191-46c6-4fb2-bc5f-a10317cd4b1a

fc21ec12-91cc-4546-8ce9-0fea34ce5ad9

f1b17826-2437-4a4d-a9d0-97ee5c76c164

db47a145-d5cc-424d-885d-7a305ebc25b0

d177c6d9-1454-476c-bcc3-1195d036d6e0

cf2d8c1d-bb0e-4cdc-9e97-3cc6da9f48c7

cb6498f3-91f5-4e72-bdd3-35e5a6dc6d5f

851aba31-d661-4825-a37f-5bd0faeb4d88

80993b9b-0cd0-4b2d-864c-88151c635fe5

77e27bc6-988a-4b45-bdf1-85a8928f86ea

6528e7db-f86d-4398-a3df-abf0e7b70aa2

64a72197-bda2-449e-ba78-8e0335442661

205801ea-84b1-4085-b818-b1c6fb567bd7

179619ba-deeb-4436-abaf-82eeaf2f3816

144323b7-20c3-4b5f-b2a5-1cd0d6996dbc

02c1811b-6b25-416a-aca8-dc671d68056d

00645ccd-b777-44a2-9b36-1fb3f423b559

Cannot open regkey in CBrInt constr

Cannot open(/create) registry subkey during CBrowsersIntegration::Save().

Mozilla

Google Chrome

chrome

Opera

OPERA

Mozilla firefox

Firefox

fceb7191-46c6-4fb2-bc5f-000000000000

webHancer

New.net

rpcrt4.dll

%s%s%s

%s\%s

sporder.dll

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

%s%sGoogle\Chrome\User Data\Default\Extensions

Software\Mozilla\Firefox\Extensions

Software\Mozilla

Software\Mozilla\Waterfox

Software\Mozilla\Aurora

Software\Mozilla\Mozilla Firefox

manifest.json

SOFTWARE\Google\Chrome\Extensions

SOFTWARE\Google\Chrome\Extensions\%s

Software\Google\Chrome

Software\Google\Chrome\Extensions

Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{19129CDA-AFC0-4330-99BC-C5A834F89006}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4}

"%s" "%s"

isExtensionSupported

MozillaFirebird

Mozilla Firebird

seamonkey

SeaMonkey

mozilla

firefox

Mozilla Firefox

{7D11E719-FF90-479C-B0D7-96EB43EE55D7}

%sIDMGrHlp.exe

%sUninstall.exe

Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers

hXXp://VVV.internetdownloadmanager.com/register/new_faq/enableBFE.html

\\.\IDMTDI

New.net Startup

Software\Microsoft\Windows\CurrentVersion\Run

StEnableBFEMsg

net.exe

\\.\IDMWFP

1.2.0.13

kltdi.sys

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

https\

http\

{0055C089-8582-441B-A0BF-17B458C2A3A8}

Software\Opera Software

IntegrateOpera

Unknown error during CBrowsersIntegrator::GetMozillaInstallDir()

SOFTWARE\mozilla.org\Mozilla

IntegrateMozilla

MozillaFirebird.exe

%sPlugins\

Mozilla.exe

SOFTWARE\FullCircle\TalkBack\%s

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

%s%s\chrome.manifest

%s%s\chrome\idmmzcc.jar

%s%s\components2\iIDMMzCC.xpt

%s%s\components\iIDMMzCC.xpt

%s%s\components11\idmmzcc64.dll

%s%s\components11\idmmzcc.dll

%s%s\components2\idmcchandler2_64.dll

%s%s\components2\idmcchandler2.dll

%s%s\components2\idmmzcc64.dll

%s%s\components2\idmmzcc.dll

%s%s\components\idmmzcc.dll

%s\drivers\idmwfp.sys

%s\drivers\idmtdi.sys

\WinInit.Ini

PendingFileRenameOperations

Kernel32.DLL

PSAPI.DLL

%stmp_test.html

%s\Main

%sOpera.exe

%s\flock.exe

SOFTWARE\Mozilla\SeaMonkey

SOFTWARE\Mozilla\Netscape Navigator

Software\mozilla.org\Mozilla Firefox

\StringFileInfo\xx\%s

\StringFileInfo\xx\FileVersion

idmcchandler2_64.dll

idmcchandler2.dll

%s%s\%s

%sNP_IDM%d.dll

</em:updateURL>

<em:updateURL>

%s%s\install.rdf

%sidmmzcc03

%sidmmzcc02

%sidmmzcc01

%sidmmzcc3

%sidmmzcc2

%sidmmzcc

Software\Mozilla\SeaMonkey

Software\Mozilla\SeaMonkey\Extensions

Software\Mozilla\Firefox

Cannot create regkey in CBrIntr:SaveBIA, s2

Cannot create regkey in CBrIntr:SaveBIA

SOFTWARE\Microsoft\Windows\CurrentVersion

%s (*.exe)|*.exe||

%s executable file (%s.exe)|%s.exe||

%scnlurllist.dat

%s*%s

%s://*.%s%s

%sdefextmap.dat

%surlexclist.dat

%s (5)

VVV.internetdownloadmanager.com

testing.html

%s (%d)

idmbrbtn.dll

.googlevideo.com

.youtube.com

secure%s

www%s

.com/fillregform.html?d=

.com/autoreg.html?d=

%s?v=%s

idmupdt2.exe

idmupdt.exe

%s?%s

update.cgi

CURRENT_USER\%s

Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}

/n,/select,"%s"

Update.htm

application/vnd.lumberjack.manifest

video/webm

WEBM

image/x-windows-bmp

application/x-winexe

%sGrabber\

%stemplate%s.dat

%stemplate*.dat

%sToolbar\%s

%sToolbar\*.tbi

Connect.dll

%s%ld

hXXp://VVV.internetdownloadmanager.com/support/firefox_integration.html

hXXp://VVV.internetdownloadmanager.com/support/firefox8_integration.html

hXXp://VVV.internetdownloadmanager.com/register/new_faq/chrome_extension2.html

%d%sd %s

%d %s

%s (*.*)

chrome.exe

Firefox/

firefox.exe

%s\Downloads\%s

%s%s%s%s

bShTipWEBMPlayer

.webm

%s. %s.

hXXp://VVV.internetdownloadmanager.com/flv_player.html

CompleteDlg.htm

hXXp://www%s/uptateidm.cgi?v=%s

hXXps://secure%s/subscription.html?v=%s

hXXp://www%s/contact_us.html?v=%s

6.21.16

02/05/15

%sidmvs.dll

RegCreateKeyEx() failed during OpenGlobalIDMRegKey(), errCode = %ld

%s%sIDM

%s%sIDM\%s

Internet Download Manager detected that its registry keys had been damaged since the last run. It's possible that you run a flaky spyware remover program which corrupted system registry. Internet Download Manager will try to restore all damaged data, but some data may remain corrupted.

hXXp://VVV.internetdownloadmanager.com/support/damaged_keys.html

Internet Download Manager detected that its registry keys had been damaged since the last run. It's possible that you run a flaky spyware remover program like Spyhunter which corrupted system registry. Internet Download Manager will try to restore all damaged data, but some data may remain corrupted.

%Program Files%\Spyhunter

SHCopyKeyA

shlwapi.dll

%s\settings.bak

%s%sDMCache\%s

%s%sDMCache

SpecialKeys

Passwords

%s%sDownloads\

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\

LastFileCmdLine

LastDirCmdLine

LastUrlCmdLine

Unknown error during CDownloaderApp::InitInstance(), downloaderDlg.DoModal()

IDMShellExt.dll

%sIDMShellExt.dll

%sIDMIntegrator64.exe

/s "%sdownlWithIDM64.dll"

/s "%sIDMGetAll64.dll"

/s "%sIDMIECC64.dll"

%sIDMShellExt64.dll

CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}\InProcServer32

/s "%sIDMShellExt64.dll"

idmfsa.dll

downlWithIDM.dll

IDMIECC.dll

IDMGetAll.dll

RichEd32.Dll

Software\Classes\CLSID\{84797876-C678-1780-A556-0CD06786780F}

FtpPasive

MonitorUrlClipboard

%s /onboot

%s Full

%s Trial

3GP 7Z AAC ACE AIF ARJ ASF AVI BIN BZ2 EXE GZ GZIP IMG ISO LZH M4A M4V MKV MOV MP3 MP4 MPA MPE MPEG MPG MSI MSU OGG OGV PDF PLJ PPS PPT QT R0* R1* RA RAR RM RMVB SEA SIT SITX TAR TIF TIFF WAV WMA WMV Z ZIP

SOFTWARE\Classes\AppID\%s

AppID\%s

CLSID\{AC746233-E9D3-49CD-862F-068F7B7CCCA4}

{AC746233-E9D3-49CD-862F-068F7B7CCCA4}

IDMan.CIDMLinkTransmitter

IDMan.exe

VDMDBG.DLL

DownloaderCmdLine::ParseParam(LPCTSTR lpszParam, BOOL bFlag, BOOL bLast)

rbmsg

Invalid URL

%sLanguages\%s

lang0xx.txt

lng0x%x.txt

Unknown error during SetIconsOnUrlListProc()

comctl32.dll

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

%sMediumILStart.exe

*.gstatic.com

ecom.cimetz.com

siteseal.thawte.com

CDownloaderDlg::CreateColumnInUrlList(): inserted index != sent parameter

506938841

.testingext

URL::set_fileName(): Not enough memory!

URL::set_Referer(): Not enough memory!

URL::set_serverPath(): Not enough memory!

URL::set_serverName(): Not enough memory!

URL::set_Cookie(): Not enough memory!

"%%s" /ch %ld /w %I64d

DntShMsgOnCNTOOHtml4

%d%sd%%

%s %s/%s

%s/%s

ProcessOnNewUrl()

Unknown error during CDownloaderDlg::ProcessOnNewUrl()

/fillregform.html?d=

shell32.dll OpenAs_RunDLL %s

Unknown error during CDownloaderDlg::OnKeydownUrllist()

Unknown error during CDownloaderDlg::OnItemchangedUrllist()

Unknown error during CDownloaderDlg::OnColumnclickUrlList()

hXXp://VVV.internetdownloadmanager.com/support/damaged_keys2.html

Internet Download Manager found out that you had Spyhunter software installed. This is a low quality spyware remover that mixes registry keys, and may screw up installations of spyware clean products. For example, Spyhunter misidentifies one of IDM registry keys as SideSearch, and deletes it. It doesn't affect IDM work in any way, nor its installation, but may damage IDM downloads. We tried to contact creators of Spyhunter, but couldn

bshexmsg

hXXp://VVV.internetdownloadmanager.com/support/ws_for_scheduler.html

PowrProf.dll

MIME\Database\Content Type\%s

.gzip

.test

tmp1%s

tmp1.%s

Unkerr in maindlg:GetStrUrl

ExportListToFile()

Unknown error during CDownloaderDlg::ExportListToFile()

%s (*.ef2)|*.ef2||

%s (*.txt)|*.txt|%s (*.*)|*.*||

ImportListFromFile()

Unknown error during CDownloaderDlg::ImportListFromFile()

%s (*.ef2; *.ief)|*.ef2;*.ief||

OnCommandLineUrl()

Unknown error during CDownloaderDlg::OnCommandLineUrl()

ProcessOnNewUrl2()

Unknown error during CDownloaderDlg::ProcessOnNewUrl2()

explorer.exe

\SpyHunter.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE5B8E34-973C-4FBE-AC83-99F064009FC7}

%Program Files%\SpyHunter\SpyHunter.exe

hXXp://VVV.internetdownloadmanager.com/support/toolbar2.html

%sgrprdb

index.html

%s*.%s

%s%sIDMGrHlp.exe

name=%s

IDM_queues.htm

SourceURL:

%s%lx

hXXp://VVV.internetdownloadmanager.com/support/mkvvp9codec.html

%s\Scheduler\q_%s.dt

Operation {new char[...]} returned 0 during CDownloadQueue constructor.

Cannot open(/create) registry queue subkey.

%s\Scheduler

%s\Scheduler\s_%s.dt

%s%s:%d/%s

%s%s/%s

Unknown error during CSessionsArray::GetIndexIfUrlInArray()

Unkerr in CDPrgDlg SetURL

Unkerr in CDwnlPrDlg, OnCmd, wP=%ld

%s/%s %s

%s ( %d%sd %% )

%s (%s)

%d%sd %s

Software\DownloadManager\IDMBI\Firefox\DwnlPanel

CEditMozillaMenutab

Advapi32.dll

*.update.microsoft.com download.windowsupdate.com siteseal.thawte.com ecom.cimetz.com *.voice2page.com

Options.htm

http-equiv

%s://%s%s%s

%d; URL=%s

update_dq.txt?v=%s

update608.txt

%s:%ld

jsproxy.dll

SocksPass

SocksPort

%d %d:%d:%d %d

default.htm

VVV.sharingmatrix.com

sharingmatrix.com

VVV.filesonic.

hXXp://api.filesonic.com/%s

link?method=getDownloadLink&ids=%s&u=%s&redirect=true

api.filesonic.com

%s-%s

Right_click_IE.htm

Cannot open(/create) registry GetAllDlgLS subkey.

%s, Time: %.15s.%hu %s

GrbFsDlg::OnAddF:RegCrKey failed, err=%ld

%sproject%s.gsd

%sGrabber\Projects\

%s*.gsd

\\.\%s:

%s[%s]%s

\\.\PhysicalDrive%d

avi mpg mpe mpeg asf wmv mov qt rm mp4 flv m4v webm ogv ogg

Cannot open(/create) registry subkey during CIDMFoldersTree constructor.

Cannot open(/create) registry subkey during CIDMFoldersTree::Save().

Cannot open(/create) registry key during CIDMFoldersTree::Save().

Cannot open(/create) registry key during CIDMFoldersTree::DeleteItem().

Cannot open(/create) registry key during CIDMFoldersTree::SetVisiblity().

Cannot open(/create) registry key during CIDMFoldersTree::CheckQAU().

Cannot open(/create) registry key during CIDMFoldersTree::DeleteQAU().

HHCtrl.ocx

idman.chm

tutor.chm

grabber.chm

scheduler.chm

Cannot open(/create) registry listsettings subkey.

Cannot open(/create) registry key during CIDMMainDlgTree::OnEditItem().

%sproxy.pac

EncPassword

Software\DownloadManager\ProxyPac\%s

VERSION.dll

Gr GetWW:CrTh2 failed, err %ld

Gr GetWW:CrTh failed, err %ld

Gr AsyncMsgHandler:CrWnd failed, err %ld

Gr AsyncMsgHandler:RegCl failed, err %ld

Unk err in AsyncWndProc, uMsg=%ld, wParam=%ld, lParam=%ld

%sempty.html

%s %s error %ld

%s_%s%s

Unk err in Gr CrTmpF

%s_%s.pdb

logoutUrl=

manualLoginUrl=

useManualLogin=

password=

login=

isSPC=%d

tmpFolder=%s

manualLoginUrl=%s

useManualLogin=%d

logoutUrl=%s

denyLogout=%d

password=%s

login=%s

useAuthorization=%d

startingPage=%s

template=%s

version=%d

%smanuallogin.html

"%%s" /a 1 /w %I64d /i 2000000000 /%s "%%s" /ct "%s" /u "%s"

"%%s" /a 1 /w %I64d /i 2000000000 /%s "%%s" /ct "%s" /u "%s" /cp "%s" /lb "%s" /ok "%s" /cb "%s"

Gr SetPID:RegCrKey failed, err=%ld

excFP=%s

useExcFP=%d

incFP=%s

useIncFP=%d

excSP=%s

useExcSP=%d

incSP=%s

useIncSP=%d

maxSzU=%d

maxSzA=%d

useMaxSz=%d

minSzU=%d

minSzA=%d

useMinSz=%d

overwrEx=%d

replHtmlLnk=%d

usesubf=%d

wsaveto=%s

category=%d

saveMode=%d

useIEC=%d

useAdvWPP=%d

useDescr=%d

autoAdd=%d

goTSF=%d

prJava=%d

dnp=%d

dntAddMrrs=%d

dwnlAO=%d

igPp=%d

allSOMD=%d

nLevelOS=%d

nLevel=%d

wholeSite=%d

nDATSTF=%d

nEATSTF=%d

SHDeleteKeyA

Shlwapi.dll

%sproject%s_%s.igp

%sproject%s.igp

"%%s" /a 2 /w %I64d /fl %ld /i %ld /%s "%%s" /ct "%s" /u "%s"

%s%sa%s\

wininet.dll

%sChList

%ld %ld %ld %d %d %d p%s

%s_fda.pdb

%ld %ld %ld %d %d %d

%s*f*

%s%s%s\

action.html

filters.html

wheretosearch.html

saveto.html

starting.html

hXXp://VVV.internetdownloadmanager.com/welcome2.html?%s%s

hXXp://VVV.internetdownloadmanager.com/welcome.html?%s%s

hXXp://VVV.internetdownloadmanager.com/?%s%s

%sbuy1.html?%s%s

%sbuy_idm.html?%s%s

mailto:?subject=Internet Download Manager - very cool application!!!&body=download from hXXp://VVV.internetdownloadmanager.com

download from

Internet Download Manager - very cool application!!!

hXXp://www%s/welcome2.html?%s

hXXp://www%s/welcome.html?%s

hXXp://www%s/?%s

%sbuy1.html?%s

%sbuy_idm.html?%s

hXXps://secure%s/

mailto:[email protected]?subject=IDM_%s

If you want IDM to download the queue at a scheduled time, please enable wake timers in Windows settings.

IDM has downloaded %s file that uses a new codec that is not installed on your computer.

IDM will now open this folder, and you can run "idmupdt.exe" file manually.

IDM's temporary directory for storing file parts during download is located on drive "%s", this drive has %s file system. The files larger than %d GBytes cannot be written on this file system.

The size of "%s" file is %.1f GBytes.

The drive "%s" where you want to save this file has %s file system. The files larger than %d GBytes cannot be written on this file system.

1. Please RESTART Google Chrome and press on Chrome menu (arrow 1 on the image)

5. If you use incognito mode in Chrome, you need to enable "Allow in incognito" checkbox (arrow 5 on the image).

IDM extension has been successfully installed into (or updated in) Google Chrome browser.

You must enable "IDM Integration module" extension in Google Chrome settings if you want IDM to work with Chrome properly

This version of IDM does not support this type of downloading. Try to update IDM to the latest version.

If automatically updating your Kaspersky product does not help, please contact Kaspersky support to get an update for the "kltdi" driver.

You need to restart the Chrome to apply changes

In order to update a part of IDM extension for Firefox please close Firefox (or SeaMonkey) and then press "Retry" button

IDM cannot check for updates because an important system file is damaged on your computer. Repair this file?

Your browser may not open IDM website because an important system file is damaged on your computer. Repair this file?

IDM cannot engage Advanced Browser Integration because "Base Filtering Engine" Windows service is missing. This could happen because of your system being damaged by a computer malware.

Click OK to open a web page with recovery instructions.

IDM cannot engage Advanced Browser Integration because "Base Filtering Engine" Windows service is not running. Please right-click the Computer icon, select "Manage", navigate to "Services and Applications -> Services", then find "Base Filtering Engine" in the list and right-click on it to open Properties. Change Startup type to "Automatic", click "Start" and confirm changes.

Click OK to visit a web page for additional information.

Cannot connect to the socks server %s

Socks server cannot connect to %s

Import links to IDM

It's possible that you need to change VPN connection that is set in IDM options, or turn off "Use Windows Dial Up / VPN Networking" checkbox in IDM options -> "Dial Up / VPN" tab

IDM cannot download this protected stream for legal reasons. The download of such streams is not supported because IDM may not bypass the technological measures which are made for the protection of audio, video and data content.

These settings are unavailable when "%s" is turned on

%s is a product key of Internet Download Manager.

Please press "%s" button to buy IDM.

What is the "%s"?

1. You do not have Administrator rights or you did not allow IDM helper program to execute as Administrator.

IDM has intercepted this file from web media player because of the disabled download panel for the respective file type in IDM Options.

If you want IDM to refrain from intercepting such files please go to the "General" tab in IDM Options, click "Edit..." button for download panels in browsers and turn on "Don't capture downloads from web-players automatically" checkbox in the pop-up window.

Internet Download Manager will install a new network driver, which significantly improves integration with web players and changes old integration with several browsers like Chrome or Opera. If you encounter any problems with your browser, please open IDM options and turn off "Use advanced browser integration" checkbox on General tab. It will turn off the new driver.

IDM shows a download panel instead of capturing downloads in web players when %s integration is working correctly.

You have an obsolete %s browser integration, or %s integration is not installed. Would you like to read how to fix it?

Sometimes when you click on a link, your browser requests other files AT THE SAME TIME like Java scripts, web pages, pictures, etc. When you press and hold down a special key, IDM intercepts these files, and the browser may not request the necessary file because it will not run a Javascript, which has been intercepted by IDM erroneously. If you want to intercept and download only the necessary files with IDM, please turn on the option below:

IDM executable is on desktop

You have placed IDM's executable file on the desktop. IDM cannot work correctly without its other files, please move IDMan.exe back to programs, and create a shortcut to IDM on Desktop instead. To create a shortcut, open IDM folder in Programs, right click on IDMan.exe file and use "Send To -> Desktop (create shortcut)" popup menu item.

Would you like to know how to download files from %s site with IDM?

%s video has been downloaded

IDM found out that you computer might not have a player that would play %s videos. You will need to install any %s player.

Would you like to read about a %s player?

It will install a new network driver, which significantly improves integration with web players and changes old integration with several browsers like Chrome or Opera. If you encounter any problems when connecting to the Internet, for example, a system freezing, or crashes, etc., please open IDM options and turn off "Use advanced browser integration" checkbox on General tab. It will turn off the new driver.

IDM will download a web-page instead of a file.

(Currently this feature works for Internet Explorer, IE based browsers, Firefox and Mozilla-based browsers)

For web-players

You have entered a space after the password. If the space was entered by mistake, would you like IDM to delete the space?

You have entered a space before the password. If the space was entered by mistake, would you like IDM to delete the space?

Cannot find any web address in the clipboard!

Several URLs found in clipboard. Do you want to download them?

If you don't want to download anything please close "%s" dialog using "Cancel" button.

Checking address: %s

The web site sent a web page instead of a file when IDM requested this file second time. Probably this site uses temporary links and does not allow requesting the same address twice.

Downloading owner web page to refresh link address

IDM will open a web page in your browser where it captured this download. Please start the download of the same file from your browser again, and IDM will try to capture a new address or new session data to resume this download

Note: If you uncheck a file type on the list above and if the file type is in the list on "Options->File Types" tab, downloads of this file type are captured by IDM automatically and won't be played in the web-player. If you want to prevent it, check the box below:

Download this %s

A CRC error occurred while downloading. That means that you had some problem with your hard disk. You should scan your disk for errors by using "Error-checking" on disk properties->tools Windows dialog.

Firefox and other Mozilla based

The data transfer has been interrupted and the server does not support "resume". It's only possible to download this file from the beginning.

"IDM CC" extension for Mozilla based browsers has changed in this version of IDM. You will need to reinstall the extension to use new features. Do you want to install the new "IDM CC" extension for browsers which have an old "IDM CC" extension?

"IDM CC" extension for Mozilla based browsers has changed in this version of IDM. You will need to reinstall the extension to use new features. Do you want to reinstall the extension for %s %s browser?

Stop %s

Start %s

Do you really want to delete %s?

The browser made the first request of "%s" file and then when IDM tried to request the same file again, the site sent a web page to IDM instead of the download.

To take over this download you can set a special key in "IDM Options->General->Keys...". Press and hold this key while clicking on download link/button so that IDM could take over the download before the first browser request. Note that "Ins" key should work for most browsers.

The requested file looks like html web page.

You'll need to provide administrator permissions to perform this operation

This feature is not available for Windows Vista, but it should be implemented soon. Please check for IDM updates.

Drag this icon to start the drag and drop operation for the downloaded file.

Netscape 7.xx and 6.xx

Please confirm the installation of idmmzcc.xpi extension from Tonec Inc. on corresponding browser dialog and restart the browser after the installation.

IDM detected that %s %s browser had been also installed on your computer.

Cannot install plugins for %s %s browser!

%s %s browser will be opened now to install the extension for integration with IDM.

Cannot install idmmzcc.xpi browser extension!

IDM has detected that %s %s browser is default browser on your computer.

IDM has been successfully integrated into Mozilla Firefox.

You need to restart the Firefox browser to apply changes

Cannot install idmmzcc.xpi browser extension for Mozilla Firefox!

Please locate the browser executable file on the next dialog.

Plugins for %s browser have been removed.

Plugins for %s %s browser have been installed.

Plugins for %s browser have been installed.

IDM cannot find %s browser on your computer. Please locate the browser executable file on the next dialog.

Note: Opera and OLD Mozilla based browsers can be integrated with IDM using plugins. This integration type does not support server exceptions list to prevent downloading with IDM. Also when you change file types list you need to restart these browsers to reload plugins.

Note: Opera and OLD Mozilla based browsers can be integrated with IDM using plugins. This integration type does not support special keys to prevent or force downloading with IDM from these browsers. If you want to prevent or force downloading with IDM by pressing special keys, you should use "Advanced browser integration".

Rebooting in %d seconds

Automatically put in "%s" category the following file types:

Remember this path for "%s" category

Downloaded %s (%I64d Bytes)

Restore all download windows

t be deleted. The grabber will parse all web pages on the site again, and it may take a while.

The Java-script will not be processed for the web pages which have been already explored/processed. If you want to process Java-script for these pages you will need to press "Update all" toolbar button on the Grabber Action dialog.

The scheduled grabber project could not be started at %d:d because the project settings were being edited at this time.

The scheduled grabber project could not be started at %d:d because the project was running at this time.

Cannot start downloading the manual login page. Please check the URL syntax.

Downloading the manual login page

There is not enough free space on drive %s to open the grabber project. Please free some space and try again.

There is not enough free space on drive %s to process the grabber project. Please free some space and try again.

There is no asterisk wildcard in URL to create a download file list!

Press the OK button when login process completes

IDM Site Grabber. Step %d --- %s

Cannot open the file "%s"

Do you want to delete the "%s" grabber project?

The project with "%s" name already exists. Please select another name.

Manual login page

Please enter manual login page or uncheck the corresponding checkbox

Please enter login and password or uncheck the "Use Authorization" checkbox

Web content

If these events did not occur, please send %s file (if it exists) to Internet Download Manager support department for analysis.

When trying to resume the download, Internet Download Manager got a response from the server that it doesn't support resuming the download.

The whole web site

All files of the web site except web pages and images

All Video files of the web site

All Pictures of the web site

The filter with "%s" name already exists. Please choose another name.

When Advanced Browser Integration is turned on, IDM can catch those downloads which were impossible to catch before in IDM, or in any other download manager. Also when using the integration, IDM can be integrated into any browsers and Internet applications to take over your FTP/HTTP downloads.

We have created a configuration report that you can send us. Please send us the following information to help us to fix this problem in future versions of IDM. This data is of technical kind. We don't collect your personal information, and we will treat this report as confidential and anonymous.

You have turned off advanced browser integration. If you found a problem with advanced browser integration, we would like to fix the problem for you. In order to fix the problem, we need to collect and analyze some technical information about your computer configuration and installed Internet applications. IDM will collect and show you this information on the next stage before sending it to our support department.

IDM has detected that you are using Windows DialUp networking to connect your modem to the Internet. Would you like to use these settings in IDM?

IDM cannot find %d file(s) that are necessary for browser and system integration. Would you like to download them?

The key(s) to prevent downloading should not be contained in the key(s) to force downloading.

Please choose others keys.

"%s" data transmission protocol is not supported by IDM at this time. Or it might be a spelling error, therefore please check the spelling, and try again.

The name to save the file was "%s", but the server sent the following file type "%s", and the file should be saved as "%s". Would you like to save the file with the name matched the file type received from the server?

Password

%d sec

%d min %d sec

%ld hour(s) %d min

IDM Export Files

From %d:d to %d:d you downloaded %ld MB. All IDM downloads have been stopped at %d:d because you had exceeded your download limits set in IDM Scheduler (or 'Options->Connections')!

All stopped downloads will be resumed automatically at d:d. If you want to resume downloads immediately, change settings in Download Limits and press on Resume.

From %d:d to %d:d you downloaded %ld MB. All IDM downloads will be stopped because you have exceeded your download limits set in in IDM Scheduler (or 'Options->Connections')!

%s, total %ld files

MPEG: Res. %dx%d, %.1f samp per sec, %d bits per samp

WAV: %d samp per sec, %d bits per samp, Length: %s

AVI: Res. %dx%d, %d samp per sec, Length %s

Cannot create folder %s, error code = %ld

Warning: This computer program is protected by copyright laws and international treaties. Unauthorized reproduction or distribution of this program, or any portion of it, may result in severe civil and criminal penalties, and will be prosecuted to the maximum extent possible under law.

Add URL

Please enter login name.

The file with this URL already exists in your list and waits for download to complete. Do you want to resume file?

The file with this URL has been already downloaded by Internet Download Manager. Do you want to download it again?

Invalid URL entered. Please correct.

User names and passwords for servers/sites

Logins

Sites Logins

Change folder for "%s" category on last selected

Default download directory for "%s" category

Would you like to place all old downloads with "%s" file types to this category? The files won't be moved on the hard drive, but will be associated with this category.

The folder "%s" doesn't exist.

Do you really want to delete "%s" category from IDM categories list?

You have %d days left to use Internet Download Manager. Do you want to register your copy of IDM now?

An error occured while loading security dll. Cannot create https connectin.

An error occured while creating security connection to %s.

Cannot find HHCtrl.ocx to display help file!

File %s download complete.

This m3u file contains one or more web links to mp3 files. Would you like to add these mp3 files to your download list?

This m3u file contains a web link to one mp3 file. Would you like to download this mp3 file?

The name to save the file was "%s%s", but the server sent the following name "%s". Would you like to save the file with the file name that was received from the server?

Cannot download this file, maybe this ftp server doesn't support download resume. Would you like to add the same file and download it from the beginning?

An unknown error occured while executing the operation!

The file doesn't have any web links

The file is not a valid IDM export file or the file is corrupted

Import to IDM

The %s file has been moved.

The downloaded file looks like html web page.

If this download was taken over from your browser automatically when you clicked on a link, try to hold Alt key when clicking on the link to let IE open the page.

QuickUpdate for IDM from VVV.internetdownloadmanager.com. Receiving new files...

Cannot download this file. Invalid http server reply.

File %s - downloaded %s (%I64d Bytes). The file may not have been downloaded completely, because the file size is unknown.

File saved as %s

There is no disk space left on drive '%s'.

The size of %s is %I64d bytes.

There is no disk space left on drive '%s' to store downloaded file parts.

Probably the server does not support command pipelining.

Restarting at the beginning because local file has been erased. Restarting from arbitrary position is not supported in this case.

PORT OK

Sending PORT command...

The server does not support PASV.

Password OK

Password failed

Sending password...

Cannot find the end of string in ftp server reply.

Server sent new location and the file name %s has changed to %s.

The size of file %s has not been found in server reply

Cannot open data connection because ftp server does not support PASV command and checkbox 'Use FTP in PASV mode' in Options->Proxy/Firewall is turned on.

PORT command failed.

Cannot send PORT command.

Cannot open ftp data socket

Error occurred while receiving ftp server reply: Invalid reply format

Error occurred while receiving ftp server reply.

Ftp server doesn't allow connections.

Cannot find this file on ftp server.

Cannot login to ftp server.

Fatal read error occurred while joining downloaded parts into one file

Fatal write error occurred while joining downloaded parts into one file

Virtual memory allocation error while joining downloaded parts into one file

Cannot get the size of next part while joining downloaded parts into one file

Cannot open local file for writing while joining downloaded parts into one file

An unknown error occurred while joining downloaded parts into one file

An unknown error occurred while appending files or joining downloaded parts into one file

Cannot connect to proxy server %s:%ld

Cannot connect to %s:%ld

Cannot find proxy server %s

Cannot find server %s

The size of "%s" file is %I64d bytes.

There is no disk space left on drive "%s"' where you want to save this file.

A socket operation encountered a dead network. This could indicate a serious failure of the network system (i.e. the protocol stack that the WinSock DLL runs over), the network interface, or the local network itself.

A socket operation was attempted to an unreachable network. This usually means the local software knows no route to reach the remote host.

A socket operation failed because the destination host was down. A socket operation encountered a dead host. Networking activity on the local host has not been initiated.

Proxy authorization is required for this proxy server. You can change proxy username and password in "Options/Proxy"

Authorization is required for this site/path. You can set login information for this download by selecting properties item in a right click context menu. Or add login information to "Options/Sites passwords" to use these login/password every time you are downloading files from this site.

You have changed the "site/path field." The login information for this new site/path already exists in your password list.

The login information hasn't been changed. You may want to edit the existing one.

The login information for this site/path already exists in your password list.

The new login information hasn't been added. You may want to edit the existing one.

Change username and password of this download to "anonymous" ?

Apply these username and password to this download?

Are you sure you want to delete login information for this site?

Password field has not been filled!

Password verification failed! Please try again.

Cannot rename downloaded file from temp folder (%s) to %s. The file has been saved in temp folder.

mailto:?subject=%s&body=%s% hXXp://VVV.internetdownloadmanager.com

mailto:[email protected]?subject=IDM_%s&body=%s

mailto:[email protected]

%sLanguages\idm_*.lng

%sLanguages\inst_*.lng

%ld %s

hXXp://cache*-music*.myspacecdn.com/*/std_*.mp3?bandid=*&songid=*&token=*

hXXp://*.*/*.swf*

hXXp://lads.myspace.com/*.swf?*

%s://%s

youtube.com

location.href

window.navigate

window.open

\winhlp32.exe

Software\DownloadManager\MCN\%s

Software\DownloadManager\MCN\%s%s

scheduler.htm

https:/

http:/

MozillaWindowClass

AutoConfigURL

0.0.0.

127.0.0.

\StringFileInfo\xx\ProductName

nHttpsPrChbSt

nFtpPrChbSt

nHttpPrChbSt

drwebwcl

*.exe

COptSitesPasswords

%s (*.wav)|*.wav||

Software\DownloadManager\Passwords\

Software\DownloadManager\Passwords

VVV.filesonic.tw

*.filesonic.tw

filesonic.tw

VVV.filesonic.jp

*.filesonic.jp

filesonic.jp

*.sharingmatrix.com

VVV.filesonic.com

*.filesonic.com

filesonic.com

VVV.fileserve.com

*.fileserve.com

fileserve.com

VVV.hotfile.com

*.hotfile.com

hotfile.com

VVV.mediafire.com

*.mediafire.com

mediafire.com

.megaupload.com

VVV.megaupload.com

*.megaupload.com

megaupload.com

.rapidshare.com

ssl.rapidshare.com

VVV.rapidshare.com

*.rapidshare.com

rapidshare.com

URL::set_password: Not enough memory!

URL::set_userName: Not enough memory!

%s. %s

%d %%

%d%sd%% %s

%s (%I64d %s)

Properties.htm

CAllControlsSheet

%sScheduler\

%sq_*.dt

%d %s

%s.%s%s%s

RegistrationD.htm

%sprojects.dat

%sprojects2.dat

%sfoldresHistory.txt

%s (*.*)|*.*||

scheduler.html

%s{%s}

Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}

%s\%s{%s}

E8CF4E59-B7A3-41F2-86C7-82B03334F22A

9C9D53D4-A978-43FC-93E2-1C21B529E6D7

hXXp://VVV.internetdownloadmanager.com/support/updateblocked.html

add_exception31.html

url=%s

webpage=%s

dll=%s

firstCT=%s

secondCT=%s

ref=%s

user_agent=%s

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

%d:%d build %d %d-bit

%d:%d build %d

Windows 3.1

Windows 95

Windows 98

Windows NT

Windows version:

Configuration report:

Unk err --- GetRegistrySubkeys

Cannot open key for reading.

Unk err --- SaveAllSubkeys

Cannot read information about subkey's.

Unk err --- SaveKeyValuesEx

Unk err --- SaveKeyValues

Cannot read information about this key.

send_adv_int_rep3.html

mail=%s

winmm.dll

bUseControlKey

bUseAltKey

ShiftP

UseKeyToForce

UseKeyToPrevent

settings.html

%s >>

%s <<

*.html,*.htm,*.js,*.css,*.gif,*.jpg,*.jpeg,*.jpe,*.bmp,*.png,*.tif

%s,*.js,*.css,*.gif,*.jpg,*.jpeg,*.jpe,*.bmp,*.png,*.swf

*.zip,*.rar,*.tar,*.gz,*.tgz

*.pdf

*.mp3,*.wma,*.waw

*.mpg,*.mp4,*.mpeg,*.avi,*mov,*qt,*.wmv

*.gif,*.jpg,*.jpeg,*.jpe,*.bmp,*.png,*.tif

%s ( %s )

*.%s %s

%s_tvlda.pdb

nlevels.html

prJava.html

StImmMsg

*.uploaded.to

VVV.uploading.com

*.easy-share.com

zshare.net

uploaded.to

uploading.com

sendspace.com

filefactory.com

depositfiles.com

Software\DownloadManager\DwnlSelPanel\%s

Shell32.dll

%stips.txt

Unknown error during CUrlExporter::CUrlExporter()

CreateFile error %ld during CUrlExporter::CUrlExporter()

Unknown error during CUrlExporter::WriteInELFFile()

Unknown error during CUrlExporter::ReadFromIEFFile()

Unknown error during CUrlExporter::ReadFromTextFile()

Err1 in SetSmUrl

UrlUnescapeA

3GP 7Z AAC ACE AIF ARJ ASF AVI BIN BZ2 DOC DOCX EXE FLV GZ GZIP IMG ISO LZH M4A M4V MKV MOV MP3 MP4 MPA MPE MPEG MPG MSI MSU OGG OGV PDF PLJ PPS PPT QT R0* R1* RA RAR RM RMVB SEA SIT SITX TAR TIF TIFF WAV WEBM WMA WMV Z ZIP

Unknown error during CUrlHistory::CUrlHistory()

UrlHistory

Unknown error during CUrlHistory::~CUrlHistory()

Unknown error during CUrlHistory::OnAddUrl()

Unk err in CUrlHistory2::CUrlHistory2

UxTheme.dll

dwmapi.dll

%s %s

%ld,%f

%sSeg%%ld-Frag%%ld

first listitem id = %d, startpos = %I64d, file %ls, endpos = %I64d

Updating record with num %s: set ID %d, startPos %I64d, nextID %d

Error reading registry, errCode = %d.

Adding record to registry with ID %d, startPos %I64d, nextID %d

%s.tmp

Unknown error during ChunksList::JoinFile()

Updating record with ID 0, set nextID %d

Deleting record %s from registry

Error during GetFileSize(), errcode = %d.

%s_tmp

Rename temp file %ls to %s.

Can not rename temp file %ls to %s, errno = %ld

Can not create folder %s, error = %ld

Rename2 temp file %ls to %s.

Delete old file %s

Assembling all downloaded portions into one file...

Fatal Read Error %d

Fatal Write Error %d

VirtualAlloc/malloc failed, error %d

Values counter in the registry subkey = %d

Cannot find registry subkeys counter.

Set curID %d, curPos %I64d

No keyframe found

Adding record with ID %d, startPos %I64d, nextID %d

error!!! No keyframe found(0)

Read record num. %s from registry: ID = %d, startPos = %I64d, nextID = %d

Error reading registry, errCode = %d. End rebuilding.

Loading duration from registry: %f sec

error in chlist, id=%d, next=%d, starttime=%ld, ts=%ld

Chunk order violation error, cInf.ID %d, startPos %I64d

Error reading first chunk, errcode = %d.

new listitem id=%d, startpos=%I64d, file %ls,

error reading registry %d

insert from reg, ID = %d

Error reading saved last part, errcode = %d.

Adding record %s to registry with ID %d, startPos %I64d, nextID %d

Add alternative connection (%d) for connection %d

Error during deleting record with num %s, errcode = %ld

Apply alternative for connection %d

Item id=%d, conn=%d, next=%d, compl=%d, start=%I64d, fsize=%I64d, total=%I64d

Getting file size error during check alternative for record %d, errcode = %ld

Opening file error during check alternative for record %d, errcode = %ld

Unknown error during ChunksListItem::JoinWithNext().

Could not delete temp file %s

Deleting record with num %s

C%d:%s

Error during call to %s, err = %d

/%s%s

Dnsapi.dll

Error code = %d

Sock ver = %d, reply = %d

Error code = %ld, socks ret code = %d

%s %s

Select failed, err code = %d, socket = %d

Select error code = %d, socket = %d

Checking connect, socket = %d

File write error! Received %d bytes, wrote %d bytes, errCode = %ld

Error code = %d, socket = %d

sqlite3_blob_read

sqlite3_blob_bytes

sqlite3_blob_close

sqlite3_blob_open

sqlite3_free

sqlite3_exec

sqlite3_close

sqlite3_open

%sidmindex.dll

%s%sGoogle\Chrome\User Data\Default\cookies

%s%sMozilla\Firefox\Profiles\%s\cookies.sqlite

%s%sMozilla\Firefox\Profiles\*

SELECT creation_utc, name, value, path, host_key, secure FROM cookies WHERE host_key like '%%%s'

SELECT name, value, path, host, isSecure FROM moz_cookies WHERE host like '%%%s'

host_key

Crypt32.dll

d:d:d

ddd d:d:d GMT

dddddd

Unknown error during FTPConnection::FTPConnection() constructor.

Unknown error during FTPConnection::set_sequence_cpbl().

Unknown error during FTPConnection::try_set_pasv_cpbl().

Unknown error during FTPConnection::GetReply().

Unknown error during FTPConnection::Disconnect().

Unknown error during FTPConnection::SendQuit().

Unknown error during FTPConnection::TryConnect().

Unknown error during FTPConnection::CloseDataConnection().

Unknown error during FTPConnection::CheckConnectReply().

Initial response from FTP server:

Unknown error during FTPConnection::SendUser().

USER %s%s

%s@%s%s

Unknown error during FTPConnection::SendPassword().

send() PASS

PASS %s%s

send() proxy PASS

Unknown error during FTPConnection::CheckUserReply().

Unknown error during FTPConnection::CheckPasswordReply().

Reply on password:

recv() PASS

Unknown error during FTPConnection::SendPasv().

PASV%s

Unknown error during FTPConnection::ProcessPasvReply().

%u,%u,%u,%u,%u,%u

Unknown error during FTPConnection::BindSocket().

Unknown error during FTPConnection::Accept().

Unknown error during FTPConnection::SendPort().

send() PORT

PORT %d,%d,%d,%d,%d,%d

Unknown error during FTPConnection::CheckPortReply().

Reply on PORT:

recv() PORT

Unknown error during FTPConnection::SendCWD().

CWD %s%s

Unknown error during FTPConnection::CheckCWDReply().

Unknown error during FTPConnection::CheckOthersReplies().

Unknown error during FTPConnection::SendType().

TYPE %s%s

Unknown error during FTPConnection::CheckTypeReply().

Unknown error during FTPConnection::SendRest().

REST %I64d%s

Unknown error during FTPConnection::CheckRestReply().

Unknown error during FTPConnection::SendRetr().

RETR %s%s%s

Unknown error during FTPConnection::SendNoop().

Unknown error during FTPConnection::CheckRetrReply().

Unknown error during FTPConnection::FindSizeInRetrReply().

%I64d%s

Unknown error during FTPConnection::SendSize().

SIZE %s%s%s

Unknown error during FTPConnection::SendListFile().

LIST %s%s%s

Unknown error during FTPConnection::CheckListReply().

Unknown error during FTPConnection::CheckTransferEndReply().

Unknown error during FTPConnection::CheckSizeReply().

Unknown error during FTPConnection::OpenDataConnection().

ftp server doesn't support PASV

Unknown error during FTPConnection::StartRetr().

Unknown error during FTPConnection::RecvListData().

time %s, sizetype %d, size %I64d, name %s, namelen %d, flagtryretr %d

UNk err FTPCn2597

Unknown error during FTPConnection::GetFileSize().

Unknown error during FTPConnection::ProcessReply().

Unknown error during FTPConnection::ProcessReplyQueue().

Unknown error during FTPConnection::RollBack().

Unknown error during FTPConnection::Restart().

Unknown error during FTPConnection::OnSendError().

Unknown error during FTPConnection::StartGetChunk().

Unknown error during FTPConnection::ProcessWaitConn().

Unknown error during FTPConnection::ProcessWaitReply().

Unknown error during FTPConnection::SendInAddition().

Unkerr in FTPC2980

Unknown error during FTPConnection::ProcessPasvOK().

Unknown error during FTPConnection::InsInChunksList().

Unknown error during FTPConnection::SendTestSequences().

TYPE I%sNOOP%s

CWD %s%sTYPE I%s

Unknown error during FTPConnection::ProcessWaitTestSequ().

Unknown error during FTPConnection::ProcessWaitSecSeqReply().

Unknown error during FTPConnection::AuditForRestart().

Unknown error during FTPConnection::SetCompleted().

next %d

Sendig QUIT for connection %d...

The file chunk of connection %d is reassigned to connection %d.

conn. %d dowload completed

time %I64d, status %d,

Unknown error during FTPConnection::HandleStatus().

Error during FTPConnection::OnNewLastModified()

Unk err in FTPC::SMDTM().

MDTM %s%s%s

Unk err in FTPC::CMDTMR

Unknown error in FTPSession constructor.

Unknown error in FTPSession destructor.

Unknown error during FTPSession::InitSession().

Unknown error during FTPSession::set_sequence_cpbl_ok().

Unknown error during FTPSession::set_rest_cpbl().

Unknown error during FTPSession::set_pasv_cpbl().

Unknown error during FTPSession::CreateOptionalConnections().

Unknown error during FTPSession::getFile()

User : %s, password : xxx

%s %s Time: %.19s.%hu %.4s (%ld sec)

Url: PTF://

Windows %d.%d

Unknown error during FTPSession::ReceiveData()

Unknown error during FTPSession::set_fds()

Probably the server does not support command sequences.

Unkerr in FTPSss:AlQt

Unkerr in FTPSss:SndAlCnInf

Unknown error during FTPSession::TryStartNewOptionalConnections()

Cannot download this file, maybe this ftp server doesn't support download resume. Would you like to download the file from the beginning?

1.1.4

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /hXXp://VVV.internetdownloadmanager.com/support/data_corruption.html

nShMsgCrData

Unknown error in HTTPConnection constructor.

Unknown error in HTTPConnection destructor.

conn. %d dowload complete

Unknown error during HTTPConnection::Disconnect().

Authorization: Basic %s

%s:%s

Error during HTTPConnection::GetNextReplyLine()

Error during HTTPConnection::GetReplyIntoStorage()

Error during HTTPConnection::GetRetrRangeReply()

.dailymotion.com

emusic.com

Error during HTTPConnection::setNewLocation()

.html

/* Old URL: %s%s */

rapidshare.de

Err in HTTPC::AFR

Error during HTTPConnection::ProcessState()

UNk err HTTPCn2597

Error during HTTPConnection::GetInfo()

%s.mnft

.dmcdn.net

sciencedirect.com

Error during HTTPConnection::GetState()

Error during HTTPConnection::SendGet()

%I64d-%I64d, %s

%s %s HTTP/1.1

User-Agent: %s

Host: %s%s

Accept: %s

%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s

Accept-Charset: %s

Origin: %s

Accept-Language: %s

Cookie2: %s

Content-Type: %s

Content-Length: %d

application/x-www-form-urlencoded

If-Modified-Since: %s

Referer: %s

Authorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", %sresponse="%s"%s

, opaque="%s"

qop=%s, nc=%s, cnonce="%s",

Unknown error during HTTPConnection::HttpsProxyConnect()

CONNECT %s:%ld HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)

Proxy-Authorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", %sresponse="%s"%s

Error during HTTPConnection::RecvAllHeaders()

Error during HTTPConnection::SkipAllHeaders()

Error during HTTPConnection::SkipAllHeaders2()

Error during HTTPConnection::RecvState()

HHTTP/

HTTP/

Error during HTTPConnection::ProcessHeader()

policyref="hXXp://p3p.yahoo.com/w3c/

windows-125

HTTPS

Server: MediaFire-HTTP-lrbd

Server: BestHop 2.4.4

Unkerr HTTPC:OnCnt

Error during HTTPConnection::HandleStatus()

.mail.yahoo.com/

Unkerr HTTPC 5571

UnkErr in HTTPC6234

No memory, s httpc6172

No memory, s httpc6154

Ieframe.dll

Error during HTTPConnection::Set_szURL()

Error during HTTPConnection::OnNewLastModified()

Error during HTTPConnection::ProcessSetCookieHeader()

Not enough memory in cookieURL = new char[...]

Unknown error during HTTPConnection::Restart().

Error %d during HTTPConnection::MNSP(), step1.

Error %d during HTTPConnection::MNSP(), step2.

Unkerr in HTTP:RestartOnNLM

%a %b %d %T %Y

%a, %d-%b-%Y %T

%A, %d-%b-%y %T

%a, %d %b %Y %T

%H:%M:%S

%I:%M:%S %p

%m/%d/%y

%Y-%m-%d

%a %b %e %H:%M:%S %Y

Unknown error in HTTPSession constructor.

Unknown error in HTTPSession destructor.

Unknown error during HTTPSession::InitSession().

Unknown error during HTTPSession::getFile()

The server does not support transfer restarts.

googlevideo.com

User : %s, password :xxx

password=***

register.cgi

HTTPSess err 960

Try original url

Unknown error during HTTPSession::ReceiveData()

Unknown error during HTTPSession::set_fds()

Unknown error during HTTPSession::AuditForRestart()

Unknown error during HTTPSession::SendAllConnInfo()

Unknown error during HTTPSession::TryStartNewOptionalConnections()

Cannot download this file, maybe this server doesn't support download resume. Would you like to download the file from the beginning?

#EXT-X-KEY:

hXXps://secure.internetdownloadmanager.com/buy.html

hXXps://secure.internetdownloadmanager.com/buy1.html

hXXp://VVV.internetdownloadmanager.com/

hXXp://VVV.internetdownloadmanager.com/welcome.html

hXXp://VVV.internetdownloadmanager.com/welcome2.html

Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}

sending %x command, res = %ld

send mms cmd

NSPlayer/9.0.0.2980; {%s}; Host: %s

954afa31-d601-4525-ae7f-57d44aeb4d34

\\%d.%d.%d.%d\%s\%ld

recv %x command

Recv cmd failed, error = %ld

Recv cmd failed, connection closed by server.

errCode 0x%x

err code = 0x%x

xxxx-xx-xx-xx-xxxxxx

75B22636-668E-11CF-A6D9-00AA0062CE6C

14E6A5CB-C672-4332-8399-A96952065B5A

5FBF03B5-A92E-11CF-8EE3-00C00C205365

75B22633-668E-11CF-A6D9-00AA0062CE6C

BC19EFC0-5B4D-11CF-A8FD-00805F5C442B

B7DC0791-A9B7-11CF-8EE6-00C00C205365

8CABDCA1-A947-11CF-8EE4-00C00C205365

75B22630-668E-11CF-A6D9-00AA0062CE6C

Packets number %ld, packet length %ld, media length %I64d, streams count %d, file size %I64d

%s, %s%s%s, Length: %s

Connection %d, downloaded %I64d.

Unk err in MMSCn::HndlSt, time %I64d, status %d

%s Time: %.19s.%hu %.4s (%ld sec)

%I64d-%I64d, %s%s

%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s

Content-Type: application/x-www-form-urlencoded

Proxy-Authorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", %sresponse="%s"%s%s

, charset=utf-8, hashed-dirs="service-name,channel-binding", service-name="%s", channel-binding="%s"

Unknown error during ProxyConnection::Set_szURL()

Not enough memory during szURL = new char[...]

Proxy-Authorization: Basic %s

Unkerr in RTMPConn, 12, time %I64d, status %d

OneKeyFrameBack failed, Erase outfile

Recieved ID: %s

POST /fcs/ident2 HTTP/1.1

Host: %s

POST /open/1 HTTP/1.1

POST /%s/%s/%ld HTTP/1.1

Version: %d.%d.%d.%d

recv handshake, type = X

SendPacket failed! Header type: 0xx

pageUrl

tcUrl

swfUrl

Key frame doesn't match! (c3)

Key frame doesn't match! (c2)

Key frame doesn't match!

The file chunk %d is reassigned to connection %d.

Join with next, deleting record with num %s

error 2099, id=%d, next=%d, starttime=%ld, ts=%ld

Delete temp file %s

cmpkfcount > MAX_CMP_KEYFRAMES, set NO_REST

Sending ping, type=0xx

Unknown packet type received: 0xx

Report: received

Sending play, stime=%f, file=%s

NetConnection.Connect.InvalidApp

NetStream.Play.UnpublishNotify

NetConnection.Connect.Rejected

NetStream.Play.StreamNotFound

NetStream.Play.Stop

NetStream.Play.Failed

NetStream.Failed

onStatus: %s

Server sent result for %s

Server invoking %s

Duration = %f

Duration dont match! New duration = %f

OneKeyFrameBack

Join all (1).

Cannot find Winsock v%d.%d or later!

Ss::InfMsg err

Unknown error during Session::CheckFormat(), ctc.Check(...)

%a, %d %b %Y %H:%M:%S GMT

hXXp://VVV.internetdownloadmanager.com/register/new_faq/How_to_configure_Firewalls_for_IDM.html

downlResult = %ldsetting new login

%s.tmpa

Unknown error during SessionManager::SetURL()

Unknown error during SessionManager::SetLogin()

%s://%s%s%s%s

simtel.net

Unknown error during SessionManager::LoadUrlFromReg()

URL::set_lastResult(): Not enough memory!

[email protected]

Port

Can not delete subkey %s from registry, error code = %ld

Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)

UrlUnescapeW

%s.%s

%s_%s.%s

%s_default.html

%s%s%s.%s

.docx

.mpeg

easy-share.com

%s&signature=%s

&url=

\u0026url=

url_encoded_fmt_stream_map

%s...

Downloading owner web page

googlevideo.com/api_video_info?

googlevideo.com/get_video_info?

youtube.com/api_video_info?

youtube.com/get_video_info?

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)

Mozilla/4.0 (compatible; MSIE 7.0; Windows 98)

Unknown error in URL destructor

%s?lng=%s

hXXp://VVV.internetdownloadmanager.com/support/shsdownload.html

hXXp://VVV.internetdownloadmanager.com/articles/flv_downloading.html

hXXp://VVV.internetdownloadmanager.com/support/filesonic_dwnl.html

hXXp://VVV.internetdownloadmanager.com/support/rsdownload.html

showHTDlFsnMsg

showHTDlShSMsg

4shared.com

.filesonic.

showHTDlYtMsg

showHTDlRSMsg

%ld%s

URL::set_localPath(): Not enough memory!

Unknown error during URL::SaveToReg()

capabilities=%f&audioCodecs=%f&videoCodecs=%f&videoFunction=%f&duration=%I64d%s%s

&tcUrl=%s

&userArgs=%s

Unknown error during URL::set_LastModified()

URL::set_LastModified(): Not enough memory!

Unknown error during URL::DeleteFileChunks()

Error read registry, errCode = %d. End rebuilding.

Unknown error during URL::LoadLocalNamesFromReg()

URL::set_localFileName(): Not enough memory!

URL::set_description(): Not enough memory!

%s\idmftype.dll

idmcheckedtype/%s

Urlmon.dll

%s%s%s.html

%s %s|*.%s|%s (*.*)|*.*||

Error %ld opening registry key in URL::OpenDMRegSubKey()

EM = 0x%x, 0x%x,

DM = 0x%x, 0x%x.

Error 0x%x reading security interface.

Error 0x%x reading InitSecurityInterface entry point.

Error 0x%x loading %s.

secur32.dll

security.dll

schannel.dll,

Error %ld opening Key during CheckRegSecurityProvider()

schannel.dll

Unk err in URL::set_MDTM()

.MPEG

Unknown error during CFormatParsing::%s

new operator error %ld in CFormatParsing::FillZipFormatStruct()

Joint Stereo

d %s %d d:d

CertFreeCertificateContext

Error 0x%x returned by AcquireCredentialsHandle

Error 0x%x returned by CertFindCertificateInStore

CertFindCertificateInStore

Error 0x%x returned by CertOpenSystemStore

CertOpenSystemStoreA

Error %d sending data to server (1)

%d bytes of handshake data sent

Error %d returned by InitializeSecurityContext (1)

Error 0x%x returned by InitializeSecurityContext (2)

%d bytes of app data was bundled with handshake data

Error %d sending data to server (2)

Error %d reading data from server

Key exchange strength: %d

Key exchange: KEA

Key exchange: 0x%x

Key exchange: DH Ephemeral

Key exchange: RSA

Hash strength: %d

Hash: 0x%x

Cipher strength: %d

Cipher: 0x%x

Protocol: 0x%x

Error 0x%x querying connection info

Error 0x%x finding cert chain

**** Error 0x%x returned by AcquireCredentialsHandle

certificate chain found

CertFindChainInStore

1.3.6.1.5.5.7.3.2

Error 0x%x querying issuer list info

Error during HTTPConnection::SendHTTPSGet()

%d bytes of request sent

Error %d sending data to server (3)

Error 0x%x returned by EncryptMessage

Header: %d, Trailer: %d, MaxMessage: %d

Error 0x%x reading SECPKG_ATTR_STREAM_SIZES

Error during HTTPConnection::RecvHTTPSData()

**** Error 0x%x returned by DecryptMessage

%d bytes of handshake data received

%c%c%c%c%c%c%c%c%c%c

%s.cdb2

%s.pdb

%s_ssi.pdb

%s_szi.pdb

%s_di.pdb

%s_sfti.pdb

%s_lni2.pdb

%s_lni.pdb

%s_dni.pdb

%s_ui.pdb

%s_mi.pdb

.?AVCCmdTarget@@

.PAVCException@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCResourceException@@

.PAVCArchiveException@@

.?AVCToolCmdUI@@

.PAVCOleException@@

.PAVCOleDispatchException@@

.PAVCMemoryException@@

.PAVCNotSupportedException@@

.?AVCNotSupportedException@@

.PAVCFileException@@

zcÁ

%Program Files% (x86)\Internet Download Manager\IDMan.exe

version="1.0.0.0"

name="Tonec.IDM.IDMan"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel level="asInvoker"/>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>

<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>

<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">

</asmv3:windowsSettings>

^.ovs

^.ovs[cX:

w'R.siZ

2:3:3:/:/\/\/

2:3:3:3:3

Rn-N)N)N)N)M)M)-%-%-%,%,%uN

.ZduB

keYb

6.vFo)

ZL%FV

.)7)7(3'/

uN-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%uN

{.wGZ

o{-{,{,w,w,w,w,w,w-w-w-w.wNwNwNwNwN{N{N{N{o{o{q{

{/{,{,{,{,{,{,w,w,w.wPw

w.wGZ

O{-{,w,w,w,w,w,w,w-w-w-w.wNwNwNwNwN{N{N{n{n{o{q{

{.{,{,w,w,w,w,w,w,w.wPw

2*;*;*7)7

2 ; ; ;*7

p{N{M{-{-{-{,{,{,{-w-w-w.wNwNwNw

"?'?#?#?

7_3_/_ _'?#

?=?=;=;^;

._/_/_/?/?

3_3?3?/? ?

;=;=;=;^7

"?'?'?'?#?#

&? ?'?'?#

{4Fp)o%uF

7\3\3\ \'<

.GNGnGMCK;(3

{.KoKoKnGL?)7

-%-)-)-%

;;;7;7;7;7;7:7:7:3:3

N.siZ

R.siZ

;?;?7?/?

.ZW9W9W8W8W9[9_Z_

6>;_7?7?3? ?'

-xB}ouF\#o

)QO(b

tcp D

.lffn]XX

L/%XN3'4S7)

& #!!!!&

Ku.sL

z%X8>

 ].vh

'%7u%g

'()* ,-./

0123456789

idmmbc.dll

IDMGCExt.crx

IEMonitor.exe

idmmzcc.xpi

Uninstall.exe

iRUNDLL32.EXE

SETUPAPI.DLL,InstallHinfSection DefaultUninstall 128 %s

SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 %s

idmtdi.inf

idmtdi32.sys

NPIDMan2.dll

NPIDMan1.dll

lidmbrbtn64.dll

IDMShellExt64.dll

IDMNetMon64.dll

IDMNetMon.dll

IEGetAll.htm

IEExt.htm

IDManTypeInfo.tlb

idmmkb.dll

IDMIECC64.dll

lhttp

iseamonkey.exe

orca.exe

MozillaFireBird.exe

NETSCP.exe

Flock.exe

navigator.exe

NETSCAPE.exe

OPERA.exe

Firefox.exe

iexplore.exe

PathToExe

~idmcchandler2_64.dll

defexclist.txt

idmvs.dll

regsvr32.exe

index.htm

IDMGrHlp.exe

rundll32.exe

downlWithIDM64.dll

IDMGetAll64.dll

idmvconv.dll

%s%s%s_%ld%s

Elevation:Administrator!new:%s

temp.htm

GlobalErrors.log

s%sGlobalErrors.log

mgrabber.chm

%s%lda%ld\

%s%s%s\default_user\

%s%s%s\%s\

idmpldr.ini

IEGetVL2.htm

IEGetVL.htm

dnlbtmn.txt

%s%sSounds\%s

%sSounds\%s

%s%sSounds\

%sSounds\

sts_list.dat

tips.txt

UrlHistory.txt

UrlHistory2.txt

%s%s_%ld.log

manuallogin.html

default.html

%s%ld\

%s%s_%ld\

:?!#&*-<>\$%@

"'/[]^|~

b%Program Files% (x86)\Internet Download Manager\GlobalErrors.log

Login

The web page from which this file was obtained:

hXXp://VVV.internetdownloadmanager.com

Support Team:

internetdownloadmanager.com/contact_us.html

Password:

Save password

IDM drop target. Drop web-links for downloading here

Export download list

Export download queue

Export selected files

Export all files

Site login

Note: Type the path only if you have different login names for different server directories.

Use Windows Dial Up / VPN Networking

Automatically start downloading of URLs placed to clipboard

Customize keys to prevent or force downloading with IDM

Keys...

Use FTP in &PASV mode

Hide images located on this web page

Using special keys

Use the following key(s) to prevent downloading with IDM for any links:

Use the following key(s) to force downloading with IDM for any links:

Note: Sometimes after you click on a download link, a web page will load telling that the download starts in X seconds. In this case you will need to uncheck the following option to force downloading with IDM.

Check for left mouse button clicked on a link along with the special key(s) pressed to force downloading the link

While holding down a special key DO NOT take over the downloads

which are web-pages, pictures, scripts and etc.

Internet Download Manager Problem Report

We have created a configuration report that you can send us.

Press Advanced button to enable manual login or to disable a logout page

Enter login and password manually at the following web page:

Please note that a web server may reject requests if you set a large number of files to explore (download) at the same time.

Use Advanced web page processing

At this step you should specify what web pages to explore to find the required files. At the next step, you will be able to set file types, location, and other filters.

Ignore popup windows

Explore web pages within the following paths/domains only:

Don't explore web pages within the following paths/domains:

Web pages processed

Type your user name and password.

Save this password in IDM password list

It's possible to add a group of sequential file names like img001.jpg, img002.jpg, etc., img100.jpg to IDM download queue. Use the asterisk wildcard for the file name pattern.

For example: hXXp://VVV.internetdownloadmanager.com/pictures/img*.jpg

Report for IDM developers

You can send a report to IDM developers about the downloads that were taken over by mistake to make a workaround for this site in the future versions of IDM

The referrer URL from which the download was taken over by mistake:

Note: Internet servers may break connection when the speed is too limited! Thus it's not recommened to use Speed Limiter to download from servers that do not support "resume" feature.

IDM can show its Download panel on a web-player in a browser when IDM detects a multimedia request from the web-player

Don't capture downloads from web-players automatically

IDM can show Download panel on a web-page when you select a text that contains download links.

FileUrl

Use &HTTP Proxy

Use HTTP&S Proxy

Use &FTP Proxy

Google Chrome Integration

E&xport

To IDM export &file

&Import

&From IDM export file

C&ustomize URL List...

&Contact IDM Support

6, 22, 1, 2

1999 - 2015

>Check for available updates on VVV.internetdownloadmanager.com

'Register IDM with your registration key

Contact IDM support team

EMake an attempt to find HTTP proxy in Internet Explorer configuration

:Use FTP protocol in passive mode (needed behind firewalls)

Stop all downloads%Remove selected file(s) from the list(Remove all completed files from the listDBrowsers/System integration, File types, Proxy, Passwords and others

Opening Port

Port Opened

Change Password Requested

Password Expired

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

#Unable to load mail system support.

IELowutil.exe_2524:

.text

`.data

.idata

@.rsrc

@.reloc

ielowutil.pdb

x6SSh

GetProcessHeap

SetProcessShutdownParameters

KERNEL32.dll

MsgWaitForMultipleObjects

USER32.dll

_amsg_exit

_wcmdln

msvcrt.dll

ole32.dll

WININET.dll

iertutil.dll

<assemblyIdentity version="5.1.0.0"

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

<requestedExecutionLevel level="asInvoker" />

<!--The ID below indicates application support for Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

.ENNNG.

FTPO

.Xz5}

PCt%X

$.Mwe~

comctl32.dll

user32.dll

10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)

ielowutil.exe

Windows

10.00.9200.16521

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

IEMonitor.exe:1428
IDM1.tmp:656
idmBroker.exe:1952
RUNDLL32.EXE:2424
runonce.exe:656
IELowutil.exe:2524
regsvr32.exe:1984
regsvr32.exe:1992
regsvr32.exe:1300
regsvr32.exe:2904
regsvr32.exe:2044
regsvr32.exe:712
regsvr32.exe:2184
regsvr32.exe:2948
regsvr32.exe:1976
Uninstall.exe:168
IDMan.exe:2156
IDMan.exe:1808
%original file name%.exe:2600
Delete the original Worm file.
Delete or disinfect the following files created/modified by the Worm:

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\IDM_Setup_Temp\IDMSetup2.log (63672 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk (2 bytes)
%Program Files% (x86)\Internet Download Manager\IDMSetup2.log (19 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\Desktop\Internet Download Manager.lnk (2 bytes)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk (2 bytes)
C:\Windows\System32\drivers\SET9176.tmp (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl (712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components11\idmmzcc64.dll (5200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\defextmap.dat (2 bytes)
%Program Files% (x86)\Internet Download Manager\idmcchandler2_64.dll (6146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components\idmhelper5.js (1552 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components\idmmzcc.dll (5392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\META-INF\zigbert.sf (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\chrome.manifest (2 bytes)
C:\Users\"%CurrentUserName%"\ntuser.dat.LOG1 (5504 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmmzcc64.dll (3856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\Scheduler\s_1.dt (304 bytes)
%Program Files% (x86)\Internet Download Manager\idmcchandler2.dll (4210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\install.rdf (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components\iIDMHelper5.xpt (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\urlexclist.dat (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmhelper.js (2 bytes)
C:\Users\"%CurrentUserName%"\NTUSER.DAT (6496 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components11\idmmzcc.dll (3856 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\install.js (1400 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\DMCache\settings.bak (1200 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmcchandler2_64.dll (60352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmcchandler2.dll (43936 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\META-INF\manifest.mf (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\idmmzcc.dll (5392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\iIDMMzCC.xpt (1138 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\chrome\idmmzcc.jar (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components2\iIDMHelper.xpt (662 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\icon.png (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\components\iIDMMzCC.xpt (1138 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\idmmzcc5\META-INF\zigbert.rsa (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\DwnlData\"%CurrentUserName%"\www_internetdownloadmanager_com_1\www_internetdownloadmanager_com (1842 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\IDM\DwnlData\"%CurrentUserName%"\www_internetdownloadmanager_com_1\log_1.log (5212 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\IDM_Setup_Temp\IDM1.tmp (179 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv" = "grpconv -o"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Idman" = "%Program Files% (x86)\Internet Download Manager\IDMan.exe /onboot"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Worm.Win32.AutoItGen_7b2cc96d9c

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Worm.Win32.AutoItGen_7b2cc96d9c

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet