Analysis Overview
SHA256
11930296db161845cdde2abb9417b0f74c4972130c4bf4ab0da444daadc94e51
Threat Level: Known bad
The file cut-the-ropeSetup.exe was found to be: Known bad.
Malicious Activity Summary
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Reads user/profile data of web browsers
Downloads MZ/PE file
Checks computer location settings
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Program crash
NSIS installer
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Modifies system certificate store
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-05 00:02
Signatures
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-05 00:02
Reported
2024-03-05 00:10
Platform
win10v2004-20240226-en
Max time kernel
347s
Max time network
423s
Command Line
Signatures
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
Reads user/profile data of web browsers
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Program crash
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\Mvdntltkiibpf = "sUQJUiEmM|T|MdUNBgPAJoYK@" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\Mvdntltkiibpf = "sUQJUiEmM|T|MdUNBgPAzoYK@" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\dahqhLtzbqidT = "tm^lTHxXLxLtx[SpzlPUFh{[" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\ohmjQ = "hV`U^apeqSO}V{lV`" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}^kochr" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\wjylnr = "Ca|KolPFUg\x7fjIhXF{j" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "YrfJlP" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}Rkochr" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Pgwc = "bOYscZCuMjaoeruA}J[L{[" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\Mvdntltkiibpf = "sUQJUiEmM|T|MdUNBgPAjoYK@" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}Bkochr" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{A1B241EF-4BF3-4B2A-8040-105415B96D0F} | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Mvdntltkiibpf = "X\\OYNwvIcrty~@IcjP^_\x7fQjrx" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Mvdntltkiibpf = "X\\OYNwvIcrty~@IcjP^_OQjrx" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "mk{ZLp" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\vjAwjwugnv = "z[WNu|yTE}yZ]Ejl" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\vjAwjwugnv = "ABTbG]|Wg[DAY}xO" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\vjAwjwugnv = "z[Wnu|yTE}yZ]Ejl" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\ohmjQ = "hV`U^apeqSO}V{lV`" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}jkochr" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\lnrzympp = "\\Xge^\x7fzK|GlPadHlr}D" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\ohmjQ = "|`zvHulMYIeyf\\}Ji" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\dahqhLtzbqidT = "tm^lTHxXLxLtx[Spzl|UFh{[" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\InprocServer32\ = "C:\\Windows\\SysWOW64\\AuthFWGP.dll" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\rNKnqEsxo = "BAR@IJZXJ]uxq^\\h`I\x7f\\nrQ" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\dahqhLtzbqidT = "tm^lTHxXLxLtx[SpzlXUFh{[" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Mvdntltkiibpf = "X\\OYNwvIcrty~@IcjP^__Qjrx" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{85D93631-1C01-41DC-9001-77525488407B} | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\rNKnqEsxo = "BOlMlQ}`yJVN}XfVpY~\\\x7fyP" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{7421B228-D13E-4CF2-B68C-0BA88001EBD5} | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\InprocServer32 | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\Pgwc = "gfavIMsqu`WkY|eOlKbi_a" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\mmmkiKuSvgf = "MjCV|`" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67} | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Mvdntltkiibpf = "X\\OYNwvIcrty~@IcjP^_OQjrx" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\Pgwc = "gfavIMsqu`WkY|eOlKbi_a" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}fkochr" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649} | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\rNKnqEsxo = "BOlMlQ}`yJVN}XfVpY~\\\x7fyP" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}Vkochr" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\mmmkiKuSvgf = "YIn^E@" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "}EfrYp" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\ = "Windows Defender Firewall with Advanced Security" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\wjylnr = "Fb}GQgaKpwZhCukWmW" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\mmmkiKuSvgf = "Uq{fSP" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\lnrzympp = "wa]W[T}Ibj}ztNVQWBW" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\vjAwjwugnv = "ABTrG]|Wg[DAY}xO" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\wjylnr = "Fb}GQgaKpwZhCukWmW" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{55E204B2-E539-4179-88DB-1067B12D218C} | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Pgwc = "bOYscZCuMjaoeruA}J[L{[" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\vjAwjwugnv = "ABTBG]|Wg[DAY}xO" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\vjAwjwugnv = "ABTrG]|Wg[DAY}xO" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\vjAwjwugnv = "z[W^u|yTE}yZ]Ejl" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\wjylnr = "Ca|KolPFUg\x7fjIhXF{j" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\mmmkiKuSvgf = "ahfvsp" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\dahqhLtzbqidT = "tm^lTHxXLxLtx[Spzl`UFh{[" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "UJsrz@" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\mmmkiKuSvgf = "dMjo]@" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\lnrzympp = "\\Xge^\x7fzK|GlPadHlr}D" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "upCjc@" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "Ai^zC`" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\ohmjQ = "|`zvHulMYIeyf\\}Ji" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\dahqhLtzbqidT = "tm^lTHxXLxLtx[SpzlhUFh{[" | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe
"C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5028 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe" -installer.createiwinshortcuts=yes -config.channel=20000006 -config.uri=https://www.iwin.com/ -config.channelName=IWinStreaming -config.iwinrequest="PF/6900598391240766192/cut-the-rope/48/0"
C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000006 -config.uri="https://www.iwin.com/" -config.channelName="iWin" -config.sku=FIRST_INSTALL -installer.createshortcutswithname="iWin Games" -autoupdate=1 -config.iwinrequest="PF/6900598391240766192/cut-the-rope/48/0"
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe" /S --no-desktop-shortcut
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" -config.uri=https://www.iwin.com/ -config.channel="20000006" -config.sku="FIRST_INSTALL" -config.iwinrequest="PF/6900598391240766192/cut-the-rope/48/0"
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=9AD41E2F5823829E6B25458541096087 --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=9AD41E2F5823829E6B25458541096087 --renderer-client-id=2 --mojo-platform-channel-handle=2904 /prefetch:1
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=E665B2756EEC633431596A8B867B28A4 --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=E665B2756EEC633431596A8B867B28A4 --renderer-client-id=3 --mojo-platform-channel-handle=3300 /prefetch:1
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=7424973D9770AF66239CCF2A1AD185E0 --mojo-platform-channel-handle=4256 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3080 -ip 3080
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 808
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=4A7943E000443DAFAE3A07E497F62355 --mojo-platform-channel-handle=4052 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2976 -ip 2976
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 808
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=3E5EAA1785E2630B281E56CD4CCC252D --mojo-platform-channel-handle=4292 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 444 -ip 444
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 808
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=F7C1EDAF8F5783A9A90BCBBD2CA79DCF --mojo-platform-channel-handle=4128 /prefetch:2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4732 -ip 4732
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 808
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe" -cmdfile="C:\Users\Admin\AppData\Local\Temp\iwn2003.tmp"
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe" /q /norestart
F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe
F:\8e8ff0f4be4fc1002cb541df63e63b\\Setup.exe /q /norestart /x86 /x64
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRope.exe
"CutTheRope.exe"
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRope.exe
"CutTheRope.exe"
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.iwincdn.com | udp |
| FR | 68.232.35.54:80 | p.iwincdn.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.35.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | tcp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| IE | 20.166.126.56:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 88.221.135.217:80 | tcp | |
| N/A | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | events.iwin.com | udp |
| US | 18.213.62.205:80 | events.iwin.com | tcp |
| US | 8.8.8.8:53 | 205.62.213.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 18.213.62.205:80 | events.iwin.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.iwin.com | udp |
| US | 3.229.171.50:443 | www.iwin.com | tcp |
| US | 8.8.8.8:53 | 50.171.229.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.10.230.54.in-addr.arpa | udp |
| US | 3.229.171.50:443 | www.iwin.com | tcp |
| US | 8.8.8.8:53 | play.iwincdn.com | udp |
| FR | 68.232.35.54:443 | play.iwincdn.com | tcp |
| FR | 68.232.35.54:443 | play.iwincdn.com | tcp |
| FR | 68.232.35.54:443 | play.iwincdn.com | tcp |
| US | 8.8.8.8:53 | static.iwincdn.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | js.maxmind.com | udp |
| PT | 13.225.10.89:443 | static.hotjar.com | tcp |
| US | 162.159.135.22:443 | js.maxmind.com | tcp |
| FR | 68.232.35.54:443 | static.iwincdn.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.10.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| PT | 13.225.10.90:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | geoip-js.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | events.iwin.com | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 18.213.62.205:443 | events.iwin.com | tcp |
| US | 18.213.62.205:443 | events.iwin.com | tcp |
| US | 8.8.8.8:53 | 90.10.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 104.18.33.110:443 | geoip-js.com | tcp |
| US | 8.8.8.8:53 | 110.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.optinly.net | udp |
| GB | 54.230.10.56:443 | cdn.optinly.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 172.217.169.74:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | dls.iwincdn.com | udp |
| FR | 68.232.35.54:443 | dls.iwincdn.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| FR | 68.232.35.54:443 | dls.iwincdn.com | tcp |
| FR | 68.232.35.54:443 | dls.iwincdn.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| BE | 66.102.1.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 156.1.102.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.optinly.net | udp |
| US | 8.8.8.8:53 | www.cloudflare.com | udp |
| US | 104.21.19.128:443 | static.optinly.net | tcp |
| US | 104.16.124.96:443 | www.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 128.19.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.124.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 104.21.19.128:443 | static.optinly.net | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.162.46.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apinew.optinly.com | udp |
| US | 172.67.149.76:443 | apinew.optinly.com | tcp |
| US | 8.8.8.8:53 | 76.149.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | events.iwin.com | udp |
| US | 54.87.121.74:443 | events.iwin.com | tcp |
| US | 8.8.8.8:53 | 74.121.87.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | events.iwin.com | udp |
| US | 54.174.35.159:443 | events.iwin.com | tcp |
| US | 8.8.8.8:53 | 159.35.174.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.iwincdn.com | udp |
| FR | 68.232.35.54:443 | static.iwincdn.com | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| PT | 13.225.10.108:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | 108.10.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 66.102.1.154:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 154.1.102.66.in-addr.arpa | udp |
| FR | 68.232.35.54:443 | static.iwincdn.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\System.dll
| MD5 | c17103ae9072a06da581dec998343fc1 |
| SHA1 | b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d |
| SHA256 | dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f |
| SHA512 | d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f |
C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\NSISdl.dll
| MD5 | a5f8399a743ab7f9c88c645c35b1ebb5 |
| SHA1 | 168f3c158913b0367bf79fa413357fbe97018191 |
| SHA256 | dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9 |
| SHA512 | 824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977 |
C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe
| MD5 | 08b9d680ad84d123016433f77616264d |
| SHA1 | d9899c0e80bfc85c1f910f832b910b93f7ac8de5 |
| SHA256 | b848325fb1622e962f7371781d052bc28e7935cd446fbd99e3c7d2cbadaff629 |
| SHA512 | da65c50bf648f7ff83a7cbe1bb975e3950ecc4cf1d2dbaa4c04e55c7916f5d68bb0a53c1bfc14f70489d243583672474b9067be35ce8ad26b6bb98d6fee34818 |
C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe
| MD5 | 3a18f65d0951df9e67bfc11ced5c24f5 |
| SHA1 | aeb925b5a9fa5c1208125596fac15f4b0cf3dee4 |
| SHA256 | b3ab676e9f1512792236b613af6a73a62d12edecc8695ebeb78b4806919681b8 |
| SHA512 | cd91350d6e8fa0560f56bfdc40fa9c89e4d361006a3ab74ae7564f2d184d0c1c745574a74162091d4f960f46dd650915ee2291f6d78f1c4e4c0cd18c575754b0 |
C:\Users\Admin\AppData\Local\Temp\nshE155.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Users\Admin\AppData\Local\Temp\nshE155.tmp\System.dll
| MD5 | bf712f32249029466fa86756f5546950 |
| SHA1 | 75ac4dc4808ac148ddd78f6b89a51afbd4091c2e |
| SHA256 | 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af |
| SHA512 | 13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4 |
C:\Users\Admin\AppData\Roaming\iWin Games Notifier\installer.exe
| MD5 | 0676a955ce2d9fe004c537eb1aae28dd |
| SHA1 | dd7aabe72fedbaf6bd87409bb99b002c019a53e9 |
| SHA256 | 48ab7497a60fe97bde347685bf971d464cae3111a19c354f76dfbe19c0b37fd0 |
| SHA512 | aefafcccea7e9c95607b60d480f1f6418e1fa72bf7b484cbb860189769b4b47450a62673f3c19171525e6ebe8c320227b77c4310f35d47f319db51d2fad845e8 |
C:\Users\Admin\AppData\Local\Programs\iWin-Games-Notifier\iWin Games Notifier.exe
| MD5 | 8bf314e5bc558e530dae69ae5839d5f3 |
| SHA1 | a825ed53034668ce3c789fc642026ca3c6cb9674 |
| SHA256 | dcd85299dd78422ecf2d1555bb70434c2d0ae86c5c27f61357b1809f87445167 |
| SHA512 | d139a3e87cfed7387e4f36872592f709fc42a1270b817101dc775a5a6130c21ef32c34a76b3cd27170433e2ac6fd48576c0ce4a81781219807847a1b7eaaeae6 |
C:\Users\Admin\AppData\Local\Temp\nsh556A.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
| MD5 | 9a8c7b2afe7e690c939061aa93082f0e |
| SHA1 | e4e743364748192dd99389277fceae5a0b205d0b |
| SHA256 | b85029e8eeff9ead46ebb2a0bb9e2cc3058f10a078cfcfa5f922a610f9df3326 |
| SHA512 | 14f5904cefcc5389c9b79b341dff15e750cd5182421b168419d142e0f74ac49c7524abca04c41eeb90311f157873c43c8b160d6f3523ca603c3850ad47062ef4 |
C:\Users\Admin\AppData\Local\Temp\nshE155.tmp\INetC.dll
| MD5 | e7ebd034dacf96fcc0c7a35c62477d21 |
| SHA1 | cd372d0607d94b48ac84a1738ed434df4d882f22 |
| SHA256 | dc84aa66f398781fe76eecf90fc6613f729076552d4b268269228b754bfd70d2 |
| SHA512 | df367b39c7c62ba2df1d50cbe3dbc97a7a2719fae7684330b4df971f0742c3447f0beb2d295a206522bbce6fbd0053d188d159f7236b6953d35cbf51aecc1bf3 |
memory/1300-817-0x0000000000E70000-0x0000000000E71000-memory.dmp
memory/4812-825-0x0000000002A40000-0x0000000002A41000-memory.dmp
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000005
| MD5 | 0a1cc39cc3f6049e8d97ebe2de642c32 |
| SHA1 | 93d4f34e2d9212930a53cba847d2d86b3ace96d6 |
| SHA256 | 92a177028e4c6d62950420ace948e04fd294a749ee5d1e998d05d053eb87853c |
| SHA512 | 00cb2f6187d1c4d511a0996db494f9716878962e884d271905f51c5fb6429fbad1a44ffcb87f0e5875756edb25e3530be4f4bc0a2a8744f3d100cffc5446a5b5 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Temp\HFI5646.tmp.html
| MD5 | cd131d41791a543cc6f6ed1ea5bd257c |
| SHA1 | f42a2708a0b42a13530d26515274d1fcdbfe8490 |
| SHA256 | e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb |
| SHA512 | a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a |
memory/3272-2689-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3272-2691-0x0000000002A20000-0x0000000002C2C000-memory.dmp
memory/3272-2697-0x0000000002A20000-0x0000000002C2C000-memory.dmp
memory/3272-2700-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3272-2701-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3272-2702-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3272-2703-0x0000000002A20000-0x0000000002C2C000-memory.dmp
memory/3272-2705-0x0000000002A20000-0x0000000002C2C000-memory.dmp
memory/3272-2706-0x0000000000400000-0x000000000060C000-memory.dmp
memory/456-2712-0x0000000000400000-0x000000000060C000-memory.dmp
memory/456-2713-0x0000000002940000-0x0000000002B4C000-memory.dmp
memory/456-2719-0x0000000002940000-0x0000000002B4C000-memory.dmp
memory/456-2723-0x0000000000400000-0x000000000060C000-memory.dmp
memory/456-2724-0x0000000000400000-0x000000000060C000-memory.dmp
memory/456-2725-0x0000000000400000-0x000000000060C000-memory.dmp
memory/456-2726-0x0000000002940000-0x0000000002B4C000-memory.dmp
memory/456-2731-0x0000000000400000-0x000000000060C000-memory.dmp
memory/456-2730-0x0000000002940000-0x0000000002B4C000-memory.dmp
memory/3244-2733-0x00000000029B0000-0x0000000002BBC000-memory.dmp
memory/3244-2740-0x00000000029B0000-0x0000000002BBC000-memory.dmp
memory/3244-2744-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3244-2746-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3244-2745-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3244-2747-0x00000000029B0000-0x0000000002BBC000-memory.dmp
memory/3244-2752-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3244-2751-0x00000000029B0000-0x0000000002BBC000-memory.dmp
memory/5080-2765-0x0000000000400000-0x000000000068A000-memory.dmp
memory/5080-2767-0x0000000002890000-0x0000000002A9C000-memory.dmp
memory/4656-2773-0x0000000002A60000-0x0000000002C6C000-memory.dmp
memory/5080-2774-0x0000000002890000-0x0000000002A9C000-memory.dmp
memory/4656-2780-0x0000000002A60000-0x0000000002C6C000-memory.dmp
memory/5080-2787-0x0000000000400000-0x000000000068A000-memory.dmp
memory/4656-2788-0x0000000000400000-0x000000000060C000-memory.dmp
memory/4656-2790-0x0000000000400000-0x000000000060C000-memory.dmp
memory/5080-2789-0x0000000000400000-0x000000000068A000-memory.dmp
memory/4656-2802-0x0000000000400000-0x000000000060C000-memory.dmp
memory/4656-2803-0x0000000002A60000-0x0000000002C6C000-memory.dmp
memory/4292-2823-0x0000000000130000-0x00000000001E2000-memory.dmp
memory/4292-2822-0x000000006CDE0000-0x000000006D590000-memory.dmp
memory/4292-2824-0x000000006CDE0000-0x000000006D590000-memory.dmp
memory/5080-2828-0x0000000000400000-0x000000000068A000-memory.dmp
memory/5080-2829-0x0000000002890000-0x0000000002A9C000-memory.dmp
memory/2188-2838-0x0000000002990000-0x0000000002B9C000-memory.dmp
memory/2188-2851-0x0000000000400000-0x000000000060C000-memory.dmp
memory/2188-2852-0x0000000002990000-0x0000000002B9C000-memory.dmp
memory/1944-2861-0x0000000002980000-0x0000000002B8C000-memory.dmp
memory/1944-2874-0x0000000000400000-0x000000000060C000-memory.dmp
memory/1944-2875-0x0000000002980000-0x0000000002B8C000-memory.dmp
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000059
| MD5 | 4942848dd80629325ad64ec0eb447f86 |
| SHA1 | 2b3ec476c2554d91ae323d4f8aec3e4c724debac |
| SHA256 | c44e3f430773066e863cff140b2b8a54edcb34bd371fa48c931435d9aa942b74 |
| SHA512 | 9945df177bcdf138057ad5d3c5d1e7a3fadc09d99880f93d4152f01e207731a376cd2191d991548850fcb5b7d5c2692d90a9fa1b3888c5bc86fe8ed4a58f81ec |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000f
| MD5 | 5a698b0d3ed3cdbfaab2fc2e70e5e660 |
| SHA1 | 5173008a7472cdfa139e35edd5a40670af0511d1 |
| SHA256 | 87dbb27ba187d83dc579e8258183f12dfd8402304ff642aa1f272b054f797264 |
| SHA512 | 0c288c0d4f2c4db3d22fee43fe8e63b5c110840b53fcf4b71fd986af3f933a5c23371aba1cc32243284eb7f55e007b7c2e7dfd4d99b927ff7c42f40bbb3ac2de |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000046
| MD5 | 103708790db3586027df27ded660f8ef |
| SHA1 | d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70 |
| SHA256 | fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe |
| SHA512 | bb9fe97db1f3d0050f5d36e202a83cfa04903d09cd3e5996944aafbfd05f13ddbd13aeb361eec76b28941b4cd51ff0e2a58d37fbe8c8b08ba1ab88edac93dca3 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\databases\https_www.iwin.com_0\2
| MD5 | f1ac6beb03b6d9a05a9de585fe2d7c5c |
| SHA1 | 8c1d4989fb4dcc7271d1eeb024a4f932886e8f86 |
| SHA256 | 87fb2357fc29f44cfdc286fd3d003ff60301c34196375a43d512ddcf92a71e90 |
| SHA512 | 06d743b28f0efa8bab7c8fff74840c5b2766a0416721828034be6a9bf6af0c2cdf1dccee1bb0b11d7ebdaaae187831dae1b877f547d7c06c58bbe9eeacef5e1f |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000008
| MD5 | 9e43cf8291b8329e37a6bfdf93bc14b0 |
| SHA1 | 324327736b057352c103532c93fe83bf2346fd7e |
| SHA256 | b8918346990777fbe69a8313b69be49ca0ac147e21cdf5b6eeb44bd57beb0d15 |
| SHA512 | 2352b8613813998e72f19adbe1df258dfe7530e51963de518afc0d23edef94511dd789a902b220801bf3c13370ddd3a1a0ea1233c77d6698bbf831a6c9192c88 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000048
| MD5 | c10aa33f5593e6bfad40395a119b691c |
| SHA1 | 214c629df8ac528bc9af3a2674b7ffa0eb0e146c |
| SHA256 | f0e4ca6c3678b4e80d3a676fefd4e2f3cdb7c68148ab8229c4fc5a050102dd2b |
| SHA512 | 749443e074c086a81176ddb4cceb43c8999ce58bd1349a5120ad696d7e8c4a4ce85ca535127f4d292422c7f653d33673e59f6cc0178f4d6724d09cb4e9a51032 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000a
| MD5 | 2c503b3f15f8cda76d58ad951bdbb987 |
| SHA1 | 2479089f7d16d8e9518864f0242808f20abd7456 |
| SHA256 | febec47f17bade250d781ffcb762442915a8ec9fc1267a1a8d93459db5e3634d |
| SHA512 | bfb599587efa3943b392546f5e6eda213cc310e7db3171c57787c16a45a663795281c70c9e245027f08c742ddf5f574d184bdfaa24dcb13876393770ec24680e |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000049
| MD5 | 5711f8815489f44e6c7be7d0e38a1fc2 |
| SHA1 | 96fe97be1fade741d037adfa2989058d10bdb5f8 |
| SHA256 | adaed962631180f5bb1684a044330acc1240f6bb44faeb62aa37cd72d7becbef |
| SHA512 | 74ac473b11b6a0cffb39c2a6f49d017ff2fd443f879cf2f6d876edef45af82ab31f37b9f30a339e65e2df99bd2515d726c1b6a22551c5230217c7f6d4bc44a81 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000b
| MD5 | 5b5634f43da9ae707c5f389e45b6a8e6 |
| SHA1 | 51dd4c5ae1924e6c63a05d701a9b78b3f2c40fbc |
| SHA256 | 4d59e1d4a4d0cfb922728b7160ee7b44e0cdde897cfe496211a997182178eed0 |
| SHA512 | 5a3104fb1b67750a154b5eb42c868592fdba2d8732ab8da2747eeadf010fd82bc7a95384a4b64bf79c8f91954b201d73bcb1c0c08d5108395e319760808f0be4 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004a
| MD5 | 384f2e203afb9f4cb886e039a3249f48 |
| SHA1 | 243fcd6aa75bd6a2a269b0fd0ec6dc743ca37c76 |
| SHA256 | 7568b729bec1a79a773702afae3785e4741fb73e7405071b8a1dfd33e4841c08 |
| SHA512 | fb2dff7751878310a7ebd0d2d918d72f10548fbeb5877e2b3d49b1040fa52dacfb586e64f48c438ea99bf105569ace26a9ba8d91fc09de55203f5f2b1324db87 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000c
| MD5 | 9aeba382f415068da5b68616b9d280a9 |
| SHA1 | 165d18dfbd9b559ba57d9bdac728f988fddd95eb |
| SHA256 | b4baa680bdb72e187bab3bf0cf9484efa19fc44edbaf25f01415d11fe4ba374c |
| SHA512 | a5606b14a71934fe30a27566824abc129ced0951dc9d5d768cf61709e2d21b7ad240e4990db9d297fb259690b15e30893e41ba071ddd035f5e55cee405147055 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004b
| MD5 | dc56ccc23cac3a1afb92c90eb7f34bce |
| SHA1 | 20884a76481b8446243abe19a65a0160c20ea3ef |
| SHA256 | fcb74db1f03e405e7b32a09b6e2c678dd57e1e104136b082eed6802eb54f0635 |
| SHA512 | 5507fb1b5e48a6714fcecffc1e90650f0b32a0ce9f361c41f0319da716eb12880f850bc309ccaf4a17ab243af9059e6af9bddcd99eac83699605afbeae0c42ce |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000014
| MD5 | bdb09064d42e0e918c118b2fc5dfa11a |
| SHA1 | 88fca47b9a85b35ad6b51ad13dab2e0522140906 |
| SHA256 | 5a076610a095b0bfc6fc5b3a77d232218b73410e064e7c1d8bdaee3c5003199c |
| SHA512 | 4f92738fc2521bf18bdde6aab64818d8d3d6e4f43b3617b4eeb3299763b6cf7da537567fc0b6ccfbf9d74d34cd094199599b58a8cf20dded51d0e8fcf5da3919 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000037
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004d
| MD5 | 80cd8e11e0b8819ea4fbef40a0b39010 |
| SHA1 | ce762223a4ee8e9f8c558c4a00ecb335acaaf6fb |
| SHA256 | eefca238087dcfb596cdff3ca27fbbc370d64dddfa5325edf9a0604410375df6 |
| SHA512 | f7366822ff4e0c2ec0f0322c115c11f32cfcc158447bfd4c8eafbb0a2786e0265f8990ce2f782f6637e139535d18c9a2683fb981a54b1edf257cd14a121a3488 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000031
| MD5 | e34464a2d220f462fd80e97940efc33a |
| SHA1 | 06b55be34ab621b27f93d327e0c0999e7bfc3824 |
| SHA256 | f62f6df8590faec594a11293fd0f0470bacc00908bc0518397a58e3ea05fa9a6 |
| SHA512 | 07add3ee5e7bb3d568468ec51b89ef169851934141a896fecec2b1317afc1cab125a4ea9ba064521ab04aebdbebf0f65ae0b5af64d845a52469496c371b89d30 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004c
| MD5 | a2034813f0d7e9c272cc8e114621b2c1 |
| SHA1 | 0393f1fbfc95a493f068419efa9a0b24727e485c |
| SHA256 | c3e82ddd61a8b3b0af4c54422bddfd44e540d723c28dd8a4efdf75e5c8162056 |
| SHA512 | 5a00334b87222113ea4c7584bc1764536020f113d7c4954ea9c7183ef368b1e9a3899b478d59853d36ede4a3e9fdd7b08cc17fdcf48a6debb5efbee5121df211 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000044
| MD5 | 696fc0502ddfe806d7ad0b7c63c523cb |
| SHA1 | 13af1b62118eddd27dc80496e656d08515a4c2a0 |
| SHA256 | 1d4b520f7efa751759344f0aff0cb3748f9ebcbe6d1b2946c06ad132171647ee |
| SHA512 | f40cf410126158f1c0694443cddf5fb7881c086276466cf9eea518ecade186af537f0a1bd8e8d09437c751b9793a7b711c31cef3caf61f68a742f33b58708008 |
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000043
| MD5 | 504d726b06b93a100f6ce2c4d393b4b5 |
| SHA1 | 90815d0970e78bb1285e41500304bb27075dec4a |
| SHA256 | b475291eb9bc1b3df2384135fb4ae15c33fceaefeb66fcba75e7ca8f0953b7ee |
| SHA512 | b681b5180f5985148d80438f2f8afc10c273665aaf5de82ecac85dc4e312bb4e99a4584175303f4a1a4d652cb9713458e9a4d638e4be477e9fd13c55a16f9b8e |
memory/5052-2983-0x0000000002AA0000-0x0000000002CAC000-memory.dmp
memory/4664-2985-0x00000000028B0000-0x0000000002ABC000-memory.dmp
memory/2924-3006-0x000000006CDE0000-0x000000006D590000-memory.dmp
memory/4664-3007-0x0000000000400000-0x000000000060C000-memory.dmp
memory/4664-3008-0x00000000028B0000-0x0000000002ABC000-memory.dmp
memory/5052-3017-0x0000000000400000-0x000000000068A000-memory.dmp
memory/5052-3020-0x0000000002AA0000-0x0000000002CAC000-memory.dmp
memory/5060-3028-0x0000000002990000-0x0000000002B9C000-memory.dmp
memory/5060-3041-0x0000000002990000-0x0000000002B9C000-memory.dmp
memory/5060-3042-0x0000000000400000-0x000000000060C000-memory.dmp
memory/2100-3051-0x0000000002900000-0x0000000002B0C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GameManager\DRMWorker\drmworker6899059330203837874
| MD5 | 76755bc5bacfbe32e382996e34c5a21e |
| SHA1 | c0ffa7b06de1e5a3bf680a05a0b30d7e8d26e2d0 |
| SHA256 | 3280fd4c8a3658e14f03e584deb9e9ba928051f54aef0e4835c116f695f6738b |
| SHA512 | f9a7aaf0f66f979d0897ba78de41075f7ff82bc36d7840f48da66be1ffa94c1c26f28569f63ac8bc3870ced0a5239c76d885d956010b3c692ba50f7fd44f7332 |
memory/2100-3064-0x0000000000400000-0x000000000060C000-memory.dmp
memory/2100-3065-0x0000000002900000-0x0000000002B0C000-memory.dmp
memory/2924-3110-0x000000006CDE0000-0x000000006D590000-memory.dmp