Malware Analysis Report

2024-10-16 03:32

Sample ID 240305-abxf7sgg4z
Target cut-the-ropeSetup.exe
SHA256 11930296db161845cdde2abb9417b0f74c4972130c4bf4ab0da444daadc94e51
Tags
banload discovery downloader dropper evasion spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

11930296db161845cdde2abb9417b0f74c4972130c4bf4ab0da444daadc94e51

Threat Level: Known bad

The file cut-the-ropeSetup.exe was found to be: Known bad.

Malicious Activity Summary

banload discovery downloader dropper evasion spyware stealer trojan

Banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Reads user/profile data of web browsers

Downloads MZ/PE file

Checks computer location settings

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Enumerates physical storage devices

Program crash

NSIS installer

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Modifies system certificate store

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-05 00:02

Signatures

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-05 00:02

Reported

2024-03-05 00:10

Platform

win10v2004-20240226-en

Max time kernel

347s

Max time network

423s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe"

Signatures

Banload

trojan dropper downloader banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A

Reads user/profile data of web browsers

spyware stealer

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A

Checks installed software on the system

discovery

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe N/A
N/A N/A F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn N/A
N/A N/A C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\Mvdntltkiibpf = "sUQJUiEmM|T|MdUNBgPAJoYK@" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\Mvdntltkiibpf = "sUQJUiEmM|T|MdUNBgPAzoYK@" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\dahqhLtzbqidT = "tm^lTHxXLxLtx[SpzlPUFh{[" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\ohmjQ = "hV`U^apeqSO}V{lV`" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}^kochr" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\wjylnr = "Ca|KolPFUg\x7fjIhXF{j" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "YrfJlP" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}Rkochr" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Pgwc = "bOYscZCuMjaoeruA}J[L{[" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\Mvdntltkiibpf = "sUQJUiEmM|T|MdUNBgPAjoYK@" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}Bkochr" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{A1B241EF-4BF3-4B2A-8040-105415B96D0F} C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Mvdntltkiibpf = "X\\OYNwvIcrty~@IcjP^_\x7fQjrx" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Mvdntltkiibpf = "X\\OYNwvIcrty~@IcjP^_OQjrx" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "mk{ZLp" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\vjAwjwugnv = "z[WNu|yTE}yZ]Ejl" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\vjAwjwugnv = "ABTbG]|Wg[DAY}xO" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\vjAwjwugnv = "z[Wnu|yTE}yZ]Ejl" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\ohmjQ = "hV`U^apeqSO}V{lV`" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}jkochr" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\lnrzympp = "\\Xge^\x7fzK|GlPadHlr}D" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\ohmjQ = "|`zvHulMYIeyf\\}Ji" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\dahqhLtzbqidT = "tm^lTHxXLxLtx[Spzl|UFh{[" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\InprocServer32\ = "C:\\Windows\\SysWOW64\\AuthFWGP.dll" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\rNKnqEsxo = "BAR@IJZXJ]uxq^\\h`I\x7f\\nrQ" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\dahqhLtzbqidT = "tm^lTHxXLxLtx[SpzlXUFh{[" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Mvdntltkiibpf = "X\\OYNwvIcrty~@IcjP^__Qjrx" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{85D93631-1C01-41DC-9001-77525488407B} C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\rNKnqEsxo = "BOlMlQ}`yJVN}XfVpY~\\\x7fyP" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{7421B228-D13E-4CF2-B68C-0BA88001EBD5} C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\InprocServer32 C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\Pgwc = "gfavIMsqu`WkY|eOlKbi_a" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\mmmkiKuSvgf = "MjCV|`" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67} C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Mvdntltkiibpf = "X\\OYNwvIcrty~@IcjP^_OQjrx" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\Pgwc = "gfavIMsqu`WkY|eOlKbi_a" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}fkochr" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649} C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\rNKnqEsxo = "BOlMlQ}`yJVN}XfVpY~\\\x7fyP" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\dahqhLtzbqidT = "TUjTZc\x7f}NGgLSl\x7fcq}Vkochr" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\mmmkiKuSvgf = "YIn^E@" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "}EfrYp" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\ = "Windows Defender Firewall with Advanced Security" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\wjylnr = "Fb}GQgaKpwZhCukWmW" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\mmmkiKuSvgf = "Uq{fSP" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\lnrzympp = "wa]W[T}Ibj}ztNVQWBW" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\vjAwjwugnv = "ABTrG]|Wg[DAY}xO" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\wjylnr = "Fb}GQgaKpwZhCukWmW" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{55E204B2-E539-4179-88DB-1067B12D218C} C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\Pgwc = "bOYscZCuMjaoeruA}J[L{[" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\vjAwjwugnv = "ABTBG]|Wg[DAY}xO" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\vjAwjwugnv = "ABTrG]|Wg[DAY}xO" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\vjAwjwugnv = "z[W^u|yTE}yZ]Ejl" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\wjylnr = "Ca|KolPFUg\x7fjIhXF{j" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\mmmkiKuSvgf = "ahfvsp" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\dahqhLtzbqidT = "tm^lTHxXLxLtx[Spzl`UFh{[" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "UJsrz@" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\mmmkiKuSvgf = "dMjo]@" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\lnrzympp = "\\Xge^\x7fzK|GlPadHlr}D" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "upCjc@" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\mmmkiKuSvgf = "Ai^zC`" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5EA86AD3-8532-7B49-082B-DFB75D72FF67}\ohmjQ = "|`zvHulMYIeyf\\}Ji" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\{BCB61235-AE83-13D1-B2E4-0060975B8649}\dahqhLtzbqidT = "tm^lTHxXLxLtx[SpzlhUFh{[" C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe N/A
N/A N/A F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe N/A
N/A N/A F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe N/A
N/A N/A F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe N/A
N/A N/A F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe N/A
N/A N/A F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe N/A
N/A N/A F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe N/A
N/A N/A F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe N/A
N/A N/A F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1596 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe
PID 1596 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe
PID 1596 wrote to memory of 408 N/A C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe
PID 668 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe
PID 668 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe
PID 668 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe
PID 668 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 668 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 668 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 1300 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 4812 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 3080 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 444 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
PID 4580 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe
PID 4580 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe
PID 4580 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe
PID 2872 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe
PID 2872 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe
PID 2872 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe
PID 3780 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe
PID 3780 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe
PID 3780 wrote to memory of 4548 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe
PID 4580 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
PID 4580 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
PID 4580 wrote to memory of 3272 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
PID 4580 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
PID 4580 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
PID 4580 wrote to memory of 456 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
PID 4580 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
PID 4580 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
PID 4580 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
PID 4580 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn
PID 4580 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn
PID 4580 wrote to memory of 5080 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn
PID 4580 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
PID 4580 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe
PID 4580 wrote to memory of 4656 N/A C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe

Processes

C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe

"C:\Users\Admin\AppData\Local\Temp\cut-the-ropeSetup.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5028 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe" -installer.createiwinshortcuts=yes -config.channel=20000006 -config.uri=https://www.iwin.com/ -config.channelName=IWinStreaming -config.iwinrequest="PF/6900598391240766192/cut-the-rope/48/0"

C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000006 -config.uri="https://www.iwin.com/" -config.channelName="iWin" -config.sku=FIRST_INSTALL -installer.createshortcutswithname="iWin Games" -autoupdate=1 -config.iwinrequest="PF/6900598391240766192/cut-the-rope/48/0"

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe

"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe" /S --no-desktop-shortcut

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe

"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" -config.uri=https://www.iwin.com/ -config.channel="20000006" -config.sku="FIRST_INSTALL" -config.iwinrequest="PF/6900598391240766192/cut-the-rope/48/0"

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe

"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=9AD41E2F5823829E6B25458541096087 --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=9AD41E2F5823829E6B25458541096087 --renderer-client-id=2 --mojo-platform-channel-handle=2904 /prefetch:1

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe

"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=E665B2756EEC633431596A8B867B28A4 --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=E665B2756EEC633431596A8B867B28A4 --renderer-client-id=3 --mojo-platform-channel-handle=3300 /prefetch:1

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe

"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=7424973D9770AF66239CCF2A1AD185E0 --mojo-platform-channel-handle=4256 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3080 -ip 3080

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 808

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe

"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=4A7943E000443DAFAE3A07E497F62355 --mojo-platform-channel-handle=4052 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2976 -ip 2976

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 808

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe

"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=3E5EAA1785E2630B281E56CD4CCC252D --mojo-platform-channel-handle=4292 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 444 -ip 444

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 808

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe

"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --use-gl=swiftshader-webgl --supports-dual-gpus=false --gpu-driver-bug-workarounds=9,12,23,27,49,84 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --disable-accelerated-video-decode --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --service-request-channel-token=F7C1EDAF8F5783A9A90BCBBD2CA79DCF --mojo-platform-channel-handle=4128 /prefetch:2

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4732 -ip 4732

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 808

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe

"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\iWinPrerequisitesAdmin.exe" -cmdfile="C:\Users\Admin\AppData\Local\Temp\iwn2003.tmp"

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe

"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\InstallerCache\dls.iwincdn.com_common_installers_dotNetFx40_Client_x86_x64.exe" /q /norestart

F:\8e8ff0f4be4fc1002cb541df63e63b\Setup.exe

F:\8e8ff0f4be4fc1002cb541df63e63b\\Setup.exe /q /norestart /x86 /x64

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRope.exe

"CutTheRope.exe"

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRopeApp.ifn

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\CutTheRope.exe

"CutTheRope.exe"

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe

C:\Users\Admin\AppData\Local\UGMgames\20000006\cut-the-rope\cut-the-rope\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid6899059330203837874

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 p.iwincdn.com udp
FR 68.232.35.54:80 p.iwincdn.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 54.35.232.68.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
IE 20.166.126.56:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
N/A 88.221.135.217:80 tcp
N/A 13.107.253.64:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 events.iwin.com udp
US 18.213.62.205:80 events.iwin.com tcp
US 8.8.8.8:53 205.62.213.18.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 18.213.62.205:80 events.iwin.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.iwin.com udp
US 3.229.171.50:443 www.iwin.com tcp
US 8.8.8.8:53 50.171.229.3.in-addr.arpa udp
US 8.8.8.8:53 46.10.230.54.in-addr.arpa udp
US 3.229.171.50:443 www.iwin.com tcp
US 8.8.8.8:53 play.iwincdn.com udp
FR 68.232.35.54:443 play.iwincdn.com tcp
FR 68.232.35.54:443 play.iwincdn.com tcp
FR 68.232.35.54:443 play.iwincdn.com tcp
US 8.8.8.8:53 static.iwincdn.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 js.maxmind.com udp
PT 13.225.10.89:443 static.hotjar.com tcp
US 162.159.135.22:443 js.maxmind.com tcp
FR 68.232.35.54:443 static.iwincdn.com tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 89.10.225.13.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 script.hotjar.com udp
PT 13.225.10.90:443 script.hotjar.com tcp
US 8.8.8.8:53 geoip-js.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 events.iwin.com udp
GB 163.70.147.23:443 connect.facebook.net tcp
US 18.213.62.205:443 events.iwin.com tcp
US 18.213.62.205:443 events.iwin.com tcp
US 8.8.8.8:53 90.10.225.13.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
GB 163.70.147.23:443 connect.facebook.net tcp
US 104.18.33.110:443 geoip-js.com tcp
US 8.8.8.8:53 110.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.optinly.net udp
GB 54.230.10.56:443 cdn.optinly.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
GB 157.240.221.35:443 www.facebook.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 56.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 35.221.240.157.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
GB 172.217.169.74:443 ajax.googleapis.com tcp
US 8.8.8.8:53 dls.iwincdn.com udp
FR 68.232.35.54:443 dls.iwincdn.com tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
FR 68.232.35.54:443 dls.iwincdn.com tcp
FR 68.232.35.54:443 dls.iwincdn.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
BE 66.102.1.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 156.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 static.optinly.net udp
US 8.8.8.8:53 www.cloudflare.com udp
US 104.21.19.128:443 static.optinly.net tcp
US 104.16.124.96:443 www.cloudflare.com tcp
US 8.8.8.8:53 128.19.21.104.in-addr.arpa udp
US 8.8.8.8:53 96.124.16.104.in-addr.arpa udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 104.21.19.128:443 static.optinly.net tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 225.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 apinew.optinly.com udp
US 172.67.149.76:443 apinew.optinly.com tcp
US 8.8.8.8:53 76.149.67.172.in-addr.arpa udp
US 8.8.8.8:53 events.iwin.com udp
US 54.87.121.74:443 events.iwin.com tcp
US 8.8.8.8:53 74.121.87.54.in-addr.arpa udp
US 8.8.8.8:53 events.iwin.com udp
US 54.174.35.159:443 events.iwin.com tcp
US 8.8.8.8:53 159.35.174.54.in-addr.arpa udp
US 8.8.8.8:53 static.iwincdn.com udp
FR 68.232.35.54:443 static.iwincdn.com tcp
US 8.8.8.8:53 static.hotjar.com udp
PT 13.225.10.108:443 static.hotjar.com tcp
US 8.8.8.8:53 108.10.225.13.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 66.102.1.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 154.1.102.66.in-addr.arpa udp
FR 68.232.35.54:443 static.iwincdn.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\System.dll

MD5 c17103ae9072a06da581dec998343fc1
SHA1 b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256 dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512 d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\NSISdl.dll

MD5 a5f8399a743ab7f9c88c645c35b1ebb5
SHA1 168f3c158913b0367bf79fa413357fbe97018191
SHA256 dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
SHA512 824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe

MD5 08b9d680ad84d123016433f77616264d
SHA1 d9899c0e80bfc85c1f910f832b910b93f7ac8de5
SHA256 b848325fb1622e962f7371781d052bc28e7935cd446fbd99e3c7d2cbadaff629
SHA512 da65c50bf648f7ff83a7cbe1bb975e3950ecc4cf1d2dbaa4c04e55c7916f5d68bb0a53c1bfc14f70489d243583672474b9067be35ce8ad26b6bb98d6fee34818

C:\Users\Admin\AppData\Local\Temp\nsvFA30.tmp\GamesManagerInstaller.exe

MD5 3a18f65d0951df9e67bfc11ced5c24f5
SHA1 aeb925b5a9fa5c1208125596fac15f4b0cf3dee4
SHA256 b3ab676e9f1512792236b613af6a73a62d12edecc8695ebeb78b4806919681b8
SHA512 cd91350d6e8fa0560f56bfdc40fa9c89e4d361006a3ab74ae7564f2d184d0c1c745574a74162091d4f960f46dd650915ee2291f6d78f1c4e4c0cd18c575754b0

C:\Users\Admin\AppData\Local\Temp\nshE155.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

C:\Users\Admin\AppData\Local\Temp\nshE155.tmp\System.dll

MD5 bf712f32249029466fa86756f5546950
SHA1 75ac4dc4808ac148ddd78f6b89a51afbd4091c2e
SHA256 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
SHA512 13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

C:\Users\Admin\AppData\Roaming\iWin Games Notifier\installer.exe

MD5 0676a955ce2d9fe004c537eb1aae28dd
SHA1 dd7aabe72fedbaf6bd87409bb99b002c019a53e9
SHA256 48ab7497a60fe97bde347685bf971d464cae3111a19c354f76dfbe19c0b37fd0
SHA512 aefafcccea7e9c95607b60d480f1f6418e1fa72bf7b484cbb860189769b4b47450a62673f3c19171525e6ebe8c320227b77c4310f35d47f319db51d2fad845e8

C:\Users\Admin\AppData\Local\Programs\iWin-Games-Notifier\iWin Games Notifier.exe

MD5 8bf314e5bc558e530dae69ae5839d5f3
SHA1 a825ed53034668ce3c789fc642026ca3c6cb9674
SHA256 dcd85299dd78422ecf2d1555bb70434c2d0ae86c5c27f61357b1809f87445167
SHA512 d139a3e87cfed7387e4f36872592f709fc42a1270b817101dc775a5a6130c21ef32c34a76b3cd27170433e2ac6fd48576c0ce4a81781219807847a1b7eaaeae6

C:\Users\Admin\AppData\Local\Temp\nsh556A.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe

MD5 9a8c7b2afe7e690c939061aa93082f0e
SHA1 e4e743364748192dd99389277fceae5a0b205d0b
SHA256 b85029e8eeff9ead46ebb2a0bb9e2cc3058f10a078cfcfa5f922a610f9df3326
SHA512 14f5904cefcc5389c9b79b341dff15e750cd5182421b168419d142e0f74ac49c7524abca04c41eeb90311f157873c43c8b160d6f3523ca603c3850ad47062ef4

C:\Users\Admin\AppData\Local\Temp\nshE155.tmp\INetC.dll

MD5 e7ebd034dacf96fcc0c7a35c62477d21
SHA1 cd372d0607d94b48ac84a1738ed434df4d882f22
SHA256 dc84aa66f398781fe76eecf90fc6613f729076552d4b268269228b754bfd70d2
SHA512 df367b39c7c62ba2df1d50cbe3dbc97a7a2719fae7684330b4df971f0742c3447f0beb2d295a206522bbce6fbd0053d188d159f7236b6953d35cbf51aecc1bf3

memory/1300-817-0x0000000000E70000-0x0000000000E71000-memory.dmp

memory/4812-825-0x0000000002A40000-0x0000000002A41000-memory.dmp

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000005

MD5 0a1cc39cc3f6049e8d97ebe2de642c32
SHA1 93d4f34e2d9212930a53cba847d2d86b3ace96d6
SHA256 92a177028e4c6d62950420ace948e04fd294a749ee5d1e998d05d053eb87853c
SHA512 00cb2f6187d1c4d511a0996db494f9716878962e884d271905f51c5fb6429fbad1a44ffcb87f0e5875756edb25e3530be4f4bc0a2a8744f3d100cffc5446a5b5

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Temp\HFI5646.tmp.html

MD5 cd131d41791a543cc6f6ed1ea5bd257c
SHA1 f42a2708a0b42a13530d26515274d1fcdbfe8490
SHA256 e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb
SHA512 a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

memory/3272-2689-0x0000000000400000-0x000000000060C000-memory.dmp

memory/3272-2691-0x0000000002A20000-0x0000000002C2C000-memory.dmp

memory/3272-2697-0x0000000002A20000-0x0000000002C2C000-memory.dmp

memory/3272-2700-0x0000000000400000-0x000000000060C000-memory.dmp

memory/3272-2701-0x0000000000400000-0x000000000060C000-memory.dmp

memory/3272-2702-0x0000000000400000-0x000000000060C000-memory.dmp

memory/3272-2703-0x0000000002A20000-0x0000000002C2C000-memory.dmp

memory/3272-2705-0x0000000002A20000-0x0000000002C2C000-memory.dmp

memory/3272-2706-0x0000000000400000-0x000000000060C000-memory.dmp

memory/456-2712-0x0000000000400000-0x000000000060C000-memory.dmp

memory/456-2713-0x0000000002940000-0x0000000002B4C000-memory.dmp

memory/456-2719-0x0000000002940000-0x0000000002B4C000-memory.dmp

memory/456-2723-0x0000000000400000-0x000000000060C000-memory.dmp

memory/456-2724-0x0000000000400000-0x000000000060C000-memory.dmp

memory/456-2725-0x0000000000400000-0x000000000060C000-memory.dmp

memory/456-2726-0x0000000002940000-0x0000000002B4C000-memory.dmp

memory/456-2731-0x0000000000400000-0x000000000060C000-memory.dmp

memory/456-2730-0x0000000002940000-0x0000000002B4C000-memory.dmp

memory/3244-2733-0x00000000029B0000-0x0000000002BBC000-memory.dmp

memory/3244-2740-0x00000000029B0000-0x0000000002BBC000-memory.dmp

memory/3244-2744-0x0000000000400000-0x000000000060C000-memory.dmp

memory/3244-2746-0x0000000000400000-0x000000000060C000-memory.dmp

memory/3244-2745-0x0000000000400000-0x000000000060C000-memory.dmp

memory/3244-2747-0x00000000029B0000-0x0000000002BBC000-memory.dmp

memory/3244-2752-0x0000000000400000-0x000000000060C000-memory.dmp

memory/3244-2751-0x00000000029B0000-0x0000000002BBC000-memory.dmp

memory/5080-2765-0x0000000000400000-0x000000000068A000-memory.dmp

memory/5080-2767-0x0000000002890000-0x0000000002A9C000-memory.dmp

memory/4656-2773-0x0000000002A60000-0x0000000002C6C000-memory.dmp

memory/5080-2774-0x0000000002890000-0x0000000002A9C000-memory.dmp

memory/4656-2780-0x0000000002A60000-0x0000000002C6C000-memory.dmp

memory/5080-2787-0x0000000000400000-0x000000000068A000-memory.dmp

memory/4656-2788-0x0000000000400000-0x000000000060C000-memory.dmp

memory/4656-2790-0x0000000000400000-0x000000000060C000-memory.dmp

memory/5080-2789-0x0000000000400000-0x000000000068A000-memory.dmp

memory/4656-2802-0x0000000000400000-0x000000000060C000-memory.dmp

memory/4656-2803-0x0000000002A60000-0x0000000002C6C000-memory.dmp

memory/4292-2823-0x0000000000130000-0x00000000001E2000-memory.dmp

memory/4292-2822-0x000000006CDE0000-0x000000006D590000-memory.dmp

memory/4292-2824-0x000000006CDE0000-0x000000006D590000-memory.dmp

memory/5080-2828-0x0000000000400000-0x000000000068A000-memory.dmp

memory/5080-2829-0x0000000002890000-0x0000000002A9C000-memory.dmp

memory/2188-2838-0x0000000002990000-0x0000000002B9C000-memory.dmp

memory/2188-2851-0x0000000000400000-0x000000000060C000-memory.dmp

memory/2188-2852-0x0000000002990000-0x0000000002B9C000-memory.dmp

memory/1944-2861-0x0000000002980000-0x0000000002B8C000-memory.dmp

memory/1944-2874-0x0000000000400000-0x000000000060C000-memory.dmp

memory/1944-2875-0x0000000002980000-0x0000000002B8C000-memory.dmp

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000059

MD5 4942848dd80629325ad64ec0eb447f86
SHA1 2b3ec476c2554d91ae323d4f8aec3e4c724debac
SHA256 c44e3f430773066e863cff140b2b8a54edcb34bd371fa48c931435d9aa942b74
SHA512 9945df177bcdf138057ad5d3c5d1e7a3fadc09d99880f93d4152f01e207731a376cd2191d991548850fcb5b7d5c2692d90a9fa1b3888c5bc86fe8ed4a58f81ec

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000f

MD5 5a698b0d3ed3cdbfaab2fc2e70e5e660
SHA1 5173008a7472cdfa139e35edd5a40670af0511d1
SHA256 87dbb27ba187d83dc579e8258183f12dfd8402304ff642aa1f272b054f797264
SHA512 0c288c0d4f2c4db3d22fee43fe8e63b5c110840b53fcf4b71fd986af3f933a5c23371aba1cc32243284eb7f55e007b7c2e7dfd4d99b927ff7c42f40bbb3ac2de

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000046

MD5 103708790db3586027df27ded660f8ef
SHA1 d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70
SHA256 fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe
SHA512 bb9fe97db1f3d0050f5d36e202a83cfa04903d09cd3e5996944aafbfd05f13ddbd13aeb361eec76b28941b4cd51ff0e2a58d37fbe8c8b08ba1ab88edac93dca3

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\databases\https_www.iwin.com_0\2

MD5 f1ac6beb03b6d9a05a9de585fe2d7c5c
SHA1 8c1d4989fb4dcc7271d1eeb024a4f932886e8f86
SHA256 87fb2357fc29f44cfdc286fd3d003ff60301c34196375a43d512ddcf92a71e90
SHA512 06d743b28f0efa8bab7c8fff74840c5b2766a0416721828034be6a9bf6af0c2cdf1dccee1bb0b11d7ebdaaae187831dae1b877f547d7c06c58bbe9eeacef5e1f

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000008

MD5 9e43cf8291b8329e37a6bfdf93bc14b0
SHA1 324327736b057352c103532c93fe83bf2346fd7e
SHA256 b8918346990777fbe69a8313b69be49ca0ac147e21cdf5b6eeb44bd57beb0d15
SHA512 2352b8613813998e72f19adbe1df258dfe7530e51963de518afc0d23edef94511dd789a902b220801bf3c13370ddd3a1a0ea1233c77d6698bbf831a6c9192c88

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000048

MD5 c10aa33f5593e6bfad40395a119b691c
SHA1 214c629df8ac528bc9af3a2674b7ffa0eb0e146c
SHA256 f0e4ca6c3678b4e80d3a676fefd4e2f3cdb7c68148ab8229c4fc5a050102dd2b
SHA512 749443e074c086a81176ddb4cceb43c8999ce58bd1349a5120ad696d7e8c4a4ce85ca535127f4d292422c7f653d33673e59f6cc0178f4d6724d09cb4e9a51032

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000a

MD5 2c503b3f15f8cda76d58ad951bdbb987
SHA1 2479089f7d16d8e9518864f0242808f20abd7456
SHA256 febec47f17bade250d781ffcb762442915a8ec9fc1267a1a8d93459db5e3634d
SHA512 bfb599587efa3943b392546f5e6eda213cc310e7db3171c57787c16a45a663795281c70c9e245027f08c742ddf5f574d184bdfaa24dcb13876393770ec24680e

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000049

MD5 5711f8815489f44e6c7be7d0e38a1fc2
SHA1 96fe97be1fade741d037adfa2989058d10bdb5f8
SHA256 adaed962631180f5bb1684a044330acc1240f6bb44faeb62aa37cd72d7becbef
SHA512 74ac473b11b6a0cffb39c2a6f49d017ff2fd443f879cf2f6d876edef45af82ab31f37b9f30a339e65e2df99bd2515d726c1b6a22551c5230217c7f6d4bc44a81

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000b

MD5 5b5634f43da9ae707c5f389e45b6a8e6
SHA1 51dd4c5ae1924e6c63a05d701a9b78b3f2c40fbc
SHA256 4d59e1d4a4d0cfb922728b7160ee7b44e0cdde897cfe496211a997182178eed0
SHA512 5a3104fb1b67750a154b5eb42c868592fdba2d8732ab8da2747eeadf010fd82bc7a95384a4b64bf79c8f91954b201d73bcb1c0c08d5108395e319760808f0be4

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004a

MD5 384f2e203afb9f4cb886e039a3249f48
SHA1 243fcd6aa75bd6a2a269b0fd0ec6dc743ca37c76
SHA256 7568b729bec1a79a773702afae3785e4741fb73e7405071b8a1dfd33e4841c08
SHA512 fb2dff7751878310a7ebd0d2d918d72f10548fbeb5877e2b3d49b1040fa52dacfb586e64f48c438ea99bf105569ace26a9ba8d91fc09de55203f5f2b1324db87

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00000c

MD5 9aeba382f415068da5b68616b9d280a9
SHA1 165d18dfbd9b559ba57d9bdac728f988fddd95eb
SHA256 b4baa680bdb72e187bab3bf0cf9484efa19fc44edbaf25f01415d11fe4ba374c
SHA512 a5606b14a71934fe30a27566824abc129ced0951dc9d5d768cf61709e2d21b7ad240e4990db9d297fb259690b15e30893e41ba071ddd035f5e55cee405147055

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004b

MD5 dc56ccc23cac3a1afb92c90eb7f34bce
SHA1 20884a76481b8446243abe19a65a0160c20ea3ef
SHA256 fcb74db1f03e405e7b32a09b6e2c678dd57e1e104136b082eed6802eb54f0635
SHA512 5507fb1b5e48a6714fcecffc1e90650f0b32a0ce9f361c41f0319da716eb12880f850bc309ccaf4a17ab243af9059e6af9bddcd99eac83699605afbeae0c42ce

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000014

MD5 bdb09064d42e0e918c118b2fc5dfa11a
SHA1 88fca47b9a85b35ad6b51ad13dab2e0522140906
SHA256 5a076610a095b0bfc6fc5b3a77d232218b73410e064e7c1d8bdaee3c5003199c
SHA512 4f92738fc2521bf18bdde6aab64818d8d3d6e4f43b3617b4eeb3299763b6cf7da537567fc0b6ccfbf9d74d34cd094199599b58a8cf20dded51d0e8fcf5da3919

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000037

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004d

MD5 80cd8e11e0b8819ea4fbef40a0b39010
SHA1 ce762223a4ee8e9f8c558c4a00ecb335acaaf6fb
SHA256 eefca238087dcfb596cdff3ca27fbbc370d64dddfa5325edf9a0604410375df6
SHA512 f7366822ff4e0c2ec0f0322c115c11f32cfcc158447bfd4c8eafbb0a2786e0265f8990ce2f782f6637e139535d18c9a2683fb981a54b1edf257cd14a121a3488

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000031

MD5 e34464a2d220f462fd80e97940efc33a
SHA1 06b55be34ab621b27f93d327e0c0999e7bfc3824
SHA256 f62f6df8590faec594a11293fd0f0470bacc00908bc0518397a58e3ea05fa9a6
SHA512 07add3ee5e7bb3d568468ec51b89ef169851934141a896fecec2b1317afc1cab125a4ea9ba064521ab04aebdbebf0f65ae0b5af64d845a52469496c371b89d30

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_00004c

MD5 a2034813f0d7e9c272cc8e114621b2c1
SHA1 0393f1fbfc95a493f068419efa9a0b24727e485c
SHA256 c3e82ddd61a8b3b0af4c54422bddfd44e540d723c28dd8a4efdf75e5c8162056
SHA512 5a00334b87222113ea4c7584bc1764536020f113d7c4954ea9c7183ef368b1e9a3899b478d59853d36ede4a3e9fdd7b08cc17fdcf48a6debb5efbee5121df211

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000044

MD5 696fc0502ddfe806d7ad0b7c63c523cb
SHA1 13af1b62118eddd27dc80496e656d08515a4c2a0
SHA256 1d4b520f7efa751759344f0aff0cb3748f9ebcbe6d1b2946c06ad132171647ee
SHA512 f40cf410126158f1c0694443cddf5fb7881c086276466cf9eea518ecade186af537f0a1bd8e8d09437c751b9793a7b711c31cef3caf61f68a742f33b58708008

C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000043

MD5 504d726b06b93a100f6ce2c4d393b4b5
SHA1 90815d0970e78bb1285e41500304bb27075dec4a
SHA256 b475291eb9bc1b3df2384135fb4ae15c33fceaefeb66fcba75e7ca8f0953b7ee
SHA512 b681b5180f5985148d80438f2f8afc10c273665aaf5de82ecac85dc4e312bb4e99a4584175303f4a1a4d652cb9713458e9a4d638e4be477e9fd13c55a16f9b8e

memory/5052-2983-0x0000000002AA0000-0x0000000002CAC000-memory.dmp

memory/4664-2985-0x00000000028B0000-0x0000000002ABC000-memory.dmp

memory/2924-3006-0x000000006CDE0000-0x000000006D590000-memory.dmp

memory/4664-3007-0x0000000000400000-0x000000000060C000-memory.dmp

memory/4664-3008-0x00000000028B0000-0x0000000002ABC000-memory.dmp

memory/5052-3017-0x0000000000400000-0x000000000068A000-memory.dmp

memory/5052-3020-0x0000000002AA0000-0x0000000002CAC000-memory.dmp

memory/5060-3028-0x0000000002990000-0x0000000002B9C000-memory.dmp

memory/5060-3041-0x0000000002990000-0x0000000002B9C000-memory.dmp

memory/5060-3042-0x0000000000400000-0x000000000060C000-memory.dmp

memory/2100-3051-0x0000000002900000-0x0000000002B0C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\GameManager\DRMWorker\drmworker6899059330203837874

MD5 76755bc5bacfbe32e382996e34c5a21e
SHA1 c0ffa7b06de1e5a3bf680a05a0b30d7e8d26e2d0
SHA256 3280fd4c8a3658e14f03e584deb9e9ba928051f54aef0e4835c116f695f6738b
SHA512 f9a7aaf0f66f979d0897ba78de41075f7ff82bc36d7840f48da66be1ffa94c1c26f28569f63ac8bc3870ced0a5239c76d885d956010b3c692ba50f7fd44f7332

memory/2100-3064-0x0000000000400000-0x000000000060C000-memory.dmp

memory/2100-3065-0x0000000002900000-0x0000000002B0C000-memory.dmp

memory/2924-3110-0x000000006CDE0000-0x000000006D590000-memory.dmp