Analysis Overview
Threat Level: Known bad
The file https://www.download-free-games.com/arcade_game_download/chicken_invaders2.htm was found to be: Known bad.
Malicious Activity Summary
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Downloads MZ/PE file
Loads dropped DLL
Checks computer location settings
Reads user/profile data of web browsers
Checks BIOS information in registry
Executes dropped EXE
Checks installed software on the system
Enumerates physical storage devices
NSIS installer
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-05 11:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-05 11:08
Reported
2024-03-05 11:38
Platform
win10v2004-20240226-en
Max time kernel
1803s
Max time network
1802s
Command Line
Signatures
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates physical storage devices
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\InProcServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\rlvTmxcpdrnla = "MZLpMD{J@\\\\GBBcPsaXxzwO\\\x7fJdpp" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649}\smxymwcu = "oE_nM]|AHTw}rIbnxsF{vGl\\}Lx]S[\\" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649}\rlvTmxcpdrnla = "VD\x7fTcJ[Osx@jjumNF_kABLV_SxEus" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\WeTzionqj = "EdTVqjyuAuhVoHX_EWpagSeYVD" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\InProcServer32 | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\WeTzionqj = "EdTVqjyuAuhVoH[oEWpadB@lTF" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\WeTzionqj = "EdTVqjyuAuhVoH[OEWpagUwq{R" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\aouvquh = "\x7fArN@moTnNig\x7fWCFZos[x\\wVAWg" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649} | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\WeTzionqj = "EdTVqjyuAuhVoH[\x7fEWpafrJzT{" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\smxymwcu = "oKachF[y{CTK~OXPhcG{gLmHKV[KGGt" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\ = "CommonLayoutModifier" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649}\WeTzionqj = "gC{@]DOF}VU\x7farNppggvYrPxN}" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B} | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649}\WeTzionqj = "gC{@]DOF}VU\x7farNPpggvZegeai" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\qvfoeTxSrx = "MGW}sjk^EIzisy^nIz^ZptB`TT[gI" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649}\jommbrwoE = "[mllu[n\\EGvMnopXhjvkm}bssuTarq" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649}\qvfoeTxSrx = "usosXmN\\zbBBDUMeXD`s{gklWIwXC" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649}\rlvTmxcpdrnla = "VD\x7fTcJ[Osx@jjumNv_kABLV_cxEus" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\jommbrwoE = "swFhE|\x7f@LB_ukEghlR|]iAlc}dUXWU" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\vjjpnzbu = "VEuFS_xMD_fnQF{\\GYyrixzF" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649}\aouvquh = "]gOUDU}wkMhkA\\rK\x7f\x7fVYrADGWjG" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\rlvTmxcpdrnla = "MZLpMD{J@\\\\GBBcPCaXxzwO\\OJdpp" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649}\WeTzionqj = "gC{@]DOF}VU\x7farN`pggv[BZnN@" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58005749-D0AD-9140-0D78-D0A7D8D0920B}\InProcServer32\ = "%SystemRoot%\\SysWow64\\shell32.dll" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649}\WeTzionqj = "gC{@]DOF}VU\x7farM@pggvZcuML\x7f" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\{4C6BA576-E91D-13D1-B2E4-0060975B8649}\vjjpnzbu = "lnL|aZSJFAK\x7f{SQBz|FaBqdU" | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 5c00000001000000040000000008000019000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 880023.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeSecurityPrivilege | N/A | C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.download-free-games.com/arcade_game_download/chicken_invaders2.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd661146f8,0x7ffd66114708,0x7ffd66114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
C:\Users\Admin\Downloads\chicken-invaders-2-freeSetup.exe
"C:\Users\Admin\Downloads\chicken-invaders-2-freeSetup.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6154581016489020177,8179296673611481459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5380 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\nsq2101.tmp\GamesManagerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsq2101.tmp\GamesManagerInstaller.exe" -installer.createiwinshortcuts=yes -config.channel=20000006 -config.uri=https://www.iwin.com/ -config.channelName=IWinStreaming -config.iwinrequest="PF/1735078040630641019/chicken-invaders-2-free/48/0"
C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000006 -config.uri="https://www.iwin.com/" -config.channelName="iWin" -config.sku=FIRST_INSTALL -installer.createshortcutswithname="iWin Games" -autoupdate=1 -config.iwinrequest="PF/1735078040630641019/chicken-invaders-2-free/48/0"
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\toasterinstaller.exe" /S --no-desktop-shortcut
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" -config.uri=https://www.iwin.com/ -config.channel="20000006" -config.sku="FIRST_INSTALL" -config.iwinrequest="PF/1735078040630641019/chicken-invaders-2-free/48/0"
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=2464D12238DC21DAB059660E394E919F --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=2464D12238DC21DAB059660E394E919F --renderer-client-id=2 --mojo-platform-channel-handle=2676 /prefetch:1
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe
"C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=24CF5C4B93DF89916EA363F3BD546236 --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.640 GamesManager/3.9.6.640 20000006 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=24CF5C4B93DF89916EA363F3BD546236 --renderer-client-id=3 --mojo-platform-channel-handle=3348 /prefetch:1
C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe
C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid7971044141112419747
C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe
C:\Users\Admin\AppData\Local\UGMgames\20000006\chicken-invaders-2-free\chicken-invaders-2-free\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid7971044141112419747
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.download-free-games.com | udp |
| US | 18.213.62.205:443 | www.download-free-games.com | tcp |
| US | 18.213.62.205:443 | www.download-free-games.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.62.213.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dfgfea.iwincdn.com | udp |
| US | 8.8.8.8:53 | cdn.download-free-games.com | udp |
| US | 8.8.8.8:53 | 88.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cmp.quantcast.com | udp |
| DE | 3.64.142.24:443 | cmp.quantcast.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.142.64.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| FR | 68.232.35.54:443 | dfgfea.iwincdn.com | tcp |
| FR | 68.232.35.54:443 | dfgfea.iwincdn.com | tcp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| IE | 18.66.171.15:443 | cdn.download-free-games.com | tcp |
| IE | 18.66.171.15:443 | cdn.download-free-games.com | tcp |
| IE | 18.66.171.15:443 | cdn.download-free-games.com | tcp |
| IE | 18.66.171.15:443 | cdn.download-free-games.com | tcp |
| IE | 18.66.171.15:443 | cdn.download-free-games.com | tcp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| IE | 18.66.171.15:443 | cdn.download-free-games.com | tcp |
| US | 8.8.8.8:53 | test.quantcast.mgr.consensu.org | udp |
| DE | 91.228.74.244:443 | secure.quantserve.com | tcp |
| IE | 18.66.171.87:443 | rules.quantcount.com | tcp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | quantcast.mgr.consensu.org | udp |
| US | 8.8.8.8:53 | cmp.inmobi.com | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.35.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.74.228.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| IE | 18.66.171.49:443 | cmp.inmobi.com | tcp |
| IE | 18.66.171.49:443 | cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 49.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| FR | 157.240.196.35:443 | www.facebook.com | tcp |
| FR | 157.240.196.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | api.cmp.inmobi.com | udp |
| DE | 3.123.135.87:443 | api.cmp.inmobi.com | tcp |
| US | 8.8.8.8:53 | 35.196.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 87.135.123.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | cdn.optinly.net | udp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | udp |
| IE | 18.66.171.89:443 | cdn.optinly.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bb98a65da7fabbcaac1ddc219d4c5081.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | bb98a65da7fabbcaac1ddc219d4c5081.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | static.optinly.net | udp |
| US | 8.8.8.8:53 | www.cloudflare.com | udp |
| US | 104.16.123.96:443 | www.cloudflare.com | tcp |
| US | 172.67.186.46:443 | static.optinly.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | test.quantcast.mgr.consensu.org | udp |
| US | 8.8.8.8:53 | quantcast.mgr.consensu.org | udp |
| US | 8.8.8.8:53 | 96.123.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.186.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.204.58.216.in-addr.arpa | udp |
| GB | 216.58.201.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | da144cbaaed642f5c62cb0f55fba07e2.safeframe.googlesyndication.com | udp |
| GB | 216.58.204.65:443 | da144cbaaed642f5c62cb0f55fba07e2.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | stamp.iwin.com | udp |
| IE | 18.66.171.84:443 | stamp.iwin.com | tcp |
| IE | 18.66.171.84:443 | stamp.iwin.com | tcp |
| US | 172.67.186.46:443 | static.optinly.net | tcp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| GB | 142.250.180.1:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 216.58.212.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 84.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.169.66:443 | securepubads.g.doubleclick.net | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | apinew.optinly.com | udp |
| US | 104.21.79.229:443 | apinew.optinly.com | tcp |
| US | 8.8.8.8:53 | 114.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.79.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | p.iwincdn.com | udp |
| FR | 68.232.35.54:80 | p.iwincdn.com | tcp |
| US | 8.8.8.8:53 | 100.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.73.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | events.iwin.com | udp |
| US | 18.213.62.205:80 | events.iwin.com | tcp |
| US | 18.213.62.205:80 | events.iwin.com | tcp |
| US | 8.8.8.8:53 | www.iwin.com | udp |
| US | 52.1.214.144:443 | www.iwin.com | tcp |
| US | 52.1.214.144:443 | www.iwin.com | tcp |
| US | 52.1.214.144:443 | www.iwin.com | tcp |
| US | 8.8.8.8:53 | 144.214.1.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.iwincdn.com | udp |
| FR | 68.232.35.54:443 | play.iwincdn.com | tcp |
| FR | 68.232.35.54:443 | play.iwincdn.com | tcp |
| FR | 68.232.35.54:443 | play.iwincdn.com | tcp |
| US | 8.8.8.8:53 | static.iwincdn.com | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | js.maxmind.com | udp |
| FR | 3.162.38.26:443 | static.hotjar.com | tcp |
| US | 162.159.134.22:443 | js.maxmind.com | tcp |
| FR | 68.232.35.54:443 | static.iwincdn.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 3.162.140.25:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | geoip-js.com | udp |
| US | 104.18.33.110:443 | geoip-js.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | events.iwin.com | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 54.88.73.64:443 | events.iwin.com | tcp |
| US | 54.88.73.64:443 | events.iwin.com | tcp |
| US | 8.8.8.8:53 | 22.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.73.88.54.in-addr.arpa | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | cdn.optinly.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IE | 18.66.171.78:443 | cdn.optinly.net | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| GB | 172.217.16.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | dls.iwincdn.com | udp |
| FR | 68.232.35.54:443 | dls.iwincdn.com | tcp |
| US | 8.8.8.8:53 | 78.171.66.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 172.67.186.46:443 | static.optinly.net | tcp |
| US | 104.16.123.96:443 | www.cloudflare.com | tcp |
| US | 172.67.186.46:443 | static.optinly.net | tcp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 104.21.79.229:443 | apinew.optinly.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a774512b00820b61a51258335097b2c9 |
| SHA1 | 38c28d1ea3907a1af6c0443255ab610dd9285095 |
| SHA256 | 01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4 |
| SHA512 | ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1 |
\??\pipe\LOCAL\crashpad_4960_OEKZINMCNZQJRBHK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fd7944a4ff1be37517983ffaf5700b11 |
| SHA1 | c4287796d78e00969af85b7e16a2d04230961240 |
| SHA256 | b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74 |
| SHA512 | 28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7ce78cfbab20eea2ea49e9ebcec2c2c8 |
| SHA1 | 492769c8d0a130f2f6772b7248c1ba0b816a0663 |
| SHA256 | ef5ef8c5c93a57abc312129eb1d584fd117d0c0c18d152054144ddfaf1277715 |
| SHA512 | 60023c99220fe5b37fc32ff605489b078c5c2df02f84b4e61b9472c9ce68054a6797c585887e417ce541d5a525754d5293249b8df467f37da61a74c0f834d85d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bdfa12a1c99355a801fb39adff9e6a2e |
| SHA1 | 17c1bd7e436605f2b4c3a3bb202eb7a8b04d4363 |
| SHA256 | 10a15698002761f9a10c4f414acaa46f74f043116f2b5838cad85cfa13e39cd1 |
| SHA512 | 06ac3d7bf653a69db33ad1dedfe3f985000e1b01c97ae145e2a6f2ab482ceff39842fa5cc46368514ee884afb4899eca15f62f3272f19f4051e41be1c3816be4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2b6936c84efb85aed1f853f69dbcde85 |
| SHA1 | ac7385cc9185cf1dc24b9cb10522732a7823257f |
| SHA256 | e1eaf248c40b46d888fe4380135bd779f9bb133f04f2eb7d2929e1b08cd7f485 |
| SHA512 | 199a9ed6c87dce022afa08450479307a0fbd8eeb57a0010f87aeb816c23bdbd1dbda18033c27df8d6ade920b5e7fb1965a7216db2c7f8512369c95beec571e0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | e1b1b180e0ac6fa588cc6a536e379f84 |
| SHA1 | e850ccdf4ca521e614e6c1bf31e4a2dfe08ae462 |
| SHA256 | 72d84e0126277ef39e8ac647c57330904b3aa34f238ae51b671472db6bfcea0c |
| SHA512 | 2031f73585c9d6c8966ddd65e4534c391dadeccb875b659054f96dd7a6114fa9b2ca99593b0f74cba8b90b358b141404db12d4dafd3d347d248b5034e54cfa01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40141c5d85e929426e788e023d28e4fc |
| SHA1 | 667bcf547ccc5e5cf57c1a918196de7b90ce2c2d |
| SHA256 | 9572d05726457ee0ec3546f2e056e91d9e67b8e186c855e9ad61cbe2d01e04dc |
| SHA512 | 074eaf3cb7961d92288351efea52462e379c250292461286bc29ad51264f452170d877b846de4a67169270513f81e0c0bab8130ce4bba90de9c34fda221e0e00 |
C:\Users\Admin\Downloads\Unconfirmed 880023.crdownload
| MD5 | 26b0faa4a3fa0f8811f7db8b6e520ee3 |
| SHA1 | 27d48f69f819cb2e6e45459f9bf58e41b5eb10d5 |
| SHA256 | 2c5a06e9fb27f421d0a624a52910f77d74fb4de6758934c06481e79025b3d005 |
| SHA512 | e3342eade8e32e090bfd9c145f40c01adea249578a8020aadc506438bca57ad022b8144fc569a87ff9cbc806095bcb05fd7dc2022ceac02d1f3e3786be272bd6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4d06ff8a660e2a560837ecfdf8f027a5 |
| SHA1 | b65f3634389e1d28834ea3904ea2e18eb55a6804 |
| SHA256 | 32b99c1d3079338c71df5bd975d270d83b6a9a661b53e71282755dca9ee424ed |
| SHA512 | 5aee2a3d36cfff2fbea89c7e2dc6458a9a7d11389e70f960435dfe7031523b01184897ad1c6fd3593dc25e631c341e5305f676f994bab83e1f240369fe4905c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ff7e.TMP
| MD5 | b2a9b381ee90767fdb8047e85e927eae |
| SHA1 | 5680fcb4ecd6f6c30437e3d261bd49086e8e5693 |
| SHA256 | cc6838d7976a2b8f9b372e6e097ca957b7e9070c461a0e30a0224ff738919339 |
| SHA512 | 8396498cd7f66fb33117a114f44201a77c760f0f03300f40847c15ae6a46dcf3386848743419fc611b0a0d79bf94ddac74be6e1b24974702577364ee0378f4ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 63648b0d0af4a3c94d3f784a4e5135bd |
| SHA1 | af2f092a9421f5cec61674a7cb5281789bc1f9f4 |
| SHA256 | 352a751238a2757a5197257fdd869f59214ef64a3709d395d206052886f56c7c |
| SHA512 | aab12693cb3a4a2823abeaa180229ddbc97f3c56ae024a1649ddbba6c9d3bd0e42c3b60f1d0c62c3ada5fcf427408bfbeb7861231a413f4e6d6ae50442153d63 |
C:\Users\Admin\AppData\Local\Temp\nsq2101.tmp\System.dll
| MD5 | c17103ae9072a06da581dec998343fc1 |
| SHA1 | b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d |
| SHA256 | dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f |
| SHA512 | d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f |
C:\Users\Admin\AppData\Local\Temp\nsq2101.tmp\NSISdl.dll
| MD5 | a5f8399a743ab7f9c88c645c35b1ebb5 |
| SHA1 | 168f3c158913b0367bf79fa413357fbe97018191 |
| SHA256 | dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9 |
| SHA512 | 824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | dd4f146eadae5fe1fe601de687e7770d |
| SHA1 | f52582fdb3553b9ce3f4f166de888e41e85b05dd |
| SHA256 | e028c84d05d56238d3261efda1cdb34cf097d226293f47baa23fac5e420cb134 |
| SHA512 | 255a441376c8ad85cab4ad693a2bfa233b9e28871772cdf8f5eb869be190205462576ad234dadb53093784e04ad4d206f1093e59bc5755bfb54eca7084bd93c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6dacfdeeb62f365a9c2e2c92a45f4be3 |
| SHA1 | e05ebf4c43229cf2a2359695c9c6c55d5f26cc8b |
| SHA256 | b7bd35004ff108abf890d0e9fe54d5fb92beb923b0f9be54955a4eda8625b4a5 |
| SHA512 | d865cbcaa89ae2f4a697345d1811596df0b5b2ef65e48ab5038fceaac64378e745258673861351b459c7c747ecf01413bc42b7fb6f925afad2921ca6c81bfdb6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1d8e0ca4af56e2816576d927a4f6dc85 |
| SHA1 | 89c5bc1884e8b8c1de3d986873beb8d6ccaf600e |
| SHA256 | d04e818cdd2e0ceac69eab837d95c4de828f65e4a39bbabf417d09aa39076638 |
| SHA512 | 77968e17ec0da8a1ed880418d849fa19d79e819dfbd0a281dd15424ef7fa60ef7016fd3e6ab82e2d70fed2ffbdaa504ab84f31be923ab3657a7ee654136b2cf7 |
C:\Users\Admin\AppData\Local\Temp\nsq2101.tmp\GamesManagerInstaller.exe
| MD5 | 58edd8be4b509b11589e37ac4b1f8daa |
| SHA1 | c6e055033cc922fce58a4b789febc9c0cc13a685 |
| SHA256 | 09cd920f961ebea7a0e282d17fc69632a84b34167434f6dac7a5213808f77eb0 |
| SHA512 | 74a28da6f0228720028f87f3cdc7bd8a010a0afd217120c91cea412ebd3b5629340b86fd1394392b4692c4b841a5e8864b8a6237afa037a998f13be2cf810cdd |
C:\Users\Admin\AppData\Local\Temp\nsq2101.tmp\GamesManagerInstaller.exe
| MD5 | dfed3529d35bc5a159708ab5b86e1703 |
| SHA1 | f80f4c2b9ae6ff94afa74e274d72e3343fbcde28 |
| SHA256 | 9407d6d1005e52f4ab9e0f587cd1b167b6f946b0d2f4173c56d71b96e09fbb69 |
| SHA512 | 32fda69071c0d28cfda83e0e84c6d296f833d69b180621ed98765274ed2500b1d455ac4aa50e00b2e4b09703a99178216d399c8161fac4f608b16ba061fe3258 |
C:\Users\Admin\AppData\Local\Temp\nsq2101.tmp\GamesManagerInstaller.exe
| MD5 | 10f0dcc4ba977b6a080d710d3d343e57 |
| SHA1 | cf15965161a7974a8b09754d450153ced41ca6e3 |
| SHA256 | 6ae499724a02b1126cc4144099e5d7f7ced231c0bbe4130d3459d3b403d026e7 |
| SHA512 | 881a9172b1dfa293460117c844e8bd6a3845b78d2f12b200edcae3ef0fcdb0e30326ff8f7afdb081cbd8564d2ba9f07542e85e2732bfc1a231336135b25caf98 |
C:\Users\Admin\AppData\Local\Temp\nsnD3EC.tmp\INetC.dll
| MD5 | e7ebd034dacf96fcc0c7a35c62477d21 |
| SHA1 | cd372d0607d94b48ac84a1738ed434df4d882f22 |
| SHA256 | dc84aa66f398781fe76eecf90fc6613f729076552d4b268269228b754bfd70d2 |
| SHA512 | df367b39c7c62ba2df1d50cbe3dbc97a7a2719fae7684330b4df971f0742c3447f0beb2d295a206522bbce6fbd0053d188d159f7236b6953d35cbf51aecc1bf3 |
C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe
| MD5 | 2c51123cbc6a8e69ade0947ad18ac9b7 |
| SHA1 | 0d3d08a50e289fd78cd6bd4dee8899d3fa7c3b4d |
| SHA256 | 36b785a39704b784222120b38a2d5ea74a70b88319515417886049f1de9f3ddc |
| SHA512 | 917e3f6dd6c83768486d92ad794bd1a974e5065dc531bcb174ce7e55a1cfce0394edd7e6b3240c3ebfd1d96ff341c995655a3d14cbc48eaa1c9e11239e2d51a3 |
C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe
| MD5 | f5df157313688c47bad4518b02fa8a08 |
| SHA1 | be446b9721244fc7bbb21736f4da850ecc37e52c |
| SHA256 | 0a6183d57a0c132a0841180ff66231c80097e83a2cff616861a269dfef492f54 |
| SHA512 | a422cbafc538355686eab988d833f736c113146055a2ba716636bda3edf491fefa95d018da4ff53797af8cd1d882548bfee8422cd4962c21760fc2c2c5775a97 |
C:\Users\Admin\AppData\Local\Temp\nsbF4E3.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5eaf18e7dfad7b7f2c0ffaebf87b87f1 |
| SHA1 | 82a48f9b400d0ea1bd8b9bb1d4124a2d2e8eacc5 |
| SHA256 | 9a885da4ce822320434e0ffe19adc73ac97e77e6cfb92e0c442e9e7c7aeed6e5 |
| SHA512 | 97aeafe8c06508d0b50ae613b11b2ebbb9e324192318f49141aa1cb0b2edf7b3f528410f23fde74179328414c407f924be00909b000c284ba29ce97d386b9c8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1798ea8877340fd842b34e3d08b003f9 |
| SHA1 | c522636b39231c11fab99674adb069efed124193 |
| SHA256 | 6b8f5e593ed363b243c458ff567f5ad92080d98fd6a67e97f2e84f463b086fe5 |
| SHA512 | d58fc2a57c6e9f46832cf7cf4b75fa3e058cc5582c7f37d7425599e1a6e8e026e33720f16374b9618b2ca34de87cb6aa0c7af4aa980a9b218ded291336442494 |
C:\Users\Admin\AppData\Local\Temp\nsbF4E3.tmp\System.dll
| MD5 | bf712f32249029466fa86756f5546950 |
| SHA1 | 75ac4dc4808ac148ddd78f6b89a51afbd4091c2e |
| SHA256 | 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af |
| SHA512 | 13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4 |
C:\Users\Admin\AppData\Roaming\iWin Games Notifier\installer.exe
| MD5 | 3c0ae3e39b71f3344260a2bcff80c3fe |
| SHA1 | f4789620d095c72830e0fe2c941845320954b514 |
| SHA256 | 5f3752e63360a15fc3f2206d06711b5b6d90e2221269b50c40104be5b67ca84b |
| SHA512 | 7b7a2789da4548df471711ac3213fb82c87cd75a161bea8e287c5701b1d6467731692a45c036e46ad7d284a6b1841dab0ffccfdfb4777d2282657a66f4e593bf |
C:\Users\Admin\AppData\Local\Programs\iWin-Games-Notifier\iWin Games Notifier.exe
| MD5 | fc54f715afe3e34bac66901e0f0f1cda |
| SHA1 | f2d2de191d87ffbc3504facfd431b7b27a615568 |
| SHA256 | 6084b9b3c5fea844450a787a4e251347515a156a139de155c7ab27f46dc019f5 |
| SHA512 | 103571f3424295756d9edde3fa894303dd6c9a8e397bfd595fa1c588ad11bb57af0474a25f3d59aeffb708bf2fe2f55c7e1dbcbfed19dcf3066d11f4f08ff07a |
C:\Users\Admin\AppData\Local\Temp\nsq7397.tmp\WinShell.dll
| MD5 | 1cc7c37b7e0c8cd8bf04b6cc283e1e56 |
| SHA1 | 0b9519763be6625bd5abce175dcc59c96d100d4c |
| SHA256 | 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6 |
| SHA512 | 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f |
C:\Users\Admin\AppData\Local\Temp\nsq7397.tmp\StdUtils.dll
| MD5 | 33b4e69e7835e18b9437623367dd1787 |
| SHA1 | 53afa03edaf931abdc2d828e5a2c89ad573d926c |
| SHA256 | 72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae |
| SHA512 | ca890e785d1a0a7e0b4a748416fba417826ae66b46e600f407d4e795b444612a8b830f579f2cf5b6e051bea800604f34f8801cc3daf05c8d29ad05bcda454a77 |
C:\Users\Admin\AppData\Local\Temp\nsq7397.tmp\System.dll
| MD5 | 17ed1c86bd67e78ade4712be48a7d2bd |
| SHA1 | 1cc9fe86d6d6030b4dae45ecddce5907991c01a0 |
| SHA256 | bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb |
| SHA512 | 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5 |
C:\Users\Admin\AppData\Local\Temp\nsq7397.tmp\nsis7z.dll
| MD5 | c6a070b3e68b292bb0efc9b26e85e9cc |
| SHA1 | 5a922b96eda6595a68fd0a9051236162ff2e2ada |
| SHA256 | 66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b |
| SHA512 | 8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8 |
memory/4516-1207-0x00000000011A0000-0x00000000011A1000-memory.dmp
memory/1468-1213-0x0000000001290000-0x0000000001291000-memory.dmp
C:\Users\Admin\AppData\Local\GamesManager_iWin_ugm3\20000006\webdata\Cache\f_000003
| MD5 | 0a1cc39cc3f6049e8d97ebe2de642c32 |
| SHA1 | 93d4f34e2d9212930a53cba847d2d86b3ace96d6 |
| SHA256 | 92a177028e4c6d62950420ace948e04fd294a749ee5d1e998d05d053eb87853c |
| SHA512 | 00cb2f6187d1c4d511a0996db494f9716878962e884d271905f51c5fb6429fbad1a44ffcb87f0e5875756edb25e3530be4f4bc0a2a8744f3d100cffc5446a5b5 |
memory/3760-1526-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3760-1528-0x0000000002B40000-0x0000000002D4C000-memory.dmp
memory/3760-1535-0x0000000002B40000-0x0000000002D4C000-memory.dmp
memory/3760-1538-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3760-1539-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3760-1540-0x0000000000400000-0x000000000060C000-memory.dmp
memory/3760-1541-0x0000000002B40000-0x0000000002D4C000-memory.dmp
memory/3760-1543-0x0000000002B40000-0x0000000002D4C000-memory.dmp
memory/3760-1544-0x0000000000400000-0x000000000060C000-memory.dmp
memory/5932-1552-0x0000000002990000-0x0000000002B9C000-memory.dmp
memory/5932-1558-0x0000000002990000-0x0000000002B9C000-memory.dmp
memory/5932-1562-0x0000000000400000-0x000000000060C000-memory.dmp
memory/5932-1563-0x0000000000400000-0x000000000060C000-memory.dmp
memory/5932-1564-0x0000000000400000-0x000000000060C000-memory.dmp
memory/5932-1565-0x0000000002990000-0x0000000002B9C000-memory.dmp
memory/5932-1569-0x0000000002990000-0x0000000002B9C000-memory.dmp
memory/5932-1570-0x0000000000400000-0x000000000060C000-memory.dmp
memory/2320-1580-0x0000024E8F640000-0x0000024E8F650000-memory.dmp
memory/2320-1596-0x0000024E8F740000-0x0000024E8F750000-memory.dmp
memory/2320-1612-0x0000024E97D00000-0x0000024E97D01000-memory.dmp
memory/2320-1613-0x0000024E97D30000-0x0000024E97D31000-memory.dmp