Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system -
submitted
16/03/2025, 22:44
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
game-11-islands-story-of-loveSetup.exe
Resource
win7-20241010-en
windows7-x64
24 signatures
150 seconds
General
-
Target
game-11-islands-story-of-loveSetup.exe
-
Size
167KB
-
MD5
0d792b22e6631e0aa21d806ab41ca262
-
SHA1
0248a68fe072e51d80a125bb687bb52555cee59a
-
SHA256
53a1eebbb64c49252cd29f5bf5b3d652c73ad7bf3116bbd1e17d1e1fa36c863a
-
SHA512
ae0337dd76c017809a0ee78dd3ac067c8a9c9f94e9a8a9d4dbf929d7614cc8ac39b9d86607d704b553225fc9c2c459c38f550d27ef416095434c0b68c6997efd
-
SSDEEP
3072:/Lk39+hYXJxDf1uP5a+YS0otaQ9mEUG7fIhF1+QGHVLi4Tn7Kx8zynfIuDpkos:/QvHDf1uE9msQ9mEJ4zq1e43Kx8zcfIz
Malware Config
Extracted
Family
sality
C2
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Signatures
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Modifies firewall policy service 3 TTPs 3 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions = "0" game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1" game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0" game-11-islands-story-of-loveSetup.exe -
Sality family
-
UAC bypass 3 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" game-11-islands-story-of-loveSetup.exe -
Windows security bypass 2 TTPs 6 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UacDisableNotify = "1" game-11-islands-story-of-loveSetup.exe -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ GLWorker.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ GLWorker.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ GLWorker.exe -
Downloads MZ/PE file 1 IoCs
flow pid Process 2 4404 game-11-islands-story-of-loveSetup.exe -
Checks BIOS information in registry 2 TTPs 6 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate GLWorker.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion GLWorker.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate GLWorker.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion GLWorker.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate GLWorker.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion GLWorker.exe -
Executes dropped EXE 9 IoCs
pid Process 4924 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 2636 toasterinstaller.exe 4172 GamesManager.exe 1192 GamesManager.exe 440 GamesManager.exe 2304 GLWorker.exe 2776 GLWorker.exe 3148 GLWorker.exe -
Loads dropped DLL 64 IoCs
pid Process 4404 game-11-islands-story-of-loveSetup.exe 4404 game-11-islands-story-of-loveSetup.exe 4404 game-11-islands-story-of-loveSetup.exe 4924 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification 2 TTPs 7 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UacDisableNotify = "1" game-11-islands-story-of-loveSetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\Svc game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusOverride = "1" game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "1" game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallDisableNotify = "1" game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\FirewallOverride = "1" game-11-islands-story-of-loveSetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Security Center\UpdatesDisableNotify = "1" game-11-islands-story-of-loveSetup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" game-11-islands-story-of-loveSetup.exe -
Enumerates connected drives 3 TTPs 11 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\P: game-11-islands-story-of-loveSetup.exe File opened (read-only) \??\E: game-11-islands-story-of-loveSetup.exe File opened (read-only) \??\G: game-11-islands-story-of-loveSetup.exe File opened (read-only) \??\J: game-11-islands-story-of-loveSetup.exe File opened (read-only) \??\M: game-11-islands-story-of-loveSetup.exe File opened (read-only) \??\N: game-11-islands-story-of-loveSetup.exe File opened (read-only) \??\O: game-11-islands-story-of-loveSetup.exe File opened (read-only) \??\H: game-11-islands-story-of-loveSetup.exe File opened (read-only) \??\I: game-11-islands-story-of-loveSetup.exe File opened (read-only) \??\K: game-11-islands-story-of-loveSetup.exe File opened (read-only) \??\L: game-11-islands-story-of-loveSetup.exe -
resource yara_rule behavioral2/memory/4404-3-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-8-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-6-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-10-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-9-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-11-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-7-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-5-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-1-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-4-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-22-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-23-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-24-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-32-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-33-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-35-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-36-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-37-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-39-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-40-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-44-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-46-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-48-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-50-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-52-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-57-0x0000000002330000-0x00000000033BE000-memory.dmp upx behavioral2/memory/4404-72-0x0000000002330000-0x00000000033BE000-memory.dmp upx -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SYSTEM.INI game-11-islands-story-of-loveSetup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 10 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GLWorker.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GLWorker.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GamesManagerInstaller.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language toasterinstaller.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GamesManager.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GLWorker.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language game-11-islands-story-of-loveSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GamesManagerInstaller.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GamesManager.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language GamesManager.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\gvdVnmsgkrpk = "qeBV~ctipWd~QAj^JBpfzVF" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\ankgZq = "_^js`" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\ankgZq = "D\\a`T" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\ankgZq = "s{sWH" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\bGyoPIghe = "rY^NsjrXtLEwlGMPxPJ}eCwMgzyrv" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\bGyoPIghe = "YP@]htA|ZBer_cQ}PgDcP}Dt_A`qZ" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\Lbzt = "jpkIUkH~pWRwyG]WR`si\x7fYO\x7fN^@x^" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\InprocServer32\ThreadingModel = "Both" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\Lbzt = "[}NYpiBcCFDJY\x7fio\\KtL}fdGeilkU" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\ankgZq = "uaFQ`" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\ankgZq = "s_JZ\\" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\ipMpzhIiwr = "xsh{ZCUlSNnV\\w`I_Z" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\llzgb = "@PB[yLnumijng@`M@SgyDWoRfO[@GiJ" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\gvdVnmsgkrpk = "qeBV~ctipWd~QAj^DBpfzV@" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\bmRkppjdducR = "bvygQBvyvSJHFCGTjX" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\bGyoPIghe = "YP@]htA|ZBer_cQ}PgDc@}Dt_A`qJ" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\gvdVnmsgkrpk = "qeBV~ctipWd~QAj^FBpfzVC" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\InprocServer32\ = "C:\\Windows\\SysWOW64\\qcap.dll" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\tteaXnyxuwng = "wObtkV\x7fkGHbUpk^NzMfTP^" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\ipMpzhIiwr = "JRmxxehwWv|uYtaEaQ" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\gvdVnmsgkrpk = "_Sqj]^]gJB{KaV}c{Rd|AEe" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\ankgZq = "_zS~t" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\bGyoPIghe = "YP@]htA|ZBer_cQ}PgDcP}Dt_A`qZ" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\ankgZq = "Giqhh" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\bmRkppjdducR = "sHGNZQ_uuNfwLa`{|t" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\AmtnjCsffU = "MxMXarDOFUTg{ifZE|l\x7fGxvAyNq\\" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\bGyoPIghe = "YP@]htA|ZBer_cQ}PgDc`}Dt_A`qj" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\bmRkppjdducR = "sHGNZQ_uuNfwLa`{|t" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\gvdVnmsgkrpk = "qeBV~ctipWd~QAj^HBpfzVO" GLWorker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85} GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\tteaXnyxuwng = "cSJ\\q|{[`Y~\\uBfKPZVPhT" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\gvdVnmsgkrpk = "_Sqj]^]gJB{KaV}cxRd|AEg" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\bGyoPIghe = "rY^NsjrXtLEwlGMPxPJ}eCwMgzyrv" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\bmRkppjdducR = "bvygQBvyvSJHFCGTjX" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\ankgZq = "h]AIh" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\ankgZq = "Duyc`" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\ankgZq = "YI~{h" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\gvdVnmsgkrpk = "qeBV~ctipWd~QAj^KBpfzVM" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\tteaXnyxuwng = "cSJ\\q|{[`Y~\\uBfKPZVPhT" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\ipMpzhIiwr = "JRmxxehwWv|uYtaEaQ" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\gvdVnmsgkrpk = "_Sqj]^]gJB{KaV}cwRd|AE`" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\gvdVnmsgkrpk = "_Sqj]^]gJB{KaV}cvRd|AEk" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\gvdVnmsgkrpk = "qeBV~ctipWd~QAj^ABpfzVB" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\AmtnjCsffU = "MvsUDicwuBwQwo\\dUlm\x7fVswUOTRJ" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\llzgb = "vT~UiB\x7ftTLNTLyZ\x7fEx`{Zz~xseE}bVY" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\ankgZq = "svRYh" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\AmtnjCsffU = "MvsUDicwuBwQwo\\dUlm\x7fVswUOTRJ" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\gvdVnmsgkrpk = "qeBV~ctipWd~QAj^GBpfzVH" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\ankgZq = "khQAT" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\ankgZq = "Y`fx\\" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\gvdVnmsgkrpk = "_Sqj]^]gJB{KaV}ctRd|AEh" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\ankgZq = "htYJ\\" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\gvdVnmsgkrpk = "_Sqj]^]gJB{KaV}cuRd|AEc" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\llzgb = "vT~UiB\x7ftTLNTLyZ\x7fEx`{Zz~xseE}bVY" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\bGyoPIghe = "rY^NsjrXtLEwlGMPxPJ}uCwMgzyrf" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\gvdVnmsgkrpk = "_Sqj]^]gJB{KaV}cqRd|AEj" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\tteaXnyxuwng = "wObtkV\x7fkGHbUpk^NzMfTP^" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\llzgb = "@PB[yLnumijng@`M@SgyDWoRfO[@GiJ" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\gvdVnmsgkrpk = "_Sqj]^]gJB{KaV}czRd|AEn" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\gvdVnmsgkrpk = "qeBV~ctipWd~QAj^EBpfzVK" GLWorker.exe Set value (str) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000_Classes\{6A46BC7E-D638-13D1-B2E4-0060975B8649}\AmtnjCsffU = "MxMXarDOFUTg{ifZE|l\x7fGxvAyNq\\" GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\ = "AVI mux Property Page1" GLWorker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\InprocServer32 GLWorker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{047BE818-8D8D-8851-38DB-E3ECADF6FC85}\bGyoPIghe = "rY^NsjrXtLEwlGMPxPJ}UCwMgzyrF" GLWorker.exe -
Modifies system certificate store 2 TTPs 18 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 GamesManager.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 GamesManager.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F\Blob = 0f00000001000000200000001504593902ec8a0bab29f03bf35c3058b5fd1807a74dab92cb61ed4a9908afa40b000000010000006200000041006d0061007a006f006e00200053006500720076006900630065007300200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790020002d002d002000470032000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000002500000030233021060b6086480186fd6e0107180330123010060a2b0601040182373c0101030200c0620000000100000020000000568d6905a2c88708a4b3025190edcfedb1974a606a13c6e5290fcb2ae63edab51400000001000000140000009c5f00dfaa01d7302b3888a2b86d4a9cf21191831d000000010000001000000052135310639a10f77f886b229b9f7afc7f000000010000000c000000300a06082b060105050703037e00000001000000080000000080c82b6886d701030000000100000014000000925a8f8d2c6d04e0665f596aff22d863e8256f3f2000000001000000f3030000308203ef308202d7a003020102020100300d06092a864886f70d01010b0500308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d50c3ac42af94ee2f5be19975f8e8853b11f3fcbcf9f20136d293ac80f7d3cf76b763863d93660a89b5e5c0080b22f597ff687f9254386e7691b529a90e171e3d82d0d4e6ff6c849d9b6f31a56ae2bb67414ebcffb26e31aba1d962e6a3b5894894756ff25a093705383da847414c3679e04683adf8e405a1d4a4ecf43913be756d60070cb52ee7b7dae3ae7bc31f945f6c260cf1359022b80cc3447dfb9de90656d02cf2c91a6a6e7de8518497c664ea33a6da9b5ee342eba0d03b833df47ebb16b8d25d99bce81d1454632967087de020e494385b66c73bb64ea6141acc9d454df872fc722b226cc9f5954689ffcbe2a2fc4551c75406017850255398b7f050203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604149c5f00dfaa01d7302b3888a2b86d4a9cf2119183300d06092a864886f70d01010b050003820101004b36a6847769dd3b199f6723086f0e61c9fd84dc5fd83681cdd81b412d9f60ddc71a68d9d16e86e18823cf13de43cfe234b3049d1f29d5bff85ec8d5c1bdee926f3274f291822fbd82427aad2ab7207d4dbc7a5512c215eabdf76a952e6c749fcf1cb4f2c501a385d0723ead73ab0b9b750c6d45b78e94ac9637b5a0d08f15470ee3e883dd8ffdef410177cc27a9628533f23708ef71cf7706dec8191d8840cf7d461dff1ec7e1ceff23dbc6fa8d554ea902e74711463ef4fdbd7b2926bba961623728b62d2af6108664c970a7d2adb7297079ea3cda63259ffd68b730ec70fb758ab76d6067b21ec8b9e9d8a86f028b670d4d265771da20fcc14a508db128ba GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\925A8F8D2C6D04E0665F596AFF22D863E8256F3F\Blob = 19000000010000001000000014d4b19434670e6dc091d154abb20edc030000000100000014000000925a8f8d2c6d04e0665f596aff22d863e8256f3f7e00000001000000080000000080c82b6886d7017f000000010000000c000000300a06082b060105050703031d000000010000001000000052135310639a10f77f886b229b9f7afc1400000001000000140000009c5f00dfaa01d7302b3888a2b86d4a9cf2119183620000000100000020000000568d6905a2c88708a4b3025190edcfedb1974a606a13c6e5290fcb2ae63edab553000000010000002500000030233021060b6086480186fd6e0107180330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b000000010000006200000041006d0061007a006f006e00200053006500720076006900630065007300200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790020002d002d0020004700320000000f00000001000000200000001504593902ec8a0bab29f03bf35c3058b5fd1807a74dab92cb61ed4a9908afa42000000001000000f3030000308203ef308202d7a003020102020100300d06092a864886f70d01010b0500308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d50c3ac42af94ee2f5be19975f8e8853b11f3fcbcf9f20136d293ac80f7d3cf76b763863d93660a89b5e5c0080b22f597ff687f9254386e7691b529a90e171e3d82d0d4e6ff6c849d9b6f31a56ae2bb67414ebcffb26e31aba1d962e6a3b5894894756ff25a093705383da847414c3679e04683adf8e405a1d4a4ecf43913be756d60070cb52ee7b7dae3ae7bc31f945f6c260cf1359022b80cc3447dfb9de90656d02cf2c91a6a6e7de8518497c664ea33a6da9b5ee342eba0d03b833df47ebb16b8d25d99bce81d1454632967087de020e494385b66c73bb64ea6141acc9d454df872fc722b226cc9f5954689ffcbe2a2fc4551c75406017850255398b7f050203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604149c5f00dfaa01d7302b3888a2b86d4a9cf2119183300d06092a864886f70d01010b050003820101004b36a6847769dd3b199f6723086f0e61c9fd84dc5fd83681cdd81b412d9f60ddc71a68d9d16e86e18823cf13de43cfe234b3049d1f29d5bff85ec8d5c1bdee926f3274f291822fbd82427aad2ab7207d4dbc7a5512c215eabdf76a952e6c749fcf1cb4f2c501a385d0723ead73ab0b9b750c6d45b78e94ac9637b5a0d08f15470ee3e883dd8ffdef410177cc27a9628533f23708ef71cf7706dec8191d8840cf7d461dff1ec7e1ceff23dbc6fa8d554ea902e74711463ef4fdbd7b2926bba961623728b62d2af6108664c970a7d2adb7297079ea3cda63259ffd68b730ec70fb758ab76d6067b21ec8b9e9d8a86f028b670d4d265771da20fcc14a508db128ba GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd GamesManager.exe Key created \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\9E99A48A9960B14926BB7F3B02E22DA2B0AB7280 GamesManager.exe Set value (data) \REGISTRY\USER\S-1-5-21-869607583-2483572573-2297019986-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\9E99A48A9960B14926BB7F3B02E22DA2B0AB7280\Blob = 0300000001000000140000009e99a48a9960b14926bb7f3b02e22da2b0ab72801400000001000000140000009c5f00dfaa01d7302b3888a2b86d4a9cf2119183040000000100000010000000c6150925cfea5941ddc7ff2a0a5066920f00000001000000200000008408d5e5010ab8da67eb33a7d79ace944dd0ac103ae6ead3ff30dec571066b0319000000010000001000000014d4b19434670e6dc091d154abb20edc5c000000010000000400000000080000180000000100000010000000fd960962ac6938e0d4b0769aa1a64e265900000001000000160000005200530041002f0053004800410032003500360000004b0000000100000044000000420036003600320034003000420030004600360043003800340042004400340038003500370041004200410036003000430046003500430045003400410030005f000000200000000100000079040000308204753082035da003020102020900a70e4a4c3482b77f300d06092a864886f70d01010b05003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3039303930323030303030305a170d3334303632383137333931365a308198310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e313b303906035504031332537461726669656c6420536572766963657320526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100d50c3ac42af94ee2f5be19975f8e8853b11f3fcbcf9f20136d293ac80f7d3cf76b763863d93660a89b5e5c0080b22f597ff687f9254386e7691b529a90e171e3d82d0d4e6ff6c849d9b6f31a56ae2bb67414ebcffb26e31aba1d962e6a3b5894894756ff25a093705383da847414c3679e04683adf8e405a1d4a4ecf43913be756d60070cb52ee7b7dae3ae7bc31f945f6c260cf1359022b80cc3447dfb9de90656d02cf2c91a6a6e7de8518497c664ea33a6da9b5ee342eba0d03b833df47ebb16b8d25d99bce81d1454632967087de020e494385b66c73bb64ea6141acc9d454df872fc722b226cc9f5954689ffcbe2a2fc4551c75406017850255398b7f050203010001a381f03081ed300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604149c5f00dfaa01d7302b3888a2b86d4a9cf2119183301f0603551d23041830168014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7304f06082b0601050507010104433041301c06082b060105050730018610687474703a2f2f6f2e7373322e75732f302106082b060105050730028615687474703a2f2f782e7373322e75732f782e63657230260603551d1f041f301d301ba019a0178615687474703a2f2f732e7373322e75732f722e63726c30110603551d20040a300830060604551d2000300d06092a864886f70d01010b05000382010100231de38a57ca7de917794cf11e55fdcc536e3e470fdfc655f2b20436ed801f53c45d34286bbec755fc67eacb3f7f90b233cd1b58108202f8f82ff51360d405cef18108c1dda775974f18b96ddef7939108ba7e402cedc1eabb769e3306771d0d087f53dd1b64ab8227f169d54d5eaef4a1c375a758442df23c7098acba69b695777f0f315e2cfca0873a4769f0795ff41454a4955e1178126027ce9fc277ff2353775dbaffea59e7dbcfaf9296ef249a35107a9c91c60e7d99f63f19dff57254e115a907597b83bf522e468cb20064761c48d3d879e86e56ccae2c0390d7193899e4ca09195bff0796b0a87f3449df56a9f7b05fed33ed8c47b730035df4038c GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a GamesManager.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A GamesManager.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a GamesManager.exe -
Suspicious behavior: EnumeratesProcesses 24 IoCs
pid Process 4404 game-11-islands-story-of-loveSetup.exe 4404 game-11-islands-story-of-loveSetup.exe 4404 game-11-islands-story-of-loveSetup.exe 4404 game-11-islands-story-of-loveSetup.exe 4404 game-11-islands-story-of-loveSetup.exe 4404 game-11-islands-story-of-loveSetup.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 224 GamesManagerInstaller.exe 2636 toasterinstaller.exe 2636 toasterinstaller.exe 2636 toasterinstaller.exe 2636 toasterinstaller.exe 2636 toasterinstaller.exe 2636 toasterinstaller.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe Token: SeDebugPrivilege 4404 game-11-islands-story-of-loveSetup.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4172 GamesManager.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 4172 GamesManager.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4404 wrote to memory of 792 4404 game-11-islands-story-of-loveSetup.exe 9 PID 4404 wrote to memory of 800 4404 game-11-islands-story-of-loveSetup.exe 10 PID 4404 wrote to memory of 64 4404 game-11-islands-story-of-loveSetup.exe 13 PID 4404 wrote to memory of 2516 4404 game-11-islands-story-of-loveSetup.exe 42 PID 4404 wrote to memory of 2544 4404 game-11-islands-story-of-loveSetup.exe 43 PID 4404 wrote to memory of 2660 4404 game-11-islands-story-of-loveSetup.exe 45 PID 4404 wrote to memory of 3248 4404 game-11-islands-story-of-loveSetup.exe 55 PID 4404 wrote to memory of 3676 4404 game-11-islands-story-of-loveSetup.exe 57 PID 4404 wrote to memory of 3848 4404 game-11-islands-story-of-loveSetup.exe 58 PID 4404 wrote to memory of 4000 4404 game-11-islands-story-of-loveSetup.exe 59 PID 4404 wrote to memory of 4076 4404 game-11-islands-story-of-loveSetup.exe 60 PID 4404 wrote to memory of 2988 4404 game-11-islands-story-of-loveSetup.exe 61 PID 4404 wrote to memory of 3944 4404 game-11-islands-story-of-loveSetup.exe 62 PID 4404 wrote to memory of 2292 4404 game-11-islands-story-of-loveSetup.exe 76 PID 4404 wrote to memory of 1468 4404 game-11-islands-story-of-loveSetup.exe 82 PID 4404 wrote to memory of 1732 4404 game-11-islands-story-of-loveSetup.exe 83 PID 4404 wrote to memory of 792 4404 game-11-islands-story-of-loveSetup.exe 9 PID 4404 wrote to memory of 800 4404 game-11-islands-story-of-loveSetup.exe 10 PID 4404 wrote to memory of 64 4404 game-11-islands-story-of-loveSetup.exe 13 PID 4404 wrote to memory of 2516 4404 game-11-islands-story-of-loveSetup.exe 42 PID 4404 wrote to memory of 2544 4404 game-11-islands-story-of-loveSetup.exe 43 PID 4404 wrote to memory of 2660 4404 game-11-islands-story-of-loveSetup.exe 45 PID 4404 wrote to memory of 3248 4404 game-11-islands-story-of-loveSetup.exe 55 PID 4404 wrote to memory of 3676 4404 game-11-islands-story-of-loveSetup.exe 57 PID 4404 wrote to memory of 3848 4404 game-11-islands-story-of-loveSetup.exe 58 PID 4404 wrote to memory of 4000 4404 game-11-islands-story-of-loveSetup.exe 59 PID 4404 wrote to memory of 4076 4404 game-11-islands-story-of-loveSetup.exe 60 PID 4404 wrote to memory of 2988 4404 game-11-islands-story-of-loveSetup.exe 61 PID 4404 wrote to memory of 3944 4404 game-11-islands-story-of-loveSetup.exe 62 PID 4404 wrote to memory of 2292 4404 game-11-islands-story-of-loveSetup.exe 76 PID 4404 wrote to memory of 1468 4404 game-11-islands-story-of-loveSetup.exe 82 PID 4404 wrote to memory of 1732 4404 game-11-islands-story-of-loveSetup.exe 83 PID 4404 wrote to memory of 4920 4404 game-11-islands-story-of-loveSetup.exe 86 PID 4404 wrote to memory of 3584 4404 game-11-islands-story-of-loveSetup.exe 87 PID 4404 wrote to memory of 792 4404 game-11-islands-story-of-loveSetup.exe 9 PID 4404 wrote to memory of 800 4404 game-11-islands-story-of-loveSetup.exe 10 PID 4404 wrote to memory of 64 4404 game-11-islands-story-of-loveSetup.exe 13 PID 4404 wrote to memory of 2516 4404 game-11-islands-story-of-loveSetup.exe 42 PID 4404 wrote to memory of 2544 4404 game-11-islands-story-of-loveSetup.exe 43 PID 4404 wrote to memory of 2660 4404 game-11-islands-story-of-loveSetup.exe 45 PID 4404 wrote to memory of 3248 4404 game-11-islands-story-of-loveSetup.exe 55 PID 4404 wrote to memory of 3676 4404 game-11-islands-story-of-loveSetup.exe 57 PID 4404 wrote to memory of 3848 4404 game-11-islands-story-of-loveSetup.exe 58 PID 4404 wrote to memory of 4000 4404 game-11-islands-story-of-loveSetup.exe 59 PID 4404 wrote to memory of 4076 4404 game-11-islands-story-of-loveSetup.exe 60 PID 4404 wrote to memory of 2988 4404 game-11-islands-story-of-loveSetup.exe 61 PID 4404 wrote to memory of 3944 4404 game-11-islands-story-of-loveSetup.exe 62 PID 4404 wrote to memory of 2292 4404 game-11-islands-story-of-loveSetup.exe 76 PID 4404 wrote to memory of 1468 4404 game-11-islands-story-of-loveSetup.exe 82 PID 4404 wrote to memory of 1732 4404 game-11-islands-story-of-loveSetup.exe 83 PID 4404 wrote to memory of 4920 4404 game-11-islands-story-of-loveSetup.exe 86 PID 4404 wrote to memory of 3584 4404 game-11-islands-story-of-loveSetup.exe 87 PID 4404 wrote to memory of 4304 4404 game-11-islands-story-of-loveSetup.exe 88 PID 4404 wrote to memory of 4924 4404 game-11-islands-story-of-loveSetup.exe 90 PID 4404 wrote to memory of 4924 4404 game-11-islands-story-of-loveSetup.exe 90 PID 4404 wrote to memory of 4924 4404 game-11-islands-story-of-loveSetup.exe 90 PID 4924 wrote to memory of 224 4924 GamesManagerInstaller.exe 91 PID 4924 wrote to memory of 224 4924 GamesManagerInstaller.exe 91 PID 4924 wrote to memory of 224 4924 GamesManagerInstaller.exe 91 PID 224 wrote to memory of 2636 224 GamesManagerInstaller.exe 94 PID 224 wrote to memory of 2636 224 GamesManagerInstaller.exe 94 PID 224 wrote to memory of 2636 224 GamesManagerInstaller.exe 94 PID 224 wrote to memory of 4172 224 GamesManagerInstaller.exe 95 PID 224 wrote to memory of 4172 224 GamesManagerInstaller.exe 95 -
System policy modification 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" game-11-islands-story-of-loveSetup.exe
Processes
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵PID:792
-
C:\Windows\system32\fontdrvhost.exe"fontdrvhost.exe"1⤵PID:800
-
C:\Windows\system32\dwm.exe"dwm.exe"1⤵PID:64
-
C:\Windows\system32\sihost.exesihost.exe1⤵PID:2516
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc1⤵PID:2544
-
C:\Windows\system32\taskhostw.exetaskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}1⤵PID:2660
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3248
-
C:\Users\Admin\AppData\Local\Temp\game-11-islands-story-of-loveSetup.exe"C:\Users\Admin\AppData\Local\Temp\game-11-islands-story-of-loveSetup.exe"2⤵
- Modifies firewall policy service
- UAC bypass
- Windows security bypass
- Downloads MZ/PE file
- Loads dropped DLL
- Windows security modification
- Checks whether UAC is enabled
- Enumerates connected drives
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:4404 -
C:\Users\Admin\AppData\Local\Temp\nsvAD58.tmp\GamesManagerInstaller.exe"C:\Users\Admin\AppData\Local\Temp\nsvAD58.tmp\GamesManagerInstaller.exe" -installer.createiwinshortcuts=yes -config.channel=20000004 -config.uri=https://gm.download-free-games.com/ -config.channelName=DFG -config.iwinrequest="PF/2484398696830592063/game-11-islands-story-of-love/47/0"3⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4924 -
C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe"C:\Users\Admin\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000004 -config.uri="https://gm.download-free-games.com/" -config.channelName="DFG" -config.sku=FIRST_INSTALL -installer.createshortcutswithname="Download Free Games" -autoupdate=1 -config.iwinrequest="PF/2484398696830592063/game-11-islands-story-of-love/47/0"4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Users\Admin\AppData\Local\GamesManager_iWin_DFG\toasterinstaller.exe"C:\Users\Admin\AppData\Local\GamesManager_iWin_DFG\toasterinstaller.exe" /S --no-desktop-shortcut5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2636
-
-
C:\Users\Admin\AppData\Local\GamesManager_iWin_DFG\GamesManager.exe"C:\Users\Admin\AppData\Local\GamesManager_iWin_DFG\GamesManager.exe" -config.uri=https://gm.download-free-games.com/ -config.channel="20000004" -config.sku="FIRST_INSTALL" -config.iwinrequest="PF/2484398696830592063/game-11-islands-story-of-love/47/0"5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4172 -
C:\Users\Admin\AppData\Local\GamesManager_iWin_DFG\GamesManager.exe"C:\Users\Admin\AppData\Local\GamesManager_iWin_DFG\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=001D01867314B1987A7EAD285D63D027 --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_DFG\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000004 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=001D01867314B1987A7EAD285D63D027 --renderer-client-id=2 --mojo-platform-channel-handle=2904 /prefetch:16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1192
-
-
C:\Users\Admin\AppData\Local\GamesManager_iWin_DFG\GamesManager.exe"C:\Users\Admin\AppData\Local\GamesManager_iWin_DFG\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=830B83B18A37B84528D284A74BDFCE65 --lang=en-US --lang=en-US --log-file="C:\Users\Admin\AppData\Local\GamesManager_iWin_DFG\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000004 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=830B83B18A37B84528D284A74BDFCE65 --renderer-client-id=3 --mojo-platform-channel-handle=3472 /prefetch:16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:440
-
-
C:\Users\Admin\AppData\Local\UGMgames\20000004\game-11-islands-story-of-love\game-11-islands-story-of-love\GLWorker.exeC:\Users\Admin\AppData\Local\UGMgames\20000004\game-11-islands-story-of-love\game-11-islands-story-of-love\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid24843987080027212816⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2304
-
-
C:\Users\Admin\AppData\Local\UGMgames\20000004\game-11-islands-story-of-love\game-11-islands-story-of-love\GLWorker.exeC:\Users\Admin\AppData\Local\UGMgames\20000004\game-11-islands-story-of-love\game-11-islands-story-of-love\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid24843987080027212816⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2776
-
-
C:\Users\Admin\AppData\Local\UGMgames\20000004\game-11-islands-story-of-love\game-11-islands-story-of-love\GLWorker.exeC:\Users\Admin\AppData\Local\UGMgames\20000004\game-11-islands-story-of-love\game-11-islands-story-of-love\GLWorker.exe ALTUSERNAME;DAYSLEFT;TIMELEFTTOTAL;gid24843987080027212816⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3148
-
-
-
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc1⤵PID:3676
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵PID:3848
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵PID:4000
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:4076
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵PID:2988
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:3944
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca1⤵PID:2292
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppX3bn25b6f886wmg6twh46972vprk9tnbf.mca1⤵PID:1468
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca1⤵PID:1732
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:4920
-
C:\Windows\System32\RuntimeBroker.exeC:\Windows\System32\RuntimeBroker.exe -Embedding1⤵PID:3584
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.11⤵PID:4304
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
4Disable or Modify System Firewall
1Disable or Modify Tools
3Modify Registry
6Subvert Trust Controls
1Install Root Certificate
1Virtualization/Sandbox Evasion
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.7MB
MD5a6459cb0905d774983ee0fe1320d6d13
SHA15e62f1b56fb76f95f7f9d08c2a47506314d32f67
SHA256e70670dac2ce844ae9828b20f3349b5c25eb8a05d39c1be5dc867e27f474c26a
SHA512ba61dc7ea1c2763411f1df3b77e1c1769dd59fa4bbed2e51a8a38b0d64e7a0215d463f267757ad45c95c3e4711427bdb522ceb7dcb1243e6b82c233ca016157f
-
Filesize
25KB
MD5e7ebd034dacf96fcc0c7a35c62477d21
SHA1cd372d0607d94b48ac84a1738ed434df4d882f22
SHA256dc84aa66f398781fe76eecf90fc6613f729076552d4b268269228b754bfd70d2
SHA512df367b39c7c62ba2df1d50cbe3dbc97a7a2719fae7684330b4df971f0742c3447f0beb2d295a206522bbce6fbd0053d188d159f7236b6953d35cbf51aecc1bf3
-
Filesize
11KB
MD5bf712f32249029466fa86756f5546950
SHA175ac4dc4808ac148ddd78f6b89a51afbd4091c2e
SHA2567851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af
SHA51213f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4
-
Filesize
4KB
MD5f0438a894f3a7e01a4aae8d1b5dd0289
SHA1b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA25630c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
Filesize
3KB
MD51cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA10b9519763be6625bd5abce175dcc59c96d100d4c
SHA2569be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA5127acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
-
Filesize
14KB
MD5a5f8399a743ab7f9c88c645c35b1ebb5
SHA1168f3c158913b0367bf79fa413357fbe97018191
SHA256dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9
SHA512824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f
-
Filesize
32.0MB
MD5082498c717b542a12971c37ca63375ec
SHA18ff2a9b3a7e4d82e3f6ffa00dd0e88f41dbac826
SHA2560581c5c9550456d2be8c9d03576d2af73a97e0686ab0ba88e3c1bd8ccd7f7a16
SHA5122005e2ee9e730951b5977eacc1e2d985a015dbfd544291a0fac5b2cb4e02198bf6b573fad8c1949b34747fe55042f49048b73493bc2ba12edb5985c33c27dd54