Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1522706
MD5:	07df7ce090a7fe033952ef5651684566
SHA1:	fa0b5c800577df34320a8289d1a8ab50eb4659bb
SHA256:	37c2b040bf4aad7189adcd32f1021208622754c043d6e3f8b4afa5dc9f078ee0
Tags:	exeuser-jstrosch
Infos:

Detection

Score:	57
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	34
Range:	0 - 100

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Machine Learning detection for sample

Tries to harvest and steal browser information (history, passwords, etc)

Windows shortcut file (LNK) contains suspicious command line arguments

Adds / modifies Windows certificates

Binary contains a suspicious time stamp

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

EXE planting / hijacking vulnerabilities found

Enables security privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains executable resources (Code or Archives)

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sleep loop found (likely to delay execution)

Stores large binary data to the registry

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 23%

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Cryptography

Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B999000.00000002.00000001.01000000.00000016.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/u/XDdjlDyw7gHEtaaasZ9GdG8WOKAyJzXd8HFrDtz2Jcuy7er7MtWvHgNDA0bwpznbI5YdZeV4UfCEsA4SrA5b3MnWTHwA1bgbiDM+L9rrqvcadcKuOlTeN48Q0ijmhHlNFbTzvT9W0zw/GKv8LgXAHggxtmHQ/Z9PP2QNF5O8rUHHSL4AJ6hNcEKSBVSmbbjeVm4gSXDuED5r0nwxvRtupDxGYp8IZpP5KlExqNu1nbkPc+igCTIB6XsqijagzxewUHCdovmkb2JNtskx/PMIEv+TvWIx2BzqGp71gSh/dV7SJ3rClvWd2xj8dtxG8FfAWDTIIi0qZXWn2QhizQIDAQAB-----END PUBLIC KEY-----

memstr_3cfb61ff-d

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	EXE: C:\Users\user\AppData\Roaming\MSN Games Notifier\installer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\Uninstaller.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinUpgrader.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	EXE: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\MSN Games Notifier.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	EXE: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\Uninstall MSN Games Notifier.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinInstaller.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\Firewall.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinPrerequisitesAdmin.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\browser_cef_exe.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinLauncher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinPrerequisitesUser.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	EXE: C:\Users\user\AppData\Roaming\MSN Games Notifier\installer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\Uninstaller.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinUpgrader.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	EXE: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\MSN Games Notifier.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	EXE: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\Uninstall MSN Games Notifier.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinInstaller.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\Firewall.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinPrerequisitesAdmin.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\browser_cef_exe.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinLauncher.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinPrerequisitesUser.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	EXE: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Jump to behavior

Uses 32bit PE files

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe

Registry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSN Games Manager

Source:	Binary string: fkadialhk.dllacpiz.dllactivedetect32.dllactivedetect64.dllairfoilinject3.dllakinsofthook32.dllassistant_x64.dllavcuf64.dllavgrsstx.dllbabylonchromepi.dllbtkeyind.dllcmcsyshk.dllcmsetac.dllcooliris.dllcplushook.dlldockshellhook.dlleasyhook32.dllesspd.dllgoogledesktopnetwork3.dllfwhook.dllguard64.dllhookprocesscreation.dllhookterminateapis.dllhookprintapis.dllimon.dllicatcdll.dllicdcnl.dllioloHL.dllkloehk.dlllawenforcer.dlllibdivx.dlllvprcinj01.dllmadchook.dllmdnsnsp.dllmoonsysh.dllmpk.dllnpdivx32.dllnpggNT.desnpggNT.dlloawatch.dllpastali32.dllpavhook.dllpavlsphook.dllpavshook.dllpavshookwow.dllpctavhook.dllpctgmhk.dllpicrmi32.dllpicrmi64.dllprntrack.dllprotector.dllradhslib.dllradprlib.dllrapportnikko.dllrlhook.dllrooksdol.dllrndlpepperbrowserrecordhelper.dllrpchromebrowserrecordhelper.dllr3hook.dllsahook.dllsbrige.dllsc2hook.dllsdhook32.dllsguard.dllsmum32.dllsmumhook.dllssldivx.dllsyncor11.dllsystools.dlltfwah.dllwblind.dllwbhelp.dllwindowsapihookdll32.dllwindowsapihookdll64.dllwinstylerthemehelper.dll\::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &token)../../content/common/sandbox_win.cc::GetTokenInformation(token, TokenSessionId, &session_id, sizeof(session_id), &session_id_length)\Sessions\%lu%lsProcess.Sandbox.FlagOverrodeRemoteSessionCheck\??\pipe\chrome.\\.\pipe\chrome.nacl.\\.\pipe\chrome.sync.*.pdbProcess.Sandbox.Launch.WarningResultCodeProcess.Sandbox.Launch.Warning\Device\DeviceApiFileYou are attempting to duplicate a privileged handle into a sandboxed process. source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\Jenkins\workspace\client3.exe.iwininstaller\ugmtooliwininstallerexe\bin\exe\iWinInstaller.pdb source: GamesManager.exe, 00000007.00000003.3293582074.0000000002E06000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XInput1_3.pdb source: toasterinstaller.exe, 00000006.00000003.3242267684.0000000003670000.00000004.00001000.00020000.00000000.sdmp, toasterinstaller.exe, 00000006.00000003.3242095039.00000000034B0000.00000004.00001000.00020000.00000000.sdmp, toasterinstaller.exe, 00000006.00000003.3242309069.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\client3.exe.iwinlauncher\ugmtooliwinlauncherexe\bin\exe\iWinLauncher.pdb source: GamesManager.exe, 00000007.00000003.3293772599.00000000032C1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: XInput1_3.pdb@ source: toasterinstaller.exe, 00000006.00000003.3242267684.0000000003670000.00000004.00001000.00020000.00000000.sdmp, toasterinstaller.exe, 00000006.00000003.3242095039.00000000034B0000.00000004.00001000.00020000.00000000.sdmp, toasterinstaller.exe, 00000006.00000003.3242309069.0000000002EE0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\client3.exe.unifiedgamesmanager\ugmexe\bin\exe\UnifiedGamesManager.pdb source: GamesManager.exe, 00000007.00000002.3453951158.0000000000D1B000.00000002.00000001.01000000.00000015.sdmp, GamesManager.exe, 00000007.00000000.3289003515.0000000000D1B000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\Jenkins\workspace\client3.exe.iwinprerequisites\ugmtoolprerequisites\bin\exe\iWinPrerequisitesAdmin.pdb source: GamesManager.exe, 00000007.00000003.3293940425.00000000032C1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\client3.exe.iwininstaller\ugmtooliwininstallerexe\bin\exe\iWinInstaller.pdb7 source: GamesManager.exe, 00000007.00000003.3293582074.0000000002E06000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\Jenkins\workspace\client3.exe.iwinprerequisites\ugmtoolprerequisites\bin\exe\iWinPrerequisitesUser.pdb source: GamesManager.exe, 00000007.00000002.3458594645.00000000032D0000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405302 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_00405302
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405CD8 FindFirstFileA,FindClose,	0_2_00405CD8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040263E FindFirstFileA,	0_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Code function: 4_2_00406301 FindFirstFileW,FindClose,	4_2_00406301
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Code function: 4_2_00406CC7 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	4_2_00406CC7
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Code function: 5_2_00402E18 FindFirstFileW,	5_2_00402E18
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Code function: 5_2_00406436 FindFirstFileW,FindClose,	5_2_00406436
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Code function: 5_2_00406DFC DeleteFileW,CloseHandle,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	5_2_00406DFC
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Code function: 6_2_0040287E FindFirstFileW,	6_2_0040287E
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Code function: 6_2_00406427 FindFirstFileW,FindClose,	6_2_00406427
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Code function: 6_2_004058D5 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	6_2_004058D5
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE97409 FindFirstFileExA,	7_2_6CE97409

Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior

Source: global traffic	HTTP traffic detected: HEAD / HTTP/1.1Host: ugm3-msn.iwin.comConnection: keep-aliveOrigin: http://gmUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept: /Referer: http://gm/splash.html?launchurl=https://ugm3-msn.iwin.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ugm3-msn.iwin.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ugm.appcache HTTP/1.1Host: ugm3-msn.iwin.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8Cookie: ugm3device=ugm
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ugm3-msn.iwin.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8Cookie: ugm3device=ugm
Source: global traffic	HTTP traffic detected: GET /assets/ugm3-msn_iwin_com/offline-94e0c02b76a422b1c94ca5ad97c852ca577079edb6bd6688e5d1bf3042facd22.js HTTP/1.1Host: play.iwincdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ugm3-msn.iwin.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8Cookie: ugm3device=ugm
Source: global traffic	HTTP traffic detected: GET /offline HTTP/1.1Host: ugm3-msn.iwin.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8Cookie: ugm3device=ugm
Source: global traffic	HTTP traffic detected: GET /assets/site/ajax-loader-2-62916463ab77e7f2aea4f13eee7b21c1801a6997cd15f90dd18135539bbc414d.gif HTTP/1.1Host: play.iwincdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/ugm3-msn_iwin_com/logo-loading-c6983a12a93990ab7e6d5224d41eea343f5188fdb4649e36bb1c2a43b0e8b5d9.png HTTP/1.1Host: play.iwincdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept: image/webp,image/apng,image/,/*;q=0.8Referer: https://ugm3-msn.iwin.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/ugm3-msn_iwin_com/loading-c7c643216b5fbb8e3554c4377ac2fa5f8b4decf15d1569ef8362be8d3bd1cca1.js HTTP/1.1Host: play.iwincdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/site/ajax-loader-443ab5e1c534732de9740651feb46b329eb7ae230636a80d0d9c075e502a5dbc.gif HTTP/1.1Host: play.iwincdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/site/moredata-79398f1ef11de2f4203c85014a39f1c1a8b74ef95a704568a49324a5c2d3342d.gif HTTP/1.1Host: play.iwincdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /assets/site/no-internet-1f884dafc618d40d55fd8ce1b9d2154e22339ef1c67669c782b294094da7235e.png HTTP/1.1Host: play.iwincdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPIAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8

Source: GamesManager.exe, 00000007.00000002.3461793997.00000000042B0000.00000002.00000001.00040000.00000022.sdmp	String found in binary or memory: "url": "https://www.facebook.com/chat/video/videocalldownload.php", equals www.facebook.com (Facebook)
Source: GamesManager.exe, 00000007.00000002.3461793997.0000000004465000.00000002.00000001.00040000.00000022.sdmp	String found in binary or memory: var url = 'http://www.youtube.com/embed/' + equals www.youtube.com (Youtube)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: !walla.co.ilhttp://www.walla.co.il/favicon.icohttp://search.walla.co.il/?q={searchTerms}Yahoo! Hong Konghk.yahoo.comhttps://hk.search.yahoo.com/favicon.icohttps://hk.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://hk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}in.grhttp://find.in.gr/Themes/1/Default/Media/Layout/icon_in.pnghttp://find.in.gr/?q={searchTerms}&ie={inputEncoding}&cx=partner-pub-3451081775397713%3Aklnvxp4nycj&cof=FORID%3A9 equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: ^baidu.comhttps://www.baidu.com/favicon.icohttps://www.baidu.com/#ie={inputEncoding}&wd={searchTerms}http://suggestion.baidu.com/su?wd={searchTerms}&action=opensearch&ie={inputEncoding}Yahoo! Schweizch.yahoo.comhttps://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Najdi.sinajdi.sihttps://www.najdi.si/assets/PROD-1.5.16/ctx/images/favicon.icohttps://www.najdi.si/search.jsp?q={searchTerms}Yahoo! Colombiaco.yahoo.comhttps://co.search.yahoo.com/favicon.icohttps://co.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://co.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Yahoo! Chilecl.yahoo.comhttps://cl.search.yahoo.com/favicon.icohttps://cl.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://cl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Yahoo! Canadaca.yahoo.comhttps://ca.search.yahoo.com/favicon.icohttps://ca.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://ca.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}SweetIMhome.sweetim.comhttp://search.sweetim.com/favicon.icohttp://search.sweetim.com/search.asp?q={searchTerms}&ln={language}Yahoo! Rom equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: gr.yahoo.comhttps://gr.search.yahoo.com/favicon.icohttps://gr.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}yandex.ruhttps://yandex.ru/{yandex:searchPath}?text={searchTerms}&{yandex:referralID}https://suggest.yandex.ru/suggest-ff.cgi?part={searchTerms}https://yandex.ru/images/search/?rpt=imageviewhttps://www.yandex.ru/chrome/newtab$ equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: hkhttp://search.conduit.com/Results.aspx?q={searchTerms}Conduitconduit.comhttp://www.conduit.com/favicon.icohttp://www.conduit.com/search?q={searchTerms}&ie={inputEncoding}&cx=010301873083402539744%3Anxaq5wgrtuo&cof=forid%3A11Yahoo! Venezuelave.yahoo.comhttps://ve.search.yahoo.com/favicon.icohttps://ve.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://ve.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Kvasirkvasir.nohttps://kvasir.no/grafikk/favicon.icohttps://kvasir.no/alle?q={searchTerms}Yahoo!yahoo.comhttps://search.yahoo.com/favicon.icohttps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Yahoo! Vi equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: hkhttp://www.search-results.com/web?q={searchTerms}Search-resultssearch-results.comhttp://ak.apnstatic.com/media/images/favicon_search-results.icohttp://dts.search-results.com/sr?lng={language}&src=hmp&q={searchTerms}Yahoo! Singaporesg.yahoo.comhttps://sg.search.yahoo.com/favicon.icohttps://sg.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://sg.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}searchnusearchnu.comhttp://www.searchnu.com/favicon.icohttp://www.searchnu.com/web?hl={language}&si={searchTerms} equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3465766605.0000000006340000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: naver.comhttps://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.icohttps://search.naver.com/search.naver?ie={inputEncoding}&query={searchTerms}&sm=chr_htyhttps://ac.search.naver.com/nx/ac?of=os&ie={inputEncoding}&q={searchTerms}&oe={outputEncoding}yandex.kzhttps://yandex.kz/{yandex:searchPath}?text={searchTerms}https://suggest.yandex.kz/suggest-ff.cgi?part={searchTerms}https://yandex.kz/images/search/?rpt=imageviewhttps://www.yandex.kz/chrome/newtabbATLAS.SKatlas.skhttp://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttp://hladaj.atlas.sk/fulltext/?phrase={searchTerms}UTF-8Yahoo! UK & Irelanduk.yahoo.comhttps://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Yahoo! JAPANyahoo.co.jphttps://search.yahoo.co.jp/favicon.icohttps://search.yahoo.co.jp/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p={searchTerms}&appid=oQsoxcyxg66enp0TYoirkKoryq6rF8bK76mW0KYxZ0v0WPLtn.Lix6wy8F_LwGWHUII-&output=fxjson&fr=crmas equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: niaro.yahoo.comhttps://ro.search.yahoo.com/favicon.icohttps://ro.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Onet.plonet.plhttp://szukaj.onet.pl/favicon.icohttp://szukaj.onet.pl/wyniki.html?qt={searchTerms}Zoznamzoznam.skhttp://www.zoznam.sk/favicon.icohttp://www.zoznam.sk/hladaj.fcgi?s={searchTerms}windows-1250@MAIL.RUmail.ruhttps://go.imgsmail.ru/favicon.icohttps://go.mail.ru/search?q={searchTerms}windows-1251https://suggests.go.mail.ru/chrome?q={searchTerms}H equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: nigma.ruhttp://nigma.ru/themes/nigma/img/favicon.icohttp://nigma.ru/?s={searchTerms}http://autocomplete.nigma.ru/complete/query_help.php?suggest=true&q={searchTerms}Yahoo! Suomifi.yahoo.comhttps://fi.search.yahoo.com/favicon.icohttps://fi.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}yandex.byhttps://yandex.by/{yandex:searchPath}?text={searchTerms}https://suggest.yandex.by/suggest-ff.cgi?part={searchTerms}https://yandex.by/images/search/?rpt=imageviewhttps://www.yandex.by/chrome/newtab equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: pe.yahoo.comhttps://pe.search.yahoo.com/favicon.icohttps://pe.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://pe.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Virgiliovirgilio.ithttp://ricerca.virgilio.it/common/favicon.icohttp://ricerca.virgilio.it/ricerca?qs={searchTerms}AOLaol.comhttps://search.aol.com/favicon.icohttps://search.aol.com/aol/search?q={searchTerms}http://autocomplete.search.aol.com/autocomplete/get?output=json&it=&q={searchTerms}DELFIdelfi.lvhttp://g1.delphi.lv/favicon.icohttp://www.delfi.lv/search_all/?ie={inputEncoding}&q={searchTerms}&lang={language}&cx=partner-pub-7754285690273419%3A1507605038&cof=FORID%3A10delfi.lthttp://www.delfi.lt/favicon.icohttp://www.delfi.lt/paieska/?q={searchTerms}Yahoo! Indiain.yahoo.comhttps://in.search.yahoo.com/favicon.icohttps://in.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://in.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Yahoo! Indonesiaid.yahoo.comhttps://id.search.yahoo.com/favicon.icohttps://id.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://id.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Yahoo! equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: rkiyetr.yahoo.comhttps://tr.search.yahoo.com/favicon.icohttps://tr.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}Yahoo! Philippinesph.yahoo.comhttps://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://ph.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Yahoo!GYidtw.yahoo.comhttps://tw.search.yahoo.com/favicon.icohttps://tw.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://tw.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Atlas.czatlas.czhttp://searchatlas.centrum.cz/favicon.icohttp://searchatlas.centrum.cz/?q={searchTerms}http://radce.centrum.cz/?q={searchTerms}&of=1OK.huok.huhttp://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q={searchTerms}ISO-8859-2Yandexyandex.com.trhttps://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.icohttps://www.yandex.com.tr/{yandex:searchPath}?text={searchTerms}https://suggest.yandex.com.tr/suggest-ff.cgi?part={searchTerms}https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtabYahoo! Espa equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: sterreichat.yahoo.comhttps://at.search.yahoo.com/favicon.icohttps://at.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://at.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Yahoo!7au.yahoo.comhttps://au.search.yahoo.com/favicon.icohttps://au.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://au.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Yahoo! Argentinaar.yahoo.comhttps://ar.search.yahoo.com/favicon.icohttps://ar.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Bingbing.comhttps://www.bing.com/s/a/bing_p.icohttps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMNhttps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316https://www.bing.com/images/detail/search?iss=sbi&FORM=CHROMI#enterInsightshttps://www.bing.com/chrome/newtabimgurl={google:imageURL}360so.comhttps://www.so.com/favicon.icohttps://www.so.com/s?ie={inputEncoding}&q={searchTerms}https://sug.so.360.cn/suggest?encodein={inputEncoding}&encodeout={outputEncoding}&format=opensearch&word={searchTerms}$ equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: th.yahoo.comhttps://th.search.yahoo.com/favicon.icohttps://th.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://th.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}TUT.BYtut.byhttp://search.tut.by/favicon.icohttp://search.tut.by/?ru=1&query={searchTerms}http://suggest.yandex.ru/suggest-ff.cgi?part={searchTerms}&limit=10Vinden.nlvinden.nlhttps://www.vinden.nl/favicon.icohttps://www.vinden.nl/?q={searchTerms}Wirtualna Polskawp.plhttp://i.wp.pl/a/i/stg/500/favicon.icohttp://szukaj.wp.pl/szukaj.html?q={searchTerms}Askask.comhttp://sp.ask.com/sh/i/a16/favicon/favicon.icohttp://www.ask.com/web?q={searchTerms}http://ss.ask.com/query?q={searchTerms}&li=ffYahoo! T equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B999000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: yandex.uahttps://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.icohttps://yandex.ua/{yandex:searchPath}?text={searchTerms}https://suggest.yandex.ua/suggest-ff.cgi?part={searchTerms}https://yandex.ua/images/search/?rpt=imageviewhttps://www.yandex.ua/chrome/newtabhttps://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.pngupfile={google:imageThumbnail},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight},prg=1Yahoo! Deutschlandde.yahoo.comhttps://de.search.yahoo.com/favicon.icohttps://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}Yahoo! equals www.yahoo.com (Yahoo)
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B999000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: \|j.gmailcalendar.google.com.calendarwww.youtube.com.youtube.top10sina.com.cnfacebook.combaidu.comqq.comtwitter.comtaobao.comlive.comyahooamazonwikipediaRenderThreadImpl::InitInitializeCompositorThreadScheduleIdleHandlerGetGpuFactories!base::CommandLine::ForCurrentProcess()->HasSwitch( switches::kSingleProcess)_IpcMessageHandlerClass::OnCreateNewSharedWorker5minOnProcessBackgrounded10min15min30minOnProcessPurgeAndSuspend60min90minMemory.Experimental.Renderer.PartitionAlloc.AfterBackgroundedMemory.Experimental.Renderer.BlinkGC.AfterBackgroundedMemory.Experimental.Renderer.Malloc.AfterBackgroundedMemory.Experimental.Renderer.Discardable.AfterBackgroundedMemory.Experimental.Renderer.V8MainThreaIsolate.AfterBackgroundedMemory.Experimental.Renderer.TotalAllocated.AfterBackgroundedPurgeAndSuspend.Experimental.MemoryGrowth.PartitionAllocKBPurgeAndSuspend.Experimental.MemoryGrowth.BlinkGCKBPurgeAndSuspend.Experimental.MemoryGrowth.MallocKBPurgeAndSuspend.Experimental.MemoryGrowth.DiscardableKBPurgeAndSuspend.Experimental.MemoryGrowth.V8MainThreadIsolateKBPurgeAndSuspend.Experimental.MemoryGrowth.TotalAllocatedKBRenderThreadImpl::EstablishGpuChannelSyncNQE.RenderThreadNotifiedRenderThreadImpl::OnMemoryPressureMemory.Experimental.Renderer.PurgedMemoryRenderer::FILE equals www.youtube.com (Youtube)

Source: MSN Games Manager.lnk.5.dr	LNK file: -config.channel=20000009 -config.uri=https://ugm3-msn.iwin.com/
Source: MSN Games Manager.lnk0.5.dr	LNK file: -config.channel=20000009 -config.uri=https://ugm3-msn.iwin.com/

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004030CB EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,CoUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,	0_2_004030CB
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Code function: 4_2_004038AF EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,	4_2_004038AF
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Code function: 5_2_004039E3 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,	5_2_004039E3
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Code function: 6_2_00403334 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	6_2_00403334

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004046CA	0_2_004046CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405FA8	0_2_00405FA8
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Code function: 4_2_0040737E	4_2_0040737E
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Code function: 4_2_00406EFE	4_2_00406EFE
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Code function: 4_2_004079A2	4_2_004079A2
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Code function: 4_2_004049A8	4_2_004049A8
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Code function: 5_2_0040761C	5_2_0040761C
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Code function: 5_2_00407033	5_2_00407033
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Code function: 5_2_00404ADC	5_2_00404ADC
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Code function: 6_2_004070D4	6_2_004070D4
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Code function: 6_2_004068FD	6_2_004068FD
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Code function: 6_2_00404BBF	6_2_00404BBF
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00A7B300	7_2_00A7B300
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00A85D30	7_2_00A85D30
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00A7AD00	7_2_00A7AD00
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00A8DD70	7_2_00A8DD70
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00A7AD42	7_2_00A7AD42
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00A74EB0	7_2_00A74EB0
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00A7AF00	7_2_00A7AF00
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE556E8	7_2_6CE556E8
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE8FCC5	7_2_6CE8FCC5
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE6ECA0	7_2_6CE6ECA0
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE58C23	7_2_6CE58C23
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE7EC2B	7_2_6CE7EC2B
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE66D40	7_2_6CE66D40
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE82EAF	7_2_6CE82EAF
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE67E40	7_2_6CE67E40
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE95F89	7_2_6CE95F89
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE8B820	7_2_6CE8B820
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE7E813	7_2_6CE7E813
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE7F495	7_2_6CE7F495
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE98561	7_2_6CE98561
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE830DF	7_2_6CE830DF
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE7E080	7_2_6CE7E080
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE7F060	7_2_6CE7F060
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE73111	7_2_6CE73111
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE673E0	7_2_6CE673E0
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE7B3FC	7_2_6CE7B3FC
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE683C0	7_2_6CE683C0
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE7E317	7_2_6CE7E317
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00A7B300	9_2_00A7B300
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00A85D30	9_2_00A85D30
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00A7AD00	9_2_00A7AD00
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00A8DD70	9_2_00A8DD70
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00A7AD42	9_2_00A7AD42
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00A74EB0	9_2_00A74EB0
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00A7AF00	9_2_00A7AF00
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_107AD460	9_2_107AD460
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1E1AE9A0	9_2_1E1AE9A0
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 11_2_1EFAE9A0	11_2_1EFAE9A0
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 11_2_2A1AD460	11_2_2A1AD460

Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Code function: String function: 00406404 appears 58 times
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: String function: 00C70F80 appears 32 times
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: String function: 6CE5BD30 appears 35 times
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: String function: 6CE79BCF appears 56 times
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: String function: 6CE53604 appears 68 times
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: String function: 00C70756 appears 36 times
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: String function: 6CE7B920 appears 54 times
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Code function: String function: 004062CF appears 58 times

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe	Mutant created: \Sessions\1\BaseNamedObjects\Name
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Mutant created: \Sessions\1\BaseNamedObjects\7a0d73ab-e51e-567f-8ccd-0dcc75c9699a

Source: GamesManagerInstaller.exe	String found in binary or memory: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000009 -
Source: GamesManagerInstaller.exe	String found in binary or memory: "C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000009
Source: GamesManagerInstaller.exe	String found in binary or memory: Exec: success (""C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.c
Source: GamesManagerInstaller.exe	String found in binary or memory: "C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe" -installer.createiwinshortcuts=yes -config.channel=2000
Source: GamesManagerInstaller.exe	String found in binary or memory: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe" -installer.createiwinshortcuts=yes -config.channel=20000
Source: GamesManagerInstaller.exe	String found in binary or memory: "C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000009
Source: GamesManagerInstaller.exe	String found in binary or memory: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000009 -

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe "C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe" -installer.createiwinshortcuts=yes -config.channel=20000009 -config.uri=https://ugm3-msn.iwin.com/ -config.channelName=MsnStreaming -config.iwinrequest="PF/1735198334008948550/zengems/51/0"
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Process created: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe "C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000009 -config.uri="https://ugm3-msn.iwin.com/" -config.channelName="iWin" -config.sku=FIRST_INSTALL -installer.createshortcutswithname="MSN Games Manager" -autoupdate=1 -config.iwinrequest="PF/1735198334008948550/zengems/51/0"
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Process created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe "C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe" /S --no-desktop-shortcut
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Process created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe "C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe" -config.uri=https://ugm3-msn.iwin.com/ -config.channel="20000009" -config.sku="FIRST_INSTALL" -config.iwinrequest="PF/1735198334008948550/zengems/51/0"
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe "C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=97A7B1777A421674542AF2780F1B6D7A --lang=en-US --lang=en-US --log-file="C:\Users\user\AppData\Local\GamesManager_iWin_MSN\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=97A7B1777A421674542AF2780F1B6D7A --renderer-client-id=2 --mojo-platform-channel-handle=2712 /prefetch:1
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe "C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=4AB44524C71BE879F241E5F9C60EF896 --lang=en-US --lang=en-US --log-file="C:\Users\user\AppData\Local\GamesManager_iWin_MSN\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=4AB44524C71BE879F241E5F9C60EF896 --renderer-client-id=3 --mojo-platform-channel-handle=3168 /prefetch:1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe "C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe" -installer.createiwinshortcuts=yes -config.channel=20000009 -config.uri=https://ugm3-msn.iwin.com/ -config.channelName=MsnStreaming -config.iwinrequest="PF/1735198334008948550/zengems/51/0"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Process created: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe "C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe" -installer.logstartsent=true -config.channel=20000009 -config.uri="https://ugm3-msn.iwin.com/" -config.channelName="iWin" -config.sku=FIRST_INSTALL -installer.createshortcutswithname="MSN Games Manager" -autoupdate=1 -config.iwinrequest="PF/1735198334008948550/zengems/51/0"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Process created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe "C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe" /S --no-desktop-shortcut	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Process created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe "C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe" -config.uri=https://ugm3-msn.iwin.com/ -config.channel="20000009" -config.sku="FIRST_INSTALL" -config.iwinrequest="PF/1735198334008948550/zengems/51/0"	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe "C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=97A7B1777A421674542AF2780F1B6D7A --lang=en-US --lang=en-US --log-file="C:\Users\user\AppData\Local\GamesManager_iWin_MSN\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=97A7B1777A421674542AF2780F1B6D7A --renderer-client-id=2 --mojo-platform-channel-handle=2712 /prefetch:1	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe "C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe" --type=renderer --no-sandbox --service-pipe-token=4AB44524C71BE879F241E5F9C60EF896 --lang=en-US --lang=en-US --log-file="C:\Users\user\AppData\Local\GamesManager_iWin_MSN\debug.log" --user-agent="Mozilla/5.0 (Windows NT 10.0; Win32; x86) Chromium/61.0.0.0 Chrome/61.0.0.0 Version/3.9.6.635 GamesManager/3.9.6.635 20000009 WinVer/10.0 [x64] CEF/3.3163.1651.gf229796 UAPI" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553 --disable-accelerated-video-decode --disable-gpu-compositing --enable-gpu-async-worker-context --service-request-channel-token=4AB44524C71BE879F241E5F9C60EF896 --renderer-client-id=3 --mojo-platform-channel-handle=3168 /prefetch:1	Jump to behavior

Source: MSN Games Manager.lnk.5.dr	LNK file: ..\..\..\..\..\..\Local\GamesManager_iWin_MSN\GamesManager.exe
Source: MSN Games Manager.lnk0.5.dr	LNK file: ..\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe
Source: MSN Games Notifier.lnk.6.dr	LNK file: ..\..\..\..\..\Local\Programs\MSN-Games-Notifier\MSN Games Notifier.exe

Source: chrome_elf.dll.5.dr	Static PE information: section name: .crthunk
Source: chrome_elf.dll.5.dr	Static PE information: section name: CPADinfo
Source: libcef.dll.5.dr	Static PE information: section name: _text32
Source: libcef.dll.5.dr	Static PE information: section name: .rodata
Source: libcef.dll.5.dr	Static PE information: section name: .crthunk
Source: libcef.dll.5.dr	Static PE information: section name: _RDATA
Source: libcef.dll.5.dr	Static PE information: section name: CPADinfo
Source: pepflashplayer.dll.5.dr	Static PE information: section name: .rodata
Source: ffmpeg.dll.6.dr	Static PE information: section name: .rodata
Source: MSN Games Notifier.exe.6.dr	Static PE information: section name: .rodata
Source: MSN Games Notifier.exe.6.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00C70FC6 push ecx; ret	7_2_00C70FD9
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE7CCB6 push ecx; ret	7_2_6CE7CCC9
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE7B966 push ecx; ret	7_2_6CE7B979
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00C70FC6 push ecx; ret	9_2_00C70FD9
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_10789933 push ecx; ret	9_2_107899B4
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_10786C20 push ecx; ret	9_2_10786C95
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1078A40A push edx; ret	9_2_1078A40B
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_10786CE0 push ecx; ret	9_2_10786DA9
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1078A4C0 push ebx; ret	9_2_1078A537
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_10786CB9 push ecx; ret	9_2_10786DA9
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1078A5EC push eax; ret	9_2_1078A5F2
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1078A66C push eax; ret	9_2_1078A672
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1E1BCFC9 push ecx; ret	9_2_1E1BCFE2
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1E194C21 push esi; ret	9_2_1E194C23
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1E187532 push ecx; ret	9_2_1E1875A0
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1E187566 push ecx; ret	9_2_1E1875A0
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1E1CDAC0 push ecx; ret	9_2_1E1CDB35
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1E18ABA8 push esi; ret	9_2_1E18ABAA
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1E1BE044 push ecx; ret	9_2_1E1BE073
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1E187060 push ecx; ret	9_2_1E187137
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1E1BE0E6 push ecx; ret	9_2_1E1BE15C
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_1E1BD1C8 push esi; ret	9_2_1E1BD23A
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 11_2_1EF87532 push ecx; ret	11_2_1EF875A0
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 11_2_1EFCDAC0 push ecx; ret	11_2_1EFCDB35
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 11_2_1EF97E94 push esi; ret	11_2_1EF97E98
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 11_2_1EFBCFC9 push ecx; ret	11_2_1EFBCFE2
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 11_2_1EF8ABA8 push esi; ret	11_2_1EF8ABAA
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 11_2_1EFBE0E6 push ecx; ret	11_2_1EFBE15C
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 11_2_1EF87060 push ecx; ret	11_2_1EF87137
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 11_2_1EFBE044 push ecx; ret	11_2_1EFBE073
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 11_2_1EF94C21 push esi; ret	11_2_1EF94C23

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinUpgrader.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsv9448.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinInstaller.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\Firewall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nskAA62.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinPrerequisitesAdmin.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsk1D3F.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\xinput1_3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\pepflashplayer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinPrerequisitesUser.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsk1D3F.tmp\WinShell.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsk1D3F.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\NSISdl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Roaming\MSN Games Notifier\installer.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\Uninstaller.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\node.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\MSN Games Notifier.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\Uninstall MSN Games Notifier.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\browser_cef_dll.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nskAA62.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\chrome_elf.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nskAA62.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\browser_cef_exe.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsk1D3F.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\libcef.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	File created: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinLauncher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File created: C:\Users\user\AppData\Local\Temp\nsk1D3F.tmp\System.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinUpgrader.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\ffmpeg.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsv9448.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\d3dcompiler_47.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinInstaller.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\Firewall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskAA62.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinPrerequisitesAdmin.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk1D3F.tmp\nsis7z.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\xinput1_3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\pepflashplayer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinPrerequisitesUser.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk1D3F.tmp\WinShell.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk1D3F.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\NSISdl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\Uninstaller.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\libEGL.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\node.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\MSN Games Notifier.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\Uninstall MSN Games Notifier.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskAA62.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\browser_cef_dll.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\MSN-Games-Notifier\libGLESv2.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\browser_cef_exe.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nskAA62.tmp\nsProcess.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk1D3F.tmp\StdUtils.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\iWinLauncher.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsk1D3F.tmp\System.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	API coverage: 4.3 %
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	API coverage: 1.2 %

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	File Volume queried: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\20000009\webdata\Cache FullSizeInformation			Jump to behavior

Windows Analysis Report file.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

AV Detection

Cryptography

Privilege Escalation

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
file.exe

Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B999000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: kGearway Electronics (Dong Guan) Co., Ltd.INGENICOSharp Corp.VMMobile Disk IIIBluetooth 2.0 adapter 100m CN-521v2 001 Backpack 40GB Hard DriveWG121(v1) 54 Mbps Wireless [Intersil ISL3886]USA-18X PDAInternal Keyboard/Trackpad (JIS)Nostromo 1745 GamePadPX-A650 [Stylus CX4700/CX4800/DX4800/DX4850]Savi Office Base Stationremote key/mouse/storage for P3 chipPhotoSmart 7345VMware Inc.ASUSTek Computer, Inc.MindShare, Inc.GDS-3000 OscilloscopePL512 Power Supply SystemG240 802.11bgWL-188 Wireless Network 300N USB AdapterBackPackWG121(v2) 54 Mbps Wireless [Intersil ISL3886]USA-28Xb PDA [no firmware]Aluminum Mini Keyboard (ANSI)Nostromo N50 GamePadPM-A750 [Stylus Photo RX520/RX530]USB DSP v4 Audio Interfaceremote storage for P3 chipDeskJet 630c
Source: GamesManager.exe, 00000007.00000002.3461793997.0000000004465000.00000002.00000001.00040000.00000022.sdmp	Binary or memory string: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAFwklEQVR4XuVb208cVRgftYm+eYkv3hofjMY3fdPEGB/8E4wmJkoL0pLWWIha8GnbIixFWrvEitxauRQpsLDLZUHALnR3Z8ultaa4zOyKxoTEB6NpKrNnZ84wx/Ptw6SlLOzlnNmZcJJfstmZPXN+33znfNcVeA5CyAOhNbI/KunviTJ2i7LuE+P6zbCs/SVKGgpL2iYAPsN3cA3uicRxvZjQ311MGM8JDhtA+sGIrL1JSTSLcbxGSZGCIOHf6DyeqKS9AXPblri4YjwRies1lPjvmciwEAZ9RnXoT/K4bYgvS+RJSrqRqrICBKxAOK5tiDJuAKEXjXgwSPbRt3GMEr8NBIoCWftXlPWPBwh5yFLyUdl4mRJYoiB2AH0R18KrxkuWkKcPK4VTGwjYCektKOslXFVelPF5IGBngPVhviWCf5BHREkfAwJOAPgSsGZm5COSPm0ScI4QpmDtBau9+eadiZGCtoO5550MGZ/Lj3xcLzMJOByRhP5Bznaer6mz3kQuxIwXs9/3/J0c6yHp0azMI7i3PAkEf8Wk66pGzoyr5NRwCpD+3B3SyBy9xtljPLJrYMPLt59dwcQ9qpIDrUnyYcv2OEivNdB7rqxgXkHUPztGkhDV8SB/OaqR8nYEJLPC4Q5EBq5hXp5iXcZ4nkdI2xfRyIHvgFhugN/0iRoHIWj/UQfpse32fg1r8oGbmJSZKp87ytqSJPAL5uElfn5fGotHJqemHwGRgvBFP+JgFnHinvQa5PBYkx9ewkCACXxLmL0QEtrrdx9+zawfcHpUZSaAxjGVvUmU8VkzdW1mbxmisgcxE0BVD+JgEbAkwIC8PQ9zU9rGgrx5GPLxC1aNpwUoWvCYvCSj6cvLJPLyCd6BkNfNY/JDHey2wKFOxMk9xrUCpI94TF79AzsB1FxGvGIDrwD1OB6TfzPNzgp8O63yihBvCFCU5DH5zC1MDjI4ByBAmuUXHK0LPBMfZyYK14KzkyrPRElSgPI0rweEJB1seN7kP+1FdJFcM0WbXAUAmKVb4ZOu3IVQ2Y1M1ecqACtyf5DpOTmcypo8ZInmYtiSXKF5CFoB7yImrqEUHGz3kQbP8QS95s0Q+PA6BE0zaCVgX/uXMSQ80vBfx+nvirCO66YjtCch6UMQCtfvRfKmKwzdWHuRvBkMQSvaXhXAfMx4SoAB3VeWSFzWyfQtnE5x9Ysa6Qmlkf48sozT7nPEMguAY3cVQrGHOVmK8Z8xab+iknpfilT1IjB/Wfn+cG+dP0XagyqZuMHLLOImUwDQhMjqDUMRxE0XX3GBXThc0YnonCoZiGJ4Bhs3Pa69dk9aHPKChbi7nikVFgoEuAIE2/yjSn4qwE0OyzgOudCthZHqnF3cGIaIz1RtKwGeI0SK86t5aepnwtYBRUPowMySPKijqebFxJGLiAwu5KIN2p3lNfJoppaYhizIw8FmJj3tAFhL55yatfOzY8MztJ/uRL47rJESIGAzwJouRbRdLJP2t1kYzQTovd2puaHczPbaD1BWn4vtWBQ9LOw2oI0kHNcXMqg+ELAxMm8Fyimc9f8NoPEY8mVbJgH7bncBQE1y254AMWG8kGOPoF6ydSKX1/4COOVNbacB7+fZGY6bHS8AcHnzHXAeQMLEsQKQ9UHY94V3isv6lMMEAMFYIBA3HmbWMQ6Nx04RALx5JuS3bgdqBa7aXQANfiXI9T9Ebl/qfFnrhmE34rCm0/6kR7BiNE/ityt7lDt2IV/Vm7z99Qx+S7ByuAjZV+dDfeVtxdOG8g5l80tfqttU+WKgZRI97/KiMKigdequGCeH0bwnaDwr2GWcm0nurx1Rx45e3NB4ET96QVFrh5P+llnjGVv/ebppQv3INYSWYcEFk/5eSbkG0WJTAJWaaSwnwRNQX20YRU0nhlDoeF9qvbI7qVR0KHppqwKJjDTgM3x3rEtRjl9C63Cvewx91TiuvsKbwP/OVp2D40M/7QAAAABJRU5ErkJggg==) 1x,
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B8AF000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: @%WINDIR%\system32\wlanapi.dllWlanOpenHandleWlanEnumInterfacesWlanQueryInterfaceWlanSetInterfaceWlanFreeMemoryWlanCloseHandleVMnetGetAdaptersAddresses failed: ../../net/base/network_interfaces_win.ccsource_dependency
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: VMware Fusion 4 has corrupt rendering with Win Vista+
Source: GamesManager.exe, 00000007.00000002.3457869406.0000000003119000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9"
Source: file.exe, 00000000.00000003.2780114048.00000000006E2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B8AF000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: VMnet
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B999000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: yuv420pyuyv422rgb24bgr24yuv422pyuv444pyuv410pyuv411pgray8,y8monowmonobpal8yuvj420pyuvj422pyuvj444pxvmcmcxvmcidctuyvy422uyyvyy411bgr8bgr4bgr4_bytergb8rgb4rgb4_bytenv12nv21argbabgrgray16bey16begray16ley16leyuv440pyuvj440pyuva420pvdpau_h264vdpau_mpeg1vdpau_mpeg2vdpau_wmv3vdpau_vc1rgb48bergb48lergb565bergb565lergb555bergb555lebgr565bebgr565lebgr555bebgr555levaapi_mocovaapi_idctvaapi_vldyuv420p16leyuv420p16beyuv422p16leyuv422p16beyuv444p16leyuv444p16bevdpau_mpeg4dxva2_vldrgb444lergb444bebgr444lebgr444beya8gray8abgr48bebgr48leyuv420p9beyuv420p9leyuv420p10beyuv420p10leyuv422p10beyuv422p10leyuv444p9beyuv444p9leyuv444p10beyuv444p10leyuv422p9beyuv422p9levda_vldgbrpgbrp9begbrp9legbrp10begbrp10legbrp16begbrp16leyuva422pyuva444pyuva420p9beyuva420p9leyuva422p9beyuva422p9leyuva444p9beyuva444p9leyuva420p10beyuva420p10leyuva422p10beyuva422p10leyuva444p10beyuva444p10leyuva420p16beyuva420p16leyuva422p16beyuva422p16leyuva444p16beyuva444p16levdpauxyz12lexyz12benv16nv20lenv20bergba64bergba64lebgra64bebgra64leyvyu422vdaya16beya16legbrapgbrap16begbrap16leqsvmmald3d11va_vldcuda0rgbrgb00bgrbgr0yuv420p12beyuv420p12leyuv420p14beyuv420p14leyuv422p12beyuv422p12leyuv422p14beyuv422p14leyuv444p12beyuv444p12leyuv444p14beyuv444p14legbrp12begbrp12legbrp14begbrp14leyuvj411pbayer_bggr8bayer_rggb8bayer_gbrg8bayer_grbg8bayer_bggr16lebayer_bggr16bebayer_rggb16lebayer_rggb16bebayer_gbrg16lebayer_gbrg16bebayer_grbg16lebayer_grbg16beyuv440p10leyuv440p10beyuv440p12leyuv440p12beayuv64leayuv64bevideotoolbox_vldp010lep010begbrap12begbrap12legbrap10begbrap10lemediacodecgray12bey12begray12ley12legray10bey10begray10ley10lep016lep016bereservedgbrrgb32bgr32vaapiValue %f for parameter '%s' out of range [%g - %g]
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B999000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: VMware, Inc.
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B999000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: VMware Inc.
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B999000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: xvmcidct
Source: GamesManagerInstaller.exe, 00000004.00000003.2792537522.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, GamesManagerInstaller.exe, 00000004.00000002.3454139613.000000000079E000.00000004.00000020.00020000.00000000.sdmp, GamesManagerInstaller.exe, 00000004.00000003.2792537522.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, GamesManagerInstaller.exe, 00000004.00000003.2792766491.000000000079E000.00000004.00000020.00020000.00000000.sdmp, GamesManagerInstaller.exe, 00000004.00000003.2792537522.000000000079E000.00000004.00000020.00020000.00000000.sdmp, GamesManagerInstaller.exe, 00000004.00000002.3454139613.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, GamesManagerInstaller.exe, 00000004.00000003.2792766491.00000000007B1000.00000004.00000020.00020000.00000000.sdmp, GamesManagerInstaller.exe, 00000004.00000003.2792766491.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, GamesManagerInstaller.exe, 00000004.00000002.3454139613.00000000007B1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: GamesManagerInstaller.exe, 00000004.00000003.2786421468.000000000079E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B8AF000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: vmnet
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B999000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: Qemu Audio Device
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B999000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: kEADS Deutschland GmbHVMware, Inc.AGFA-Gevaert NVPhoto AIO Printer 922Sentech CameraEyeTV DiversityPSX Vibration Feedback ConverterGamtec.,Ltd SmartJoy PLUS AdapterCruzer MiniMC70 Rugged Mobile ComputerXR21V1410 USB-UART ICCanoScan D660UCatalinaExpert mouseCLOCK USB II
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B999000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: kTMT Technology, Inc.Spyrus, Inc.Qemu Audio DeviceWL532U 802.11g Adapter8055 Experiment Interface Board (address=2)PicoScope 2000 series PC OscilloscopeFrontline Test Equipment Bluetooth DeviceAVerTVEfficient ADSL ModemVS-700 M23D Optical MouseDigital IXUS 55WingMan Formula ForceRemote NDIS Network DeviceHDM Interface
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B62A000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: ckThe Intel Mobile 945 Express family of chipsets is not compatible with WebGLNVIDIA GeForce FX Go5200 is assumed to be buggyDrivers older than 2009-01 on Windows are possibly unreliableS3 Trio (used in Virtual PC) is not compatibleParallels drivers older than 7 are buggyATI FireMV 2400 cards on Windows are buggyThe Intel GMA500 is too slow for Stage3DNVidia driver 8.15.11.8593 is crashy on WindowsHardware video decode is only supported in win7+6.1VMware Fusion 4 has corrupt rendering with Win Vista+NVIDIA driver 8.17.11.9621 is buggy with Stage3D baseline modeNVIDIA driver 8.17.11.8267 is buggy with Stage3D baseline modeAll Intel drivers before 8.15.10.2021 are buggy with Stage3D baseline modeNVIDIA GeForce 6200 LE is buggy with WebGLGPU access is blocked if users don't have proper graphics driver installed after Windows installationAccelerated video decode interferes with GPU sandbox on older Intel driversDisable GPU on all Windows versions prior to and including VistaIntel Graphics Media Accelerator 3150 causes the GPU process to hang running WebGLAccelerated video decode on Intel driver 10.18.10.3308 is incompatible with the GPU sandboxAccelerated video decode on AMD driver 13.152.1.8000 is incompatible with the GPU sandboxAccelerated video decode interferes with GPU sandbox on certain AMD driversAccelerated video decode interferes with GPU sandbox on certain NVIDIA driversAccelerated video decode does not work with the discrete GPU on AMD switchablesIntel driver version 8.15.10.1749 causes GPU process hangs.GPU rasterization should only be enabled on NVIDIA and Intel DX11+, and AMD RX-R2 GPUs for now.Some AMD drivers have rendering glitches with GPU RasterizationGPU rasterization is blacklisted on NVidia Fermi architecture for now.GPU Rasterization is disabled on pre-GCN AMD cardsMSAA and depth texture buggy on Adreno 3xx, also disable WebGL2Disable use of D3D11/WebGL2 on Windows Vista and lowerDisable D3D11/WebGL2 on older nVidia driversDisable use of D3D11/WebGL2 on Matrox video cardsDisable use of D3D11/WebGL2 on older AMD driversOld Intel drivers cannot reliably support D3D11/WebGL2Disable D3D11/WebGL2 on AMD switchable graphicsgpu-gl-context-is-virtual
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B8AF000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: kCONNECTION_UNKNOWNCONNECTION_ETHERNETCONNECTION_WIFICONNECTION_2GCONNECTION_3GCONNECTION_4GCONNECTION_NONECONNECTION_BLUETOOTHCONNECTION_INVALIDTeredo Tunneling Pseudo-InterfacevmnetNotifyObserversOfIPAddressChangeImplNotifyObserversOfConnectionTypeChangeImplNotifyObserversOfNetworkChangeImplNotifyObserversOfDNSChangeImplNotifyObserversOfMaxBandwidthChangeImpl
Source: file.exe, 00000000.00000003.2743271907.0000000000736000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: GamesManager.exe, 00000007.00000002.3478924965.000000006B8AF000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: VMware Screen Codec / VMware Video

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\nsjAA08.tmp\GamesManagerInstaller.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00C81D5E mov eax, dword ptr fs:[00000030h]	7_2_00C81D5E
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00C8AF71 mov eax, dword ptr fs:[00000030h]	7_2_00C8AF71
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE85F63 mov eax, dword ptr fs:[00000030h]	7_2_6CE85F63
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00C81D5E mov eax, dword ptr fs:[00000030h]	9_2_00C81D5E
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00C8AF71 mov eax, dword ptr fs:[00000030h]	9_2_00C8AF71

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00C70162 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_00C70162
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_00C76C9B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_00C76C9B
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE72EC9 SetUnhandledExceptionFilter,	7_2_6CE72EC9
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE7CE19 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_6CE7CE19
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE81567 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	7_2_6CE81567
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 7_2_6CE7C24C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	7_2_6CE7C24C
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00C70162 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_00C70162
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: 9_2_00C76C9B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	9_2_00C76C9B

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	7_2_6CE9AD40
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: EnumSystemLocalesW,	7_2_6CE9AFB8
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: GetLocaleInfoW,	7_2_6CE9AF0F
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: EnumSystemLocalesW,	7_2_6CE92AB6
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	7_2_6CE9B4A4
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: GetLocaleInfoW,	7_2_6CE9B5AB
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	7_2_6CE9B678
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: EnumSystemLocalesW,	7_2_6CE9B09E
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: EnumSystemLocalesW,	7_2_6CE9B003
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: GetLocaleInfoW,	7_2_6CE9301B
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	7_2_6CE9B12B
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	Code function: GetLocaleInfoW,	7_2_6CE9B37B

Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\GMInstaller\GamesManagerInstaller.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\toasterinstaller.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js			Jump to behavior
Source: C:\Users\user\AppData\Local\GamesManager_iWin_MSN\GamesManager.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences			Jump to behavior

IP	Domain	Country	ASN	ASN Name	Malicious
107.23.182.116	unknown	United States	14618	AMAZON-AESUS	false
18.245.31.40	d370k74vusd53r.cloudfront.net	United States	16509	AMAZON-02US	true
68.232.35.54	unknown	United States	15133	EDGECASTUS	false
52.2.184.42	unknown	United States	14618	AMAZON-AESUS	false

Name	Malicious	Reputation
https://ugm3-msn.iwin.com/ugm.appcache	false	unknown
https://play.iwincdn.com/assets/site/ajax-loader-2-62916463ab77e7f2aea4f13eee7b21c1801a6997cd15f90dd18135539bbc414d.gif	false	unknown
https://play.iwincdn.com/assets/ugm3-msn_iwin_com/logo-loading-c6983a12a93990ab7e6d5224d41eea343f5188fdb4649e36bb1c2a43b0e8b5d9.png	false	unknown
https://ugm3-msn.iwin.com/	true	unknown

ID:	1522706
Product:	CloudBasic
Start time:	15:47:08
Start date:	30.09.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	07df7ce090a7fe033952ef5651684566
SHA1:	fa0b5c800577df34320a8289d1a8ab50eb4659bb
SHA256:	37c2b040bf4aad7189adcd32f1021208622754c043d6e3f8b4afa5dc9f078ee0
Filetype:	Win32 Executable (generic) a (10002005/4) 92.16%