PUP.iWin Games

By CagedTech in Potentially Unwanted Programs

Threat Scorecard

Popularity Rank:	1,928
Threat Level:	10 % (Normal)
Infected Computers:	77,729

First Seen:	October 26, 2010
Last Seen:	January 17, 2026
OS(es) Affected:	Windows

Table of Contents

Aliases

3 security vendors flagged this file as malicious.

Antivirus Vendor	Detection
Symantec	WS.Reputation.1
Panda	Suspicious file
eTrust-Vet	Win32/Ekizbot!generic

SpyHunter Detects & Remove PUP.iWin Games

File System Details

PUP.iWin Games may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	iWinTrusted.exe	41f25fc9facea5edaa2d73736360afca	3,275
Name: iWinTrusted.exe MD5: 41f25fc9facea5edaa2d73736360afca Size: 179.36 KB (179368 bytes) Detections: 3,275 Type: Executable File Path: C:\Program Files (x86)\iWin Games\iWinTrusted.exe Group: Malware file Last Updated: August 6, 2023
2.	iWinGamesHookIE.dll	32a1e89390e46e9a923ee19af0a7d276	957
Name: iWinGamesHookIE.dll MD5: 32a1e89390e46e9a923ee19af0a7d276 Size: 170.49 KB (170496 bytes) Detections: 957 Type: Dynamic link library Path: C:\Program Files\Pogo Games\iWinGamesHookIE.dll Group: Malware file Last Updated: October 14, 2023
3.	DesktopAlerts.exe	e9b7b2dc78eee0253eca6d65fba3743f	933
Name: DesktopAlerts.exe MD5: e9b7b2dc78eee0253eca6d65fba3743f Size: 108.54 KB (108544 bytes) Detections: 933 Type: Executable File Path: C:\ProgramData\iWin Games\DesktopAlerts\DesktopAlerts.exe Group: Malware file Last Updated: April 14, 2025
4.	iWinGamesInstaller.exe	239123b160df727337f1418a3ba7212f	100
Name: iWinGamesInstaller.exe MD5: 239123b160df727337f1418a3ba7212f Size: 78.1 KB (78104 bytes) Detections: 100 Type: Executable File Path: C:\Program Files (x86)\iWin Games\iWinGamesInstaller.exe Group: Malware file Last Updated: January 31, 2022

More files

Registry Details

PUP.iWin Games may create the following registry entry or registry entries:

CLSID

{3B16338D-AFD9-46FF-8BEE-4FEC95946937}

{44E6B68E-8DA5-4093-921B-7275E5B3906A}

{635ADC07-6F19-42a7-8043-EDD19678CE14}

File name without path

Play iWin Games.lnk

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Classes\AppID\iWinTrusted.EXE

SOFTWARE\Classes\iWinTrusted.CoiWinTrusted

SOFTWARE\Classes\iWinTrusted.CoiWinTrusted.1

Software\Classes\VirtualStore\MACHINE\SOFTWARE\iWinArcade

Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\iWinArcade

SOFTWARE\Classes\Wow6432Node\AppID\iWinTrusted.EXE

Software\iWinArcade

SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\iWinGames.exe

SOFTWARE\Wow6432Node\Classes\AppID\iWinTrusted.EXE

SOFTWARE\Wow6432Node\iWinArcade

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\iWinGames.exe

SYSTEM\ControlSet001\services\iWinTrusted

SYSTEM\ControlSet002\services\iWinTrusted

SYSTEM\CurrentControlSet\services\iWinTrusted

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

iWinArcade

Directories

PUP.iWin Games may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\iWin Games

%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\iWin Games

%ALLUSERSPROFILE%\Start Menu\Programs\iWin Games

%ALLUSERSPROFILE%\iWin Games

%APPDATA%\Microsoft\Windows\Start Menu\Programs\iWin Games

%PROGRAMFILES%\iWin Games

%PROGRAMFILES(x86)%\iWin Games

Analysis Report

General information

Family Name:	PUP.iWin Games
Signature status:	Self Signed

Known Samples

MD5: db4e9477a644cafdd44fc002250996f3

SHA1: cd1d24316efefb5c8cf189e5c8e0fa86fcec4c66

File Size: 107.85 KB, 107848 bytes

MD5: 94e07924f6dd5598a89c61e70d57e205

SHA1: e219ce862f871375331afdfef82c053a1507735a

File Size: 113.23 KB, 113232 bytes

MD5: 273eeff853fb0189e7db13d7934eeedf

SHA1: 578b8b6b509f5ef972d2709a872dbd26cdbd6eb4

File Size: 113.22 KB, 113216 bytes

MD5: b3b8370c0bbf12e8b05e9eaaf388706f

SHA1: fdb6155ff2be5afb2e7ca787e357fabcf8af55e6

File Size: 131.82 KB, 131816 bytes

MD5: 8d1dedbb504b02bdcd685f8a14c86a7f

SHA1: fd457a758015b920cc61bf067710f549fa5592ab

File Size: 141.98 KB, 141976 bytes

MD5: c24e80bfa956be172cb0300c7e7ea118

SHA1: 8929505ef12458bb026ed490be15517486a70a67

SHA256: 0BEE7D7233735FA58129B37005A0A20799012BD8D6D31F1E4A93D4C7F9FF4F98

File Size: 113.22 KB, 113224 bytes

MD5: a810ef6f8a83d5534b3ec03616231cc0

SHA1: 7bcf5c63e2ccc74b93f82de3b207d780601f6615

SHA256: A778C5C2E6904C6304372AF3C3DFAEE9EA93404C7C6588EBD3686179A563E08D

File Size: 113.22 KB, 113224 bytes

MD5: d952c51edfcbfc66893743f17d4dce46

SHA1: 2ae094cb0eefea47552ae11be5a25ed47778d5c2

SHA256: A2AB715180E89DA6D01769488B3297B6A6C9B18FAFB8A875D23A842CB1BA262F

File Size: 87.19 KB, 87192 bytes

MD5: 2af37a16f23d6579b734ff41c8392620

SHA1: 5247b1e69523700620fdf574cf2c644f84a34f6e

SHA256: A91503941C22D35726D30356E7E11C7305D3357E56F5B8FDB665F8C2EEA3CA97

File Size: 114.06 KB, 114056 bytes

MD5: e900ed70b8617af806ebcfb3dd609077

SHA1: 7244210512f67dfeab9ea735d286596b80986334

SHA256: 87F866460C233CB844DAEBD0112527A9D44662C42E8D5EA972007BB1E5938996

File Size: 113.22 KB, 113224 bytes

MD5: 1f9d30d87d3a734068f9e66d831d91b8

SHA1: 211c2f2617c65467c9016eac3c73fe5521530e5a

SHA256: 2B1F24FE04BD91668B446239862E57E3E80A12D88AA91690097C2F3E572F8709

File Size: 1.46 MB, 1463864 bytes

MD5: bb7a4f3f0a7117d55e01b4959ff88765

SHA1: aa7d324b17712daef24d5c3d03a5e1381ffaf31f

SHA256: 82F281431F74060809119254279C1F3D5FBBCADCED486493FFB52662FCDA93CF

File Size: 112.89 KB, 112888 bytes

MD5: d74727b04836dd1176928a9997bfac8f

SHA1: 40c88d8ed8ec0280fa4a53bad3fff8a44186f422

SHA256: 6151B2E798E9776A9C2688CE4D2A79565B5F2AF95DBF02F30F5E0DE11356D74E

File Size: 1.46 MB, 1463864 bytes

MD5: 82adce67773909d0c84aae42592997b9

SHA1: a3b92627aed0f579e3963d66a247c82a5952d08d

SHA256: B06A44722F64FBD8402AA554156A64BFB1B3214C241002F6331AD84CDCE6FC65

File Size: 132.10 KB, 132104 bytes

MD5: 21a472a23d55c74efb46eaad3e905054

SHA1: 2efc6c7fbf75acb357cf62d641ec0a963c327f19

SHA256: 39800242D0D0C3E41A4679A02A1E39AE5B1A7FD92F860EA21FD883002F7240B4

File Size: 489.05 KB, 489048 bytes

MD5: a542a9a93bdc5249928c2ff6990a558f

SHA1: 6344552dff99a0735c3328f0b468c13c006be60e

SHA256: AEC7E19311195E496894F8FDD55D8BE371B617652BBF0B721F07ECFBB0F5184D

File Size: 5.56 MB, 5564416 bytes

MD5: 09e713522835b5585f90ea4b67002026

SHA1: b630c9ec797119d6d85479eaf1aa8f2f28bd12c4

SHA256: AE70D16F8AFAB3E3B744CF0F71BDBDE336DC7A974F5CE77BE02CDAFF82D097AB

File Size: 1.46 MB, 1463864 bytes

MD5: c31c51af91f54ba9aa23a3989273463d

SHA1: 3d7448ae02dcbfb8c8554c96d304139f6519f0a1

SHA256: 74F4B4FE542DE5C718C7A639474859B53A3E2B14D2B2A91F2210A84F23296BD7

File Size: 113.22 KB, 113224 bytes

MD5: 0574e2d6425e29b65ef0187304ad1f1b

SHA1: 8c7d504d9a1bb71caa584c2ffcd09a5da0232eb6

SHA256: D53DA7E0A83ED3B7AD567DA5269B8F596CC3C95D4F2B6AD7A71EB0B1B50FD64C

File Size: 101.01 KB, 101008 bytes

MD5: ce38d1cc6bacd76a3a0c105606bac045

SHA1: 9ee924b661eb6bbf9fbc5d3e35ca17a9bedecde9

SHA256: 97A2D1B38372619D2CFC573750E550E5194CB5C8DD3E7D365AA4C3373A8EF81B

File Size: 126.78 KB, 126784 bytes

MD5: 5a058f226a4b95adaa488cd9d7b22c6f

SHA1: 1e486eaf2014e6014fa0c5d027809ac1580258a4

SHA256: 827B188A9C58483891A120B1719FB77E4EED933FC126C1E7C655C7AC8B36ABE7

File Size: 106.91 KB, 106912 bytes

MD5: 0833911a68bcdb6ea9161e405d2cc48d

SHA1: 362707135b4e3417b79c55915a2e2d13e9e47609

SHA256: 842757409AA342EEF59D7F835D03BA66F9F0A170826D9513A547D92F54A47C50

File Size: 942.75 KB, 942752 bytes

MD5: 99f1a510b1ff2b01485172034f577461

SHA1: 949c4129eccdbba96896f98e67dbc176f37b13c4

SHA256: 8C984ABA6582F5569E29679DF14E37499CA903863AF604D33A931DA4AF19CE11

File Size: 132.38 KB, 132384 bytes

MD5: fc685bd41380c3f7f9e9df6841c9d763

SHA1: bb8eee3e30cb7d998278aeb5d7cf7b27facc89f6

SHA256: A141C2609B2C648DB9E861D528900C2D13AFC1A61F5A575ABBC67306799CDEDE

File Size: 1.46 MB, 1464016 bytes

MD5: e17b54c20a0b6f6ef879ffbe2f95d62e

SHA1: 16f6d641b05a88b2aa6dfee6d1dd64d19d422944

SHA256: C84DCCE18B2CDF158D899619A1CA28E5CE9BC1A8D00F1C0F18FE7560F63E0799

File Size: 97.54 KB, 97536 bytes

MD5: b6f0edc452d5051ceab8487656404c59

SHA1: e5d71009a5d034d915422de6a6f642a416afdca4

SHA256: 677CE97979BF7D983300F55A780C11D843304D9390F2C450D341F5A18A19A2BB

File Size: 111.86 KB, 111864 bytes

MD5: a22da85a232ac42052bdbc440bbcd6e3

SHA1: 19324a59c4c123326663c957eb97f39726e3f17c

SHA256: C158EA0A00B48AF838E7E75A89AF587C1BD42E053754FE34097AFE49D52D11E6

File Size: 5.57 MB, 5573120 bytes

MD5: 1a4655b24babb0b35f26a8b4dbfa238b

SHA1: 2aff5cb8a0bf144e47d7a0dcec788377e14751a4

SHA256: 2CDBECB328CF026784C2B75A16075271646DB9C2DA318B705055F7A9B4D0C5A8

File Size: 113.22 KB, 113216 bytes

MD5: a8929089ead245dde6b2a0c169d25685

SHA1: ac5d2ad2ec582c98a505b08e4ab5b49c0ef48425

SHA256: 8F697706F021586933D8972F8A856E3400B5533B5486AA1F7D39A4068F7F5AC6

File Size: 131.90 KB, 131904 bytes

MD5: b3626807c41adc78424baabaf413ecfd

SHA1: f68990a5039529a380ec8169253958b6e8889a50

SHA256: 4FD308B7F75510DF840D50008E4CF5D58B9A788E3E570DA963E171FB769C4C64

File Size: 113.22 KB, 113216 bytes

MD5: 09a9949504ee470a6d0c8386d4850442

SHA1: 0e67599b733262113b53397eac1fff4ec61d6780

SHA256: 98A8E983BC267601EF87121D70011D89DDF933BD10D75E82E8030327BEE240AC

File Size: 7.85 MB, 7847521 bytes

MD5: 7c1a66a7d2caf3fc230c733eb76c8158

SHA1: 00891c4c4cae970c6dd0fcb7b89a75bd2f80c459

SHA256: B4A88C02DAA948D18F2B791D7E43E87D34B175A69D109F69B7B444A3379435E3

File Size: 92.39 KB, 92392 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has exports table
File has TLS information
File is 32-bit executable
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)

File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name	Value
Company Name	BUKA-service iWin inc. iWin Inc. SAS-Services
File Description	DFG Games Downloader Games Manager GLWorker Iplay Games Downloader IPlayStreaming Games Downloader iWin Games Downloader iWin Games Manager V4 IWinStreaming Games Downloader MsnStreaming Games Downloader SAS_6_jig Show More Ver_5_jig
File Version	7.1.0.4 6.8.0.4 4.2.2.141 3.8.0.583 2, 91, 0, 0 1.0.6.0 1.0.3.0 1.0.2.0 1.0.1.2 1.0.1.0
Internal Name	GLWorker
Legal Copyright	(c)2019 iWin Inc. Copyright (C) iWin Inc. 2008 © iWin inc. Â© iWin inc.
Original Filename	GLWorker
Product Name	DFG Games Games Manager GLWorker Iplay Games IPlayStreaming Games iWin Games iWin Games Manager V4 IWinStreaming Games MsnStreaming Games SAS JIG3 2018 Show More Vertyanov JIG
Product Version	4.2.2.141 3.8.0.583 2, 91, 0, 0 1.0.6.0 1.0.3.0 1.0.2.0 1.0.1.2 1.0.1.0 1.0.0.0
Program I D	com.embarcadero.Ver_5_jig com.embarcadero.Ver_6_jig

Digital Signatures

Signer	Root	Status
iWin, Inc	DigiCert Assured ID Root CA	Root Not Trusted
iWin, Inc	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Self Signed
iWin, Inc	DigiCert Trusted Root G4	Root Not Trusted
iWin, Inc.	Microsoft ID Verified Code Signing PCA 2021	Root Not Trusted
iWin, Inc	Thawte Code Signing CA	Self Signed

iWin, Inc	Thawte Code Signing CA - G2	Self Signed
IWIN, INC	thawte Primary Root CA	Root Not Trusted
iWin, Inc	thawte Primary Root CA	Root Not Trusted
iWin, Inc	thawte Primary Root CA - G3	Root Not Trusted
iWin, Inc	thawte SHA256 Code Signing CA - G2	Self Signed

File Traits

2+ executable sections
HighEntropy
Installer Manifest
Installer Version
No Version Info
Nullsoft Installer
VirtualQueryEx
WriteProcessMemory
x86

Block Information

Similar Families

AdGazelle.A
Agent.M
Agent.MH
Agent.MI
Agent.MU

Delf.OF
Doina.S
Downloader.Agent.TJ
Injector.XN
Makoob.A
Mobogenie
Parite.F
Rugmi.IA
SearchSuite.C
Ulise.BE
Zusy.CA

Files Modified

File	Attributes
\device\namedpipe\gmdasllogger	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\0b61919f-f655-46fb-81c8-e05c5f4a604b.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa1ea7.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa1ea7.tmp\uninstall_removegames.ini	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa6200.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa6200.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa6200.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa6200.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa6200.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa6200.tmp\nsisdl.dll	Generic Write,Read Attributes

c:\users\user\appdata\local\temp\nsa6200.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsa6200.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsa6200.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsb4eed.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsb4eed.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4eed.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsb4eed.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4eed.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsb4eed.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4eed.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsb4eed.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsb4eed.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nse5640.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse5640.tmp\iwingames.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse5640.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse5640.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse5788.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse5788.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse5788.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nse5788.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf154b.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf154b.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf154b.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf154b.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf154b.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf154b.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf154b.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf154b.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf154b.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf4b1f.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf4b1f.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4b1f.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf4b1f.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4b1f.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf4b1f.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4b1f.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsf4b1f.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsf4b1f.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsfb165.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsfb165.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfb165.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsfb165.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfb165.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsfb165.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfb165.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsfb165.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsfb165.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsg5ca8.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsg5ca8.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5ca8.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsg5ca8.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5ca8.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsg5ca8.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5ca8.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsg5ca8.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg5ca8.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsg7438.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7438.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsg7438.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7438.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsg7438.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsg7438.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsg7438.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk3cb8.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsk3cb8.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk3cb8.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsk3cb8.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk3cb8.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsk3cb8.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk3cb8.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsk3cb8.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsk3cb8.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl4707.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl4707.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl4707.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl4707.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl4707.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl4707.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl4707.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl4707.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl4707.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl5ffd.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl5ffd.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl5ffd.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl5ffd.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl5ffd.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl5ffd.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl5ffd.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsl5ffd.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsl5ffd.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsof026.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsof026.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsof026.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsof026.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsof026.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsof026.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsof026.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsof026.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsof026.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp2d33.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp2d33.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp2d33.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp2d33.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp2d33.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp2d33.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp2d33.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp2d33.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp2d33.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp493b.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp493b.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp493b.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp493b.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp493b.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp493b.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp493b.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp493b.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp493b.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp663d.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp663d.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp663d.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp663d.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp663d.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp663d.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp663d.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsp663d.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsp663d.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsq28dc.tmp\langdll.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq45ec.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsq45ec.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq45ec.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsq45ec.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq45ec.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsq45ec.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq45ec.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsq45ec.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsq45ec.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nss4d8e.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nss4d8e.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss4d8e.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nss4d8e.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss4d8e.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nss4d8e.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss4d8e.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nss4d8e.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nss4d8e.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu1d4e.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsu6f27.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu6f27.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu6f27.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu6f27.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu6f27.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu6f27.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu6f27.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsu6f27.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsu6f27.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsva3cd.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsva3cd.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsva3cd.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsva3cd.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsva3cd.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsva3cd.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsva3cd.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsva3cd.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsva3cd.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsva3cd.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsw5054.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw5054.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw5054.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsw5054.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa813.tmp	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsxa813.tmp\ftdownload.dat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa813.tmp\ftdownload.dat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsxa813.tmp\gamesmanagerinstaller.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa813.tmp\gamesmanagerinstaller.exe_deleted_	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsxa813.tmp\nsisdl.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa813.tmp\nsisdl.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsxa813.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsxa813.tmp\system.dll	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsz1e57.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\~nsu.tmp\au_.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value	Data	API Name
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Pgztbwuw\AppData\Local\Temp\nsoF026.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Ljjiqyqj\AppData\Local\Temp\nsp663D.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Fdvunend\AppData\Local\Temp\nsg5CA8.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Utmbpajy\AppData\Local\Temp\nsf154B.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Hixncloz\AppData\Local\Temp\nsu6F27.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Azwqgfme\AppData\Local\Temp\nsk3CB8.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Hwrpfqhi\AppData\Local\Temp\nsb4EED.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Qrgxubhb\AppData\Local\Temp\nsp493B.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Bdgrusht\AppData\Local\Temp\~nsu.tmp\Au_.exe	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Bdgrusht\AppData\Local\Temp\~nsu.tmp\Au_.exe\??\C:\Users\Bdgrusht\AppData\Local\Temp\~nsu.tmp	RegNtPreCreateKey

HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Users\Yanaflhp\AppData\Local\Temp\nsf4B1F.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Users\Clabbvue\AppData\Local\Temp\nsq45EC.tmp\	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Windows\SystemTemp\b1a39cca-eadf-4949-a384-a0ef6a3b3fd2.tmp\	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	\??\C:\Windows\SystemTemp\a9dd6c3f-d641-4292-855a-e9c09c1b694b.tmp\??\C:\Windows\SystemTemp\85968c61-a19d-4e7b-a80f-d2a1fc3c08	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75	楺⬉ʾ䈛x茣ǧ䠱O᤹˃噀ñÁŁ鱹9뽹ɞ傄ë횎ǜɼ鶝꾢ʊ릣ʝ閾ʴ淃駃ó⟋ʪ柏ũߙĤᰂŁ鈄Ğ鍂ꩠŖÉ窵ň	RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e41\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P	RegNtPreCreateKey
HKLM\software\wow6432node\wildtangent\gamechannel::xxxadmintestxxx	1Y	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Network Winsock2	WSAStartup
Network Winsock	closesocket connect gethostbyname inet_addr recv send socket
Process Shell Execute	CreateProcess
Process Manipulation Evasion	NtUnmapViewOfSection

Shell Command Execution


							"C:\Users\Bdgrusht\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\


							C:\Users\Zxholvvx\AppData\Local\Temp\0B61919F-F655-46FB-81C8-E05C5F4A604B.exe


							"C:\Users\Ahnepeum\AppData\Local\Temp\~nsu.tmp\Au_.exe"  _?=c:\users\user\downloads\

PUP.iWin Games

Threat Scorecard

EnigmaSoft Threat Scorecard

Aliases

SpyHunter Detects & Remove PUP.iWin Games

File System Details

Registry Details

Directories

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Trending

Most Viewed