d21b4f8a192b523f7795e534973d2ab8a20fbb0a7c84d9ea2ec88c5691502c8b

Analysis

max time kernel
96s
max time network
154s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 10:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JawGames.exe
Size

105.5MB
MD5

4a26efdfa0d7a2009359f1475bd6ee05
SHA1

75a7bd4425a03e38bb15cdefd4784962dc29a539
SHA256

d21b4f8a192b523f7795e534973d2ab8a20fbb0a7c84d9ea2ec88c5691502c8b
SHA512

ded1c9e32baa9cad30e0820fe0db5c27f7a87354a014a4cec5b02b8a8a20527caa7a207f96982e44aebed1d68f2353daa152509656cbbbc9d5d1b634f73ba2a9
SSDEEP

3145728:9z05AJybyDULrmyg4bhOUerReM2Cg2L3WBe:SYUyDOR3er8R2LOe

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Control Panel\International\Geo\Nation	JawGames.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Control Panel\International\Geo\Nation	JawGames.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\JawGames\locales\hr.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\he.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\sr.pak	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\sv.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\lib\svgo\svg2js.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\lib	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\collapseGroups.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\convertPathData.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\he.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\vendor\mac.noindex\terminal-notifier.app\Contents\Resources\en.lproj\Credits.rtf	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\lib\svgo\css-select-adapter.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\v8_context_snapshot.bin	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\lib\utils.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\sortDefsChildren.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\swiftshader\libEGL.dll	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\lib\svgo.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\convertTransform.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\player\libopenh264-6.dll	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\cs.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeComments.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\libEGL.dll	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\zh-CN.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\lib\css-tools.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeDesc.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\nl.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\LICENSE	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\swiftshader\libGLESv2.dll	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\vendor\mac.noindex\terminal-notifier.app\Contents\Resources	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\lib\svgo\css-class-list.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\zh-TW.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\cleanupEnableBackground.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\README.ru.md	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\terser	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\kn.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\ta.pak	JawGames.exe
File created	C:\Program Files (x86)\JawGames\d3dcompiler_47.dll	JawGames.exe
File created	C:\Program Files (x86)\JawGames\vk_swiftshader_icd.json	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\cleanupAttrs.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\cleanupIDs.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\moveElemsAttrsToGroup.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeComments.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\LICENSE	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeNonInheritableGroupAttrs.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\elevate.exe	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\lib\svgo\jsAPI.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeXMLNS.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\libGLESv2.dll	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\sk.pak	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\player\libintl.dll	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\mr.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app-update.yml	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\cs.pak	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\es-419.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\terser\tools\exit.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\ms.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\terser\tools\domprops.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\hr.pak	JawGames.exe

Executes dropped EXE 5 IoCs

pid	Process
1724	JawGames.exe
944	JawGames.exe
1760	JawGames.exe
1632	JawGames.exe
1784	JawGames.exe

Loads dropped DLL 21 IoCs

pid	Process
936	JawGames.exe
936	JawGames.exe
936	JawGames.exe
936	JawGames.exe
936	JawGames.exe
936	JawGames.exe
936	JawGames.exe
936	JawGames.exe
936	JawGames.exe
936	JawGames.exe
1724	JawGames.exe
944	JawGames.exe
1760	JawGames.exe
1632	JawGames.exe
944	JawGames.exe
944	JawGames.exe
944	JawGames.exe
1784	JawGames.exe
1784	JawGames.exe
1784	JawGames.exe
1784	JawGames.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	JawGames.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	JawGames.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	JawGames.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	JawGames.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	JawGames.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	JawGames.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	JawGames.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\blacknut\shell	JawGames.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\blacknut\shell\open	JawGames.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\blacknut\shell\open\command\ = "\"C:\\Program Files (x86)\\JawGames\\JawGames.exe\" -- \"%1\""	JawGames.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\blacknut	JawGames.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\blacknut\URL Protocol	JawGames.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\blacknut\ = "URL:blacknut"	JawGames.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\blacknut\shell\open\command	JawGames.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
936	JawGames.exe
1760	JawGames.exe
1632	JawGames.exe

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: SeSecurityPrivilege	936	JawGames.exe
Token: SeIncreaseQuotaPrivilege	1900	wmic.exe
Token: SeSecurityPrivilege	1900	wmic.exe
Token: SeTakeOwnershipPrivilege	1900	wmic.exe
Token: SeLoadDriverPrivilege	1900	wmic.exe
Token: SeSystemProfilePrivilege	1900	wmic.exe
Token: SeSystemtimePrivilege	1900	wmic.exe
Token: SeProfSingleProcessPrivilege	1900	wmic.exe
Token: SeIncBasePriorityPrivilege	1900	wmic.exe
Token: SeCreatePagefilePrivilege	1900	wmic.exe
Token: SeBackupPrivilege	1900	wmic.exe
Token: SeRestorePrivilege	1900	wmic.exe
Token: SeShutdownPrivilege	1900	wmic.exe
Token: SeDebugPrivilege	1900	wmic.exe
Token: SeSystemEnvironmentPrivilege	1900	wmic.exe
Token: SeRemoteShutdownPrivilege	1900	wmic.exe
Token: SeUndockPrivilege	1900	wmic.exe
Token: SeManageVolumePrivilege	1900	wmic.exe
Token: 33	1900	wmic.exe
Token: 34	1900	wmic.exe
Token: 35	1900	wmic.exe
Token: SeIncreaseQuotaPrivilege	1416	JawGames.exe
Token: SeSecurityPrivilege	1416	JawGames.exe
Token: SeTakeOwnershipPrivilege	1416	JawGames.exe
Token: SeLoadDriverPrivilege	1416	JawGames.exe
Token: SeSystemProfilePrivilege	1416	JawGames.exe
Token: SeSystemtimePrivilege	1416	JawGames.exe
Token: SeProfSingleProcessPrivilege	1416	JawGames.exe
Token: SeIncBasePriorityPrivilege	1416	JawGames.exe
Token: SeCreatePagefilePrivilege	1416	JawGames.exe
Token: SeBackupPrivilege	1416	JawGames.exe
Token: SeRestorePrivilege	1416	JawGames.exe
Token: SeShutdownPrivilege	1416	JawGames.exe
Token: SeDebugPrivilege	1416	JawGames.exe
Token: SeSystemEnvironmentPrivilege	1416	JawGames.exe
Token: SeRemoteShutdownPrivilege	1416	JawGames.exe
Token: SeUndockPrivilege	1416	JawGames.exe
Token: SeManageVolumePrivilege	1416	JawGames.exe
Token: 33	1416	JawGames.exe
Token: 34	1416	JawGames.exe
Token: 35	1416	JawGames.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe
1724	JawGames.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 944	1724	JawGames.exe	29
PID 1724 wrote to memory of 1632	1724	JawGames.exe	31
PID 1724 wrote to memory of 1632	1724	JawGames.exe	31
PID 1724 wrote to memory of 1632	1724	JawGames.exe	31
PID 1724 wrote to memory of 1632	1724	JawGames.exe	31
PID 1724 wrote to memory of 1760	1724	JawGames.exe	30
PID 1724 wrote to memory of 1760	1724	JawGames.exe	30
PID 1724 wrote to memory of 1760	1724	JawGames.exe	30
PID 1724 wrote to memory of 1760	1724	JawGames.exe	30
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32
PID 1724 wrote to memory of 1784	1724	JawGames.exe	32

C:\Users\Admin\AppData\Local\Temp\JawGames.exe
"C:\Users\Admin\AppData\Local\Temp\JawGames.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:936

C:\Program Files (x86)\JawGames\JawGames.exe
"C:\Program Files (x86)\JawGames\JawGames.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=gpu-process --field-trial-handle=988,17434051026894473953,1878028173768564202,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=996 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:944
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=renderer --field-trial-handle=988,17434051026894473953,1878028173768564202,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Program Files (x86)\JawGames\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1420 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=988,17434051026894473953,1878028173768564202,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1336 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=gpu-process --field-trial-handle=988,17434051026894473953,1878028173768564202,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=996 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1784
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp"
  2⤵
  PID:1872
- - C:\Windows\SysWOW64\chcp.com
    chcp
    3⤵
    PID:1560
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic where "NetConnectionStatus = 2" get NetConnectionID /value
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1900
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
  2⤵
  PID:1236
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic path win32_VideoController
    3⤵
    PID:1416
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic list full
  2⤵
  PID:1520
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=renderer --field-trial-handle=988,17434051026894473953,1878028173768564202,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files (x86)\JawGames\resources\app.asar" --enable-sandbox --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1512 /prefetch:1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1416
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=renderer --field-trial-handle=988,17434051026894473953,1878028173768564202,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files (x86)\JawGames\resources\app.asar" --enable-sandbox --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1532 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=renderer --field-trial-handle=988,17434051026894473953,1878028173768564202,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files (x86)\JawGames\resources\app.asar" --enable-sandbox --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:2932
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic where "NetConnectionID = 'Local Area Connection'" get MACAddress /value
  2⤵
  PID:2348
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic where "NetConnectionID = 'Local Area Connection'" get MACAddress /value
  2⤵
  PID:2456
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nicconfig where "MACAddress = 'CE:F4:78:84:BE:6D'" get IPSubnet /value
  2⤵
  PID:2536
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nicconfig where "MACAddress = 'CE:F4:78:84:BE:6D'" get DefaultIPGateway /value
  2⤵
  PID:2592
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic where "NetConnectionID = 'Local Area Connection'" get MACAddress /value
  2⤵
  PID:2240
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nicconfig where "MACAddress = 'CE:F4:78:84:BE:6D'" get IPSubnet /value
  2⤵
  PID:1572
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic where "NetConnectionID = 'Local Area Connection'" get MACAddress /value
  2⤵
  PID:112
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nicconfig where "MACAddress = 'CE:F4:78:84:BE:6D'" get DefaultIPGateway /value
  2⤵
  PID:2084

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\JawGames\D3DCompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\chrome_100_percent.pak

Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Program Files (x86)\JawGames\chrome_200_percent.pak

Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
C:\Program Files (x86)\JawGames\icudtl.dat

Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Program Files (x86)\JawGames\libegl.dll

Filesize
359KB

MD5
32cb96c60993ae84ced48aab7c694e79

SHA1
d9af51aa94f28df2dd7b623b120baea783c66a02

SHA256
b106d74aee317f790c76fa8ae261e4ce1841e371bf86380b3cc313b6a5d65204

SHA512
f24319d38469f5a0229ef9735131e32ce2a14f3e901ccb1247f2a12e56502fcb9b9b15a3aa07f57bf423715ebae7051594b9a41b816dbd46e62bc11972295858

Download Submit
C:\Program Files (x86)\JawGames\libglesv2.dll

Filesize
6.5MB

MD5
7e606fee860246d10b105e52cc5a053f

SHA1
811462b6fb1b1bbfa3f93109b02bdbb55c94f65a

SHA256
bf16317679e7343f3c5eb70a0def838eee32c8213dbca8e5ab1d1bf737aa933c

SHA512
10db7ab0d801215fcf20766a716845991b83cd0534f698d77fc7efdcce3a6195b58ed5163f86c25b6ffd1fa4d10770e68c31d0f3c5bb334f378d2299eb466349

Download Submit
C:\Program Files (x86)\JawGames\locales\en-US.pak

Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Program Files (x86)\JawGames\resources.pak

Filesize
4.9MB

MD5
d419450ddecb53b207d685198e1b083f

SHA1
26f494e0b2fb5ea62fa492206b5d4b17d0febb39

SHA256
26db82cf1df199c9ff2a5d2514370a2be65d597e7068c25e5d7f4f6c4beebdc1

SHA512
8a53e2cc3b68eacfeff8f73a003c45aaf382ec2c32be886ef760c3bf1177836a7902fac8d44fb958ab7b7b451c127d04d647f193298346004a44cd621ad5a72f

Download Submit
C:\Program Files (x86)\JawGames\resources\app.asar

Filesize
301.4MB

MD5
c183bf65050f0db17b71ec7f37dbe71a

SHA1
d320dc9c39817e53b22decfcc874963f831f6919

SHA256
fcc3c15a25c144a686d3589270e184791e1e49793d23ed899410ed996f777116

SHA512
f8cf5113d26ded5d2f6936d6e2ee9f5d487c57a187c197b2ba1f1b6111e4fa4f8b564e23cc5908573b665ae4f40dc7a70b242c6cb4bf4876efa66c1b624a8ef2

Download Submit
C:\Program Files (x86)\JawGames\swiftshader\libegl.dll

Filesize
380KB

MD5
4e3b85e7a4f01c1d91c9d5d96a1b0f68

SHA1
3ecd6e6884098372c4661bd2a8f6a131387589d1

SHA256
6a22e4573a7d0823cf22044ba157afa65c230a2fe75fe386047903e408ee4276

SHA512
a5d871f97cf2d62f9dd7f271ccf2c807f68f602161d4fe62bd8906b3d2d28a92079ff588031fc219dd0c5db4f17af6015cb018b8ac8969ecc48a39c4bbb7b6fa

Download Submit
C:\Program Files (x86)\JawGames\swiftshader\libglesv2.dll

Filesize
2.8MB

MD5
cce30eacb3819c0d4279456ec3fb8a1c

SHA1
1d6429f1fb2d14573dd944747113ea73c71ab4a3

SHA256
21f2bdcc53664e64c436c3c79468050f5ec293b8e100216341903100b000b517

SHA512
65d838caacc43a79f3570ad15101ef978b0f99d90a3193dca22d764ef936c6e60b203e1e1274e6a87ca240273d09303da976e755485a8fdb1f5743ff3f8485ca

Download Submit
C:\Program Files (x86)\JawGames\v8_context_snapshot.bin

Filesize
160KB

MD5
d4c7db0b3171fd2202a4374f39338953

SHA1
2cf36134bcaa1bf27c8702ccbaabe2c4f22fa2b4

SHA256
19a56a6b73cc650b5f9a4aaf171898dbdff86b104f064db9a3251efde3150bf6

SHA512
17aef5c393ab4fd3731b6034698ad2e6f4263430439957e18424cd6b8be4a1f03953d2f8f1c407be9219e32fafaa305c7cb1e900be873bb688793da7bb3de57c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
14d207b54047040e9ffb009c3a1cdc4d

SHA1
b890c25882f30bdb17e902536b02a91d014f9347

SHA256
9baef8c17440956b327fd85471abc27a467dc101e0a666d55f9907984c41af83

SHA512
76d76b8f39c46f67c73bf4be98e6dbde153c69d7387935a0941dc1e61e710008835e6bd0cd9747abd1d920138e9b720c055591c4127efacaac1ac5d8cf0bdf65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7fabcb80f6647ef407569f4ae9730b40

SHA1
c6e27c66f16cf96dadb3a122ed721cfebdc8b7d5

SHA256
4cda22cf4fd5fb0ef3441b2a6268d68bc5d8fbb9b47dfe3df9bba56eb8ff54e8

SHA512
4729fa99335790d4a4244ab79475efd2217af0c7628f9f8833ec113cb3b6fcc036ec02b5d9f855cbe21db2ea446f22ad92974d6053dbf351bdc2b9c8399aeebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8dee801dbd30bbc7619ef656ea1b7ee9

SHA1
2959915238b9f16d5930792331b4b51f54c41954

SHA256
69bf30bfeec82a4900af02d8b7a62cba9b50179a0aa58611c9aa21c0825bf18d

SHA512
4970bec1bac5fd436811933fb0d897b8708147d6d54cc46a51331d29eac451269212697dbaeae444b974caffcd5d65a4ae5865b7a1ffbd0c522215b1d1c78efc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcc0ff0509be996fa665c17b3cae4e15

SHA1
efb3ccadfe57596ca50ae07bbe354932776323e4

SHA256
15a2eba175c200643db68b0c4d551b962b46ae14d855f986647e613a59266f0f

SHA512
4f3f033a55319d0d0513101d244b1705ef7790c658b054af67f67bd7a134a977d4069013adf3f7a8d68d08599ac05ef3fbca4171a32c49834113760c419ea9f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcc0ff0509be996fa665c17b3cae4e15

SHA1
efb3ccadfe57596ca50ae07bbe354932776323e4

SHA256
15a2eba175c200643db68b0c4d551b962b46ae14d855f986647e613a59266f0f

SHA512
4f3f033a55319d0d0513101d244b1705ef7790c658b054af67f67bd7a134a977d4069013adf3f7a8d68d08599ac05ef3fbca4171a32c49834113760c419ea9f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b31c9323383d233a3f3bce3813c4c997

SHA1
606a138f0653f10086c7846e56b781f2bc0d4c17

SHA256
f00fd8397c901e5e4cae38db69ef3a7062ed5a0cb2cebdea99bda69f0129519b

SHA512
bf6be45680b392a754bc115a3faf0c6b3751e11d7e214733d0606f5513a38711725ecd83f06e88a368057cc4e8f9261cfd9c75bcf05a057a21c448ec4b238d94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5cd8c41f5b23f9d425264d603fe0075b

SHA1
c8c4fecdb7238a957314c73aab9132710e2dfdd4

SHA256
26b6f22f99d5d448d2f3ac8195f8c6ab2b7a9518405383e9ebba4f494863ffdc

SHA512
90d8df8da35c13dccbcccae367db926172d595932ae863bef753a6b2c2e46a0e356c80ae5ed9a28e843be62c14c4dab1a613c64a31c984c3dcf9188004f9445c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8df39f759b40a4eee60b5cacd5bae32c

SHA1
1d09b7a3266307f9a74ee95a351b2124f7bb9640

SHA256
ff09c8c393face16b519c2e0bb58c41e90bc675c418c44c7b3cadb805f28491c

SHA512
cd4f2c340f7b6948cbdfc40cdb01a750a1c77066e52b0a1742f723b9cc19d503d53a803542622e4d54644d3ea1982ecd065fa97033a325e6ac72217bebe78074

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
208a3239758775ee9a6e5da5de35e4b8

SHA1
2c191d52d32cd25d7820c90723b1b24b5d1d5118

SHA256
e08b6ad2f9e782e7ba885deeee6d603b985ff91ee7e1aa9ef3b837332454b54c

SHA512
bcb639c1bff5a25ad694384dac14fa672b73cd4344376770034bf1a3dc99db1f443e7e71ba85d4857944060ec06f9b169b58aff27254b79aa22f499614a7f835

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54e677ab19c1d98dfcdbc57774dc1b0b

SHA1
2b5345d4fa1c81449a1c79392e7adbe786873017

SHA256
1dc8506c06e7d45cb4b45d4e3ed67afaa363e77276665d59d86e967ca02cd3c2

SHA512
6e9d207d16624292f4f444b9158ebacf1d8135ce3cb675a3851ac9ac62be6ab5c626bdea96e1b098bd63860cf39500f2e2b7f0671e2acfb87420cd60cc5ab09b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA650.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA8D7.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3832.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3832.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3832.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3832.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst3832.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9210b4b501896f365d99790f54644eb2

SHA1
970816c964b8d987ef279260c3416ff4d1589abe

SHA256
bcd1012ec7e2ea7de32bc20e0a4ac77a55b8326d26d1aeccfbfdb406765bf316

SHA512
6d45fee52b16cd3bfc68cf7a4c1aa2fe74ca0f2a60c8bd4f2d9b2313b3358193b0bac8ed3332d940f2858c6291d6563796edc99b4e1d8326b6138c9cbdacafbd

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\TransportSecurity

Filesize
2KB

MD5
27f8b71a6e5fc773e199ea9e2ca1bbc3

SHA1
a22caba20ba7f2879aeb5454f7794a3c8d0c2d04

SHA256
2bfad750a48f6a38db07b81db0fd78478ef8ac7e8d30325220a5603c07814dbe

SHA512
5022d8270e922fc56408ef4614eeb91e7d1e44cee81cbea7ffea102d26603faf806c0b499fb4934633895ce33daa6efd77f433054fd54620296ca62ef915aa1d

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\logs\main.log

Filesize
1KB

MD5
7ec4262ebacfacaeacebbf89a715d744

SHA1
b99fc0c532eab44019fcd6dfb1494521d96b8abd

SHA256
b62772aaec4377e9a3bd4e8f48c52a736cdff38e568099eb92db8fd38a8b761f

SHA512
ed0e039b7303fc6200ff706ba628d0a82a2a6b9d6a0bf3b7d3ce45d041bac8c5944ae438fca3c5480561fe3d473e31448f4cac2c025eac6c36082610111892ac

Download Submit
\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
\Program Files (x86)\JawGames\d3dcompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
\Program Files (x86)\JawGames\d3dcompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
\Program Files (x86)\JawGames\libEGL.dll

Filesize
359KB

MD5
32cb96c60993ae84ced48aab7c694e79

SHA1
d9af51aa94f28df2dd7b623b120baea783c66a02

SHA256
b106d74aee317f790c76fa8ae261e4ce1841e371bf86380b3cc313b6a5d65204

SHA512
f24319d38469f5a0229ef9735131e32ce2a14f3e901ccb1247f2a12e56502fcb9b9b15a3aa07f57bf423715ebae7051594b9a41b816dbd46e62bc11972295858

Download Submit
\Program Files (x86)\JawGames\libGLESv2.dll

Filesize
6.5MB

MD5
7e606fee860246d10b105e52cc5a053f

SHA1
811462b6fb1b1bbfa3f93109b02bdbb55c94f65a

SHA256
bf16317679e7343f3c5eb70a0def838eee32c8213dbca8e5ab1d1bf737aa933c

SHA512
10db7ab0d801215fcf20766a716845991b83cd0534f698d77fc7efdcce3a6195b58ed5163f86c25b6ffd1fa4d10770e68c31d0f3c5bb334f378d2299eb466349

Download Submit
\Program Files (x86)\JawGames\swiftshader\libEGL.dll

Filesize
380KB

MD5
4e3b85e7a4f01c1d91c9d5d96a1b0f68

SHA1
3ecd6e6884098372c4661bd2a8f6a131387589d1

SHA256
6a22e4573a7d0823cf22044ba157afa65c230a2fe75fe386047903e408ee4276

SHA512
a5d871f97cf2d62f9dd7f271ccf2c807f68f602161d4fe62bd8906b3d2d28a92079ff588031fc219dd0c5db4f17af6015cb018b8ac8969ecc48a39c4bbb7b6fa

Download Submit
\Program Files (x86)\JawGames\swiftshader\libGLESv2.dll

Filesize
2.8MB

MD5
cce30eacb3819c0d4279456ec3fb8a1c

SHA1
1d6429f1fb2d14573dd944747113ea73c71ab4a3

SHA256
21f2bdcc53664e64c436c3c79468050f5ec293b8e100216341903100b000b517

SHA512
65d838caacc43a79f3570ad15101ef978b0f99d90a3193dca22d764ef936c6e60b203e1e1274e6a87ca240273d09303da976e755485a8fdb1f5743ff3f8485ca

Download Submit
\Users\Admin\AppData\Local\Temp\nst3832.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nst3832.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nst3832.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nst3832.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nst3832.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nst3832.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/936-493-0x0000000003A60000-0x0000000003A62000-memory.dmp

Filesize
8KB

Download
memory/944-522-0x0000000000E80000-0x0000000000E81000-memory.dmp

Filesize
4KB

Download
memory/1520-1297-0x0000000001E40000-0x0000000001F50000-memory.dmp

Filesize
1.1MB

Download
memory/1724-555-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

Filesize
4KB

Download