d21b4f8a192b523f7795e534973d2ab8a20fbb0a7c84d9ea2ec88c5691502c8b

Analysis

max time kernel
146s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2023 10:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JawGames.exe
Size

105.5MB
MD5

4a26efdfa0d7a2009359f1475bd6ee05
SHA1

75a7bd4425a03e38bb15cdefd4784962dc29a539
SHA256

d21b4f8a192b523f7795e534973d2ab8a20fbb0a7c84d9ea2ec88c5691502c8b
SHA512

ded1c9e32baa9cad30e0820fe0db5c27f7a87354a014a4cec5b02b8a8a20527caa7a207f96982e44aebed1d68f2353daa152509656cbbbc9d5d1b634f73ba2a9
SSDEEP

3145728:9z05AJybyDULrmyg4bhOUerReM2Cg2L3WBe:SYUyDOR3er8R2LOe

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	JawGames.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	JawGames.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	JawGames.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	JawGames.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	JawGames.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\JawGames\locales\ca.pak	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\cleanupAttrs.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\convertShapeToPath.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu.exe	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\de.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\vi.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\moveElemsAttrsToGroup.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeUnknownsAndDefaults.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\swiftshader	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\ms.pak	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\terser\tools\exit.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\vendor\notifu\notifu64.exe	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\nb.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\cleanupIDs.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\convertPathData.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\player\libwinpthread-1.dll	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\speedtest\speedtest.exe	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\.prettierrc	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeEditorsNSData.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\elevate.exe	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\sv.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeOffCanvasPaths.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\elevate.exe	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\cleanupEnableBackground.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeElementsByAttr.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeXMLProcInst.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\swiftshader\libEGL.dll	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\moveElemsAttrsToGroup.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeAttrs.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeDoctype.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\lib	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\es.pak	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\tr.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\lib\svgo\css-select-adapter.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\lib\svgo\svg2js.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\reusePaths.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\Uninstall JawGames.exe	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\sortAttrs.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\terser\bin\uglifyjs	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\player\version.powblock.json	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeNonInheritableGroupAttrs.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\README.ru.md	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\terser\bin\terser	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\vendor\mac.noindex\terminal-notifier.app	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\bn.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\ms.pak	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app-update.yml	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\vendor\mac.noindex\terminal-notifier.app\Contents\Resources\en.lproj\InfoPlist.strings	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\notifiers	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\locales\ro.pak	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\cleanupIDs.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\snoretoast-x86.exe	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\player\libz.dll	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\LICENSE.electron.txt	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app-update.yml	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\notifysend.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\notifiers\notifysend.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\cleanupAttrs.js	JawGames.exe
File opened for modification	C:\Program Files (x86)\JawGames\resources\player\libssl-1_1-x64.dll	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\LICENSE	JawGames.exe
File created	C:\Program Files (x86)\JawGames\resources\app.asar.unpacked\node_modules\svgo\plugins\removeUnknownsAndDefaults.js	JawGames.exe
File created	C:\Program Files (x86)\JawGames\locales\it.pak	JawGames.exe
File created	C:\Program Files (x86)\JawGames\libEGL.dll	JawGames.exe

Executes dropped EXE 8 IoCs

pid	Process
116	JawGames.exe
3820	JawGames.exe
3980	JawGames.exe
5116	JawGames.exe
452	JawGames.exe
3816	JawGames.exe
1056	JawGames.exe
4496	JawGames.exe

Loads dropped DLL 17 IoCs

pid	Process
1516	JawGames.exe
1516	JawGames.exe
1516	JawGames.exe
1516	JawGames.exe
1516	JawGames.exe
1516	JawGames.exe
116	JawGames.exe
3980	JawGames.exe
5116	JawGames.exe
3820	JawGames.exe
3820	JawGames.exe
3820	JawGames.exe
3820	JawGames.exe
452	JawGames.exe
3816	JawGames.exe
1056	JawGames.exe
4496	JawGames.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	JawGames.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	JawGames.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	JawGames.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	JawGames.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	JawGames.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	JawGames.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	JawGames.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\blacknut\shell	JawGames.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\blacknut\shell\open	JawGames.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\blacknut\shell\open\command\ = "\"C:\\Program Files (x86)\\JawGames\\JawGames.exe\" -- \"%1\""	JawGames.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\blacknut	JawGames.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\blacknut\URL Protocol	JawGames.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\blacknut\ = "URL:blacknut"	JawGames.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\blacknut\shell\open\command	JawGames.exe

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	JawGames.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	JawGames.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	JawGames.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	JawGames.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	JawGames.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	JawGames.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	JawGames.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	JawGames.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	JawGames.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	JawGames.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	JawGames.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1516	JawGames.exe
1516	JawGames.exe
3980	JawGames.exe
3980	JawGames.exe
5116	JawGames.exe
5116	JawGames.exe
4496	JawGames.exe
4496	JawGames.exe
4496	JawGames.exe
4496	JawGames.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	1516	JawGames.exe
Token: SeIncreaseQuotaPrivilege	1844	wmic.exe
Token: SeSecurityPrivilege	1844	wmic.exe
Token: SeTakeOwnershipPrivilege	1844	wmic.exe
Token: SeLoadDriverPrivilege	1844	wmic.exe
Token: SeSystemProfilePrivilege	1844	wmic.exe
Token: SeSystemtimePrivilege	1844	wmic.exe
Token: SeProfSingleProcessPrivilege	1844	wmic.exe
Token: SeIncBasePriorityPrivilege	1844	wmic.exe
Token: SeCreatePagefilePrivilege	1844	wmic.exe
Token: SeBackupPrivilege	1844	wmic.exe
Token: SeRestorePrivilege	1844	wmic.exe
Token: SeShutdownPrivilege	1844	wmic.exe
Token: SeDebugPrivilege	1844	wmic.exe
Token: SeSystemEnvironmentPrivilege	1844	wmic.exe
Token: SeRemoteShutdownPrivilege	1844	wmic.exe
Token: SeUndockPrivilege	1844	wmic.exe
Token: SeManageVolumePrivilege	1844	wmic.exe
Token: 33	1844	wmic.exe
Token: 34	1844	wmic.exe
Token: 35	1844	wmic.exe
Token: 36	1844	wmic.exe
Token: SeIncreaseQuotaPrivilege	1844	wmic.exe
Token: SeSecurityPrivilege	1844	wmic.exe
Token: SeTakeOwnershipPrivilege	1844	wmic.exe
Token: SeLoadDriverPrivilege	1844	wmic.exe
Token: SeSystemProfilePrivilege	1844	wmic.exe
Token: SeSystemtimePrivilege	1844	wmic.exe
Token: SeProfSingleProcessPrivilege	1844	wmic.exe
Token: SeIncBasePriorityPrivilege	1844	wmic.exe
Token: SeCreatePagefilePrivilege	1844	wmic.exe
Token: SeBackupPrivilege	1844	wmic.exe
Token: SeRestorePrivilege	1844	wmic.exe
Token: SeShutdownPrivilege	1844	wmic.exe
Token: SeDebugPrivilege	1844	wmic.exe
Token: SeSystemEnvironmentPrivilege	1844	wmic.exe
Token: SeRemoteShutdownPrivilege	1844	wmic.exe
Token: SeUndockPrivilege	1844	wmic.exe
Token: SeManageVolumePrivilege	1844	wmic.exe
Token: 33	1844	wmic.exe
Token: 34	1844	wmic.exe
Token: 35	1844	wmic.exe
Token: 36	1844	wmic.exe
Token: SeIncreaseQuotaPrivilege	1228	WMIC.exe
Token: SeSecurityPrivilege	1228	WMIC.exe
Token: SeTakeOwnershipPrivilege	1228	WMIC.exe
Token: SeLoadDriverPrivilege	1228	WMIC.exe
Token: SeSystemProfilePrivilege	1228	WMIC.exe
Token: SeSystemtimePrivilege	1228	WMIC.exe
Token: SeProfSingleProcessPrivilege	1228	WMIC.exe
Token: SeIncBasePriorityPrivilege	1228	WMIC.exe
Token: SeCreatePagefilePrivilege	1228	WMIC.exe
Token: SeBackupPrivilege	1228	WMIC.exe
Token: SeRestorePrivilege	1228	WMIC.exe
Token: SeShutdownPrivilege	1228	WMIC.exe
Token: SeDebugPrivilege	1228	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1228	WMIC.exe
Token: SeRemoteShutdownPrivilege	1228	WMIC.exe
Token: SeUndockPrivilege	1228	WMIC.exe
Token: SeManageVolumePrivilege	1228	WMIC.exe
Token: 33	1228	WMIC.exe
Token: 34	1228	WMIC.exe
Token: 35	1228	WMIC.exe
Token: 36	1228	WMIC.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe
116	JawGames.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3820	116	JawGames.exe	92
PID 116 wrote to memory of 3980	116	JawGames.exe	94
PID 116 wrote to memory of 3980	116	JawGames.exe	94
PID 116 wrote to memory of 3980	116	JawGames.exe	94
PID 116 wrote to memory of 5116	116	JawGames.exe	93
PID 116 wrote to memory of 5116	116	JawGames.exe	93
PID 116 wrote to memory of 5116	116	JawGames.exe	93
PID 116 wrote to memory of 4816	116	JawGames.exe	99
PID 116 wrote to memory of 4816	116	JawGames.exe	99
PID 116 wrote to memory of 4816	116	JawGames.exe	99
PID 116 wrote to memory of 1844	116	JawGames.exe	100
PID 116 wrote to memory of 1844	116	JawGames.exe	100
PID 116 wrote to memory of 1844	116	JawGames.exe	100
PID 4816 wrote to memory of 4568	4816	cmd.exe	103
PID 4816 wrote to memory of 4568	4816	cmd.exe	103
PID 4816 wrote to memory of 4568	4816	cmd.exe	103
PID 116 wrote to memory of 1428	116	JawGames.exe	105
PID 116 wrote to memory of 1428	116	JawGames.exe	105
PID 116 wrote to memory of 1428	116	JawGames.exe	105
PID 1428 wrote to memory of 1228	1428	cmd.exe	106
PID 1428 wrote to memory of 1228	1428	cmd.exe	106
PID 1428 wrote to memory of 1228	1428	cmd.exe	106
PID 116 wrote to memory of 3664	116	JawGames.exe	107
PID 116 wrote to memory of 3664	116	JawGames.exe	107

C:\Users\Admin\AppData\Local\Temp\JawGames.exe
"C:\Users\Admin\AppData\Local\Temp\JawGames.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1516

C:\Program Files (x86)\JawGames\JawGames.exe
"C:\Program Files (x86)\JawGames\JawGames.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=gpu-process --field-trial-handle=1584,6181939756167608535,5933732006275856635,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1596 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3820
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=renderer --field-trial-handle=1584,6181939756167608535,5933732006275856635,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Program Files (x86)\JawGames\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,6181939756167608535,5933732006275856635,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1992 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4816
- - C:\Windows\SysWOW64\chcp.com
    chcp
    3⤵
    PID:4568
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic where "NetConnectionStatus = 2" get NetConnectionID /value
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1844
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1428
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic path win32_VideoController
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1228
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic list full
  2⤵
  PID:3664
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=renderer --field-trial-handle=1584,6181939756167608535,5933732006275856635,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files (x86)\JawGames\resources\app.asar" --enable-sandbox --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:452
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic where "NetConnectionID = 'Ethernet'" get MACAddress /value
  2⤵
  PID:1188
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic where "NetConnectionID = 'Ethernet'" get MACAddress /value
  2⤵
  PID:5052
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nicconfig where "MACAddress = '7E:7B:9E:A5:7A:36'" get IPSubnet /value
  2⤵
  PID:3204
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nicconfig where "MACAddress = '7E:7B:9E:A5:7A:36'" get DefaultIPGateway /value
  2⤵
  PID:2176
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=renderer --field-trial-handle=1584,6181939756167608535,5933732006275856635,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files (x86)\JawGames\resources\app.asar" --enable-sandbox --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3816
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic where "NetConnectionID = 'Ethernet'" get MACAddress /value
  2⤵
  PID:1960
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=renderer --field-trial-handle=1584,6181939756167608535,5933732006275856635,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --app-path="C:\Program Files (x86)\JawGames\resources\app.asar" --enable-sandbox --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1056
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nicconfig where "MACAddress = '7E:7B:9E:A5:7A:36'" get IPSubnet /value
  2⤵
  PID:1320
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nic where "NetConnectionID = 'Ethernet'" get MACAddress /value
  2⤵
  PID:3180
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic nicconfig where "MACAddress = '7E:7B:9E:A5:7A:36'" get DefaultIPGateway /value
  2⤵
  PID:3756
- C:\Program Files (x86)\JawGames\JawGames.exe
  "C:\Program Files (x86)\JawGames\JawGames.exe" --type=gpu-process --field-trial-handle=1584,6181939756167608535,5933732006275856635,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4164

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\JawGames\D3DCompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\JawGames.exe

Filesize
108.5MB

MD5
c20d7e61b954f24e142b01e8f54696e0

SHA1
1109e93301fb5e18e1e9b1c364678dc9ec59e99a

SHA256
a5d3693857152d962c1997329cd997655ff9149a8e2ee78d77bce2ecc13fee85

SHA512
4dfbcdaf3f4eed46134e9f196a0fcde583c028fc6ff8bb5e0b1519d2d3e465c7e197854b8fb946489af4a9b90e1a9f3cd2b67c70cafd762b7574b908d41e65e5

Download Submit
C:\Program Files (x86)\JawGames\chrome_100_percent.pak

Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Program Files (x86)\JawGames\chrome_200_percent.pak

Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Program Files (x86)\JawGames\d3dcompiler_47.dll

Filesize
3.5MB

MD5
2f2e363c9a9baa0a9626db374cc4e8a4

SHA1
17f405e81e5fce4c5a02ca049f7bd48b31674c8f

SHA256
2630f4188bd2ea5451ca61d83869bf7068a4f0440401c949a9feb9fb476e15df

SHA512
e668a5d1f5e6f821ebfa0913e201f0dfd8da2f96605701f8db18d14ea4fdeac73aeb9b4fe1f22eaeffcdd1c0f73a6701763727d5b09775666f82b678404e4924

Download Submit
C:\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
C:\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
C:\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
C:\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
C:\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
C:\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
C:\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
C:\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
C:\Program Files (x86)\JawGames\ffmpeg.dll

Filesize
2.5MB

MD5
fa2373c1139194fc44376fa9c866b8ad

SHA1
5c8eb86aa6eb2e4e5efb7e9eaf5e6802f80b810e

SHA256
82f4287c4e9e0178488bacce0e4a39424aad7015ee8aa8052d4bc2733fcaa437

SHA512
6a246e63436ac0d2bae17fd6418903b4dda2efacba97e33ace3f93d321d41d7c4898ef84738c205aeee1360b983f208827f324141b699fc9a88e1d0ad90a0db9

Download Submit
C:\Program Files (x86)\JawGames\icudtl.dat

Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Program Files (x86)\JawGames\locales\en-US.pak

Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Program Files (x86)\JawGames\resources.pak

Filesize
4.9MB

MD5
d419450ddecb53b207d685198e1b083f

SHA1
26f494e0b2fb5ea62fa492206b5d4b17d0febb39

SHA256
26db82cf1df199c9ff2a5d2514370a2be65d597e7068c25e5d7f4f6c4beebdc1

SHA512
8a53e2cc3b68eacfeff8f73a003c45aaf382ec2c32be886ef760c3bf1177836a7902fac8d44fb958ab7b7b451c127d04d647f193298346004a44cd621ad5a72f

Download Submit
C:\Program Files (x86)\JawGames\resources\app.asar

Filesize
301.4MB

MD5
c183bf65050f0db17b71ec7f37dbe71a

SHA1
d320dc9c39817e53b22decfcc874963f831f6919

SHA256
fcc3c15a25c144a686d3589270e184791e1e49793d23ed899410ed996f777116

SHA512
f8cf5113d26ded5d2f6936d6e2ee9f5d487c57a187c197b2ba1f1b6111e4fa4f8b564e23cc5908573b665ae4f40dc7a70b242c6cb4bf4876efa66c1b624a8ef2

Download Submit
C:\Program Files (x86)\JawGames\swiftshader\libEGL.dll

Filesize
380KB

MD5
4e3b85e7a4f01c1d91c9d5d96a1b0f68

SHA1
3ecd6e6884098372c4661bd2a8f6a131387589d1

SHA256
6a22e4573a7d0823cf22044ba157afa65c230a2fe75fe386047903e408ee4276

SHA512
a5d871f97cf2d62f9dd7f271ccf2c807f68f602161d4fe62bd8906b3d2d28a92079ff588031fc219dd0c5db4f17af6015cb018b8ac8969ecc48a39c4bbb7b6fa

Download Submit
C:\Program Files (x86)\JawGames\swiftshader\libGLESv2.dll

Filesize
2.8MB

MD5
cce30eacb3819c0d4279456ec3fb8a1c

SHA1
1d6429f1fb2d14573dd944747113ea73c71ab4a3

SHA256
21f2bdcc53664e64c436c3c79468050f5ec293b8e100216341903100b000b517

SHA512
65d838caacc43a79f3570ad15101ef978b0f99d90a3193dca22d764ef936c6e60b203e1e1274e6a87ca240273d09303da976e755485a8fdb1f5743ff3f8485ca

Download Submit
C:\Program Files (x86)\JawGames\swiftshader\libegl.dll

Filesize
380KB

MD5
4e3b85e7a4f01c1d91c9d5d96a1b0f68

SHA1
3ecd6e6884098372c4661bd2a8f6a131387589d1

SHA256
6a22e4573a7d0823cf22044ba157afa65c230a2fe75fe386047903e408ee4276

SHA512
a5d871f97cf2d62f9dd7f271ccf2c807f68f602161d4fe62bd8906b3d2d28a92079ff588031fc219dd0c5db4f17af6015cb018b8ac8969ecc48a39c4bbb7b6fa

Download Submit
C:\Program Files (x86)\JawGames\swiftshader\libglesv2.dll

Filesize
2.8MB

MD5
cce30eacb3819c0d4279456ec3fb8a1c

SHA1
1d6429f1fb2d14573dd944747113ea73c71ab4a3

SHA256
21f2bdcc53664e64c436c3c79468050f5ec293b8e100216341903100b000b517

SHA512
65d838caacc43a79f3570ad15101ef978b0f99d90a3193dca22d764ef936c6e60b203e1e1274e6a87ca240273d09303da976e755485a8fdb1f5743ff3f8485ca

Download Submit
C:\Program Files (x86)\JawGames\v8_context_snapshot.bin

Filesize
160KB

MD5
d4c7db0b3171fd2202a4374f39338953

SHA1
2cf36134bcaa1bf27c8702ccbaabe2c4f22fa2b4

SHA256
19a56a6b73cc650b5f9a4aaf171898dbdff86b104f064db9a3251efde3150bf6

SHA512
17aef5c393ab4fd3731b6034698ad2e6f4263430439957e18424cd6b8be4a1f03953d2f8f1c407be9219e32fafaa305c7cb1e900be873bb688793da7bb3de57c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfA34A.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfA34A.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfA34A.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfA34A.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfA34A.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfA34A.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfA34A.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsfA34A.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
5bf334e9cd4a7aeeb948eab76e8df705

SHA1
54232b7dfd4b93d2dbd8ed98c91153393a12ae9f

SHA256
3181bea44692ca53ed34548b1a99dbc5674bba2b2bcc8b7b042cb8e790ba3307

SHA512
a394b48021af89d758f6b8a67bf0383371cd5dac3c64c78a878257c85bc483b1d5acefa508c8e234d2a57ae395da59ee0c36343bd3f0e3506d960959561a61b4

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
48e2666b93a3ff105cc6bb17418d328e

SHA1
3aff523bffe98394c5324103356d572baf89a65f

SHA256
6545bc3f329925695bc09d2c0422df85e51942c9f417a4839a56b0feea1a0e43

SHA512
3112023ee0ee2e09e3a45f7d6ec8d19a51e961a63c64127fee0e635dc7ef688f34fd8874679843215a540d60dc8dbf6d56ce069eac4b6eeff69f4b0512f16e12

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\Network Persistent State

Filesize
1KB

MD5
0290679e15b20fd66a7176dfac294e22

SHA1
60830bdb9d8ca955dd1fa80ecd0f4f7bb738ed38

SHA256
a217ff331ac3558f0d242708018316f840ab8564838817dd3e193af80128012b

SHA512
42f4749ce95ff63fb776abb3c094d5b2ceddc5aee1a12ca0dacd87d73e02a6d7fb3eefb8b862f7354305e1524ff7346b73ffcbec3e821d56fa14a31a45bc6409

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\Network Persistent State~RFe588632.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\TransportSecurity

Filesize
2KB

MD5
92b888b1c1e9d5d1f57691457535904b

SHA1
45589ac080f9cfc7737673a883490b3578285ca8

SHA256
ff687feb2d88a6e5d59c69bc16b3f4a58c5faa4555098d47422c1406ee56b0e8

SHA512
6c48c5b7ac43f8812f31443122f08a481265d169e5345bf86e9fe16894d771e4f25a1590fc8a3ddbb0f97fcef61fa944857b6c17f046307dc12dff22bb8a2191

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\TransportSecurity

Filesize
2KB

MD5
783fd71c987cf7066e8546bcb501e4fa

SHA1
8b5ffa73d5f47883f66233eedf5f065352a58988

SHA256
d5df4c3967b8101fe30c77b777498f8486c3631fc33ee6037931391c3c3bcd06

SHA512
04af19bfdcf26ae390e0a9d7cc8ebf8b108ce93bfff8570f9426290ad07511f80f95ac6af2b5e043a29d962da02e9a5a36cfcdbb581dcf60198396977c5791e1

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\TransportSecurity

Filesize
2KB

MD5
61a3ce4014e18e06ce1a64e8e03cd5b0

SHA1
3c21be251d5e3c1e43e64e5a6a099303743f1e1c

SHA256
75972d18e77787ac308f3adaa9c1cb80509cb1cdedb5b83780ec79cbd02bea6a

SHA512
eec6bf1920f1135271f67814ae34989c5d5b6eef68f77c62158c727986e65f20a616de24021e8c37e10600049a2ce2226f38ee51d64877d4ded28ab8ab3bff22

Download Submit
C:\Users\Admin\AppData\Roaming\JawGames by telecall\TransportSecurity~RFe57c5f0.TMP

Filesize
871B

MD5
6ca87f8dfe6388eaa8cdac9ac9205732

SHA1
a1463c973c14de5b6a584fe6725219682cf3e5db

SHA256
b5ac1f99c16c510fe833a2bf69cd4bead6a9cf8895c749875fe8dd36284405e3

SHA512
ac06dc4619d16af7e53bca25b1ed7e0c26d3a7b9194047abe421378a30998506c439f9dc3935c64e54a795d5fc721b1bdbb0b53bfafe7d8b0cac6751164c1f2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit