Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
23-04-2024 18:02
General
-
Target
2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber.exe
-
Size
2.0MB
-
MD5
e1f12fc65552ebcd26542e8bf3f985b8
-
SHA1
eee4e3f34247e50a8dacce6e15ca605983abdfc0
-
SHA256
0a11849292307d1833c857ca39eb21deb2af5aa1d1a0228e8bd6797b46c6cb47
-
SHA512
a84cc25c036fc7cb24696862cf3e5259c58b2e211fc8f1b580c808be4cd2c58938cc737b43b49cf588928b319447fe44c1ab39b4f4973c499f830f49bdab321f
-
SSDEEP
49152:t/7sIyhWajeDefr8VlaQnBllYb20+1k+1cAzS+vc:t/KWacVYQBllYW
Malware Config
Extracted
metasploit
windows/reverse_tcp
192.168.222.129:1734
Signatures
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 5 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 8 IoCs
-
Loads dropped DLL 64 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 18 IoCs
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 62 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber.exe"C:\Users\Admin\AppData\Local\Temp\2024-04-23_e1f12fc65552ebcd26542e8bf3f985b8_cobalt-strike_magniber.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe" " /referral=strike_magniber /voice=e1f12fc65552ebcd26542e8bf3f985b8_cobalt /channelId=87d38116-4cbf-4af0-a371-a5b498975346"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe" "/appIpcName=AgsLaunch-App-Pipe-1684-1" "/coreProcessIpc=CoreProcess-Desktop-1684-1" " /referral=strike_magniber /voice=e1f12fc65552ebcd26542e8bf3f985b8_cobalt /channelId=87d38116-4cbf-4af0-a371-a5b498975346"3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" "--appIpcName=AgsLaunch-App-Pipe-1684-1"3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=gpu-process --field-trial-handle=1740,13870039930087322445,9158685339356146417,131072 --disable-features=SpareRendererForSitePerProcess --enable-gpu-rasterization --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=7495476099399907759 --mojo-platform-channel-handle=1748 --ignored=" --type=renderer " /prefetch:24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=utility --field-trial-handle=1740,13870039930087322445,9158685339356146417,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --service-request-channel-token=18271139807677395323 --mojo-platform-channel-handle=2140 /prefetch:84⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1740,13870039930087322445,9158685339356146417,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=17779079363829875177 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1740,13870039930087322445,9158685339356146417,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=11084035038281598473 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1740,13870039930087322445,9158685339356146417,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --no-sandbox --no-zygote --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=2182096140715529679 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:14⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.dllFilesize
289KB
MD5deba6c8e0c0d675d603a6abac1758405
SHA1a7256d4a7edfe4cf9ef2acfb666e885b8a94af21
SHA256e19a9367128f32949f564dc56616d4634ad76906a38df14aa54e071a16edddbd
SHA512fe37ed5960b4d41754cf7ccf1058779689c2a35f29a38e698f880a27640cd7e853ebf6d2f4c9e9d15d98c3e363fa6cb7c7b898fc4ea60061d31d7106a7713c6c
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exeFilesize
164KB
MD5fe23656081c5bd7b8ae9ae2b9d839626
SHA1b9ffcbe686da844867de4ec7d6ed7cd7461a7932
SHA2568fd08ad4c69a69de51c4cb636ca793b60d9008eb27fa3ee8fae2685dab082d4b
SHA51223f892c00847f73d4a1a627ef0677c4808d2ff5ff330a6795f5949e572eb189549c96b1bc0f043cec251cb1b66e834690a6ab295dbc6a9ab1bd2c39b0dfc715f
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Auth.Map.dllFilesize
100KB
MD5554d4b320f76da61cb72b4ad5b9540f7
SHA10fe385138a962f0bf08fb98c166a91663d0dc528
SHA256be5051970ab9b12caae8aa41948e768dfe12b547bdc209c5de3f70dfe1f984b5
SHA51219eaa5bfc0232658577aef00a164944837b1e93542d71d14b602647bb95ec37e1281a8bf63ea27bd6303a8c0b388995b38dec4998d07aef713c4809c25383e22
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Common.dllFilesize
178KB
MD54ef1b2d13f51874216fbf0df45df9b5e
SHA13a6f043be41582370731f9443875344bc8239a31
SHA256d8354019cf78b3d7487b2ad2b8155f6999c304f6106b4a5135f68bfe35955bab
SHA512850c51b188c2e1d447b0c647c1037aa9bb689b18b8070f33104a0140bb11065a4620e41bae7c7d4721296cdd6fc1fa2baa60a23ac788844fbfb09877398f4536
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.AppCore.dllFilesize
26KB
MD586889faa408c4c3fcf4882aec3046256
SHA182c29f42eeea4162d81acccd22a7d6a78d946df0
SHA25660528c1a3bb08422535bd68ec5e0553447e29f25efa66316cdd0c8ebb2a4c467
SHA512da3637a0a2508b367327bcb67b03d44774f0b36dc76d121b930b1b01cbbe85045fd1ecece1f80bb64fc9936c9b38a9480cd1c6608b5518349fc55c05dd0f6190
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.Common.dllFilesize
375KB
MD555073896feba35e53f8b092d7ac034ba
SHA1fc6814e73bd7c311debbc22b8a5fd48b9fabe591
SHA256fb3828cf88a7c34f77189d58f6f19f67fcdda7fdecded96e9d6eaa6d7d32cb1e
SHA512b079c9ef21798d98b2327e52b39636e94b040148a054b844fb34f95c7b23d7f2c9217e9c2bece789f53efec58eb11e2ac24e5e00789ed21dcf4b51731e33052c
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.Plugin.Metrics.dllFilesize
54KB
MD5f564eeb9097f973a0391272b7e29246c
SHA13626e468c5169c23bda54453b2fc563d8edd1314
SHA25665992f852ae3dfaa2f37f0b00e5f311931322e646cd7a2f8122696e303012935
SHA51215ea765b3fb1b595455f61a6828396ecb55027df37de0d2e4f3b2ab965d55369de96377818d1d3ec5d1308e276ee13190279b581a96544dc680a719aafad5e40
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.Plugin.PlatformServices_Windows.dllFilesize
83KB
MD5cc30c96147b3d21b4b0b38fb21b26916
SHA147ba1cc2fb656de627d01e7b45fb085942400c23
SHA2566a1e50a2e922fb06020651ba6efb64db8af873ab6cd0fd07317a60b2778677e0
SHA512f1d0d5ad06d369aa46748ce3dc026998e3882a2402aebb343b7769323f867fe8c930f2ea472540cbdb1a25238e5a5c7f13711f1a92b2bd5ecaab111308d42afd
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Radium.dllFilesize
742KB
MD54cc482293eb1cefaff6d0c41c3ecab66
SHA10d0de976523c7f709f8cb7b7ffe677eabf6501a8
SHA256876d66beebb73ac6d309ebe459b6fe573ae82abbc7320aeb76d0fcae6f6a1c47
SHA5129d3f4b9db1add1ad32238ab528c79dae566a8cb38e8c50e2c0059b8fc2d9fe89fa61abbb74e57c47a84d569bc6144e7e397765b72420bab74efe50b4555d343b
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Autofac.dllFilesize
324KB
MD59761a0bb31b835427ca03f24b89008d9
SHA1ce7117a0b516fc1914a95bb5826e876b65943540
SHA2563115158fe89deb0c7f4c94048bdc59a439f7806f578113d7ec7d4a90d0201e37
SHA5124c3e912f95dbd5ebf228dbf497ed3731c41751214449745b6049ad0c9fd13c1f660f32917bb4723e6033852d43aacb315d04b211ec72741dadd3f6e8806b5d36
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Clients.Amazon.SushiEel.dllFilesize
32KB
MD5a3bb7616a77a6a16168fe278f96150da
SHA161da3a03ad6e0a0717202b27ba7b12f06e4b8791
SHA256b1b9f1456b735d3fd9c964f9b0f28367a239f670df51f6e87011ace22b269696
SHA512ea2c0b6ddfbbc2418cfc22a8219af767ae527b62313b1c0f8d25c06fb62df0e037da0e070615592f5e405685b8620d7b29829d334e062665919374a67c141e5e
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\PresentationFramework.dllFilesize
14.2MB
MD521d518f466d3815df618253efb11a09b
SHA15ac9d1dc00bace95006ca44b8cb4a559219a522b
SHA2563dc0ddd44a4475e62c2a97172e0721f07f4f1f5d163fe4e77dd999043ba05734
SHA512d96aeb4727ca6c2d818c5c17341e5625481774a330c66533670d6507d7dc267b2b66e01fd9b43dc4aafaba4ec766b71217fdd14c73c3f518ca8351822552b8f6
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Collections.dllFilesize
249KB
MD544b5aeddba5aa88a23e330cb37feb578
SHA15443d16d862a64c090a40f5c3dd2083868d17360
SHA2568745aabaaa043e6d456b2b4d7864089bed544eb5204fc733b575e977b52b916f
SHA5124bff95f4d1a928de5927d6c354fca12f48a701ad44f8713457ead8f271cef19216b39d731399709fb628aa4562ce461a2fa98878be61d0f493b6e6bfb74c8170
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.ComponentModel.Primitives.dllFilesize
56KB
MD50833988a109e1e0b0f0d66751bea6f21
SHA1668f8420a79403cded0b868c123cf89310610d41
SHA256f958c4511bebb6e361367489e2fd6fb5d582b732809968890face5abb09b7956
SHA512e7ce435d318bd5074d7fcccaea938f4dc4aef95873e8d4c1320cb1e1ec1f7dd17deed0c2e3169bb0be0d0c3d2029c02ae3c93e04f3ad0d6021475127616d7807
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.IO.FileSystem.AccessControl.dllFilesize
80KB
MD52e189293fe78fc4fd452a19ef1beda88
SHA13d25f9de87ef1ded11cc5f06e865e249be000f0d
SHA2568b837830416fb89021876d89010d84fb5b16c768b23cca017050fedac71c8024
SHA51266262806f3a76e6db816832d87400354b037106073931f453ab56b16ef859c86421db5307e72f139067e82aa63561bb3d5fb47aef1f56837d0dabde5eb5e34ae
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Private.CoreLib.dllFilesize
8.2MB
MD5d3cfe3422fb4d5a93c1cf9807debd230
SHA141a3f27c2e812b24bdf269c9c590b300404bd5d9
SHA2565064262dc838d4fdd458a70312f6945f56e153519fa4d6808b34738018753625
SHA512e659f1290ce7b139d89eafea18d879ee029d82d361d9b3aa511b63aadc00a73f1821505e61633fe2aefcc8d73016471336b88ecf17d15c8aff9c5ac1299db21e
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Runtime.dllFilesize
42KB
MD52a2145894b1e24529c3ec57fe204bd07
SHA10cfb1d48f6bfebe85abce1443193ad8f818318dd
SHA25636764292c645fbbc92c31ecb3338f26093ac0f7e69f5c8f9b817b7b6f9f49ce2
SHA5127c2ace08599763e6f2105ad30c7d9df1b38ac9febb7816d98957960a6c3138e2978614b084d82a36bb495bf0d2e135fd660ea1c906efd3aa4ebef4104f717da1
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Threading.Thread.dllFilesize
15KB
MD5fe5b02d04529c09b3061001cfc844a92
SHA147b052cdcba01984b772a1a80f6f7fbc13ce1d21
SHA256a92ceb7028e904df862de5eb0cd48e12c6992ecf33916bef39797a3503ac837b
SHA512988c19a7d743aa7b2420e82df1fd9f6fb343d10cc5fdaf9052cc1f28b548b2f105cad3a6d74b6d7be9d98405bb6a423bc8a80b57f71a590d78ce00662187853f
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Windows.Forms.Primitives.dllFilesize
663KB
MD58ae763bf00876592bf7d7b93e4254ee4
SHA1bbe1f5e82a9a8a629eb6ccbfe93667fa3b3c0454
SHA2568f3ab666c6b6e2ff6e588e6a2c21cc6befc74e3e39dee096ffff0bbe655c8615
SHA5122d7f1b7df97fa49389f1a6e0cb1efc34ebf31e376b0e343d4adf2566f02549d8648bd903c578232e5cec09dbfd436637f3c7022bfcd1990607caae5c1945a6a3
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Windows.Forms.dllFilesize
11.5MB
MD5b61e108e4819bc703f7a511f0a58007a
SHA1541bc4bc341ddbca24162b31c389db393c5513a8
SHA256fed0c48f5bfa9693b79587b5e55c8927e6fc4bdd8f3f6f6d25bb3f15db46fd9b
SHA5124c8f55477219ad4308afef1b78af589cd0b7f74893136bc3cb2dbc7fc87ed11e3b7263ed264d99cee3a889d337fa7cab1ccc0bd24b559862ff72789c934586ca
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Xaml.dllFilesize
1.2MB
MD588f8ecfe3166e18f2b41d8b17fcbb482
SHA1898e6ac7466fb2f81fb96094b859e5577f3b5b22
SHA25688047cae06586b8f2d2c54e3229d0bf19ee1e224aa96c26358bd89c22834922f
SHA512067375d27b28023a342b0d6b9e91e041d9bda9514075cd5efca8214b530afcf1ff75229f4498c1a6362368642865389fffe961431d2470cf01c1ec3bc07db764
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\WindowsBase.dllFilesize
1.9MB
MD50f7a6e65d184213c41fa4b3e39fcbda6
SHA1f0825f4c1ca0d37367ff02f66a4b3c93053a102f
SHA256996e60b5d8e2109d6dc69e6e29462188f61fa4c70db2edf54070ea5174a206b0
SHA51291671c769e77c8ae6da3a3cd5a6f7f8f208c02a39f7f9bd2076b3ace23c96b681b8ae5e28de2fb9878819ac633bf46cf0bbc81fceb9ec5f7af8e4b6a99a7149b
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\clrjit.dllFilesize
1.0MB
MD5e127d23181160e02391e628192b1d08a
SHA1642c16276a9dc0c216e677be97df4e4aeb2836a6
SHA256ce9037b6998a8171cb53cfa3725cc9bddd95ceba7fe4f9fd9fb43ac667ce4601
SHA5127a557a26eb0442d79da66b34ff70c37d4e5d26c757493c58127265876c9c2d2da1e6cb9b70680ee4dbf3773dcb55b575010fc72b5528263f957b20f867d71465
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\coreclr.dllFilesize
4.0MB
MD599004b84b758edc90f90671221152667
SHA19a22738517dac9fc717d6f9324a24aeee6dc93e6
SHA256ab0ee337d10c8225134603f1dc5f70631fc7a3dc49500e254efca7c60b145f67
SHA512662c00d3bcf76eb8fb603a681ca029824ca1bb65064790da405e95db6c363ebe9cf897f8420b5f79b6653eed17aebcf81e4dfe81652f0dbe674ba4fd54c9adb0
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostfxr.dllFilesize
248KB
MD51bc17073c940e2cb486d4c5a361c5df4
SHA1218c6cfac172af7477039761ba03de0a899a3e29
SHA25650a853d23c8d2832da1183abd20ae446585cebcd902858f3bd0181fa4bf3c6b6
SHA512ace997a3e1460ba387d9a051384f981f872b6470652c64abb344a4a2c55e19388870989e6104bcae8b168df8c62d34c43853d61b9940ffff19d582f76a2ec7a5
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostpolicy.dllFilesize
249KB
MD5da0f874eeee4c0f45cd0a9bd044c7db7
SHA1c7edd0703429c6f49f7bae3a43366ef99e051d7f
SHA2564f3934c1bcac7827078702d9ef21ecd4af5652595a115bc578d026bb03b60bd8
SHA512c6577c80375fcc406d110254120e1d37a450ad2114b0c72a14045ee0dc064d7e3208ff599832d0ae6445c002b0993cee808153a83d47a21105f2f84cdd2aef16
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\static\public\core\minimal-981e9cdf8f1733c5922e.cssFilesize
334KB
MD5e3a0425c4d9a25d022c49bdeeb15c42d
SHA11faf1cc8abf9bc351827551d7d4548a4edc6a29e
SHA256577281d9bbccbef71522e3f9f930ebf0d91fb26c0459f75172910cc43e25a2b4
SHA51235fa151affdab631cec1ab3fa810a5c14ddaf1be7dada2a9d3a48e9305acad63f7dd70303e15fc5b822f1e002562963986b84334cfb6657106cb06220cc46ab3
-
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exeFilesize
1.7MB
MD5238b9152bd1f02939e2033cb9a21a21e
SHA12e7c8a10e6bf4bebe8fcb42f528002d1fd0d746b
SHA25625a9fa08338f0e155ef7ff25fc5470d8bd6c9c002326111e0fc2216709a777cd
SHA5128dc8b9fc1e2d32f4ee83b0eb1773c4689d3e9a8aea3e686271b7b31ecf88d824207c0f81ebd36846e717d2250b7c8a291b5538fde34909632d64ae221b3defff
-
C:\Users\Admin\AppData\Local\Amazon Games\App\config\versionFilesize
40B
MD5e5fd47d470b34f4852f4f8e054665d4e
SHA1a3a635521bebb5802784d4bbdb9e57eedde8488c
SHA256c5a98d833029251f42563562041e0841ebe586f47b99d34e17de7f4c9286665e
SHA5129d6df93d25b2b3466f30cb4a25e84fedbbdfe17a5e88c7a1b57da7507742dd922d8c8e5614b32aed196c5540f6866a34c8ea8fbe15bd358eddea293cbd67255c
-
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\51245239-901a-4a11-8c36-207adc4fe773.tmpFilesize
626B
MD503e51fa1d00600cb15c2f05521e3d7ee
SHA1ab22810d59fca4fa922a04a7376a77ceec1626ce
SHA25649b90ef3d8f2b59f6a5d55a139d663b8f1350df209f32652a25d17920ef577d8
SHA512ce88041b694dec3ddaf3824092368504fd532ac050d5d422d2f732447650d2484586ce378e884e58f9cf2fa6034e88d274652acbedbc21b903f29b844bc5002b
-
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Code Cache\js\index-dir\temp-indexFilesize
312B
MD55c06279913331cafda46f642ac12f8f9
SHA199b60754fa9a7463cc5f6e4ceb3109e4b09a6dbf
SHA25631bf613ea8518143b96c52520517c71b2c1d0efb6d1d903f66efd4ce62290c55
SHA51207cab63f158765233a7a8918008cb64be10332a397a99d7c6650aea1676876bc9b540b9757469722300dca8b861149d5cb748bef8414a239ddd077229d3d7b26
-
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Code Cache\js\index-dir\the-real-index~RFe593e09.TMPFilesize
48B
MD5f74517999bd046116191f464dec0d7a6
SHA1b05994163a7d548cf5e4048200ebd7e146ff3997
SHA2563d039ce25a9ed466c50b5b9a3cce228905155e898f6b9042ab5bfe80dcdd2855
SHA5121a6c016831424fca845b71f3df6e946cd12d75a900634056165ae8a0ea3b092b56ce1c78f5780fcbfd1f1ccfc7ac211ab64c12a585b687ad0bd1802c7420654c
-
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\TransportSecurity~RFe593e28.TMPFilesize
626B
MD5bf1a13781f4f7e3e46f9ea649bc040f1
SHA147cdd5b944ff33fe211226f51cc27013eb67844f
SHA25680ff7ca01bd4bf9a98d7171ef787fa98699f7241698f3631a71040ba41039f9d
SHA5120751e4e1b002b2f3dff7af5c7dac5ab329f2877cfbd0468cbe7712062c31806c811d7c73a60a925ace5bff43c57685437b36c08ef97742f5838eab3856905703
-
C:\Users\Admin\AppData\Local\Amazon Games\Data\Games\Sql\CommonData.sqliteFilesize
28KB
MD5fb0948531d6670dbab44abdcfc79335b
SHA14fbebb3510ca0a5446fd89153d2af95bb1b52f6f
SHA2560e67f05bbffde815066f3a357ffb082dd33b94cc37478baa4da7b0a401009c06
SHA512f06f49127de89ba173a33c28fbe5e44786283cb2e9b8f07af08b1263d0cb67e82f2913eae2756d6393182459c9b3bb2fa3857404d331f49fac139132778c2c20
-
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\ElectronMain\ElectronMain-2024-04-23-18-04-15.logFilesize
4KB
MD59111df2ab445588fa7786b20bcc91698
SHA1cb6a4f72aba49d3b909a62a3e74670ae95110171
SHA25602a4fdb43b0ba3a980870594f36f52cd2d26eb5668839d2dc4dbf6372276dae8
SHA5128979783f3f07e7860c93c5860c9188a8e6dfd5cc627a8c9f8e2a76c4ce3a7e1459c2faf508077e1992ebc7ae20919597330e03c70f54e2606ebac4bb05bf29ec
-
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Live-Install_2024-04-23_18-02_0.logFilesize
689KB
MD50941a27ea385dda3828cf234f2510d99
SHA1bb1d728a399eacdc99783ec35b4789c0a753e049
SHA256663b6b1dce9d15b5d26e62708b2dab8c82d775ad3f04c7f4b740487fad49763d
SHA51257b6933139613b7a5f846777fbf13112b901c7f917c8304f3616d641ad86941defbc2ce80d96b4009b7abef74606e4886bcd98ecabe084d49454259040cce22f
-
memory/1356-0-0x0000000000400000-0x0000000000607170-memory.dmpFilesize
2.0MB
-
memory/1356-1808-0x0000000000400000-0x0000000000607170-memory.dmpFilesize
2.0MB
-
memory/2828-1787-0x0000000073310000-0x0000000073729000-memory.dmpFilesize
4.1MB
-
memory/2828-1608-0x0000000073310000-0x0000000073729000-memory.dmpFilesize
4.1MB