aa79d46aa459af0d46da380af6481f51369da4c4080a009028e83857dcd844f2

Analysis

max time kernel
149s
max time network
147s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03-07-2024 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AmazonGamesSetup.exe
Size

1.8MB
MD5

02be3726c0a90958a3c30577d3b3a131
SHA1

bedbab8bd74a9d7313ba32ca033c81ec32c04706
SHA256

1a99f1054e51fe86416c59e5c526d69776fdabd7bb9831dbaab8582322121c7a
SHA512

662eaa8d3b112ef981d27832a2a46b0ecb55e2d1dcf49fe1fbd134e3c4e02758bc9ad3db2e25f53fc174e2083dd278967f405a768fdd814612c9a43bc6d1c713
SSDEEP

49152:G/mvl+01HHWra6IjgKDlUzIzsBKLxYqJKevCnuueO+0D17gM8s:bvUAnWrBq1ABzH

Score

6^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation	Amazon Games Services.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation	Amazon Games UI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation	Amazon Games UI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation	Amazon Games UI.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation	Amazon Games UI.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 9 IoCs

pid	Process
1664	Amazon Games.exe
2044	Amazon Games Services.exe
2332	Amazon Games UI.exe
2132	Amazon Games UI.exe
1936	Amazon Games UI.exe
1880	Amazon Games UI.exe
2636	Amazon Games UI.exe
2172	Amazon Games UI.exe
892	Amazon Games UI.exe

Loads dropped DLL 64 IoCs

pid	Process
2804	AmazonGamesSetup.exe
2804	AmazonGamesSetup.exe
2804	AmazonGamesSetup.exe
2804	AmazonGamesSetup.exe
2804	AmazonGamesSetup.exe
1664	Amazon Games.exe
1664	Amazon Games.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2332	Amazon Games UI.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 18 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open\command	Amazon Games Services.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open	Amazon Games Services.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell\open\command	Amazon Games Services.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe\" \"%1\""	Amazon Games Services.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell\open	Amazon Games Services.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell	Amazon Games Services.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\DefaultIcon	Amazon Games Services.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe"	Amazon Games Services.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell	Amazon Games Services.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\URL Protocol	Amazon Games Services.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\ = "URL: Amazon Games Handler"	Amazon Games Services.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\URL Protocol	Amazon Games Services.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\DefaultIcon	Amazon Games Services.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe"	Amazon Games Services.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games	Amazon Games Services.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe\" \"%1\""	Amazon Games Services.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games	Amazon Games Services.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\ = "URL:Amazon Games Client Handler"	Amazon Games Services.exe

Modifies system certificate store 2 TTPs 12 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	AmazonGamesSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	AmazonGamesSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	AmazonGamesSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	AmazonGamesSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	AmazonGamesSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	AmazonGamesSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	AmazonGamesSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	AmazonGamesSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	AmazonGamesSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	AmazonGamesSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	AmazonGamesSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	AmazonGamesSetup.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1664	Amazon Games.exe
1664	Amazon Games.exe
1664	Amazon Games.exe
1664	Amazon Games.exe
1664	Amazon Games.exe
1664	Amazon Games.exe
1664	Amazon Games.exe
1664	Amazon Games.exe
2044	Amazon Games Services.exe
2044	Amazon Games Services.exe
1936	Amazon Games UI.exe
2044	Amazon Games Services.exe
1880	Amazon Games UI.exe
2636	Amazon Games UI.exe
892	Amazon Games UI.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2044	Amazon Games Services.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2044	Amazon Games Services.exe
2332	Amazon Games UI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 1664	2804	AmazonGamesSetup.exe	30
PID 2804 wrote to memory of 1664	2804	AmazonGamesSetup.exe	30
PID 2804 wrote to memory of 1664	2804	AmazonGamesSetup.exe	30
PID 2804 wrote to memory of 1664	2804	AmazonGamesSetup.exe	30
PID 1664 wrote to memory of 2044	1664	Amazon Games.exe	32
PID 1664 wrote to memory of 2044	1664	Amazon Games.exe	32
PID 1664 wrote to memory of 2044	1664	Amazon Games.exe	32
PID 1664 wrote to memory of 2044	1664	Amazon Games.exe	32
PID 1664 wrote to memory of 2332	1664	Amazon Games.exe	33
PID 1664 wrote to memory of 2332	1664	Amazon Games.exe	33
PID 1664 wrote to memory of 2332	1664	Amazon Games.exe	33
PID 1664 wrote to memory of 2332	1664	Amazon Games.exe	33
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 2132	2332	Amazon Games UI.exe	34
PID 2332 wrote to memory of 1936	2332	Amazon Games UI.exe	35
PID 2332 wrote to memory of 1936	2332	Amazon Games UI.exe	35
PID 2332 wrote to memory of 1936	2332	Amazon Games UI.exe	35
PID 2332 wrote to memory of 1936	2332	Amazon Games UI.exe	35
PID 2332 wrote to memory of 1880	2332	Amazon Games UI.exe	37
PID 2332 wrote to memory of 1880	2332	Amazon Games UI.exe	37
PID 2332 wrote to memory of 1880	2332	Amazon Games UI.exe	37
PID 2332 wrote to memory of 1880	2332	Amazon Games UI.exe	37
PID 2332 wrote to memory of 2636	2332	Amazon Games UI.exe	38
PID 2332 wrote to memory of 2636	2332	Amazon Games UI.exe	38

C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
  "C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe" " /channelId=87d38116-4cbf-4af0-a371-a5b498975346"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1664
- - C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
    "C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe" "/appIpcName=AgsLaunch-App-Pipe-1664-1" "/coreProcessIpc=CoreProcess-Desktop-1664-1" " /channelId=87d38116-4cbf-4af0-a371-a5b498975346"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:2044
- - C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
    "C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" "--appIpcName=AgsLaunch-App-Pipe-1664-1"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2332
  - - C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
      "C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=gpu-process --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --enable-gpu-rasterization --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=996633530453286117 --mojo-platform-channel-handle=1032 --ignored=" --type=renderer " /prefetch:2
      4⤵
      Executes dropped EXE
      PID:2132
  - - C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
      "C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=utility --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --service-request-channel-token=9231588390363730714 --mojo-platform-channel-handle=1424 /prefetch:8
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1936
  - - C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
      "C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=1176364511797248632 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1668 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1880
  - - C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
      "C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=4611706300489442804 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:2636
  - - C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
      "C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=gpu-process --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --enable-gpu-rasterization --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --service-request-channel-token=632278421001797710 --mojo-platform-channel-handle=1032 --ignored=" --type=renderer " /prefetch:2
      4⤵
      Executes dropped EXE
      PID:2172
  - - C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
      "C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --no-sandbox --no-zygote --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=6146074084904742019 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f65a5300f5312b5cc278df954d406ca3

SHA1
4c213effb16bb4e2c9f37d2c6bc51fb0128c016a

SHA256
4495dbdd5d3b492cee5aec4edf0ace3d35176d751ce2cfd069360d576684970d

SHA512
03b9ef35349120cfe0d93b83d5693973a76465cb0355a7c4b6fbdefec12af20ea71208a6bfb0063440f54a2646135c8cf49faa958cab73c64c0f440f5abd8dad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
362ef001d8d55d68d592e7507a7b2925

SHA1
35e73523fd136529fdb32eaf181408cb190e1368

SHA256
7e68d0716f9b23599d4e5a614c6ace22495e9e5864f15d9c7109d4dd8d7bf33f

SHA512
abe2860d2033b47fcdbc0f5fc1107c7e8dabda7da3f9ca564e9977c6635363c226e39e7b4a1869b76aaa1a325de7cb7d4a1dbc045fa898da76578eba23e6313c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b2c7a980e39f135235b13456db9813f

SHA1
73e358df51c0055f54f2aad06a6064b6a1ce5ebf

SHA256
8c952c4bcc2ab119359d74a1d12c0633cd4325817c8b0606453d372415ca713d

SHA512
ab380740c07673680cd342716dd1603b37d584250f15aa05091d7bcc72d8efe72a315a47a866577dc70b42b82c24438a9a15452b4fd37fa9b1bed3cb5380e0c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddfde6512ce397ef7c25f14347077265

SHA1
e7ef728538d2577616e9072195d15ea352afaa72

SHA256
10ee6cae4b615fe50a81a2c4315990a052fea84aaef6ec0fc1d7dd69edd44617

SHA512
f8da2937aeb0bcf10588341e02618f0694c0b0bfb69fbd965a41286a08f926d683469488e7f15c0b90ca19c2412cf9e0ff715c9185173ee85281d74accd4d55e

Download Submit
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Private.CoreLib.dll

Filesize
8.2MB

MD5
d3cfe3422fb4d5a93c1cf9807debd230

SHA1
41a3f27c2e812b24bdf269c9c590b300404bd5d9

SHA256
5064262dc838d4fdd458a70312f6945f56e153519fa4d6808b34738018753625

SHA512
e659f1290ce7b139d89eafea18d879ee029d82d361d9b3aa511b63aadc00a73f1821505e61633fe2aefcc8d73016471336b88ecf17d15c8aff9c5ac1299db21e

Download Submit
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\static\public\core\minimal-981e9cdf8f1733c5922e.css

Filesize
334KB

MD5
e3a0425c4d9a25d022c49bdeeb15c42d

SHA1
1faf1cc8abf9bc351827551d7d4548a4edc6a29e

SHA256
577281d9bbccbef71522e3f9f930ebf0d91fb26c0459f75172910cc43e25a2b4

SHA512
35fa151affdab631cec1ab3fa810a5c14ddaf1be7dada2a9d3a48e9305acad63f7dd70303e15fc5b822f1e002562963986b84334cfb6657106cb06220cc46ab3

Download Submit
C:\Users\Admin\AppData\Local\Amazon Games\App\config\version

Filesize
40B

MD5
e5fd47d470b34f4852f4f8e054665d4e

SHA1
a3a635521bebb5802784d4bbdb9e57eedde8488c

SHA256
c5a98d833029251f42563562041e0841ebe586f47b99d34e17de7f4c9286665e

SHA512
9d6df93d25b2b3466f30cb4a25e84fedbbdfe17a5e88c7a1b57da7507742dd922d8c8e5614b32aed196c5540f6866a34c8ea8fbe15bd358eddea293cbd67255c

Download Submit
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Amazon Games\Data\Games\Sql\CommonData.sqlite

Filesize
28KB

MD5
fb0948531d6670dbab44abdcfc79335b

SHA1
4fbebb3510ca0a5446fd89153d2af95bb1b52f6f

SHA256
0e67f05bbffde815066f3a357ffb082dd33b94cc37478baa4da7b0a401009c06

SHA512
f06f49127de89ba173a33c28fbe5e44786283cb2e9b8f07af08b1263d0cb67e82f2913eae2756d6393182459c9b3bb2fa3857404d331f49fac139132778c2c20

Download Submit
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\ElectronMain\ElectronMain-2024-07-03-05-45-11.log

Filesize
818B

MD5
4b7caadd5bbaca89cab1ee3e225982d5

SHA1
6d3be33e462bd059d951bdbb4a74ee552a014978

SHA256
1e16190f0d3f4c1c3885d0b0b110868407d97bc40fecfd872ed79ea9aaea1c83

SHA512
5291b1952d59bc4256bedfdcacca82646724293d20ca79f53771aabe9ce040756e2dd86bac202d07f0f85263c8e0adc42ed5c29d510860f04b9717eb425675e5

Download Submit
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\ElectronMain\ElectronMain-2024-07-03-05-45-11.log

Filesize
4KB

MD5
137c457348234fbe11fc1c3be550e408

SHA1
585a2ff26d70a3151e882c4c2db5e7f604107541

SHA256
c2a799ecd281f301fe97dbc7ef1f5292526c77e6160031eff5bba5341b4f565d

SHA512
b9dab4aeb638cc3a87ffb69c95cf196b8c301112ea1e99ba8105dad5800ba53a12b8c58dfe4382333f3247902ac61a34a49f1ee60109d07e4dff21df5a5b65f6

Download Submit
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Install_2024-07-03_05-42_0.log

Filesize
648KB

MD5
e83eca7f0900b7a333ba8f5052e72685

SHA1
b41b3e1ffd548e6fe7c48737cba94f4082065736

SHA256
e72a544d8505e66569e9a31e3b8bafb196db45563dee46852240c42d485aa391

SHA512
8b7df373626897d2459c710adaef36a9ae92c2e330c026fc68eba1b10076c427ed9e3595a4d7d43ba3aaad309adce9fce1023b09825af90f0236ac452b200b0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1289.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar12CB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.dll

Filesize
289KB

MD5
deba6c8e0c0d675d603a6abac1758405

SHA1
a7256d4a7edfe4cf9ef2acfb666e885b8a94af21

SHA256
e19a9367128f32949f564dc56616d4634ad76906a38df14aa54e071a16edddbd

SHA512
fe37ed5960b4d41754cf7ccf1058779689c2a35f29a38e698f880a27640cd7e853ebf6d2f4c9e9d15d98c3e363fa6cb7c7b898fc4ea60061d31d7106a7713c6c

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe

Filesize
164KB

MD5
fe23656081c5bd7b8ae9ae2b9d839626

SHA1
b9ffcbe686da844867de4ec7d6ed7cd7461a7932

SHA256
8fd08ad4c69a69de51c4cb636ca793b60d9008eb27fa3ee8fae2685dab082d4b

SHA512
23f892c00847f73d4a1a627ef0677c4808d2ff5ff330a6795f5949e572eb189549c96b1bc0f043cec251cb1b66e834690a6ab295dbc6a9ab1bd2c39b0dfc715f

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Runtime.dll

Filesize
42KB

MD5
2a2145894b1e24529c3ec57fe204bd07

SHA1
0cfb1d48f6bfebe85abce1443193ad8f818318dd

SHA256
36764292c645fbbc92c31ecb3338f26093ac0f7e69f5c8f9b817b7b6f9f49ce2

SHA512
7c2ace08599763e6f2105ad30c7d9df1b38ac9febb7816d98957960a6c3138e2978614b084d82a36bb495bf0d2e135fd660ea1c906efd3aa4ebef4104f717da1

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
2f3ed68e88962a3db91fddff116043c6

SHA1
f89f28cd1a2afb247c483ec5d3373687acd9f0f3

SHA256
94285b076bc56f70b600340cb8e462fa860745a4e259a01a5faf200365b626eb

SHA512
99965f02106a278ccffa953849546008595a38eaa21e81f6b72d8635931b6e32bdb44c96e4ed52df374ed765138ff5e2a97d6dd1878e9bb062d7d5b7332bd247

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
5ee963beea8ab70e4837b3ddc3dfa780

SHA1
08d253b2d5d44f4f01c5c8cd32a53202f46ea050

SHA256
7ec7ff7c30d637a2b2bdf202befc401d9840bd38aaf10633c7cbf03aaed80ba3

SHA512
c1cfc308a25196c1661e579f270aebb40685fbb478590be155a65cd79dda03d70ef53211fff6e1fc0c07b620ea92e05db8529b707c41e0aa7f3f82f23d764fdf

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
1d309498972c67db409bff7c34ad30af

SHA1
0bc9a4d52e482129bb3e52ad6c6b12bcb3f9f27f

SHA256
2f0973102f1d2e78158e80b0eea8a5f63085cb3088624227bc89c337dcea96d3

SHA512
933380e33119a42de01d06ea2aa9970f1db5f3a9a9dcdd08d35e18ed6365f75b94cf3a146f11e6f3f3c8da118f46a6224f3fd0e2c1736c9d667b948dca794d4f

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
3041be8b8f3e2e99d6f7fafcaf428648

SHA1
9ff03d218278bd12fc1406d21d58f5c4dca8e3c2

SHA256
7f1a83c6b5d0a856ea8c7952fd4c637a9ac7e663a620571afdcec7af6c68a960

SHA512
dcb59dd2ebafa0ac64fc35dbf6b9ce3c22bd857a93e64bd64b53c9c35dec3c026b6d25c9a848968dd00cb8dd01b4b6755fa2273b540e1db7ccfce32a2a97f112

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
e162b53ff1f872345471989d20374f36

SHA1
232c1427096188e791ab0db44bf309cbefe20413

SHA256
3f61c83e3dcbe7f03195efcbabd9fd1ca75ee6359828e45733a53cc1fb1183f6

SHA512
2d60d609cb281cd4f2fa1c6369d2f75afa0d9f43df681a5f42e85f51d5bf57bb4e23c8e041b3fbae703706b8f82db9d27d1f650cf5bb9088e4f222ce1734ffd9

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
a99dafdd0eb1668ae60d4898338dbed3

SHA1
504687e909f0730e3c4db6ee14578b055e99743d

SHA256
ed383bc5365e2d9ff18c0867d4e2f8682ced6e45b0875b55cfcfb7bc87e6b301

SHA512
72af70f554a66280d6ac53a0cac342dc6e0b7fb8975757a404576101fd0f7445a1bcc8778fe5d7084f382a843710af4c94a9fcb9c230931b0b8b5e5ad3dcfa53

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-convert-l1-1-0.dll

Filesize
15KB

MD5
b42f3df73d062dcf7c61eb3e455fe1c6

SHA1
cdba01951de434f36b9100c7db2316bd0728abac

SHA256
3d205605ed371704d2de5fa0511fb4ad2f791c81e5781ed3c4464881efd8523b

SHA512
b70c49f8494b600483a858210a5bb73c0a052460e34aa16290f32ec6af68095b38b7436fbae34273048ecd058c7fd40ce1c6184ea21171afe291c29e249253f0

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
13KB

MD5
e795f694529fc430e0b0e25884e6a24e

SHA1
6c86a0bd746f55fd731a30f378e5f21c4fb2e2b7

SHA256
0ebae37459eb25ef518c47c454e6af81b076d0fdc5fed1674806551259435584

SHA512
c71622d473c68d7ae87cba663f38c08fb1b4ec0786e364f6863fbdf2711a7faac1e5cd18ba0912c318627cd58d7fc836ef0dd993a9444c846ec298502e04fc66

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-heap-l1-1-0.dll

Filesize
12KB

MD5
fb887fed29c62e516005fadb6838d521

SHA1
c1b783800f33aed8f67953e0816c1792e976c62a

SHA256
f989de398e969df49c108ef53f5e152eb35f7a7d0e19974aa9f24a995e5c9e11

SHA512
d895e2c83578400174bd0d316e790b1b5c7400b7e24f8ac4ab1964701821f4ae7fac4ef308e4bdd09ad774cfcd54b1f0176da0911437759439a1e2a0d99cb13d

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
49c9af5961980346905239d9988cd041

SHA1
d679539617cf74ec04d75f450ef93d94abecac28

SHA256
f7cb5d3347d5a13b8bcce06821ba75043fce87f298131e23155753b56a48297e

SHA512
f2e04aff6d502d47946d8f0f9337e81fcc9c23608163d276c3cd304b3ef42e4d07d6f00e3606a6c2f2eadefc23fda3af55c1cefb7912def815e5c339208719b0

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
b330487f1ccd5fc821fa117f8b57a5b4

SHA1
c32a5df20c4380aa5666011d860c1ce2fbfd354c

SHA256
5e40b97f5e5a1577bf30e91dfacc0e74e1cffb6c2beb270777cc0a5db065947f

SHA512
a5e4f57a94ec1bca577288458413627ec9b2c5d7b71d5f27a2c153002a9dd4dbdd128c89c35623b3f038a94844a50622ff65751476a5eef932765a96cb3ecc1c

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
16KB

MD5
0792930cced35a6b7afd0548a380d5d1

SHA1
45139b80525961c5aadffc3b4e44720f144da878

SHA256
f0e0d8b65a8cf88355a7c2fd401cee5ff4bcb7965a888f4361ad14a054517fd7

SHA512
df1ca5b417e5ec7a6600eee4e5ebb8de557ccd7883174ca47e4b69e0138c6af4afeae0cb2d2f8c3b32c128e92c725dcd4739d40911e15571bc5573289796f3d5

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
17KB

MD5
38799420c40507472fd54b3ba205db3e

SHA1
84d04a2e360f16da027b84d51aab649154979232

SHA256
eec15efdf7caa058cb7f721a1c4e5d3f1c97039c4b6bfe2b32f789e10756106f

SHA512
cde6ff6b3dc908dcf932b4e308c99589af3bcfe8aa06a416db107e948616ba7517c3ef882a59fbecf2b3ea92290f90123d5a6f4c355bc1d89a5f4745ee886833

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
2c4f5369a8c60a6d8107f474d2942859

SHA1
9e52ae6e0397672fdbf251217cea25201f11004a

SHA256
c8138031537a27fd364f359d48db88485c4a0d668ed2983ff5f6edf0bffcd91f

SHA512
efe27d138cdae009e4aea9aaf31c899cc60389ed644f042ff3b656c3a24fc8a98420d90ad86fa16ef95bd14b918eaaab926f2ad20ad47e0831842eec2b136a29

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
e78951b33f1a259b3b9c0b406ac816a4

SHA1
22ab7641feab19e0d3c2992f377c4164e3f7e74b

SHA256
62886805ad32f151b6230358e1da74db1bfc8adbfdc316fda111cb8431a733d8

SHA512
9f6d378326bf9102b9983053f105c51ad09cb80f478ac97af9269bfe2633f3210a9ae56e55dee6eadc00f5f7841654a13f1d274bcf590de56ceb3e68674bcec5

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
1d8042874eddebe39e60fbf8e1dfd3d0

SHA1
aac2ee2ea006022646b6c0d7cea93e248cff62f1

SHA256
4e71c955de0a9e71ecd6749d73f6f07364bea34c125a61261a9efe2b76ba98e5

SHA512
a74eaafaf0643935a5de9138059b08d972a05cae3f859fe7da28a370e2a4fb46ae00d8b986afa06f353eef2db104e60a5f40f07a5a87ccbe644e8f433b29b621

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\clrjit.dll

Filesize
1.0MB

MD5
e127d23181160e02391e628192b1d08a

SHA1
642c16276a9dc0c216e677be97df4e4aeb2836a6

SHA256
ce9037b6998a8171cb53cfa3725cc9bddd95ceba7fe4f9fd9fb43ac667ce4601

SHA512
7a557a26eb0442d79da66b34ff70c37d4e5d26c757493c58127265876c9c2d2da1e6cb9b70680ee4dbf3773dcb55b575010fc72b5528263f957b20f867d71465

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\coreclr.dll

Filesize
4.0MB

MD5
99004b84b758edc90f90671221152667

SHA1
9a22738517dac9fc717d6f9324a24aeee6dc93e6

SHA256
ab0ee337d10c8225134603f1dc5f70631fc7a3dc49500e254efca7c60b145f67

SHA512
662c00d3bcf76eb8fb603a681ca029824ca1bb65064790da405e95db6c363ebe9cf897f8420b5f79b6653eed17aebcf81e4dfe81652f0dbe674ba4fd54c9adb0

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostfxr.dll

Filesize
248KB

MD5
1bc17073c940e2cb486d4c5a361c5df4

SHA1
218c6cfac172af7477039761ba03de0a899a3e29

SHA256
50a853d23c8d2832da1183abd20ae446585cebcd902858f3bd0181fa4bf3c6b6

SHA512
ace997a3e1460ba387d9a051384f981f872b6470652c64abb344a4a2c55e19388870989e6104bcae8b168df8c62d34c43853d61b9940ffff19d582f76a2ec7a5

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostpolicy.dll

Filesize
249KB

MD5
da0f874eeee4c0f45cd0a9bd044c7db7

SHA1
c7edd0703429c6f49f7bae3a43366ef99e051d7f

SHA256
4f3934c1bcac7827078702d9ef21ecd4af5652595a115bc578d026bb03b60bd8

SHA512
c6577c80375fcc406d110254120e1d37a450ad2114b0c72a14045ee0dc064d7e3208ff599832d0ae6445c002b0993cee808153a83d47a21105f2f84cdd2aef16

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\ucrtbase.dll

Filesize
1.1MB

MD5
5fef2fd676d7a1ac1bbf2cc9ba5c1a29

SHA1
3716deef1ba1915e06111199b1b6ab9e1d0649a4

SHA256
1f1ce96469c20279003cf9ec59f452febed2dd7f6e6c055ae8019216105c8f3b

SHA512
d6ebd0a633075040237bd30447af9d88672163f40f2ecd4197c9b4fb191225212b789cd514ce2f81f695cc485173705582e4dbf6b8f9fc40c03936a31919e064

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\ffmpeg.dll

Filesize
1.9MB

MD5
a7942e3c5b8ce9c602fe8c64d9e8a42b

SHA1
eada931fd2054bcb3159aae30221d067f8bc39e3

SHA256
7d0ea22c750c6df0872a9cf76b55a62e197db1bdd6ead8ed967d627a84255994

SHA512
20699ac7a6b6d41e8748b0a13b7e949224e458d798442cf2d7fb5e2b06d4201f10378136d0ddc373ca5ecf405505565ff5e2fa6bdc86e49dd3d3b3f1a16df57e

Download Submit
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe

Filesize
1.7MB

MD5
238b9152bd1f02939e2033cb9a21a21e

SHA1
2e7c8a10e6bf4bebe8fcb42f528002d1fd0d746b

SHA256
25a9fa08338f0e155ef7ff25fc5470d8bd6c9c002326111e0fc2216709a777cd

SHA512
8dc8b9fc1e2d32f4ee83b0eb1773c4689d3e9a8aea3e686271b7b31ecf88d824207c0f81ebd36846e717d2250b7c8a291b5538fde34909632d64ae221b3defff

Download Submit
memory/2132-1904-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download