Analysis Overview
SHA256
aa79d46aa459af0d46da380af6481f51369da4c4080a009028e83857dcd844f2
Threat Level: Known bad
The file 21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
BitRAT
Downloads MZ/PE file
UPX packed file
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Downloads MZ/PE file
Checks installed software on the system
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks computer location settings
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Unsigned PE
Enumerates physical storage devices
NSIS installer
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies system certificate store
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Scheduled Task/Job: Scheduled Task
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-03 05:42
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-03 05:42
Reported
2024-07-03 05:45
Platform
win10v2004-20240508-en
Max time kernel
99s
Max time network
106s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3684 wrote to memory of 2420 | N/A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe |
| PID 3684 wrote to memory of 2420 | N/A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe |
| PID 3684 wrote to memory of 2420 | N/A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"
C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe" "/nopatch"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.amazongames.com | udp |
| GB | 18.244.114.82:443 | download.amazongames.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| US | 18.234.8.50:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 82.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.8.234.18.in-addr.arpa | udp |
| US | 18.234.8.50:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | gaming.amazon.com | udp |
| US | 18.234.8.50:443 | det-ta-g7g.amazon.com | tcp |
| US | 18.234.8.50:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 52.46.136.120:443 | unagi-na.amazon.com | tcp |
| US | 52.20.206.121:443 | device-metrics-us-2.amazon.com | tcp |
| US | 18.234.8.50:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 120.136.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.206.20.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 52.20.206.121:443 | device-metrics-us-2.amazon.com | tcp |
| US | 67.220.243.81:443 | unagi-na.amazon.com | tcp |
| US | 8.8.8.8:53 | a8718q4nc6.execute-api.us-east-1.amazonaws.com | udp |
| US | 3.222.247.153:443 | a8718q4nc6.execute-api.us-east-1.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 153.247.222.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 139.16.195.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.243.220.67.in-addr.arpa | udp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 52.54.36.84:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 8.8.8.8:53 | 207.165.129.174.in-addr.arpa | udp |
| US | 54.157.203.98:443 | device-metrics-us-2.amazon.com | tcp |
| US | 8.8.8.8:53 | 98.203.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe
| MD5 | 3f1a9950778e30d7e742506da20c0c14 |
| SHA1 | e61f35b01bd30aeb144b9136b52239956e0f1d7e |
| SHA256 | f6e6eb9e27a83689960f2438d86512092db2532c97d460e9b2e6a23834fa48f3 |
| SHA512 | 43f84f1d28bf6ebbf338970c20ecbb153bdbf4d199d036136663c26a504d6ad454dc18cb108e90b4329c74b483e82b513462e119d1f8df01b2e926e123c38808 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Install_2024-07-03_05-42_0.log
| MD5 | 3492e47ae90f01ced3332f5ba766e54d |
| SHA1 | ee98df4a6ba6441deba67f11c6cc606739677f6d |
| SHA256 | bea103ae11831223117890db8c887f3993974c4f36e1d28a167500ef529d3a84 |
| SHA512 | 7cc275a774325ab6a9b0c2495c8f9c864c4541a6a751105e1cb4d954e805ab6415767608cfb54cd2a871e021e5826186efb42f06ceb21b911cf11921c90781af |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Live-Install_2024-07-03_05-42_0.log
| MD5 | 3fc92f03a907f7efc7f88746b7c56cba |
| SHA1 | d3f69ed38285e33f012eabef54390b44bdb16d5e |
| SHA256 | 5349d99a04c6cba8333b48a4f381e3675124295eb43e4686d8c69ee1c813c27b |
| SHA512 | 8441ff9e9081f00336a705e37be51437cb65eb38d39b65b82672054bcfbc30e43fb3628fc8bf8886130b8b7d00b09c9013019946728bffb35728128b85e71cf3 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-03 05:42
Reported
2024-07-03 05:45
Platform
win7-20240221-en
Max time kernel
149s
Max time network
119s
Command Line
Signatures
BitRAT
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2336 set thread context of 2568 | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmpE6F5.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
Files
memory/2336-0-0x00000000743D1000-0x00000000743D2000-memory.dmp
memory/2336-1-0x00000000743D0000-0x000000007497B000-memory.dmp
memory/2336-2-0x00000000743D0000-0x000000007497B000-memory.dmp
memory/2336-3-0x00000000743D0000-0x000000007497B000-memory.dmp
memory/2336-4-0x00000000743D0000-0x000000007497B000-memory.dmp
memory/2336-5-0x00000000743D0000-0x000000007497B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpE6F5.tmp
| MD5 | 8b5857f528414e7a411f2e387703bb34 |
| SHA1 | c2c11c832dd6a4f792a35d9eee815b557549afdb |
| SHA256 | 98eb38f9fe051a3f86c8e39fd5720ab088809c76e20c5bd37c9ce952d0c3c928 |
| SHA512 | 422ce404785b3b5293e30fc18a742aa4dab2b8593103b4058454ba8f1a38271c4d2949f5d60fad555ce91b835270869fa8b0645be23acfbe60e108cb2269f783 |
memory/2568-16-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-18-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-20-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-19-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-17-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-12-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-11-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2568-9-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2336-21-0x00000000743D0000-0x000000007497B000-memory.dmp
memory/2568-22-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-23-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-29-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-27-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-26-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-30-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-31-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-32-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-33-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-35-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-34-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-36-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-37-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-38-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-39-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-41-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-40-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-42-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2568-43-0x0000000000400000-0x00000000007E4000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-03 05:42
Reported
2024-07-03 05:45
Platform
win10v2004-20240611-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3476,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmpAE5C.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
Files
memory/2976-0-0x0000000075352000-0x0000000075353000-memory.dmp
memory/2976-1-0x0000000075350000-0x0000000075901000-memory.dmp
memory/2976-2-0x0000000075350000-0x0000000075901000-memory.dmp
memory/2976-3-0x0000000075352000-0x0000000075353000-memory.dmp
memory/2976-4-0x0000000075350000-0x0000000075901000-memory.dmp
memory/2976-5-0x0000000075350000-0x0000000075901000-memory.dmp
memory/2976-6-0x0000000075350000-0x0000000075901000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpAE5C.tmp
| MD5 | 8d9bb847c6312d22200ac067d8437062 |
| SHA1 | 3397fb88ccd00859bb83eb90073d63cce8ee4f6e |
| SHA256 | 35fd829dc12c2e19e06d25677c01c75e9d144ff69ae13542d90b3ad9f58d0602 |
| SHA512 | bf4f990bb7b74075ebd8302e59745baf709547af0ce771a712b472e927ea081fd602e2e9bdcfe17347e0872959dfca14b9aeff638bc9332fbd94cdff700cfc93 |
memory/2976-11-0x0000000075350000-0x0000000075901000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-03 05:42
Reported
2024-07-03 05:45
Platform
win7-20240611-en
Max time kernel
143s
Max time network
154s
Command Line
Signatures
BitRAT
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2008 set thread context of 672 | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"
C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmp5773.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.amazongames.com | udp |
| GB | 18.244.114.55:443 | download.amazongames.com | tcp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| GB | 18.244.114.55:443 | download.amazongames.com | tcp |
| US | 52.54.36.84:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | d34q08dqzz17tk.cloudfront.net | udp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 34.237.111.59:443 | device-metrics-us-2.amazon.com | tcp |
| US | 52.94.242.239:443 | unagi-na.amazon.com | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 34.237.111.59:443 | device-metrics-us-2.amazon.com | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 52.202.2.34:443 | device-metrics-us-2.amazon.com | tcp |
| US | 8.8.8.8:53 | d34q08dqzz17tk.cloudfront.net | udp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
Files
\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
| MD5 | cef6d09b553a93f81942da9838b1ac57 |
| SHA1 | c32fbf54b54dadabbae600645c417c163234daf5 |
| SHA256 | d9aa21479a1a55d57839aee6310cd6853b2bc5215337aa72316a96f7be7ff3e5 |
| SHA512 | 05ed612b7d2e14b034a391d45b578e0eda2b52be3b8eeccb3534872de61d05d95b4b3e7f10bfa01ef6913d29a24404c8cf635c804f9fbe2820321078d1007928 |
\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
| MD5 | 02be3726c0a90958a3c30577d3b3a131 |
| SHA1 | bedbab8bd74a9d7313ba32ca033c81ec32c04706 |
| SHA256 | 1a99f1054e51fe86416c59e5c526d69776fdabd7bb9831dbaab8582322121c7a |
| SHA512 | 662eaa8d3b112ef981d27832a2a46b0ecb55e2d1dcf49fe1fbd134e3c4e02758bc9ad3db2e25f53fc174e2083dd278967f405a768fdd814612c9a43bc6d1c713 |
memory/2008-13-0x0000000074A41000-0x0000000074A42000-memory.dmp
memory/2008-14-0x0000000074A40000-0x0000000074FEB000-memory.dmp
memory/2008-15-0x0000000074A40000-0x0000000074FEB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab8FF2.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA48E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 922e24275b45a3e08b5b622c1a9888c0 |
| SHA1 | 10f84632849bec8845fad5a11cc234ed23813e7c |
| SHA256 | 60d2e265f64a62f0631a8c2902971b4435ef7d904427811d556f9287234dccc0 |
| SHA512 | 813da433a32d293ce197207981cdee4a9455ecb74d95895a40482ea3fec69be8655faa6d64d9be32a9f0dd6dbfd7c6b20ba29de31f0dcc3400fbf9619331f6e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df45ec9c5efc379d446150bbb7d76c39 |
| SHA1 | 72e0f912aa674a23e9762802055a38b7ed40b100 |
| SHA256 | 6ad44e28d96b4f7822069722a066e9247fb74f027d5bebf639b271c81b6ac255 |
| SHA512 | ced94bdaaa8287519f2682074a2b52c25746402e1efdd1b1fefa2209c31f2bedaacfe6101ec686bb57c86ac912c1165e55c65d0011b0cf07036e3f7ae5a010f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13d04aa8a1f299dd611d12e9116b72e2 |
| SHA1 | 3d7cf67c68e3bbf85f8ea6e4da4cf79f128764b1 |
| SHA256 | e3407e125c395a270596297a57dc7890f2b8065fb9bf39eb138f71217de715a6 |
| SHA512 | 430461988266d7ffd3fbe1a63b267358376ddbf8bb592d6a6865f86d4da776d8440e2a07a1186b2c366aa639dd47871a65850d111376ce7b72e286bd63c4073c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 6087d509e398ce20c29f51a065f35dc1 |
| SHA1 | 01ce90a1ba5475477838738d8d581bd32c82fc5d |
| SHA256 | 9ddbc89adec6e31dd3fc2869a12a762099986bfdd194f194330848c91b1fd0b6 |
| SHA512 | 6c9868a940541172ad05599fd20e22a62f2e635820e7cdc1747ada4a7d91211ac683af34084586dcb45194b6792bdf99e7c8ffa3e3b803cf49642d284b4365e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84adda7b4347318a29891da1e3f0dcfe |
| SHA1 | 43525faa8c9dd2495e04240e8a8b26b6bea9ddb4 |
| SHA256 | 9ebd3a077a53d00b31948b89e7dfde9cfb335e565d63dc0de017019d6b5a1f2a |
| SHA512 | 5afa2ad51d155706a5011390df79070401ba27ffb2ac732ebee70fab52d63c9fc2202377cd9b343768aee075e828c02525dd65797fb8e267cbd5ff0fc470a874 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da7ab59ab2a89c170dd5df217893f37b |
| SHA1 | 30f89828fe1341d12eb1c54de7773c2d9cadbe9b |
| SHA256 | e55b1daac575ee0e28b1ab9f69c253e62f6218d9050e6cbe892bed2e4ecde214 |
| SHA512 | c1787a9b8a9602ca8f7733ade60904390a969b2e959eed7eb92fe0eab0ef046d7c1535cee6025a57a95c46346fc8c53f199b6a81bddd4d898e8220a2f07b4da4 |
memory/2008-249-0x0000000074A40000-0x0000000074FEB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp5773.tmp
| MD5 | 284fd59f49da1500d8c45952b5522b6b |
| SHA1 | 4a5fde9561effd14110c57914f09b68a977885e4 |
| SHA256 | a585fa86d0e738430dc701ebb76f1d589ad1d22c800e7f6eb89ac4cf703561cc |
| SHA512 | be408c5fbe5e128dd1d8ef02740f3133e50d2f440100cc9a8075194ede8e400b3b83cff135bfcc191c6437e2613c3dc34ba078eb3dd51743eb36c3a2096818f6 |
memory/672-1769-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/672-1781-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/672-1784-0x0000000000400000-0x00000000007E4000-memory.dmp
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\static\public\core\minimal-981e9cdf8f1733c5922e.css
| MD5 | e3a0425c4d9a25d022c49bdeeb15c42d |
| SHA1 | 1faf1cc8abf9bc351827551d7d4548a4edc6a29e |
| SHA256 | 577281d9bbccbef71522e3f9f930ebf0d91fb26c0459f75172910cc43e25a2b4 |
| SHA512 | 35fa151affdab631cec1ab3fa810a5c14ddaf1be7dada2a9d3a48e9305acad63f7dd70303e15fc5b822f1e002562963986b84334cfb6657106cb06220cc46ab3 |
memory/672-1780-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/672-1779-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2008-1795-0x0000000074A40000-0x0000000074FEB000-memory.dmp
memory/672-1773-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/672-1775-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/672-1836-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/672-1839-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/672-1845-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/672-1847-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/672-1846-0x0000000000400000-0x00000000007E4000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-03 05:42
Reported
2024-07-03 05:45
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
BitRAT
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe | N/A |
Executes dropped EXE
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 416 set thread context of 3280 | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\ = "URL: Amazon Games Handler" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\DefaultIcon | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\ = "URL:Amazon Games Client Handler" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\URL Protocol | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\shell | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\shell\open | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\URL Protocol | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\DefaultIcon | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open\command | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\shell\open\command | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"
C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"
C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe" "/nopatch"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmp4DAE.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe" " /channelId=87d38116-4cbf-4af0-a371-a5b498975346"
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe" "/appIpcName=AgsLaunch-App-Pipe-4960-1" "/coreProcessIpc=CoreProcess-Desktop-4960-1" " /channelId=87d38116-4cbf-4af0-a371-a5b498975346"
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" "--appIpcName=AgsLaunch-App-Pipe-4960-1"
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=gpu-process --field-trial-handle=1732,531994406252625094,15175762749655003858,131072 --disable-features=SpareRendererForSitePerProcess --enable-gpu-rasterization --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4824797387329804 --mojo-platform-channel-handle=1744 --ignored=" --type=renderer " /prefetch:2
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=utility --field-trial-handle=1732,531994406252625094,15175762749655003858,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --service-request-channel-token=13390588264669485887 --mojo-platform-channel-handle=1900 /prefetch:8
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1732,531994406252625094,15175762749655003858,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=15985284081460852978 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1732,531994406252625094,15175762749655003858,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8357101216230068294 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1732,531994406252625094,15175762749655003858,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --no-sandbox --no-zygote --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=17917153989176371979 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.amazongames.com | udp |
| GB | 18.244.114.82:443 | download.amazongames.com | tcp |
| US | 8.8.8.8:53 | 82.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| US | 52.54.36.84:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 52.54.36.84:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 84.36.54.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gaming.amazon.com | udp |
| US | 52.54.36.84:443 | det-ta-g7g.amazon.com | tcp |
| US | 52.54.36.84:443 | det-ta-g7g.amazon.com | tcp |
| US | 44.215.130.143:443 | gaming.amazon.com | tcp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 8.8.8.8:53 | 143.130.215.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 54.166.21.152:443 | device-metrics-us-2.amazon.com | tcp |
| US | 44.215.130.143:443 | gaming.amazon.com | tcp |
| US | 52.46.138.216:443 | unagi-na.amazon.com | tcp |
| US | 8.8.8.8:53 | 152.21.166.54.in-addr.arpa | udp |
| US | 54.166.21.152:443 | device-metrics-us-2.amazon.com | tcp |
| US | 52.46.138.216:443 | unagi-na.amazon.com | tcp |
| US | 8.8.8.8:53 | 216.138.46.52.in-addr.arpa | udp |
| US | 52.54.36.84:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | pg.distribution.games.a2z.com | udp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| US | 8.8.8.8:53 | 47.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 54.166.21.152:443 | device-metrics-us-2.amazon.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 54.166.21.152:443 | device-metrics-us-2.amazon.com | tcp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 54.157.203.98:443 | device-metrics-us-2.amazon.com | tcp |
| US | 8.8.8.8:53 | 98.203.157.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | gaming.amazon.com | udp |
| US | 44.215.130.143:443 | gaming.amazon.com | tcp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 44.215.130.143:443 | gaming.amazon.com | tcp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 139.16.195.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 54.157.203.98:443 | device-metrics-us-2.amazon.com | tcp |
| US | 52.46.153.141:443 | unagi-na.amazon.com | tcp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| GB | 13.224.242.232:80 | www.amazon.com | tcp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| GB | 13.224.242.232:80 | www.amazon.com | tcp |
| GB | 13.224.242.232:80 | www.amazon.com | tcp |
| US | 54.157.203.98:443 | device-metrics-us-2.amazon.com | tcp |
| US | 52.46.153.141:443 | unagi-na.amazon.com | tcp |
| US | 52.46.153.141:443 | unagi-na.amazon.com | tcp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 141.153.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.242.224.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 13.224.242.232:80 | www.amazon.com | tcp |
| GB | 13.224.242.232:80 | www.amazon.com | tcp |
| US | 8.8.8.8:53 | d29x207vrinatv.cloudfront.net | udp |
| GB | 18.165.196.101:443 | d29x207vrinatv.cloudfront.net | tcp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 52.46.153.141:443 | unagi-na.amazon.com | tcp |
| US | 8.8.8.8:53 | 101.196.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| SE | 23.34.233.153:443 | www.amazon.com | tcp |
| US | 8.8.8.8:53 | images-na.ssl-images-amazon.com | udp |
| GB | 18.165.198.31:443 | images-na.ssl-images-amazon.com | tcp |
| GB | 18.165.198.31:443 | images-na.ssl-images-amazon.com | tcp |
| US | 8.8.8.8:53 | static.siege-amazon.com | udp |
| US | 8.8.8.8:53 | fls-na.amazon.com | udp |
| US | 100.26.91.123:443 | fls-na.amazon.com | tcp |
| US | 8.8.8.8:53 | m.media-amazon.com | udp |
| GB | 18.154.84.61:443 | static.siege-amazon.com | tcp |
| GB | 18.165.198.31:443 | m.media-amazon.com | tcp |
| US | 8.8.8.8:53 | 153.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.198.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.91.26.100.in-addr.arpa | udp |
| US | 8.8.8.8:53 | unagi.amazon.com | udp |
| US | 67.220.244.243:443 | unagi.amazon.com | tcp |
| US | 67.220.244.243:443 | unagi.amazon.com | tcp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 67.220.246.67:443 | unagi-na.amazon.com | tcp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 243.244.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.246.220.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
Files
C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
| MD5 | cef6d09b553a93f81942da9838b1ac57 |
| SHA1 | c32fbf54b54dadabbae600645c417c163234daf5 |
| SHA256 | d9aa21479a1a55d57839aee6310cd6853b2bc5215337aa72316a96f7be7ff3e5 |
| SHA512 | 05ed612b7d2e14b034a391d45b578e0eda2b52be3b8eeccb3534872de61d05d95b4b3e7f10bfa01ef6913d29a24404c8cf635c804f9fbe2820321078d1007928 |
C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
| MD5 | 02be3726c0a90958a3c30577d3b3a131 |
| SHA1 | bedbab8bd74a9d7313ba32ca033c81ec32c04706 |
| SHA256 | 1a99f1054e51fe86416c59e5c526d69776fdabd7bb9831dbaab8582322121c7a |
| SHA512 | 662eaa8d3b112ef981d27832a2a46b0ecb55e2d1dcf49fe1fbd134e3c4e02758bc9ad3db2e25f53fc174e2083dd278967f405a768fdd814612c9a43bc6d1c713 |
memory/416-20-0x0000000073322000-0x0000000073323000-memory.dmp
memory/416-22-0x0000000073320000-0x00000000738D1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe
| MD5 | 3f1a9950778e30d7e742506da20c0c14 |
| SHA1 | e61f35b01bd30aeb144b9136b52239956e0f1d7e |
| SHA256 | f6e6eb9e27a83689960f2438d86512092db2532c97d460e9b2e6a23834fa48f3 |
| SHA512 | 43f84f1d28bf6ebbf338970c20ecbb153bdbf4d199d036136663c26a504d6ad454dc18cb108e90b4329c74b483e82b513462e119d1f8df01b2e926e123c38808 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Install_2024-07-03_05-42_0.log
| MD5 | 2ac94e180656f5f5a0c35a7536b9cdf1 |
| SHA1 | d5ae1553e37af0d6818a58c021b697d75b0fed0f |
| SHA256 | ba7c230da6b1b39431eb496799d5314c6ec4b813a04bd9bc6c0458c1add3b7cd |
| SHA512 | d585f135ca45f3cd0139b847e3902daaf34e753de780ff0ef7ba5f664f8e8cc156ce3b4f78c902af899f96b9a90ca25f7053d6a476e3de13b81d0969552f6e8c |
memory/416-36-0x0000000073320000-0x00000000738D1000-memory.dmp
memory/416-37-0x0000000073320000-0x00000000738D1000-memory.dmp
memory/416-264-0x0000000073320000-0x00000000738D1000-memory.dmp
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\static\public\core\minimal-981e9cdf8f1733c5922e.css
| MD5 | e3a0425c4d9a25d022c49bdeeb15c42d |
| SHA1 | 1faf1cc8abf9bc351827551d7d4548a4edc6a29e |
| SHA256 | 577281d9bbccbef71522e3f9f930ebf0d91fb26c0459f75172910cc43e25a2b4 |
| SHA512 | 35fa151affdab631cec1ab3fa810a5c14ddaf1be7dada2a9d3a48e9305acad63f7dd70303e15fc5b822f1e002562963986b84334cfb6657106cb06220cc46ab3 |
C:\Users\Admin\AppData\Local\Temp\tmp4DAE.tmp
| MD5 | 37f35ccf14d19067b8953f28b0ee3b9d |
| SHA1 | 411bf26b63d94725a88413f1c070eda836db0a65 |
| SHA256 | 41514b92588462a8ecdf9c8b6a8caf063e17d26820ad3aa2ac2d5250924459c0 |
| SHA512 | fd331c16198ed03fc1f3800064cddeef29c19222eee41678781d9bb4bb3d13181a46f4fb6be528c597ee5fbd1a861dde1cd0e35724a32c33d3a8a483721da2bd |
memory/3280-316-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-318-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-317-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/416-350-0x0000000073320000-0x00000000738D1000-memory.dmp
memory/3280-409-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-414-0x0000000073E80000-0x0000000073EB9000-memory.dmp
memory/3280-421-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-429-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-438-0x0000000073F40000-0x0000000073F79000-memory.dmp
memory/3280-525-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-526-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-533-0x0000000073F40000-0x0000000073F79000-memory.dmp
memory/3280-1410-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-1411-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-1434-0x0000000073F40000-0x0000000073F79000-memory.dmp
memory/3280-1633-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-1634-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-1635-0x0000000073F40000-0x0000000073F79000-memory.dmp
memory/3280-1636-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-1637-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-1638-0x0000000073F40000-0x0000000073F79000-memory.dmp
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
| MD5 | 31c680c73261d867169c9859b0235fc4 |
| SHA1 | 5a94d51dfe4c37acebc1b51d995ea1fcc8ab5f76 |
| SHA256 | cd4de592833fb5bc3ff1897cecb02cd0b24b4db6b9b09649c444388ca4425921 |
| SHA512 | d2f85d52108ee936743e5fc2e81a124d241b223bf4f10d10c807dc00146b537a757c9f6e5451b91f605b6245e4335544d4e1e80def515d219afb17794f41cb07 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Live-Install_2024-07-03_05-42_0.log
| MD5 | 9c5d71840e5cf919aa65794e117bea57 |
| SHA1 | 075fef6f3c79eedadc2b4659076db5e0ef38bd98 |
| SHA256 | 3646a73800124398b950d1e38c74e3a409d4ab3f2c9c3a3e65893693ce8441c0 |
| SHA512 | 14411d2b210d42aa98e22afec1244233e2e3570c944df323c9b64b58d2bac6df7b18c4fa2607c0d93327aebf6ceb86930ddf16f227fbe2291d148d80f3901163 |
C:\Users\Admin\AppData\Local\Amazon Games\App\config\version
| MD5 | ac80959767118c54bd66e4eff3eaf60f |
| SHA1 | 52cdc9f40933aa7d6c27210357c65c06c71dad5e |
| SHA256 | def0a05bebba79a57b937b999515541560d78df25f0f5cc46abb9724dd016390 |
| SHA512 | 9b12269bd3af14c794e9ed958341bff6e3c58d009a5f6ec851a3ae52383b860f37dcd579ba79f6e21365ccfeb453228d751576fec818681e5cdd0b4f3a6293e6 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
| MD5 | 4a2243a493b4cccce8253c3c98466e52 |
| SHA1 | 0540a62674a7c445f8608844a181c213b8872b7b |
| SHA256 | e5f08df41f06926a4202e6da0fd9eb1bd4db49ebfb8feccbf4d646ea58f5a31d |
| SHA512 | 699b3c304f5f8d77eaf88284e9b798a954b08acc0b93ff7ee3930d20c51a6cda145fb3154e9c83d75f8da8af5c06cf6c4d548706237c9e7960de6bbca23bd6bd |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\clrjit.dll
| MD5 | e127d23181160e02391e628192b1d08a |
| SHA1 | 642c16276a9dc0c216e677be97df4e4aeb2836a6 |
| SHA256 | ce9037b6998a8171cb53cfa3725cc9bddd95ceba7fe4f9fd9fb43ac667ce4601 |
| SHA512 | 7a557a26eb0442d79da66b34ff70c37d4e5d26c757493c58127265876c9c2d2da1e6cb9b70680ee4dbf3773dcb55b575010fc72b5528263f957b20f867d71465 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Runtime.dll
| MD5 | 2a2145894b1e24529c3ec57fe204bd07 |
| SHA1 | 0cfb1d48f6bfebe85abce1443193ad8f818318dd |
| SHA256 | 36764292c645fbbc92c31ecb3338f26093ac0f7e69f5c8f9b817b7b6f9f49ce2 |
| SHA512 | 7c2ace08599763e6f2105ad30c7d9df1b38ac9febb7816d98957960a6c3138e2978614b084d82a36bb495bf0d2e135fd660ea1c906efd3aa4ebef4104f717da1 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.dll
| MD5 | e2baa50942a4fb2f3058312285871443 |
| SHA1 | 7eece50e0157fecb52b40b5166d339224ae55529 |
| SHA256 | fb14d7eea78cc81b6a97d1372e5684643b2003e89f22d0ebfa4fa190209e0c59 |
| SHA512 | 66e5204760d9777edcbc9371ddd85dd89a385bc8d8a9e051c44a5e37e1799d3721446ef833717dd455edd797ed7ab04651307fafea0c96ed04bd31c2c12455a0 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.Common.dll
| MD5 | 2ef56d199c95016f8e2fa2924563a63b |
| SHA1 | 80b6c705c69415400d3f9d6c3c551d0a754a1036 |
| SHA256 | 02e03da5c121355ed9503b2f5c458ad9fd302e5f98737b0802d2f685f19c6207 |
| SHA512 | 79f8d40bb000949496f66ca84290e4d7de263e240ef0ab3dab2ac9cbb0c5d670165d443cc6f933a8735513e316eb925c9b11c531767a7382dbaf08e19c71874b |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Collections.dll
| MD5 | 44b5aeddba5aa88a23e330cb37feb578 |
| SHA1 | 5443d16d862a64c090a40f5c3dd2083868d17360 |
| SHA256 | 8745aabaaa043e6d456b2b4d7864089bed544eb5204fc733b575e977b52b916f |
| SHA512 | 4bff95f4d1a928de5927d6c354fca12f48a701ad44f8713457ead8f271cef19216b39d731399709fb628aa4562ce461a2fa98878be61d0f493b6e6bfb74c8170 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Clients.Amazon.SushiEel.dll
| MD5 | def1264207064c93c506d93f68e00d1b |
| SHA1 | 922d3562ae1658aedcb03257a6c8d000eb72b4b4 |
| SHA256 | 64b7fc18b8eb94504c42f7c1e94f952dde6355e6385f3bd57faefe5d72c6a42f |
| SHA512 | 5f063df63b3c3760fc3b8ff0dffcc99820d04c8c13b30413acc85354bca1975147939481a2e92976ea281139c9a11a92c3000388168327764d58831dec45d287 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.Plugin.Metrics.dll
| MD5 | 2ebb58b9ff3e79c22cb1e0f39dd69373 |
| SHA1 | 89174178783948fbe351f44d2114fd774c7ba8e0 |
| SHA256 | b02c64cc1d2698596b17eadb13583ce2fbacf94e5f4a7e4c2c0595f67a7779a1 |
| SHA512 | 58fe4887760f9ed0a3aa80d4061d42beb9c65839225021b51b80073ca3b401c358533ce7e23fcac668a45387f0f7b73a750aeb23a52a1a1b2013a4cd88bd3ab5 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.IO.FileSystem.AccessControl.dll
| MD5 | 2e189293fe78fc4fd452a19ef1beda88 |
| SHA1 | 3d25f9de87ef1ded11cc5f06e865e249be000f0d |
| SHA256 | 8b837830416fb89021876d89010d84fb5b16c768b23cca017050fedac71c8024 |
| SHA512 | 66262806f3a76e6db816832d87400354b037106073931f453ab56b16ef859c86421db5307e72f139067e82aa63561bb3d5fb47aef1f56837d0dabde5eb5e34ae |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.Plugin.PlatformServices_Windows.dll
| MD5 | 054a4785c69ac8bf092d9520aa958990 |
| SHA1 | 0ad7f3b54d5d186c66489d71f5149df7ed650244 |
| SHA256 | 78309315b32c18cb21b132eec113871ba700663f76586fc85f8fd68bb8a4cb49 |
| SHA512 | 4d0ee80bbd7ded67566b4b9d309f7dfd8f3afe768631df0c84e8c3849436fd189fa4ef979b13da0d685e1550c0a0deadcc508d70e18bde7a78b15a37e27ee540 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Auth.Map.dll
| MD5 | a20ea784957d2daa8c89ce83d1a6224e |
| SHA1 | 885155614b56c9461c47f2172803829927a92162 |
| SHA256 | 4bd3f9bc9ebade987f7b64d2b7b5a914f7a777b4b67411fb037c1d1a401120c9 |
| SHA512 | b96e4b46e75b6bd1268920f3ab718f917f5afdbcd76e4c7d43dbab7adf08611e5019da21807dd5371610590f7b88437abb2fd679ecf8d58a965f3256b4570cf2 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Autofac.dll
| MD5 | dd58451c5f3fdbbd11bf565a330b39dc |
| SHA1 | 2f01c5c406b19661c157aaa6a667e05edefd907f |
| SHA256 | fa0a4a0a4336e5bbe21b52d3465395d9ca774abba5160a6bc7222c66e98873d1 |
| SHA512 | 66703d60678b7afbdc7421d0120f36b8ab9907fa823025964fb8ec000efe930047e3d8d6a31a9edb3667a20f85294b4693b1d8d1823377ec9b634afc537f8279 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Common.dll
| MD5 | 6a5f1db67f427d30dfa2ddf12e907953 |
| SHA1 | 5041bb87cadd4a9937850bfb04294617b2aa1632 |
| SHA256 | cd069bb34716cfdb31467e5925250800b3e4566696216df000d5eb2655d289a1 |
| SHA512 | 5b3a8ef05ec9cf601f21003c18bd0d60ac29450c6d0f6da5b04c6ce17197ca5fd4ef9cb1377dd830cc2ee057ed462e6a13911deadb71f920e08345222002c901 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.AppCore.dll
| MD5 | 21a482329ab443843691680022b04741 |
| SHA1 | f37ef6d7f91ac8f45675185b208f3ce5924784e1 |
| SHA256 | 21c3889fb04db3ed95ccfa18b7b77e24ef97a6ca6ca8781f92a8869b7bb342c8 |
| SHA512 | 95e3e5b55ffddcaa6cd8c105c73b2d9a13e4f5ec2c10865ee0eeb828dc5473597fb73223f61d034136a642024193af37554a70f3d637eb96e369471512da9b28 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Radium.dll
| MD5 | 68e5cc898e4d20903f328a8cb5cb4b20 |
| SHA1 | 384419d5f5b5456021d4840083cdd07d75069401 |
| SHA256 | 93f6eefed273692794908e749da072e70c5e158b584b9ef09d4184e56dfb94ac |
| SHA512 | 1d93c9be02e52a33b9d9a561938e8c87b024223585d2498bf1ffa70cee5b7bfa2f0a4ce0718bd8341cb399a865ebf00d5a9b8b8d59630e5a26df2068352dd86f |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Xaml.dll
| MD5 | 88f8ecfe3166e18f2b41d8b17fcbb482 |
| SHA1 | 898e6ac7466fb2f81fb96094b859e5577f3b5b22 |
| SHA256 | 88047cae06586b8f2d2c54e3229d0bf19ee1e224aa96c26358bd89c22834922f |
| SHA512 | 067375d27b28023a342b0d6b9e91e041d9bda9514075cd5efca8214b530afcf1ff75229f4498c1a6362368642865389fffe961431d2470cf01c1ec3bc07db764 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\WindowsBase.dll
| MD5 | 0f7a6e65d184213c41fa4b3e39fcbda6 |
| SHA1 | f0825f4c1ca0d37367ff02f66a4b3c93053a102f |
| SHA256 | 996e60b5d8e2109d6dc69e6e29462188f61fa4c70db2edf54070ea5174a206b0 |
| SHA512 | 91671c769e77c8ae6da3a3cd5a6f7f8f208c02a39f7f9bd2076b3ace23c96b681b8ae5e28de2fb9878819ac633bf46cf0bbc81fceb9ec5f7af8e4b6a99a7149b |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\PresentationFramework.dll
| MD5 | 21d518f466d3815df618253efb11a09b |
| SHA1 | 5ac9d1dc00bace95006ca44b8cb4a559219a522b |
| SHA256 | 3dc0ddd44a4475e62c2a97172e0721f07f4f1f5d163fe4e77dd999043ba05734 |
| SHA512 | d96aeb4727ca6c2d818c5c17341e5625481774a330c66533670d6507d7dc267b2b66e01fd9b43dc4aafaba4ec766b71217fdd14c73c3f518ca8351822552b8f6 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Private.CoreLib.dll
| MD5 | d3cfe3422fb4d5a93c1cf9807debd230 |
| SHA1 | 41a3f27c2e812b24bdf269c9c590b300404bd5d9 |
| SHA256 | 5064262dc838d4fdd458a70312f6945f56e153519fa4d6808b34738018753625 |
| SHA512 | e659f1290ce7b139d89eafea18d879ee029d82d361d9b3aa511b63aadc00a73f1821505e61633fe2aefcc8d73016471336b88ecf17d15c8aff9c5ac1299db21e |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\coreclr.dll
| MD5 | 99004b84b758edc90f90671221152667 |
| SHA1 | 9a22738517dac9fc717d6f9324a24aeee6dc93e6 |
| SHA256 | ab0ee337d10c8225134603f1dc5f70631fc7a3dc49500e254efca7c60b145f67 |
| SHA512 | 662c00d3bcf76eb8fb603a681ca029824ca1bb65064790da405e95db6c363ebe9cf897f8420b5f79b6653eed17aebcf81e4dfe81652f0dbe674ba4fd54c9adb0 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostpolicy.dll
| MD5 | da0f874eeee4c0f45cd0a9bd044c7db7 |
| SHA1 | c7edd0703429c6f49f7bae3a43366ef99e051d7f |
| SHA256 | 4f3934c1bcac7827078702d9ef21ecd4af5652595a115bc578d026bb03b60bd8 |
| SHA512 | c6577c80375fcc406d110254120e1d37a450ad2114b0c72a14045ee0dc064d7e3208ff599832d0ae6445c002b0993cee808153a83d47a21105f2f84cdd2aef16 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostfxr.dll
| MD5 | 1bc17073c940e2cb486d4c5a361c5df4 |
| SHA1 | 218c6cfac172af7477039761ba03de0a899a3e29 |
| SHA256 | 50a853d23c8d2832da1183abd20ae446585cebcd902858f3bd0181fa4bf3c6b6 |
| SHA512 | ace997a3e1460ba387d9a051384f981f872b6470652c64abb344a4a2c55e19388870989e6104bcae8b168df8c62d34c43853d61b9940ffff19d582f76a2ec7a5 |
memory/3280-1742-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-1743-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3280-1744-0x000000006D410000-0x000000006D449000-memory.dmp
C:\Users\Admin\AppData\Local\Amazon Games\Data\Games\Sql\CommonData.sqlite
| MD5 | fb0948531d6670dbab44abdcfc79335b |
| SHA1 | 4fbebb3510ca0a5446fd89153d2af95bb1b52f6f |
| SHA256 | 0e67f05bbffde815066f3a357ffb082dd33b94cc37478baa4da7b0a401009c06 |
| SHA512 | f06f49127de89ba173a33c28fbe5e44786283cb2e9b8f07af08b1263d0cb67e82f2913eae2756d6393182459c9b3bb2fa3857404d331f49fac139132778c2c20 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\ElectronMain\ElectronMain-2024-07-03-05-45-12.log
| MD5 | ea6a89866a965ab52a3e23eb18914cca |
| SHA1 | bf3adb55f3977dcedc3a7b04228651e61aacab24 |
| SHA256 | 0e044f24e209765440eb5528fd075f94bd526b2a4e30d928bfee6463f25f0d55 |
| SHA512 | 2eb1b05b643f91a475e4f93da1d67e724822c98dca72b3a5843d59a1f0463ae2b9eeb58b5dd9db9eb42a8fb88e93f08972f5791106ccb05f46d11e7152770f99 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\ElectronMain\ElectronMain-2024-07-03-05-45-12.log
| MD5 | 419feb0911942d35ea815b7c0670b2f5 |
| SHA1 | 68d913aee0d4f3e5d26df0ba5ddf5e160cad8227 |
| SHA256 | 7b0fb4db1eccafb738e43e794b7e82e63029d091666c634505868ba313d22957 |
| SHA512 | 61d5f2e09507d3ce48ba7339536fd9de5365c98ecce22e2f599a21d0a9b4e3c78a3a31069aa1e7e10b7a6bf20c039513e321a8b3aaa243336ba5fa4ae24bba58 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-03 05:42
Reported
2024-07-03 05:45
Platform
win7-20240611-en
Max time kernel
149s
Max time network
147s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe | N/A |
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open\command | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell\open\command | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell\open | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\DefaultIcon | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\URL Protocol | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\ = "URL: Amazon Games Handler" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\URL Protocol | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\DefaultIcon | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\ = "URL:Amazon Games Client Handler" | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe" " /channelId=87d38116-4cbf-4af0-a371-a5b498975346"
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe" "/appIpcName=AgsLaunch-App-Pipe-1664-1" "/coreProcessIpc=CoreProcess-Desktop-1664-1" " /channelId=87d38116-4cbf-4af0-a371-a5b498975346"
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" "--appIpcName=AgsLaunch-App-Pipe-1664-1"
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=gpu-process --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --enable-gpu-rasterization --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=996633530453286117 --mojo-platform-channel-handle=1032 --ignored=" --type=renderer " /prefetch:2
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=utility --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --service-request-channel-token=9231588390363730714 --mojo-platform-channel-handle=1424 /prefetch:8
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=1176364511797248632 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1668 /prefetch:1
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=4611706300489442804 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=gpu-process --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --enable-gpu-rasterization --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --service-request-channel-token=632278421001797710 --mojo-platform-channel-handle=1032 --ignored=" --type=renderer " /prefetch:2
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --no-sandbox --no-zygote --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=6146074084904742019 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.amazongames.com | udp |
| GB | 18.244.114.55:443 | download.amazongames.com | tcp |
| GB | 18.244.114.55:443 | download.amazongames.com | tcp |
| US | 8.8.8.8:53 | d34q08dqzz17tk.cloudfront.net | udp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 44.198.224.47:443 | device-metrics-us-2.amazon.com | tcp |
| US | 52.46.136.40:443 | unagi-na.amazon.com | tcp |
| GB | 13.249.247.65:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 44.198.224.47:443 | device-metrics-us-2.amazon.com | tcp |
| US | 8.8.8.8:53 | d34q08dqzz17tk.cloudfront.net | udp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 8.8.8.8:53 | gaming.amazon.com | udp |
| US | 52.46.132.116:443 | unagi-na.amazon.com | tcp |
| US | 44.215.130.143:443 | gaming.amazon.com | tcp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| GB | 13.224.242.232:443 | www.amazon.com | tcp |
| US | 44.215.130.143:443 | gaming.amazon.com | tcp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 3.227.83.236:443 | device-metrics-us-2.amazon.com | tcp |
| GB | 13.224.242.232:443 | www.amazon.com | tcp |
| US | 8.8.8.8:53 | d34q08dqzz17tk.cloudfront.net | udp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| US | 34.195.16.139:443 | det-ta-g7g.amazon.com | tcp |
| GB | 13.249.247.228:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 3.227.83.236:443 | device-metrics-us-2.amazon.com | tcp |
| GB | 13.224.242.232:80 | www.amazon.com | tcp |
| GB | 13.224.242.232:80 | www.amazon.com | tcp |
| GB | 13.224.242.232:80 | www.amazon.com | tcp |
| US | 52.46.132.116:443 | unagi-na.amazon.com | tcp |
| US | 52.46.132.116:443 | unagi-na.amazon.com | tcp |
| GB | 13.224.242.232:80 | www.amazon.com | tcp |
| GB | 13.224.242.232:80 | www.amazon.com | tcp |
| US | 8.8.8.8:53 | d29x207vrinatv.cloudfront.net | udp |
| GB | 18.165.196.101:443 | d29x207vrinatv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.amazon.com | udp |
| GB | 13.224.242.232:443 | www.amazon.com | tcp |
| US | 8.8.8.8:53 | images-na.ssl-images-amazon.com | udp |
| US | 151.101.129.16:443 | images-na.ssl-images-amazon.com | tcp |
| US | 151.101.129.16:443 | images-na.ssl-images-amazon.com | tcp |
| US | 8.8.8.8:53 | static.siege-amazon.com | udp |
| US | 8.8.8.8:53 | fls-na.amazon.com | udp |
| GB | 18.154.84.26:443 | static.siege-amazon.com | tcp |
| US | 8.8.8.8:53 | m.media-amazon.com | udp |
| US | 52.87.84.146:443 | fls-na.amazon.com | tcp |
| GB | 18.154.87.195:443 | m.media-amazon.com | tcp |
| GB | 18.154.87.195:443 | m.media-amazon.com | tcp |
| US | 151.101.129.16:443 | images-na.ssl-images-amazon.com | tcp |
| US | 8.8.8.8:53 | unagi.amazon.com | udp |
| US | 52.94.236.45:443 | unagi.amazon.com | tcp |
| US | 52.94.236.45:443 | unagi.amazon.com | tcp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 67.220.246.67:443 | unagi-na.amazon.com | tcp |
| US | 52.94.236.45:443 | unagi.amazon.com | tcp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 209.54.180.209:443 | unagi-na.amazon.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1289.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar12CB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b2c7a980e39f135235b13456db9813f |
| SHA1 | 73e358df51c0055f54f2aad06a6064b6a1ce5ebf |
| SHA256 | 8c952c4bcc2ab119359d74a1d12c0633cd4325817c8b0606453d372415ca713d |
| SHA512 | ab380740c07673680cd342716dd1603b37d584250f15aa05091d7bcc72d8efe72a315a47a866577dc70b42b82c24438a9a15452b4fd37fa9b1bed3cb5380e0c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddfde6512ce397ef7c25f14347077265 |
| SHA1 | e7ef728538d2577616e9072195d15ea352afaa72 |
| SHA256 | 10ee6cae4b615fe50a81a2c4315990a052fea84aaef6ec0fc1d7dd69edd44617 |
| SHA512 | f8da2937aeb0bcf10588341e02618f0694c0b0bfb69fbd965a41286a08f926d683469488e7f15c0b90ca19c2412cf9e0ff715c9185173ee85281d74accd4d55e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f65a5300f5312b5cc278df954d406ca3 |
| SHA1 | 4c213effb16bb4e2c9f37d2c6bc51fb0128c016a |
| SHA256 | 4495dbdd5d3b492cee5aec4edf0ace3d35176d751ce2cfd069360d576684970d |
| SHA512 | 03b9ef35349120cfe0d93b83d5693973a76465cb0355a7c4b6fbdefec12af20ea71208a6bfb0063440f54a2646135c8cf49faa958cab73c64c0f440f5abd8dad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 362ef001d8d55d68d592e7507a7b2925 |
| SHA1 | 35e73523fd136529fdb32eaf181408cb190e1368 |
| SHA256 | 7e68d0716f9b23599d4e5a614c6ace22495e9e5864f15d9c7109d4dd8d7bf33f |
| SHA512 | abe2860d2033b47fcdbc0f5fc1107c7e8dabda7da3f9ca564e9977c6635363c226e39e7b4a1869b76aaa1a325de7cb7d4a1dbc045fa898da76578eba23e6313c |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\static\public\core\minimal-981e9cdf8f1733c5922e.css
| MD5 | e3a0425c4d9a25d022c49bdeeb15c42d |
| SHA1 | 1faf1cc8abf9bc351827551d7d4548a4edc6a29e |
| SHA256 | 577281d9bbccbef71522e3f9f930ebf0d91fb26c0459f75172910cc43e25a2b4 |
| SHA512 | 35fa151affdab631cec1ab3fa810a5c14ddaf1be7dada2a9d3a48e9305acad63f7dd70303e15fc5b822f1e002562963986b84334cfb6657106cb06220cc46ab3 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
| MD5 | 238b9152bd1f02939e2033cb9a21a21e |
| SHA1 | 2e7c8a10e6bf4bebe8fcb42f528002d1fd0d746b |
| SHA256 | 25a9fa08338f0e155ef7ff25fc5470d8bd6c9c002326111e0fc2216709a777cd |
| SHA512 | 8dc8b9fc1e2d32f4ee83b0eb1773c4689d3e9a8aea3e686271b7b31ecf88d824207c0f81ebd36846e717d2250b7c8a291b5538fde34909632d64ae221b3defff |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Install_2024-07-03_05-42_0.log
| MD5 | e83eca7f0900b7a333ba8f5052e72685 |
| SHA1 | b41b3e1ffd548e6fe7c48737cba94f4082065736 |
| SHA256 | e72a544d8505e66569e9a31e3b8bafb196db45563dee46852240c42d485aa391 |
| SHA512 | 8b7df373626897d2459c710adaef36a9ae92c2e330c026fc68eba1b10076c427ed9e3595a4d7d43ba3aaad309adce9fce1023b09825af90f0236ac452b200b0b |
C:\Users\Admin\AppData\Local\Amazon Games\App\config\version
| MD5 | e5fd47d470b34f4852f4f8e054665d4e |
| SHA1 | a3a635521bebb5802784d4bbdb9e57eedde8488c |
| SHA256 | c5a98d833029251f42563562041e0841ebe586f47b99d34e17de7f4c9286665e |
| SHA512 | 9d6df93d25b2b3466f30cb4a25e84fedbbdfe17a5e88c7a1b57da7507742dd922d8c8e5614b32aed196c5540f6866a34c8ea8fbe15bd358eddea293cbd67255c |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
| MD5 | fe23656081c5bd7b8ae9ae2b9d839626 |
| SHA1 | b9ffcbe686da844867de4ec7d6ed7cd7461a7932 |
| SHA256 | 8fd08ad4c69a69de51c4cb636ca793b60d9008eb27fa3ee8fae2685dab082d4b |
| SHA512 | 23f892c00847f73d4a1a627ef0677c4808d2ff5ff330a6795f5949e572eb189549c96b1bc0f043cec251cb1b66e834690a6ab295dbc6a9ab1bd2c39b0dfc715f |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-synch-l1-2-0.dll
| MD5 | e162b53ff1f872345471989d20374f36 |
| SHA1 | 232c1427096188e791ab0db44bf309cbefe20413 |
| SHA256 | 3f61c83e3dcbe7f03195efcbabd9fd1ca75ee6359828e45733a53cc1fb1183f6 |
| SHA512 | 2d60d609cb281cd4f2fa1c6369d2f75afa0d9f43df681a5f42e85f51d5bf57bb4e23c8e041b3fbae703706b8f82db9d27d1f650cf5bb9088e4f222ce1734ffd9 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-file-l2-1-0.dll
| MD5 | 5ee963beea8ab70e4837b3ddc3dfa780 |
| SHA1 | 08d253b2d5d44f4f01c5c8cd32a53202f46ea050 |
| SHA256 | 7ec7ff7c30d637a2b2bdf202befc401d9840bd38aaf10633c7cbf03aaed80ba3 |
| SHA512 | c1cfc308a25196c1661e579f270aebb40685fbb478590be155a65cd79dda03d70ef53211fff6e1fc0c07b620ea92e05db8529b707c41e0aa7f3f82f23d764fdf |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-time-l1-1-0.dll
| MD5 | e78951b33f1a259b3b9c0b406ac816a4 |
| SHA1 | 22ab7641feab19e0d3c2992f377c4164e3f7e74b |
| SHA256 | 62886805ad32f151b6230358e1da74db1bfc8adbfdc316fda111cb8431a733d8 |
| SHA512 | 9f6d378326bf9102b9983053f105c51ad09cb80f478ac97af9269bfe2633f3210a9ae56e55dee6eadc00f5f7841654a13f1d274bcf590de56ceb3e68674bcec5 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 1d8042874eddebe39e60fbf8e1dfd3d0 |
| SHA1 | aac2ee2ea006022646b6c0d7cea93e248cff62f1 |
| SHA256 | 4e71c955de0a9e71ecd6749d73f6f07364bea34c125a61261a9efe2b76ba98e5 |
| SHA512 | a74eaafaf0643935a5de9138059b08d972a05cae3f859fe7da28a370e2a4fb46ae00d8b986afa06f353eef2db104e60a5f40f07a5a87ccbe644e8f433b29b621 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\coreclr.dll
| MD5 | 99004b84b758edc90f90671221152667 |
| SHA1 | 9a22738517dac9fc717d6f9324a24aeee6dc93e6 |
| SHA256 | ab0ee337d10c8225134603f1dc5f70631fc7a3dc49500e254efca7c60b145f67 |
| SHA512 | 662c00d3bcf76eb8fb603a681ca029824ca1bb65064790da405e95db6c363ebe9cf897f8420b5f79b6653eed17aebcf81e4dfe81652f0dbe674ba4fd54c9adb0 |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Private.CoreLib.dll
| MD5 | d3cfe3422fb4d5a93c1cf9807debd230 |
| SHA1 | 41a3f27c2e812b24bdf269c9c590b300404bd5d9 |
| SHA256 | 5064262dc838d4fdd458a70312f6945f56e153519fa4d6808b34738018753625 |
| SHA512 | e659f1290ce7b139d89eafea18d879ee029d82d361d9b3aa511b63aadc00a73f1821505e61633fe2aefcc8d73016471336b88ecf17d15c8aff9c5ac1299db21e |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostpolicy.dll
| MD5 | da0f874eeee4c0f45cd0a9bd044c7db7 |
| SHA1 | c7edd0703429c6f49f7bae3a43366ef99e051d7f |
| SHA256 | 4f3934c1bcac7827078702d9ef21ecd4af5652595a115bc578d026bb03b60bd8 |
| SHA512 | c6577c80375fcc406d110254120e1d37a450ad2114b0c72a14045ee0dc064d7e3208ff599832d0ae6445c002b0993cee808153a83d47a21105f2f84cdd2aef16 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | e795f694529fc430e0b0e25884e6a24e |
| SHA1 | 6c86a0bd746f55fd731a30f378e5f21c4fb2e2b7 |
| SHA256 | 0ebae37459eb25ef518c47c454e6af81b076d0fdc5fed1674806551259435584 |
| SHA512 | c71622d473c68d7ae87cba663f38c08fb1b4ec0786e364f6863fbdf2711a7faac1e5cd18ba0912c318627cd58d7fc836ef0dd993a9444c846ec298502e04fc66 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostfxr.dll
| MD5 | 1bc17073c940e2cb486d4c5a361c5df4 |
| SHA1 | 218c6cfac172af7477039761ba03de0a899a3e29 |
| SHA256 | 50a853d23c8d2832da1183abd20ae446585cebcd902858f3bd0181fa4bf3c6b6 |
| SHA512 | ace997a3e1460ba387d9a051384f981f872b6470652c64abb344a4a2c55e19388870989e6104bcae8b168df8c62d34c43853d61b9940ffff19d582f76a2ec7a5 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-math-l1-1-0.dll
| MD5 | b330487f1ccd5fc821fa117f8b57a5b4 |
| SHA1 | c32a5df20c4380aa5666011d860c1ce2fbfd354c |
| SHA256 | 5e40b97f5e5a1577bf30e91dfacc0e74e1cffb6c2beb270777cc0a5db065947f |
| SHA512 | a5e4f57a94ec1bca577288458413627ec9b2c5d7b71d5f27a2c153002a9dd4dbdd128c89c35623b3f038a94844a50622ff65751476a5eef932765a96cb3ecc1c |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 49c9af5961980346905239d9988cd041 |
| SHA1 | d679539617cf74ec04d75f450ef93d94abecac28 |
| SHA256 | f7cb5d3347d5a13b8bcce06821ba75043fce87f298131e23155753b56a48297e |
| SHA512 | f2e04aff6d502d47946d8f0f9337e81fcc9c23608163d276c3cd304b3ef42e4d07d6f00e3606a6c2f2eadefc23fda3af55c1cefb7912def815e5c339208719b0 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | b42f3df73d062dcf7c61eb3e455fe1c6 |
| SHA1 | cdba01951de434f36b9100c7db2316bd0728abac |
| SHA256 | 3d205605ed371704d2de5fa0511fb4ad2f791c81e5781ed3c4464881efd8523b |
| SHA512 | b70c49f8494b600483a858210a5bb73c0a052460e34aa16290f32ec6af68095b38b7436fbae34273048ecd058c7fd40ce1c6184ea21171afe291c29e249253f0 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 2c4f5369a8c60a6d8107f474d2942859 |
| SHA1 | 9e52ae6e0397672fdbf251217cea25201f11004a |
| SHA256 | c8138031537a27fd364f359d48db88485c4a0d668ed2983ff5f6edf0bffcd91f |
| SHA512 | efe27d138cdae009e4aea9aaf31c899cc60389ed644f042ff3b656c3a24fc8a98420d90ad86fa16ef95bd14b918eaaab926f2ad20ad47e0831842eec2b136a29 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | fb887fed29c62e516005fadb6838d521 |
| SHA1 | c1b783800f33aed8f67953e0816c1792e976c62a |
| SHA256 | f989de398e969df49c108ef53f5e152eb35f7a7d0e19974aa9f24a995e5c9e11 |
| SHA512 | d895e2c83578400174bd0d316e790b1b5c7400b7e24f8ac4ab1964701821f4ae7fac4ef308e4bdd09ad774cfcd54b1f0176da0911437759439a1e2a0d99cb13d |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 38799420c40507472fd54b3ba205db3e |
| SHA1 | 84d04a2e360f16da027b84d51aab649154979232 |
| SHA256 | eec15efdf7caa058cb7f721a1c4e5d3f1c97039c4b6bfe2b32f789e10756106f |
| SHA512 | cde6ff6b3dc908dcf932b4e308c99589af3bcfe8aa06a416db107e948616ba7517c3ef882a59fbecf2b3ea92290f90123d5a6f4c355bc1d89a5f4745ee886833 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Runtime.dll
| MD5 | 2a2145894b1e24529c3ec57fe204bd07 |
| SHA1 | 0cfb1d48f6bfebe85abce1443193ad8f818318dd |
| SHA256 | 36764292c645fbbc92c31ecb3338f26093ac0f7e69f5c8f9b817b7b6f9f49ce2 |
| SHA512 | 7c2ace08599763e6f2105ad30c7d9df1b38ac9febb7816d98957960a6c3138e2978614b084d82a36bb495bf0d2e135fd660ea1c906efd3aa4ebef4104f717da1 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.dll
| MD5 | deba6c8e0c0d675d603a6abac1758405 |
| SHA1 | a7256d4a7edfe4cf9ef2acfb666e885b8a94af21 |
| SHA256 | e19a9367128f32949f564dc56616d4634ad76906a38df14aa54e071a16edddbd |
| SHA512 | fe37ed5960b4d41754cf7ccf1058779689c2a35f29a38e698f880a27640cd7e853ebf6d2f4c9e9d15d98c3e363fa6cb7c7b898fc4ea60061d31d7106a7713c6c |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\clrjit.dll
| MD5 | e127d23181160e02391e628192b1d08a |
| SHA1 | 642c16276a9dc0c216e677be97df4e4aeb2836a6 |
| SHA256 | ce9037b6998a8171cb53cfa3725cc9bddd95ceba7fe4f9fd9fb43ac667ce4601 |
| SHA512 | 7a557a26eb0442d79da66b34ff70c37d4e5d26c757493c58127265876c9c2d2da1e6cb9b70680ee4dbf3773dcb55b575010fc72b5528263f957b20f867d71465 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\ffmpeg.dll
| MD5 | a7942e3c5b8ce9c602fe8c64d9e8a42b |
| SHA1 | eada931fd2054bcb3159aae30221d067f8bc39e3 |
| SHA256 | 7d0ea22c750c6df0872a9cf76b55a62e197db1bdd6ead8ed967d627a84255994 |
| SHA512 | 20699ac7a6b6d41e8748b0a13b7e949224e458d798442cf2d7fb5e2b06d4201f10378136d0ddc373ca5ecf405505565ff5e2fa6bdc86e49dd3d3b3f1a16df57e |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | a99dafdd0eb1668ae60d4898338dbed3 |
| SHA1 | 504687e909f0730e3c4db6ee14578b055e99743d |
| SHA256 | ed383bc5365e2d9ff18c0867d4e2f8682ced6e45b0875b55cfcfb7bc87e6b301 |
| SHA512 | 72af70f554a66280d6ac53a0cac342dc6e0b7fb8975757a404576101fd0f7445a1bcc8778fe5d7084f382a843710af4c94a9fcb9c230931b0b8b5e5ad3dcfa53 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-file-l1-2-0.dll
| MD5 | 2f3ed68e88962a3db91fddff116043c6 |
| SHA1 | f89f28cd1a2afb247c483ec5d3373687acd9f0f3 |
| SHA256 | 94285b076bc56f70b600340cb8e462fa860745a4e259a01a5faf200365b626eb |
| SHA512 | 99965f02106a278ccffa953849546008595a38eaa21e81f6b72d8635931b6e32bdb44c96e4ed52df374ed765138ff5e2a97d6dd1878e9bb062d7d5b7332bd247 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 3041be8b8f3e2e99d6f7fafcaf428648 |
| SHA1 | 9ff03d218278bd12fc1406d21d58f5c4dca8e3c2 |
| SHA256 | 7f1a83c6b5d0a856ea8c7952fd4c637a9ac7e663a620571afdcec7af6c68a960 |
| SHA512 | dcb59dd2ebafa0ac64fc35dbf6b9ce3c22bd857a93e64bd64b53c9c35dec3c026b6d25c9a848968dd00cb8dd01b4b6755fa2273b540e1db7ccfce32a2a97f112 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 1d309498972c67db409bff7c34ad30af |
| SHA1 | 0bc9a4d52e482129bb3e52ad6c6b12bcb3f9f27f |
| SHA256 | 2f0973102f1d2e78158e80b0eea8a5f63085cb3088624227bc89c337dcea96d3 |
| SHA512 | 933380e33119a42de01d06ea2aa9970f1db5f3a9a9dcdd08d35e18ed6365f75b94cf3a146f11e6f3f3c8da118f46a6224f3fd0e2c1736c9d667b948dca794d4f |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\ucrtbase.dll
| MD5 | 5fef2fd676d7a1ac1bbf2cc9ba5c1a29 |
| SHA1 | 3716deef1ba1915e06111199b1b6ab9e1d0649a4 |
| SHA256 | 1f1ce96469c20279003cf9ec59f452febed2dd7f6e6c055ae8019216105c8f3b |
| SHA512 | d6ebd0a633075040237bd30447af9d88672163f40f2ecd4197c9b4fb191225212b789cd514ce2f81f695cc485173705582e4dbf6b8f9fc40c03936a31919e064 |
\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 0792930cced35a6b7afd0548a380d5d1 |
| SHA1 | 45139b80525961c5aadffc3b4e44720f144da878 |
| SHA256 | f0e0d8b65a8cf88355a7c2fd401cee5ff4bcb7965a888f4361ad14a054517fd7 |
| SHA512 | df1ca5b417e5ec7a6600eee4e5ebb8de557ccd7883174ca47e4b69e0138c6af4afeae0cb2d2f8c3b32c128e92c725dcd4739d40911e15571bc5573289796f3d5 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\ElectronMain\ElectronMain-2024-07-03-05-45-11.log
| MD5 | 4b7caadd5bbaca89cab1ee3e225982d5 |
| SHA1 | 6d3be33e462bd059d951bdbb4a74ee552a014978 |
| SHA256 | 1e16190f0d3f4c1c3885d0b0b110868407d97bc40fecfd872ed79ea9aaea1c83 |
| SHA512 | 5291b1952d59bc4256bedfdcacca82646724293d20ca79f53771aabe9ce040756e2dd86bac202d07f0f85263c8e0adc42ed5c29d510860f04b9717eb425675e5 |
memory/2132-1904-0x0000000000690000-0x0000000000691000-memory.dmp
C:\Users\Admin\AppData\Local\Amazon Games\Data\Games\Sql\CommonData.sqlite
| MD5 | fb0948531d6670dbab44abdcfc79335b |
| SHA1 | 4fbebb3510ca0a5446fd89153d2af95bb1b52f6f |
| SHA256 | 0e67f05bbffde815066f3a357ffb082dd33b94cc37478baa4da7b0a401009c06 |
| SHA512 | f06f49127de89ba173a33c28fbe5e44786283cb2e9b8f07af08b1263d0cb67e82f2913eae2756d6393182459c9b3bb2fa3857404d331f49fac139132778c2c20 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\ElectronMain\ElectronMain-2024-07-03-05-45-11.log
| MD5 | 137c457348234fbe11fc1c3be550e408 |
| SHA1 | 585a2ff26d70a3151e882c4c2db5e7f604107541 |
| SHA256 | c2a799ecd281f301fe97dbc7ef1f5292526c77e6160031eff5bba5341b4f565d |
| SHA512 | b9dab4aeb638cc3a87ffb69c95cf196b8c301112ea1e99ba8105dad5800ba53a12b8c58dfe4382333f3247902ac61a34a49f1ee60109d07e4dff21df5a5b65f6 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |