Malware Analysis Report

2024-09-22 21:57

Sample ID 240703-gefq7azelg
Target 21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118
SHA256 aa79d46aa459af0d46da380af6481f51369da4c4080a009028e83857dcd844f2
Tags
bitrat trojan upx discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aa79d46aa459af0d46da380af6481f51369da4c4080a009028e83857dcd844f2

Threat Level: Known bad

The file 21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118 was found to be: Known bad.

Malicious Activity Summary

bitrat trojan upx discovery

BitRAT

Downloads MZ/PE file

UPX packed file

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Downloads MZ/PE file

Checks installed software on the system

Suspicious use of SetThreadContext

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks computer location settings

Checks installed software on the system

Executes dropped EXE

Loads dropped DLL

Unsigned PE

Enumerates physical storage devices

NSIS installer

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Scheduled Task/Job: Scheduled Task

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-07-03 05:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-03 05:42

Reported

2024-07-03 05:45

Platform

win10v2004-20240508-en

Max time kernel

99s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe

"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"

C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe" "/nopatch"

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.amazongames.com udp
GB 18.244.114.82:443 download.amazongames.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 det-ta-g7g.amazon.com udp
US 18.234.8.50:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 82.114.244.18.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 50.8.234.18.in-addr.arpa udp
US 18.234.8.50:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 gaming.amazon.com udp
US 18.234.8.50:443 det-ta-g7g.amazon.com tcp
US 18.234.8.50:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 device-metrics-us-2.amazon.com udp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 52.46.136.120:443 unagi-na.amazon.com tcp
US 52.20.206.121:443 device-metrics-us-2.amazon.com tcp
US 18.234.8.50:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 120.136.46.52.in-addr.arpa udp
US 8.8.8.8:53 121.206.20.52.in-addr.arpa udp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 52.20.206.121:443 device-metrics-us-2.amazon.com tcp
US 67.220.243.81:443 unagi-na.amazon.com tcp
US 8.8.8.8:53 a8718q4nc6.execute-api.us-east-1.amazonaws.com udp
US 3.222.247.153:443 a8718q4nc6.execute-api.us-east-1.amazonaws.com tcp
US 8.8.8.8:53 153.247.222.3.in-addr.arpa udp
US 8.8.8.8:53 det-ta-g7g.amazon.com udp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 139.16.195.34.in-addr.arpa udp
US 8.8.8.8:53 81.243.220.67.in-addr.arpa udp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 52.54.36.84:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 174.129.165.207:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 device-metrics-us-2.amazon.com udp
US 8.8.8.8:53 207.165.129.174.in-addr.arpa udp
US 54.157.203.98:443 device-metrics-us-2.amazon.com tcp
US 8.8.8.8:53 98.203.157.54.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe

MD5 3f1a9950778e30d7e742506da20c0c14
SHA1 e61f35b01bd30aeb144b9136b52239956e0f1d7e
SHA256 f6e6eb9e27a83689960f2438d86512092db2532c97d460e9b2e6a23834fa48f3
SHA512 43f84f1d28bf6ebbf338970c20ecbb153bdbf4d199d036136663c26a504d6ad454dc18cb108e90b4329c74b483e82b513462e119d1f8df01b2e926e123c38808

C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Install_2024-07-03_05-42_0.log

MD5 3492e47ae90f01ced3332f5ba766e54d
SHA1 ee98df4a6ba6441deba67f11c6cc606739677f6d
SHA256 bea103ae11831223117890db8c887f3993974c4f36e1d28a167500ef529d3a84
SHA512 7cc275a774325ab6a9b0c2495c8f9c864c4541a6a751105e1cb4d954e805ab6415767608cfb54cd2a871e021e5826186efb42f06ceb21b911cf11921c90781af

C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Live-Install_2024-07-03_05-42_0.log

MD5 3fc92f03a907f7efc7f88746b7c56cba
SHA1 d3f69ed38285e33f012eabef54390b44bdb16d5e
SHA256 5349d99a04c6cba8333b48a4f381e3675124295eb43e4686d8c69ee1c813c27b
SHA512 8441ff9e9081f00336a705e37be51437cb65eb38d39b65b82672054bcfbc30e43fb3628fc8bf8886130b8b7d00b09c9013019946728bffb35728128b85e71cf3

Analysis: behavioral5

Detonation Overview

Submitted

2024-07-03 05:42

Reported

2024-07-03 05:45

Platform

win7-20240221-en

Max time kernel

149s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"

Signatures

BitRAT

trojan bitrat

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2336 set thread context of 2568 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

Enumerates physical storage devices

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2336 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 2336 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 2336 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 2336 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 2336 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2336 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2336 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2336 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2336 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2336 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2336 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2336 wrote to memory of 2568 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

Processes

C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe

"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmpE6F5.tmp"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

"{path}"

Network

Country Destination Domain Proto
US 8.8.8.8:53 curtisusa.hopto.org udp

Files

memory/2336-0-0x00000000743D1000-0x00000000743D2000-memory.dmp

memory/2336-1-0x00000000743D0000-0x000000007497B000-memory.dmp

memory/2336-2-0x00000000743D0000-0x000000007497B000-memory.dmp

memory/2336-3-0x00000000743D0000-0x000000007497B000-memory.dmp

memory/2336-4-0x00000000743D0000-0x000000007497B000-memory.dmp

memory/2336-5-0x00000000743D0000-0x000000007497B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpE6F5.tmp

MD5 8b5857f528414e7a411f2e387703bb34
SHA1 c2c11c832dd6a4f792a35d9eee815b557549afdb
SHA256 98eb38f9fe051a3f86c8e39fd5720ab088809c76e20c5bd37c9ce952d0c3c928
SHA512 422ce404785b3b5293e30fc18a742aa4dab2b8593103b4058454ba8f1a38271c4d2949f5d60fad555ce91b835270869fa8b0645be23acfbe60e108cb2269f783

memory/2568-16-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-18-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-20-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-19-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-17-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-12-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-11-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2568-9-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2336-21-0x00000000743D0000-0x000000007497B000-memory.dmp

memory/2568-22-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-23-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-29-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-27-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-26-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-30-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-31-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-32-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-33-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-35-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-34-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-36-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-37-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-38-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-39-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-41-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-40-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-42-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/2568-43-0x0000000000400000-0x00000000007E4000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-07-03 05:42

Reported

2024-07-03 05:45

Platform

win10v2004-20240611-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe N/A

Enumerates physical storage devices

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2976 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 2976 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 2976 wrote to memory of 4528 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 2976 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 3840 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2976 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

Processes

C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe

"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3476,i,6041070687820623968,3004230300437737550,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmpAE5C.tmp"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

"{path}"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

"{path}"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

"{path}"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

"{path}"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

"{path}"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp

Files

memory/2976-0-0x0000000075352000-0x0000000075353000-memory.dmp

memory/2976-1-0x0000000075350000-0x0000000075901000-memory.dmp

memory/2976-2-0x0000000075350000-0x0000000075901000-memory.dmp

memory/2976-3-0x0000000075352000-0x0000000075353000-memory.dmp

memory/2976-4-0x0000000075350000-0x0000000075901000-memory.dmp

memory/2976-5-0x0000000075350000-0x0000000075901000-memory.dmp

memory/2976-6-0x0000000075350000-0x0000000075901000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpAE5C.tmp

MD5 8d9bb847c6312d22200ac067d8437062
SHA1 3397fb88ccd00859bb83eb90073d63cce8ee4f6e
SHA256 35fd829dc12c2e19e06d25677c01c75e9d144ff69ae13542d90b3ad9f58d0602
SHA512 bf4f990bb7b74075ebd8302e59745baf709547af0ce771a712b472e927ea081fd602e2e9bdcfe17347e0872959dfca14b9aeff638bc9332fbd94cdff700cfc93

memory/2976-11-0x0000000075350000-0x0000000075901000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-03 05:42

Reported

2024-07-03 05:45

Platform

win7-20240611-en

Max time kernel

143s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe"

Signatures

BitRAT

trojan bitrat

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2008 set thread context of 672 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

Enumerates physical storage devices

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2040 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
PID 2040 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
PID 2040 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
PID 2040 wrote to memory of 2008 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
PID 2040 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
PID 2040 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
PID 2040 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
PID 2040 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
PID 2040 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
PID 2040 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
PID 2040 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
PID 2008 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 2008 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 2008 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 2008 wrote to memory of 2760 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 2008 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2008 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2008 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2008 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2008 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2008 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2008 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 2008 wrote to memory of 672 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

Processes

C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe

"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"

C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe

"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmp5773.tmp"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

"{path}"

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.amazongames.com udp
GB 18.244.114.55:443 download.amazongames.com tcp
US 8.8.8.8:53 det-ta-g7g.amazon.com udp
GB 18.244.114.55:443 download.amazongames.com tcp
US 52.54.36.84:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 d34q08dqzz17tk.cloudfront.net udp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 8.8.8.8:53 device-metrics-us-2.amazon.com udp
US 34.237.111.59:443 device-metrics-us-2.amazon.com tcp
US 52.94.242.239:443 unagi-na.amazon.com tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
US 34.237.111.59:443 device-metrics-us-2.amazon.com tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
US 8.8.8.8:53 device-metrics-us-2.amazon.com udp
US 52.202.2.34:443 device-metrics-us-2.amazon.com tcp
US 8.8.8.8:53 d34q08dqzz17tk.cloudfront.net udp
GB 13.249.247.10:443 d34q08dqzz17tk.cloudfront.net tcp
US 8.8.8.8:53 curtisusa.hopto.org udp

Files

\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe

MD5 cef6d09b553a93f81942da9838b1ac57
SHA1 c32fbf54b54dadabbae600645c417c163234daf5
SHA256 d9aa21479a1a55d57839aee6310cd6853b2bc5215337aa72316a96f7be7ff3e5
SHA512 05ed612b7d2e14b034a391d45b578e0eda2b52be3b8eeccb3534872de61d05d95b4b3e7f10bfa01ef6913d29a24404c8cf635c804f9fbe2820321078d1007928

\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe

MD5 02be3726c0a90958a3c30577d3b3a131
SHA1 bedbab8bd74a9d7313ba32ca033c81ec32c04706
SHA256 1a99f1054e51fe86416c59e5c526d69776fdabd7bb9831dbaab8582322121c7a
SHA512 662eaa8d3b112ef981d27832a2a46b0ecb55e2d1dcf49fe1fbd134e3c4e02758bc9ad3db2e25f53fc174e2083dd278967f405a768fdd814612c9a43bc6d1c713

memory/2008-13-0x0000000074A41000-0x0000000074A42000-memory.dmp

memory/2008-14-0x0000000074A40000-0x0000000074FEB000-memory.dmp

memory/2008-15-0x0000000074A40000-0x0000000074FEB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab8FF2.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarA48E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 922e24275b45a3e08b5b622c1a9888c0
SHA1 10f84632849bec8845fad5a11cc234ed23813e7c
SHA256 60d2e265f64a62f0631a8c2902971b4435ef7d904427811d556f9287234dccc0
SHA512 813da433a32d293ce197207981cdee4a9455ecb74d95895a40482ea3fec69be8655faa6d64d9be32a9f0dd6dbfd7c6b20ba29de31f0dcc3400fbf9619331f6e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df45ec9c5efc379d446150bbb7d76c39
SHA1 72e0f912aa674a23e9762802055a38b7ed40b100
SHA256 6ad44e28d96b4f7822069722a066e9247fb74f027d5bebf639b271c81b6ac255
SHA512 ced94bdaaa8287519f2682074a2b52c25746402e1efdd1b1fefa2209c31f2bedaacfe6101ec686bb57c86ac912c1165e55c65d0011b0cf07036e3f7ae5a010f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13d04aa8a1f299dd611d12e9116b72e2
SHA1 3d7cf67c68e3bbf85f8ea6e4da4cf79f128764b1
SHA256 e3407e125c395a270596297a57dc7890f2b8065fb9bf39eb138f71217de715a6
SHA512 430461988266d7ffd3fbe1a63b267358376ddbf8bb592d6a6865f86d4da776d8440e2a07a1186b2c366aa639dd47871a65850d111376ce7b72e286bd63c4073c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 6087d509e398ce20c29f51a065f35dc1
SHA1 01ce90a1ba5475477838738d8d581bd32c82fc5d
SHA256 9ddbc89adec6e31dd3fc2869a12a762099986bfdd194f194330848c91b1fd0b6
SHA512 6c9868a940541172ad05599fd20e22a62f2e635820e7cdc1747ada4a7d91211ac683af34084586dcb45194b6792bdf99e7c8ffa3e3b803cf49642d284b4365e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84adda7b4347318a29891da1e3f0dcfe
SHA1 43525faa8c9dd2495e04240e8a8b26b6bea9ddb4
SHA256 9ebd3a077a53d00b31948b89e7dfde9cfb335e565d63dc0de017019d6b5a1f2a
SHA512 5afa2ad51d155706a5011390df79070401ba27ffb2ac732ebee70fab52d63c9fc2202377cd9b343768aee075e828c02525dd65797fb8e267cbd5ff0fc470a874

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da7ab59ab2a89c170dd5df217893f37b
SHA1 30f89828fe1341d12eb1c54de7773c2d9cadbe9b
SHA256 e55b1daac575ee0e28b1ab9f69c253e62f6218d9050e6cbe892bed2e4ecde214
SHA512 c1787a9b8a9602ca8f7733ade60904390a969b2e959eed7eb92fe0eab0ef046d7c1535cee6025a57a95c46346fc8c53f199b6a81bddd4d898e8220a2f07b4da4

memory/2008-249-0x0000000074A40000-0x0000000074FEB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp5773.tmp

MD5 284fd59f49da1500d8c45952b5522b6b
SHA1 4a5fde9561effd14110c57914f09b68a977885e4
SHA256 a585fa86d0e738430dc701ebb76f1d589ad1d22c800e7f6eb89ac4cf703561cc
SHA512 be408c5fbe5e128dd1d8ef02740f3133e50d2f440100cc9a8075194ede8e400b3b83cff135bfcc191c6437e2613c3dc34ba078eb3dd51743eb36c3a2096818f6

memory/672-1769-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/672-1781-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/672-1784-0x0000000000400000-0x00000000007E4000-memory.dmp

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\static\public\core\minimal-981e9cdf8f1733c5922e.css

MD5 e3a0425c4d9a25d022c49bdeeb15c42d
SHA1 1faf1cc8abf9bc351827551d7d4548a4edc6a29e
SHA256 577281d9bbccbef71522e3f9f930ebf0d91fb26c0459f75172910cc43e25a2b4
SHA512 35fa151affdab631cec1ab3fa810a5c14ddaf1be7dada2a9d3a48e9305acad63f7dd70303e15fc5b822f1e002562963986b84334cfb6657106cb06220cc46ab3

memory/672-1780-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/672-1779-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2008-1795-0x0000000074A40000-0x0000000074FEB000-memory.dmp

memory/672-1773-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/672-1775-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/672-1836-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/672-1839-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/672-1845-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/672-1847-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/672-1846-0x0000000000400000-0x00000000007E4000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-03 05:42

Reported

2024-07-03 05:45

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe"

Signatures

BitRAT

trojan bitrat

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 416 set thread context of 3280 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\ = "URL: Amazon Games Handler" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\DefaultIcon C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\ = "URL:Amazon Games Client Handler" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\URL Protocol C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\shell C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\shell\open C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\URL Protocol C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\DefaultIcon C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open\command C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\amazon-games\shell\open\command C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3664 wrote to memory of 416 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
PID 3664 wrote to memory of 416 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
PID 3664 wrote to memory of 416 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
PID 3664 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
PID 3664 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
PID 3664 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
PID 2992 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe
PID 2992 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe
PID 2992 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe
PID 416 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 416 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 416 wrote to memory of 992 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\SysWOW64\schtasks.exe
PID 416 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 416 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 416 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 416 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 416 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 416 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 416 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
PID 3400 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
PID 3400 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
PID 3400 wrote to memory of 4960 N/A C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
PID 4960 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
PID 4960 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
PID 4960 wrote to memory of 3232 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
PID 4960 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 4960 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 4960 wrote to memory of 5004 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 5004 wrote to memory of 424 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

Processes

C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\21434ba1af9e80e0bb9d4e49e643d269_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe

"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"

C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe

"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"

C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe" "/nopatch"

C:\Windows\SysWOW64\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmp4DAE.tmp"

C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe

"{path}"

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe" " /channelId=87d38116-4cbf-4af0-a371-a5b498975346"

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe" "/appIpcName=AgsLaunch-App-Pipe-4960-1" "/coreProcessIpc=CoreProcess-Desktop-4960-1" " /channelId=87d38116-4cbf-4af0-a371-a5b498975346"

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" "--appIpcName=AgsLaunch-App-Pipe-4960-1"

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=gpu-process --field-trial-handle=1732,531994406252625094,15175762749655003858,131072 --disable-features=SpareRendererForSitePerProcess --enable-gpu-rasterization --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=4824797387329804 --mojo-platform-channel-handle=1744 --ignored=" --type=renderer " /prefetch:2

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=utility --field-trial-handle=1732,531994406252625094,15175762749655003858,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --service-request-channel-token=13390588264669485887 --mojo-platform-channel-handle=1900 /prefetch:8

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1732,531994406252625094,15175762749655003858,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=15985284081460852978 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1732,531994406252625094,15175762749655003858,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=8357101216230068294 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1732,531994406252625094,15175762749655003858,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --no-sandbox --no-zygote --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=17917153989176371979 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2808 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 download.amazongames.com udp
GB 18.244.114.82:443 download.amazongames.com tcp
US 8.8.8.8:53 82.114.244.18.in-addr.arpa udp
US 8.8.8.8:53 det-ta-g7g.amazon.com udp
US 52.54.36.84:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 52.54.36.84:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 84.36.54.52.in-addr.arpa udp
US 8.8.8.8:53 gaming.amazon.com udp
US 52.54.36.84:443 det-ta-g7g.amazon.com tcp
US 52.54.36.84:443 det-ta-g7g.amazon.com tcp
US 44.215.130.143:443 gaming.amazon.com tcp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 8.8.8.8:53 143.130.215.44.in-addr.arpa udp
US 8.8.8.8:53 device-metrics-us-2.amazon.com udp
US 54.166.21.152:443 device-metrics-us-2.amazon.com tcp
US 44.215.130.143:443 gaming.amazon.com tcp
US 52.46.138.216:443 unagi-na.amazon.com tcp
US 8.8.8.8:53 152.21.166.54.in-addr.arpa udp
US 54.166.21.152:443 device-metrics-us-2.amazon.com tcp
US 52.46.138.216:443 unagi-na.amazon.com tcp
US 8.8.8.8:53 216.138.46.52.in-addr.arpa udp
US 52.54.36.84:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 pg.distribution.games.a2z.com udp
GB 18.172.153.47:443 pg.distribution.games.a2z.com tcp
GB 18.172.153.47:443 pg.distribution.games.a2z.com tcp
GB 18.172.153.47:443 pg.distribution.games.a2z.com tcp
GB 18.172.153.47:443 pg.distribution.games.a2z.com tcp
GB 18.172.153.47:443 pg.distribution.games.a2z.com tcp
GB 18.172.153.47:443 pg.distribution.games.a2z.com tcp
GB 18.172.153.47:443 pg.distribution.games.a2z.com tcp
GB 18.172.153.47:443 pg.distribution.games.a2z.com tcp
US 8.8.8.8:53 47.153.172.18.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 54.166.21.152:443 device-metrics-us-2.amazon.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 54.166.21.152:443 device-metrics-us-2.amazon.com tcp
GB 18.172.153.47:443 pg.distribution.games.a2z.com tcp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 curtisusa.hopto.org udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 31.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 curtisusa.hopto.org udp
US 8.8.8.8:53 curtisusa.hopto.org udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 curtisusa.hopto.org udp
US 8.8.8.8:53 curtisusa.hopto.org udp
US 8.8.8.8:53 curtisusa.hopto.org udp
US 8.8.8.8:53 device-metrics-us-2.amazon.com udp
US 54.157.203.98:443 device-metrics-us-2.amazon.com tcp
US 8.8.8.8:53 98.203.157.54.in-addr.arpa udp
US 8.8.8.8:53 det-ta-g7g.amazon.com udp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 curtisusa.hopto.org udp
US 8.8.8.8:53 gaming.amazon.com udp
US 44.215.130.143:443 gaming.amazon.com tcp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 44.215.130.143:443 gaming.amazon.com tcp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 139.16.195.34.in-addr.arpa udp
US 8.8.8.8:53 www.amazon.com udp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 54.157.203.98:443 device-metrics-us-2.amazon.com tcp
US 52.46.153.141:443 unagi-na.amazon.com tcp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
GB 13.224.242.232:80 www.amazon.com tcp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
GB 13.224.242.232:80 www.amazon.com tcp
GB 13.224.242.232:80 www.amazon.com tcp
US 54.157.203.98:443 device-metrics-us-2.amazon.com tcp
US 52.46.153.141:443 unagi-na.amazon.com tcp
US 52.46.153.141:443 unagi-na.amazon.com tcp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 141.153.46.52.in-addr.arpa udp
US 8.8.8.8:53 232.242.224.13.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 13.224.242.232:80 www.amazon.com tcp
GB 13.224.242.232:80 www.amazon.com tcp
US 8.8.8.8:53 d29x207vrinatv.cloudfront.net udp
GB 18.165.196.101:443 d29x207vrinatv.cloudfront.net tcp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 52.46.153.141:443 unagi-na.amazon.com tcp
US 8.8.8.8:53 101.196.165.18.in-addr.arpa udp
US 8.8.8.8:53 www.amazon.com udp
SE 23.34.233.153:443 www.amazon.com tcp
US 8.8.8.8:53 images-na.ssl-images-amazon.com udp
GB 18.165.198.31:443 images-na.ssl-images-amazon.com tcp
GB 18.165.198.31:443 images-na.ssl-images-amazon.com tcp
US 8.8.8.8:53 static.siege-amazon.com udp
US 8.8.8.8:53 fls-na.amazon.com udp
US 100.26.91.123:443 fls-na.amazon.com tcp
US 8.8.8.8:53 m.media-amazon.com udp
GB 18.154.84.61:443 static.siege-amazon.com tcp
GB 18.165.198.31:443 m.media-amazon.com tcp
US 8.8.8.8:53 153.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 31.198.165.18.in-addr.arpa udp
US 8.8.8.8:53 61.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 123.91.26.100.in-addr.arpa udp
US 8.8.8.8:53 unagi.amazon.com udp
US 67.220.244.243:443 unagi.amazon.com tcp
US 67.220.244.243:443 unagi.amazon.com tcp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 67.220.246.67:443 unagi-na.amazon.com tcp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 243.244.220.67.in-addr.arpa udp
US 8.8.8.8:53 67.246.220.67.in-addr.arpa udp
US 8.8.8.8:53 curtisusa.hopto.org udp

Files

C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe

MD5 cef6d09b553a93f81942da9838b1ac57
SHA1 c32fbf54b54dadabbae600645c417c163234daf5
SHA256 d9aa21479a1a55d57839aee6310cd6853b2bc5215337aa72316a96f7be7ff3e5
SHA512 05ed612b7d2e14b034a391d45b578e0eda2b52be3b8eeccb3534872de61d05d95b4b3e7f10bfa01ef6913d29a24404c8cf635c804f9fbe2820321078d1007928

C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe

MD5 02be3726c0a90958a3c30577d3b3a131
SHA1 bedbab8bd74a9d7313ba32ca033c81ec32c04706
SHA256 1a99f1054e51fe86416c59e5c526d69776fdabd7bb9831dbaab8582322121c7a
SHA512 662eaa8d3b112ef981d27832a2a46b0ecb55e2d1dcf49fe1fbd134e3c4e02758bc9ad3db2e25f53fc174e2083dd278967f405a768fdd814612c9a43bc6d1c713

memory/416-20-0x0000000073322000-0x0000000073323000-memory.dmp

memory/416-22-0x0000000073320000-0x00000000738D1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe

MD5 3f1a9950778e30d7e742506da20c0c14
SHA1 e61f35b01bd30aeb144b9136b52239956e0f1d7e
SHA256 f6e6eb9e27a83689960f2438d86512092db2532c97d460e9b2e6a23834fa48f3
SHA512 43f84f1d28bf6ebbf338970c20ecbb153bdbf4d199d036136663c26a504d6ad454dc18cb108e90b4329c74b483e82b513462e119d1f8df01b2e926e123c38808

C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Install_2024-07-03_05-42_0.log

MD5 2ac94e180656f5f5a0c35a7536b9cdf1
SHA1 d5ae1553e37af0d6818a58c021b697d75b0fed0f
SHA256 ba7c230da6b1b39431eb496799d5314c6ec4b813a04bd9bc6c0458c1add3b7cd
SHA512 d585f135ca45f3cd0139b847e3902daaf34e753de780ff0ef7ba5f664f8e8cc156ce3b4f78c902af899f96b9a90ca25f7053d6a476e3de13b81d0969552f6e8c

memory/416-36-0x0000000073320000-0x00000000738D1000-memory.dmp

memory/416-37-0x0000000073320000-0x00000000738D1000-memory.dmp

memory/416-264-0x0000000073320000-0x00000000738D1000-memory.dmp

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\static\public\core\minimal-981e9cdf8f1733c5922e.css

MD5 e3a0425c4d9a25d022c49bdeeb15c42d
SHA1 1faf1cc8abf9bc351827551d7d4548a4edc6a29e
SHA256 577281d9bbccbef71522e3f9f930ebf0d91fb26c0459f75172910cc43e25a2b4
SHA512 35fa151affdab631cec1ab3fa810a5c14ddaf1be7dada2a9d3a48e9305acad63f7dd70303e15fc5b822f1e002562963986b84334cfb6657106cb06220cc46ab3

C:\Users\Admin\AppData\Local\Temp\tmp4DAE.tmp

MD5 37f35ccf14d19067b8953f28b0ee3b9d
SHA1 411bf26b63d94725a88413f1c070eda836db0a65
SHA256 41514b92588462a8ecdf9c8b6a8caf063e17d26820ad3aa2ac2d5250924459c0
SHA512 fd331c16198ed03fc1f3800064cddeef29c19222eee41678781d9bb4bb3d13181a46f4fb6be528c597ee5fbd1a861dde1cd0e35724a32c33d3a8a483721da2bd

memory/3280-316-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-318-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-317-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/416-350-0x0000000073320000-0x00000000738D1000-memory.dmp

memory/3280-409-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-414-0x0000000073E80000-0x0000000073EB9000-memory.dmp

memory/3280-421-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-429-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-438-0x0000000073F40000-0x0000000073F79000-memory.dmp

memory/3280-525-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-526-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-533-0x0000000073F40000-0x0000000073F79000-memory.dmp

memory/3280-1410-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-1411-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-1434-0x0000000073F40000-0x0000000073F79000-memory.dmp

memory/3280-1633-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-1634-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-1635-0x0000000073F40000-0x0000000073F79000-memory.dmp

memory/3280-1636-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-1637-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-1638-0x0000000073F40000-0x0000000073F79000-memory.dmp

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe

MD5 31c680c73261d867169c9859b0235fc4
SHA1 5a94d51dfe4c37acebc1b51d995ea1fcc8ab5f76
SHA256 cd4de592833fb5bc3ff1897cecb02cd0b24b4db6b9b09649c444388ca4425921
SHA512 d2f85d52108ee936743e5fc2e81a124d241b223bf4f10d10c807dc00146b537a757c9f6e5451b91f605b6245e4335544d4e1e80def515d219afb17794f41cb07

C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Live-Install_2024-07-03_05-42_0.log

MD5 9c5d71840e5cf919aa65794e117bea57
SHA1 075fef6f3c79eedadc2b4659076db5e0ef38bd98
SHA256 3646a73800124398b950d1e38c74e3a409d4ab3f2c9c3a3e65893693ce8441c0
SHA512 14411d2b210d42aa98e22afec1244233e2e3570c944df323c9b64b58d2bac6df7b18c4fa2607c0d93327aebf6ceb86930ddf16f227fbe2291d148d80f3901163

C:\Users\Admin\AppData\Local\Amazon Games\App\config\version

MD5 ac80959767118c54bd66e4eff3eaf60f
SHA1 52cdc9f40933aa7d6c27210357c65c06c71dad5e
SHA256 def0a05bebba79a57b937b999515541560d78df25f0f5cc46abb9724dd016390
SHA512 9b12269bd3af14c794e9ed958341bff6e3c58d009a5f6ec851a3ae52383b860f37dcd579ba79f6e21365ccfeb453228d751576fec818681e5cdd0b4f3a6293e6

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe

MD5 4a2243a493b4cccce8253c3c98466e52
SHA1 0540a62674a7c445f8608844a181c213b8872b7b
SHA256 e5f08df41f06926a4202e6da0fd9eb1bd4db49ebfb8feccbf4d646ea58f5a31d
SHA512 699b3c304f5f8d77eaf88284e9b798a954b08acc0b93ff7ee3930d20c51a6cda145fb3154e9c83d75f8da8af5c06cf6c4d548706237c9e7960de6bbca23bd6bd

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\clrjit.dll

MD5 e127d23181160e02391e628192b1d08a
SHA1 642c16276a9dc0c216e677be97df4e4aeb2836a6
SHA256 ce9037b6998a8171cb53cfa3725cc9bddd95ceba7fe4f9fd9fb43ac667ce4601
SHA512 7a557a26eb0442d79da66b34ff70c37d4e5d26c757493c58127265876c9c2d2da1e6cb9b70680ee4dbf3773dcb55b575010fc72b5528263f957b20f867d71465

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Runtime.dll

MD5 2a2145894b1e24529c3ec57fe204bd07
SHA1 0cfb1d48f6bfebe85abce1443193ad8f818318dd
SHA256 36764292c645fbbc92c31ecb3338f26093ac0f7e69f5c8f9b817b7b6f9f49ce2
SHA512 7c2ace08599763e6f2105ad30c7d9df1b38ac9febb7816d98957960a6c3138e2978614b084d82a36bb495bf0d2e135fd660ea1c906efd3aa4ebef4104f717da1

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.dll

MD5 e2baa50942a4fb2f3058312285871443
SHA1 7eece50e0157fecb52b40b5166d339224ae55529
SHA256 fb14d7eea78cc81b6a97d1372e5684643b2003e89f22d0ebfa4fa190209e0c59
SHA512 66e5204760d9777edcbc9371ddd85dd89a385bc8d8a9e051c44a5e37e1799d3721446ef833717dd455edd797ed7ab04651307fafea0c96ed04bd31c2c12455a0

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.Common.dll

MD5 2ef56d199c95016f8e2fa2924563a63b
SHA1 80b6c705c69415400d3f9d6c3c551d0a754a1036
SHA256 02e03da5c121355ed9503b2f5c458ad9fd302e5f98737b0802d2f685f19c6207
SHA512 79f8d40bb000949496f66ca84290e4d7de263e240ef0ab3dab2ac9cbb0c5d670165d443cc6f933a8735513e316eb925c9b11c531767a7382dbaf08e19c71874b

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Collections.dll

MD5 44b5aeddba5aa88a23e330cb37feb578
SHA1 5443d16d862a64c090a40f5c3dd2083868d17360
SHA256 8745aabaaa043e6d456b2b4d7864089bed544eb5204fc733b575e977b52b916f
SHA512 4bff95f4d1a928de5927d6c354fca12f48a701ad44f8713457ead8f271cef19216b39d731399709fb628aa4562ce461a2fa98878be61d0f493b6e6bfb74c8170

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Clients.Amazon.SushiEel.dll

MD5 def1264207064c93c506d93f68e00d1b
SHA1 922d3562ae1658aedcb03257a6c8d000eb72b4b4
SHA256 64b7fc18b8eb94504c42f7c1e94f952dde6355e6385f3bd57faefe5d72c6a42f
SHA512 5f063df63b3c3760fc3b8ff0dffcc99820d04c8c13b30413acc85354bca1975147939481a2e92976ea281139c9a11a92c3000388168327764d58831dec45d287

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.Plugin.Metrics.dll

MD5 2ebb58b9ff3e79c22cb1e0f39dd69373
SHA1 89174178783948fbe351f44d2114fd774c7ba8e0
SHA256 b02c64cc1d2698596b17eadb13583ce2fbacf94e5f4a7e4c2c0595f67a7779a1
SHA512 58fe4887760f9ed0a3aa80d4061d42beb9c65839225021b51b80073ca3b401c358533ce7e23fcac668a45387f0f7b73a750aeb23a52a1a1b2013a4cd88bd3ab5

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.IO.FileSystem.AccessControl.dll

MD5 2e189293fe78fc4fd452a19ef1beda88
SHA1 3d25f9de87ef1ded11cc5f06e865e249be000f0d
SHA256 8b837830416fb89021876d89010d84fb5b16c768b23cca017050fedac71c8024
SHA512 66262806f3a76e6db816832d87400354b037106073931f453ab56b16ef859c86421db5307e72f139067e82aa63561bb3d5fb47aef1f56837d0dabde5eb5e34ae

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.Plugin.PlatformServices_Windows.dll

MD5 054a4785c69ac8bf092d9520aa958990
SHA1 0ad7f3b54d5d186c66489d71f5149df7ed650244
SHA256 78309315b32c18cb21b132eec113871ba700663f76586fc85f8fd68bb8a4cb49
SHA512 4d0ee80bbd7ded67566b4b9d309f7dfd8f3afe768631df0c84e8c3849436fd189fa4ef979b13da0d685e1550c0a0deadcc508d70e18bde7a78b15a37e27ee540

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Auth.Map.dll

MD5 a20ea784957d2daa8c89ce83d1a6224e
SHA1 885155614b56c9461c47f2172803829927a92162
SHA256 4bd3f9bc9ebade987f7b64d2b7b5a914f7a777b4b67411fb037c1d1a401120c9
SHA512 b96e4b46e75b6bd1268920f3ab718f917f5afdbcd76e4c7d43dbab7adf08611e5019da21807dd5371610590f7b88437abb2fd679ecf8d58a965f3256b4570cf2

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Autofac.dll

MD5 dd58451c5f3fdbbd11bf565a330b39dc
SHA1 2f01c5c406b19661c157aaa6a667e05edefd907f
SHA256 fa0a4a0a4336e5bbe21b52d3465395d9ca774abba5160a6bc7222c66e98873d1
SHA512 66703d60678b7afbdc7421d0120f36b8ab9907fa823025964fb8ec000efe930047e3d8d6a31a9edb3667a20f85294b4693b1d8d1823377ec9b634afc537f8279

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Common.dll

MD5 6a5f1db67f427d30dfa2ddf12e907953
SHA1 5041bb87cadd4a9937850bfb04294617b2aa1632
SHA256 cd069bb34716cfdb31467e5925250800b3e4566696216df000d5eb2655d289a1
SHA512 5b3a8ef05ec9cf601f21003c18bd0d60ac29450c6d0f6da5b04c6ce17197ca5fd4ef9cb1377dd830cc2ee057ed462e6a13911deadb71f920e08345222002c901

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Fuel.AppCore.dll

MD5 21a482329ab443843691680022b04741
SHA1 f37ef6d7f91ac8f45675185b208f3ce5924784e1
SHA256 21c3889fb04db3ed95ccfa18b7b77e24ef97a6ca6ca8781f92a8869b7bb342c8
SHA512 95e3e5b55ffddcaa6cd8c105c73b2d9a13e4f5ec2c10865ee0eeb828dc5473597fb73223f61d034136a642024193af37554a70f3d637eb96e369471512da9b28

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon.Radium.dll

MD5 68e5cc898e4d20903f328a8cb5cb4b20
SHA1 384419d5f5b5456021d4840083cdd07d75069401
SHA256 93f6eefed273692794908e749da072e70c5e158b584b9ef09d4184e56dfb94ac
SHA512 1d93c9be02e52a33b9d9a561938e8c87b024223585d2498bf1ffa70cee5b7bfa2f0a4ce0718bd8341cb399a865ebf00d5a9b8b8d59630e5a26df2068352dd86f

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Xaml.dll

MD5 88f8ecfe3166e18f2b41d8b17fcbb482
SHA1 898e6ac7466fb2f81fb96094b859e5577f3b5b22
SHA256 88047cae06586b8f2d2c54e3229d0bf19ee1e224aa96c26358bd89c22834922f
SHA512 067375d27b28023a342b0d6b9e91e041d9bda9514075cd5efca8214b530afcf1ff75229f4498c1a6362368642865389fffe961431d2470cf01c1ec3bc07db764

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\WindowsBase.dll

MD5 0f7a6e65d184213c41fa4b3e39fcbda6
SHA1 f0825f4c1ca0d37367ff02f66a4b3c93053a102f
SHA256 996e60b5d8e2109d6dc69e6e29462188f61fa4c70db2edf54070ea5174a206b0
SHA512 91671c769e77c8ae6da3a3cd5a6f7f8f208c02a39f7f9bd2076b3ace23c96b681b8ae5e28de2fb9878819ac633bf46cf0bbc81fceb9ec5f7af8e4b6a99a7149b

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\PresentationFramework.dll

MD5 21d518f466d3815df618253efb11a09b
SHA1 5ac9d1dc00bace95006ca44b8cb4a559219a522b
SHA256 3dc0ddd44a4475e62c2a97172e0721f07f4f1f5d163fe4e77dd999043ba05734
SHA512 d96aeb4727ca6c2d818c5c17341e5625481774a330c66533670d6507d7dc267b2b66e01fd9b43dc4aafaba4ec766b71217fdd14c73c3f518ca8351822552b8f6

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Private.CoreLib.dll

MD5 d3cfe3422fb4d5a93c1cf9807debd230
SHA1 41a3f27c2e812b24bdf269c9c590b300404bd5d9
SHA256 5064262dc838d4fdd458a70312f6945f56e153519fa4d6808b34738018753625
SHA512 e659f1290ce7b139d89eafea18d879ee029d82d361d9b3aa511b63aadc00a73f1821505e61633fe2aefcc8d73016471336b88ecf17d15c8aff9c5ac1299db21e

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\coreclr.dll

MD5 99004b84b758edc90f90671221152667
SHA1 9a22738517dac9fc717d6f9324a24aeee6dc93e6
SHA256 ab0ee337d10c8225134603f1dc5f70631fc7a3dc49500e254efca7c60b145f67
SHA512 662c00d3bcf76eb8fb603a681ca029824ca1bb65064790da405e95db6c363ebe9cf897f8420b5f79b6653eed17aebcf81e4dfe81652f0dbe674ba4fd54c9adb0

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostpolicy.dll

MD5 da0f874eeee4c0f45cd0a9bd044c7db7
SHA1 c7edd0703429c6f49f7bae3a43366ef99e051d7f
SHA256 4f3934c1bcac7827078702d9ef21ecd4af5652595a115bc578d026bb03b60bd8
SHA512 c6577c80375fcc406d110254120e1d37a450ad2114b0c72a14045ee0dc064d7e3208ff599832d0ae6445c002b0993cee808153a83d47a21105f2f84cdd2aef16

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostfxr.dll

MD5 1bc17073c940e2cb486d4c5a361c5df4
SHA1 218c6cfac172af7477039761ba03de0a899a3e29
SHA256 50a853d23c8d2832da1183abd20ae446585cebcd902858f3bd0181fa4bf3c6b6
SHA512 ace997a3e1460ba387d9a051384f981f872b6470652c64abb344a4a2c55e19388870989e6104bcae8b168df8c62d34c43853d61b9940ffff19d582f76a2ec7a5

memory/3280-1742-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-1743-0x0000000000400000-0x00000000007E4000-memory.dmp

memory/3280-1744-0x000000006D410000-0x000000006D449000-memory.dmp

C:\Users\Admin\AppData\Local\Amazon Games\Data\Games\Sql\CommonData.sqlite

MD5 fb0948531d6670dbab44abdcfc79335b
SHA1 4fbebb3510ca0a5446fd89153d2af95bb1b52f6f
SHA256 0e67f05bbffde815066f3a357ffb082dd33b94cc37478baa4da7b0a401009c06
SHA512 f06f49127de89ba173a33c28fbe5e44786283cb2e9b8f07af08b1263d0cb67e82f2913eae2756d6393182459c9b3bb2fa3857404d331f49fac139132778c2c20

C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\ElectronMain\ElectronMain-2024-07-03-05-45-12.log

MD5 ea6a89866a965ab52a3e23eb18914cca
SHA1 bf3adb55f3977dcedc3a7b04228651e61aacab24
SHA256 0e044f24e209765440eb5528fd075f94bd526b2a4e30d928bfee6463f25f0d55
SHA512 2eb1b05b643f91a475e4f93da1d67e724822c98dca72b3a5843d59a1f0463ae2b9eeb58b5dd9db9eb42a8fb88e93f08972f5791106ccb05f46d11e7152770f99

C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\ElectronMain\ElectronMain-2024-07-03-05-45-12.log

MD5 419feb0911942d35ea815b7c0670b2f5
SHA1 68d913aee0d4f3e5d26df0ba5ddf5e160cad8227
SHA256 7b0fb4db1eccafb738e43e794b7e82e63029d091666c634505868ba313d22957
SHA512 61d5f2e09507d3ce48ba7339536fd9de5365c98ecce22e2f599a21d0a9b4e3c78a3a31069aa1e7e10b7a6bf20c039513e321a8b3aaa243336ba5fa4ae24bba58

C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-03 05:42

Reported

2024-07-03 05:45

Platform

win7-20240611-en

Max time kernel

149s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A

Checks installed software on the system

discovery

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open\command C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell\open\command C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell\open C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\DefaultIcon C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\shell C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\URL Protocol C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\ = "URL: Amazon Games Handler" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\URL Protocol C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\DefaultIcon C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\amazon-games\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Amazon Games\\App\\Amazon Games.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000_CLASSES\amazon-games\ = "URL:Amazon Games Client Handler" C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2804 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
PID 2804 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
PID 2804 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
PID 2804 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
PID 1664 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
PID 1664 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
PID 1664 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
PID 1664 wrote to memory of 2044 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe
PID 1664 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 1664 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 1664 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 1664 wrote to memory of 2332 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2132 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 1936 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 1880 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe
PID 2332 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

Processes

C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe

"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe" " /channelId=87d38116-4cbf-4af0-a371-a5b498975346"

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe" "/appIpcName=AgsLaunch-App-Pipe-1664-1" "/coreProcessIpc=CoreProcess-Desktop-1664-1" " /channelId=87d38116-4cbf-4af0-a371-a5b498975346"

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" "--appIpcName=AgsLaunch-App-Pipe-1664-1"

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=gpu-process --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --enable-gpu-rasterization --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=996633530453286117 --mojo-platform-channel-handle=1032 --ignored=" --type=renderer " /prefetch:2

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=utility --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --service-request-channel-token=9231588390363730714 --mojo-platform-channel-handle=1424 /prefetch:8

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=1176364511797248632 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1668 /prefetch:1

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --enable-experimental-web-platform-features --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar\preload.js" --background-color=#000 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=4611706300489442804 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=gpu-process --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --enable-gpu-rasterization --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --service-request-channel-token=632278421001797710 --mojo-platform-channel-handle=1032 --ignored=" --type=renderer " /prefetch:2

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe

"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\Amazon Games UI.exe" --type=renderer --field-trial-handle=1020,18259364782131143274,14291645683734929291,131072 --disable-features=SpareRendererForSitePerProcess --disable-gpu-compositing --lang=en-US --standard-schemes=sonic --secure-schemes=sonic --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --app-user-model-id=Amazon.AmazonGamesApp --app-path="C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\app.asar" --no-sandbox --no-zygote --context-isolation --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --service-request-channel-token=6146074084904742019 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 download.amazongames.com udp
GB 18.244.114.55:443 download.amazongames.com tcp
GB 18.244.114.55:443 download.amazongames.com tcp
US 8.8.8.8:53 d34q08dqzz17tk.cloudfront.net udp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
US 8.8.8.8:53 det-ta-g7g.amazon.com udp
US 174.129.165.207:443 det-ta-g7g.amazon.com tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 8.8.8.8:53 device-metrics-us-2.amazon.com udp
US 44.198.224.47:443 device-metrics-us-2.amazon.com tcp
US 52.46.136.40:443 unagi-na.amazon.com tcp
GB 13.249.247.65:443 d34q08dqzz17tk.cloudfront.net tcp
US 8.8.8.8:53 device-metrics-us-2.amazon.com udp
US 44.198.224.47:443 device-metrics-us-2.amazon.com tcp
US 8.8.8.8:53 d34q08dqzz17tk.cloudfront.net udp
GB 13.249.247.10:443 d34q08dqzz17tk.cloudfront.net tcp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 8.8.8.8:53 gaming.amazon.com udp
US 52.46.132.116:443 unagi-na.amazon.com tcp
US 44.215.130.143:443 gaming.amazon.com tcp
US 8.8.8.8:53 www.amazon.com udp
GB 13.224.242.232:443 www.amazon.com tcp
US 44.215.130.143:443 gaming.amazon.com tcp
US 8.8.8.8:53 det-ta-g7g.amazon.com udp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 8.8.8.8:53 device-metrics-us-2.amazon.com udp
US 3.227.83.236:443 device-metrics-us-2.amazon.com tcp
GB 13.224.242.232:443 www.amazon.com tcp
US 8.8.8.8:53 d34q08dqzz17tk.cloudfront.net udp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
US 34.195.16.139:443 det-ta-g7g.amazon.com tcp
GB 13.249.247.228:443 d34q08dqzz17tk.cloudfront.net tcp
US 3.227.83.236:443 device-metrics-us-2.amazon.com tcp
GB 13.224.242.232:80 www.amazon.com tcp
GB 13.224.242.232:80 www.amazon.com tcp
GB 13.224.242.232:80 www.amazon.com tcp
US 52.46.132.116:443 unagi-na.amazon.com tcp
US 52.46.132.116:443 unagi-na.amazon.com tcp
GB 13.224.242.232:80 www.amazon.com tcp
GB 13.224.242.232:80 www.amazon.com tcp
US 8.8.8.8:53 d29x207vrinatv.cloudfront.net udp
GB 18.165.196.101:443 d29x207vrinatv.cloudfront.net tcp
US 8.8.8.8:53 www.amazon.com udp
GB 13.224.242.232:443 www.amazon.com tcp
US 8.8.8.8:53 images-na.ssl-images-amazon.com udp
US 151.101.129.16:443 images-na.ssl-images-amazon.com tcp
US 151.101.129.16:443 images-na.ssl-images-amazon.com tcp
US 8.8.8.8:53 static.siege-amazon.com udp
US 8.8.8.8:53 fls-na.amazon.com udp
GB 18.154.84.26:443 static.siege-amazon.com tcp
US 8.8.8.8:53 m.media-amazon.com udp
US 52.87.84.146:443 fls-na.amazon.com tcp
GB 18.154.87.195:443 m.media-amazon.com tcp
GB 18.154.87.195:443 m.media-amazon.com tcp
US 151.101.129.16:443 images-na.ssl-images-amazon.com tcp
US 8.8.8.8:53 unagi.amazon.com udp
US 52.94.236.45:443 unagi.amazon.com tcp
US 52.94.236.45:443 unagi.amazon.com tcp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 67.220.246.67:443 unagi-na.amazon.com tcp
US 52.94.236.45:443 unagi.amazon.com tcp
US 8.8.8.8:53 unagi-na.amazon.com udp
US 209.54.180.209:443 unagi-na.amazon.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1289.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar12CB.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b2c7a980e39f135235b13456db9813f
SHA1 73e358df51c0055f54f2aad06a6064b6a1ce5ebf
SHA256 8c952c4bcc2ab119359d74a1d12c0633cd4325817c8b0606453d372415ca713d
SHA512 ab380740c07673680cd342716dd1603b37d584250f15aa05091d7bcc72d8efe72a315a47a866577dc70b42b82c24438a9a15452b4fd37fa9b1bed3cb5380e0c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddfde6512ce397ef7c25f14347077265
SHA1 e7ef728538d2577616e9072195d15ea352afaa72
SHA256 10ee6cae4b615fe50a81a2c4315990a052fea84aaef6ec0fc1d7dd69edd44617
SHA512 f8da2937aeb0bcf10588341e02618f0694c0b0bfb69fbd965a41286a08f926d683469488e7f15c0b90ca19c2412cf9e0ff715c9185173ee85281d74accd4d55e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f65a5300f5312b5cc278df954d406ca3
SHA1 4c213effb16bb4e2c9f37d2c6bc51fb0128c016a
SHA256 4495dbdd5d3b492cee5aec4edf0ace3d35176d751ce2cfd069360d576684970d
SHA512 03b9ef35349120cfe0d93b83d5693973a76465cb0355a7c4b6fbdefec12af20ea71208a6bfb0063440f54a2646135c8cf49faa958cab73c64c0f440f5abd8dad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 362ef001d8d55d68d592e7507a7b2925
SHA1 35e73523fd136529fdb32eaf181408cb190e1368
SHA256 7e68d0716f9b23599d4e5a614c6ace22495e9e5864f15d9c7109d4dd8d7bf33f
SHA512 abe2860d2033b47fcdbc0f5fc1107c7e8dabda7da3f9ca564e9977c6635363c226e39e7b4a1869b76aaa1a325de7cb7d4a1dbc045fa898da76578eba23e6313c

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\static\public\core\minimal-981e9cdf8f1733c5922e.css

MD5 e3a0425c4d9a25d022c49bdeeb15c42d
SHA1 1faf1cc8abf9bc351827551d7d4548a4edc6a29e
SHA256 577281d9bbccbef71522e3f9f930ebf0d91fb26c0459f75172910cc43e25a2b4
SHA512 35fa151affdab631cec1ab3fa810a5c14ddaf1be7dada2a9d3a48e9305acad63f7dd70303e15fc5b822f1e002562963986b84334cfb6657106cb06220cc46ab3

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe

MD5 238b9152bd1f02939e2033cb9a21a21e
SHA1 2e7c8a10e6bf4bebe8fcb42f528002d1fd0d746b
SHA256 25a9fa08338f0e155ef7ff25fc5470d8bd6c9c002326111e0fc2216709a777cd
SHA512 8dc8b9fc1e2d32f4ee83b0eb1773c4689d3e9a8aea3e686271b7b31ecf88d824207c0f81ebd36846e717d2250b7c8a291b5538fde34909632d64ae221b3defff

C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Install_2024-07-03_05-42_0.log

MD5 e83eca7f0900b7a333ba8f5052e72685
SHA1 b41b3e1ffd548e6fe7c48737cba94f4082065736
SHA256 e72a544d8505e66569e9a31e3b8bafb196db45563dee46852240c42d485aa391
SHA512 8b7df373626897d2459c710adaef36a9ae92c2e330c026fc68eba1b10076c427ed9e3595a4d7d43ba3aaad309adce9fce1023b09825af90f0236ac452b200b0b

C:\Users\Admin\AppData\Local\Amazon Games\App\config\version

MD5 e5fd47d470b34f4852f4f8e054665d4e
SHA1 a3a635521bebb5802784d4bbdb9e57eedde8488c
SHA256 c5a98d833029251f42563562041e0841ebe586f47b99d34e17de7f4c9286665e
SHA512 9d6df93d25b2b3466f30cb4a25e84fedbbdfe17a5e88c7a1b57da7507742dd922d8c8e5614b32aed196c5540f6866a34c8ea8fbe15bd358eddea293cbd67255c

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.exe

MD5 fe23656081c5bd7b8ae9ae2b9d839626
SHA1 b9ffcbe686da844867de4ec7d6ed7cd7461a7932
SHA256 8fd08ad4c69a69de51c4cb636ca793b60d9008eb27fa3ee8fae2685dab082d4b
SHA512 23f892c00847f73d4a1a627ef0677c4808d2ff5ff330a6795f5949e572eb189549c96b1bc0f043cec251cb1b66e834690a6ab295dbc6a9ab1bd2c39b0dfc715f

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-synch-l1-2-0.dll

MD5 e162b53ff1f872345471989d20374f36
SHA1 232c1427096188e791ab0db44bf309cbefe20413
SHA256 3f61c83e3dcbe7f03195efcbabd9fd1ca75ee6359828e45733a53cc1fb1183f6
SHA512 2d60d609cb281cd4f2fa1c6369d2f75afa0d9f43df681a5f42e85f51d5bf57bb4e23c8e041b3fbae703706b8f82db9d27d1f650cf5bb9088e4f222ce1734ffd9

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-file-l2-1-0.dll

MD5 5ee963beea8ab70e4837b3ddc3dfa780
SHA1 08d253b2d5d44f4f01c5c8cd32a53202f46ea050
SHA256 7ec7ff7c30d637a2b2bdf202befc401d9840bd38aaf10633c7cbf03aaed80ba3
SHA512 c1cfc308a25196c1661e579f270aebb40685fbb478590be155a65cd79dda03d70ef53211fff6e1fc0c07b620ea92e05db8529b707c41e0aa7f3f82f23d764fdf

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-time-l1-1-0.dll

MD5 e78951b33f1a259b3b9c0b406ac816a4
SHA1 22ab7641feab19e0d3c2992f377c4164e3f7e74b
SHA256 62886805ad32f151b6230358e1da74db1bfc8adbfdc316fda111cb8431a733d8
SHA512 9f6d378326bf9102b9983053f105c51ad09cb80f478ac97af9269bfe2633f3210a9ae56e55dee6eadc00f5f7841654a13f1d274bcf590de56ceb3e68674bcec5

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-utility-l1-1-0.dll

MD5 1d8042874eddebe39e60fbf8e1dfd3d0
SHA1 aac2ee2ea006022646b6c0d7cea93e248cff62f1
SHA256 4e71c955de0a9e71ecd6749d73f6f07364bea34c125a61261a9efe2b76ba98e5
SHA512 a74eaafaf0643935a5de9138059b08d972a05cae3f859fe7da28a370e2a4fb46ae00d8b986afa06f353eef2db104e60a5f40f07a5a87ccbe644e8f433b29b621

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\coreclr.dll

MD5 99004b84b758edc90f90671221152667
SHA1 9a22738517dac9fc717d6f9324a24aeee6dc93e6
SHA256 ab0ee337d10c8225134603f1dc5f70631fc7a3dc49500e254efca7c60b145f67
SHA512 662c00d3bcf76eb8fb603a681ca029824ca1bb65064790da405e95db6c363ebe9cf897f8420b5f79b6653eed17aebcf81e4dfe81652f0dbe674ba4fd54c9adb0

C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Private.CoreLib.dll

MD5 d3cfe3422fb4d5a93c1cf9807debd230
SHA1 41a3f27c2e812b24bdf269c9c590b300404bd5d9
SHA256 5064262dc838d4fdd458a70312f6945f56e153519fa4d6808b34738018753625
SHA512 e659f1290ce7b139d89eafea18d879ee029d82d361d9b3aa511b63aadc00a73f1821505e61633fe2aefcc8d73016471336b88ecf17d15c8aff9c5ac1299db21e

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostpolicy.dll

MD5 da0f874eeee4c0f45cd0a9bd044c7db7
SHA1 c7edd0703429c6f49f7bae3a43366ef99e051d7f
SHA256 4f3934c1bcac7827078702d9ef21ecd4af5652595a115bc578d026bb03b60bd8
SHA512 c6577c80375fcc406d110254120e1d37a450ad2114b0c72a14045ee0dc064d7e3208ff599832d0ae6445c002b0993cee808153a83d47a21105f2f84cdd2aef16

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 e795f694529fc430e0b0e25884e6a24e
SHA1 6c86a0bd746f55fd731a30f378e5f21c4fb2e2b7
SHA256 0ebae37459eb25ef518c47c454e6af81b076d0fdc5fed1674806551259435584
SHA512 c71622d473c68d7ae87cba663f38c08fb1b4ec0786e364f6863fbdf2711a7faac1e5cd18ba0912c318627cd58d7fc836ef0dd993a9444c846ec298502e04fc66

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\hostfxr.dll

MD5 1bc17073c940e2cb486d4c5a361c5df4
SHA1 218c6cfac172af7477039761ba03de0a899a3e29
SHA256 50a853d23c8d2832da1183abd20ae446585cebcd902858f3bd0181fa4bf3c6b6
SHA512 ace997a3e1460ba387d9a051384f981f872b6470652c64abb344a4a2c55e19388870989e6104bcae8b168df8c62d34c43853d61b9940ffff19d582f76a2ec7a5

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-math-l1-1-0.dll

MD5 b330487f1ccd5fc821fa117f8b57a5b4
SHA1 c32a5df20c4380aa5666011d860c1ce2fbfd354c
SHA256 5e40b97f5e5a1577bf30e91dfacc0e74e1cffb6c2beb270777cc0a5db065947f
SHA512 a5e4f57a94ec1bca577288458413627ec9b2c5d7b71d5f27a2c153002a9dd4dbdd128c89c35623b3f038a94844a50622ff65751476a5eef932765a96cb3ecc1c

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-locale-l1-1-0.dll

MD5 49c9af5961980346905239d9988cd041
SHA1 d679539617cf74ec04d75f450ef93d94abecac28
SHA256 f7cb5d3347d5a13b8bcce06821ba75043fce87f298131e23155753b56a48297e
SHA512 f2e04aff6d502d47946d8f0f9337e81fcc9c23608163d276c3cd304b3ef42e4d07d6f00e3606a6c2f2eadefc23fda3af55c1cefb7912def815e5c339208719b0

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-convert-l1-1-0.dll

MD5 b42f3df73d062dcf7c61eb3e455fe1c6
SHA1 cdba01951de434f36b9100c7db2316bd0728abac
SHA256 3d205605ed371704d2de5fa0511fb4ad2f791c81e5781ed3c4464881efd8523b
SHA512 b70c49f8494b600483a858210a5bb73c0a052460e34aa16290f32ec6af68095b38b7436fbae34273048ecd058c7fd40ce1c6184ea21171afe291c29e249253f0

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-string-l1-1-0.dll

MD5 2c4f5369a8c60a6d8107f474d2942859
SHA1 9e52ae6e0397672fdbf251217cea25201f11004a
SHA256 c8138031537a27fd364f359d48db88485c4a0d668ed2983ff5f6edf0bffcd91f
SHA512 efe27d138cdae009e4aea9aaf31c899cc60389ed644f042ff3b656c3a24fc8a98420d90ad86fa16ef95bd14b918eaaab926f2ad20ad47e0831842eec2b136a29

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-heap-l1-1-0.dll

MD5 fb887fed29c62e516005fadb6838d521
SHA1 c1b783800f33aed8f67953e0816c1792e976c62a
SHA256 f989de398e969df49c108ef53f5e152eb35f7a7d0e19974aa9f24a995e5c9e11
SHA512 d895e2c83578400174bd0d316e790b1b5c7400b7e24f8ac4ab1964701821f4ae7fac4ef308e4bdd09ad774cfcd54b1f0176da0911437759439a1e2a0d99cb13d

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-stdio-l1-1-0.dll

MD5 38799420c40507472fd54b3ba205db3e
SHA1 84d04a2e360f16da027b84d51aab649154979232
SHA256 eec15efdf7caa058cb7f721a1c4e5d3f1c97039c4b6bfe2b32f789e10756106f
SHA512 cde6ff6b3dc908dcf932b4e308c99589af3bcfe8aa06a416db107e948616ba7517c3ef882a59fbecf2b3ea92290f90123d5a6f4c355bc1d89a5f4745ee886833

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\System.Runtime.dll

MD5 2a2145894b1e24529c3ec57fe204bd07
SHA1 0cfb1d48f6bfebe85abce1443193ad8f818318dd
SHA256 36764292c645fbbc92c31ecb3338f26093ac0f7e69f5c8f9b817b7b6f9f49ce2
SHA512 7c2ace08599763e6f2105ad30c7d9df1b38ac9febb7816d98957960a6c3138e2978614b084d82a36bb495bf0d2e135fd660ea1c906efd3aa4ebef4104f717da1

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\Amazon Games Services.dll

MD5 deba6c8e0c0d675d603a6abac1758405
SHA1 a7256d4a7edfe4cf9ef2acfb666e885b8a94af21
SHA256 e19a9367128f32949f564dc56616d4634ad76906a38df14aa54e071a16edddbd
SHA512 fe37ed5960b4d41754cf7ccf1058779689c2a35f29a38e698f880a27640cd7e853ebf6d2f4c9e9d15d98c3e363fa6cb7c7b898fc4ea60061d31d7106a7713c6c

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\clrjit.dll

MD5 e127d23181160e02391e628192b1d08a
SHA1 642c16276a9dc0c216e677be97df4e4aeb2836a6
SHA256 ce9037b6998a8171cb53cfa3725cc9bddd95ceba7fe4f9fd9fb43ac667ce4601
SHA512 7a557a26eb0442d79da66b34ff70c37d4e5d26c757493c58127265876c9c2d2da1e6cb9b70680ee4dbf3773dcb55b575010fc72b5528263f957b20f867d71465

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\ffmpeg.dll

MD5 a7942e3c5b8ce9c602fe8c64d9e8a42b
SHA1 eada931fd2054bcb3159aae30221d067f8bc39e3
SHA256 7d0ea22c750c6df0872a9cf76b55a62e197db1bdd6ead8ed967d627a84255994
SHA512 20699ac7a6b6d41e8748b0a13b7e949224e458d798442cf2d7fb5e2b06d4201f10378136d0ddc373ca5ecf405505565ff5e2fa6bdc86e49dd3d3b3f1a16df57e

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-timezone-l1-1-0.dll

MD5 a99dafdd0eb1668ae60d4898338dbed3
SHA1 504687e909f0730e3c4db6ee14578b055e99743d
SHA256 ed383bc5365e2d9ff18c0867d4e2f8682ced6e45b0875b55cfcfb7bc87e6b301
SHA512 72af70f554a66280d6ac53a0cac342dc6e0b7fb8975757a404576101fd0f7445a1bcc8778fe5d7084f382a843710af4c94a9fcb9c230931b0b8b5e5ad3dcfa53

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-file-l1-2-0.dll

MD5 2f3ed68e88962a3db91fddff116043c6
SHA1 f89f28cd1a2afb247c483ec5d3373687acd9f0f3
SHA256 94285b076bc56f70b600340cb8e462fa860745a4e259a01a5faf200365b626eb
SHA512 99965f02106a278ccffa953849546008595a38eaa21e81f6b72d8635931b6e32bdb44c96e4ed52df374ed765138ff5e2a97d6dd1878e9bb062d7d5b7332bd247

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-processthreads-l1-1-1.dll

MD5 3041be8b8f3e2e99d6f7fafcaf428648
SHA1 9ff03d218278bd12fc1406d21d58f5c4dca8e3c2
SHA256 7f1a83c6b5d0a856ea8c7952fd4c637a9ac7e663a620571afdcec7af6c68a960
SHA512 dcb59dd2ebafa0ac64fc35dbf6b9ce3c22bd857a93e64bd64b53c9c35dec3c026b6d25c9a848968dd00cb8dd01b4b6755fa2273b540e1db7ccfce32a2a97f112

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-core-localization-l1-2-0.dll

MD5 1d309498972c67db409bff7c34ad30af
SHA1 0bc9a4d52e482129bb3e52ad6c6b12bcb3f9f27f
SHA256 2f0973102f1d2e78158e80b0eea8a5f63085cb3088624227bc89c337dcea96d3
SHA512 933380e33119a42de01d06ea2aa9970f1db5f3a9a9dcdd08d35e18ed6365f75b94cf3a146f11e6f3f3c8da118f46a6224f3fd0e2c1736c9d667b948dca794d4f

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\ucrtbase.dll

MD5 5fef2fd676d7a1ac1bbf2cc9ba5c1a29
SHA1 3716deef1ba1915e06111199b1b6ab9e1d0649a4
SHA256 1f1ce96469c20279003cf9ec59f452febed2dd7f6e6c055ae8019216105c8f3b
SHA512 d6ebd0a633075040237bd30447af9d88672163f40f2ecd4197c9b4fb191225212b789cd514ce2f81f695cc485173705582e4dbf6b8f9fc40c03936a31919e064

\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games Services\api-ms-win-crt-runtime-l1-1-0.dll

MD5 0792930cced35a6b7afd0548a380d5d1
SHA1 45139b80525961c5aadffc3b4e44720f144da878
SHA256 f0e0d8b65a8cf88355a7c2fd401cee5ff4bcb7965a888f4361ad14a054517fd7
SHA512 df1ca5b417e5ec7a6600eee4e5ebb8de557ccd7883174ca47e4b69e0138c6af4afeae0cb2d2f8c3b32c128e92c725dcd4739d40911e15571bc5573289796f3d5

C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\ElectronMain\ElectronMain-2024-07-03-05-45-11.log

MD5 4b7caadd5bbaca89cab1ee3e225982d5
SHA1 6d3be33e462bd059d951bdbb4a74ee552a014978
SHA256 1e16190f0d3f4c1c3885d0b0b110868407d97bc40fecfd872ed79ea9aaea1c83
SHA512 5291b1952d59bc4256bedfdcacca82646724293d20ca79f53771aabe9ce040756e2dd86bac202d07f0f85263c8e0adc42ed5c29d510860f04b9717eb425675e5

memory/2132-1904-0x0000000000690000-0x0000000000691000-memory.dmp

C:\Users\Admin\AppData\Local\Amazon Games\Data\Games\Sql\CommonData.sqlite

MD5 fb0948531d6670dbab44abdcfc79335b
SHA1 4fbebb3510ca0a5446fd89153d2af95bb1b52f6f
SHA256 0e67f05bbffde815066f3a357ffb082dd33b94cc37478baa4da7b0a401009c06
SHA512 f06f49127de89ba173a33c28fbe5e44786283cb2e9b8f07af08b1263d0cb67e82f2913eae2756d6393182459c9b3bb2fa3857404d331f49fac139132778c2c20

C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\ElectronMain\ElectronMain-2024-07-03-05-45-11.log

MD5 137c457348234fbe11fc1c3be550e408
SHA1 585a2ff26d70a3151e882c4c2db5e7f604107541
SHA256 c2a799ecd281f301fe97dbc7ef1f5292526c77e6160031eff5bba5341b4f565d
SHA512 b9dab4aeb638cc3a87ffb69c95cf196b8c301112ea1e99ba8105dad5800ba53a12b8c58dfe4382333f3247902ac61a34a49f1ee60109d07e4dff21df5a5b65f6

C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Amazon Games\Data\Electron\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b