Analysis Overview
SHA256
18f501c16c958abd19fafa10b1fb5baac2387a51807eb9229fa1cbe4a663b9b6
Threat Level: Known bad
The file 248950cf7a2d01e99e1e815c7dc5b28c_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
BitRAT
Downloads MZ/PE file
Loads dropped DLL
UPX packed file
Checks computer location settings
Executes dropped EXE
Downloads MZ/PE file
Suspicious use of SetThreadContext
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks installed software on the system
Executes dropped EXE
Enumerates physical storage devices
Unsigned PE
NSIS installer
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Scheduled Task/Job: Scheduled Task
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-04 03:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-04 03:52
Reported
2024-07-04 03:54
Platform
win7-20240508-en
Max time kernel
149s
Max time network
122s
Command Line
Signatures
BitRAT
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1932 set thread context of 2492 | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmpE3CA.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
Files
memory/1932-0-0x0000000074E71000-0x0000000074E72000-memory.dmp
memory/1932-1-0x0000000074E70000-0x000000007541B000-memory.dmp
memory/1932-2-0x0000000074E70000-0x000000007541B000-memory.dmp
memory/1932-3-0x0000000074E70000-0x000000007541B000-memory.dmp
memory/1932-4-0x0000000074E70000-0x000000007541B000-memory.dmp
memory/1932-5-0x0000000074E70000-0x000000007541B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpE3CA.tmp
| MD5 | e954ac93c04da27a9c76004f4264577f |
| SHA1 | 0145b5e9030744c5a5ef447c8d809e1f67f83239 |
| SHA256 | bd6d4198504e847efd8f900b8666b2606a225736de94f27e89aea51e73267ebb |
| SHA512 | bf02f02590eb012e6f90103d3b90b0ec2ff88cebb537be4c655380ea404fa97a15e935ccb365d4819e5f0117e9f9f7fa17e08e00c767d8358a89f54f076cf0d7 |
memory/2492-10-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-17-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-18-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-16-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-15-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-13-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2492-11-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-12-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-19-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1932-20-0x0000000074E70000-0x000000007541B000-memory.dmp
memory/2492-21-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-22-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-28-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-30-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-29-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-31-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-32-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-33-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-34-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-35-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-36-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-37-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-38-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-39-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-40-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-41-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2492-42-0x0000000000400000-0x00000000007E4000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-04 03:52
Reported
2024-07-04 03:54
Platform
win10v2004-20240508-en
Max time kernel
140s
Max time network
154s
Command Line
Signatures
BitRAT
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 628 set thread context of 2920 | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1308,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4016 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmpBAEE.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
Files
memory/628-0-0x0000000074652000-0x0000000074653000-memory.dmp
memory/628-1-0x0000000074650000-0x0000000074C01000-memory.dmp
memory/628-2-0x0000000074650000-0x0000000074C01000-memory.dmp
memory/628-3-0x0000000074652000-0x0000000074653000-memory.dmp
memory/628-4-0x0000000074650000-0x0000000074C01000-memory.dmp
memory/628-5-0x0000000074650000-0x0000000074C01000-memory.dmp
memory/628-6-0x0000000074650000-0x0000000074C01000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpBAEE.tmp
| MD5 | 6e780f5c109f2c2f161bbf1734f4a470 |
| SHA1 | 95ece58d142f4180079ed10f5e2aa2f223c23283 |
| SHA256 | 7c172ac23493acab187508b823385b45d354927456260e0b23b37aea5aa9153e |
| SHA512 | 715fd527c286c82a80025fc0dde9f1a73a0f0523778d0babb9d915e319e423d67c726a9737506da890d60da9c7afe530de6ed0696da9708974a3beed5240b71c |
memory/2920-11-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-12-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-14-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-13-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-10-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/628-16-0x0000000074650000-0x0000000074C01000-memory.dmp
memory/2920-18-0x0000000074370000-0x00000000743A9000-memory.dmp
memory/2920-19-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-25-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-26-0x0000000074750000-0x0000000074789000-memory.dmp
memory/2920-27-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-28-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-29-0x0000000074750000-0x0000000074789000-memory.dmp
memory/2920-30-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-31-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-32-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-33-0x0000000074750000-0x0000000074789000-memory.dmp
memory/2920-34-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-35-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-36-0x0000000074750000-0x0000000074789000-memory.dmp
memory/2920-38-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-37-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-39-0x0000000074750000-0x0000000074789000-memory.dmp
memory/2920-40-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-41-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-42-0x0000000074750000-0x0000000074789000-memory.dmp
memory/2920-44-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-43-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2920-45-0x0000000074750000-0x0000000074789000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-04 03:52
Reported
2024-07-04 03:54
Platform
win7-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
BitRAT
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AmazonSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AmazonSetup.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1760 set thread context of 1708 | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Enumerates physical storage devices
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\AmazonSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AmazonSetup.exe"
C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"
C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmpF90E.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.amazongames.com | udp |
| GB | 18.244.114.55:443 | download.amazongames.com | tcp |
| GB | 18.244.114.55:443 | download.amazongames.com | tcp |
| US | 8.8.8.8:53 | d34q08dqzz17tk.cloudfront.net | udp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| US | 52.54.36.84:443 | det-ta-g7g.amazon.com | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 52.46.136.40:443 | unagi-na.amazon.com | tcp |
| US | 54.91.103.251:443 | device-metrics-us-2.amazon.com | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 54.242.128.35:443 | device-metrics-us-2.amazon.com | tcp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | d34q08dqzz17tk.cloudfront.net | udp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 54.242.128.35:443 | device-metrics-us-2.amazon.com | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 3.227.83.236:443 | device-metrics-us-2.amazon.com | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
Files
\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
| MD5 | cef6d09b553a93f81942da9838b1ac57 |
| SHA1 | c32fbf54b54dadabbae600645c417c163234daf5 |
| SHA256 | d9aa21479a1a55d57839aee6310cd6853b2bc5215337aa72316a96f7be7ff3e5 |
| SHA512 | 05ed612b7d2e14b034a391d45b578e0eda2b52be3b8eeccb3534872de61d05d95b4b3e7f10bfa01ef6913d29a24404c8cf635c804f9fbe2820321078d1007928 |
\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
| MD5 | 02be3726c0a90958a3c30577d3b3a131 |
| SHA1 | bedbab8bd74a9d7313ba32ca033c81ec32c04706 |
| SHA256 | 1a99f1054e51fe86416c59e5c526d69776fdabd7bb9831dbaab8582322121c7a |
| SHA512 | 662eaa8d3b112ef981d27832a2a46b0ecb55e2d1dcf49fe1fbd134e3c4e02758bc9ad3db2e25f53fc174e2083dd278967f405a768fdd814612c9a43bc6d1c713 |
memory/1760-13-0x00000000745D1000-0x00000000745D2000-memory.dmp
memory/1760-15-0x00000000745D0000-0x0000000074B7B000-memory.dmp
memory/1760-14-0x00000000745D0000-0x0000000074B7B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab2915.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar29B8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5ebe8515c26528d6f0a7b621446b0e0 |
| SHA1 | aadd38a69b1b02b203b36b8c9a25397133190427 |
| SHA256 | 1efed1171a92e8a8aecebc0b2f190a9d948e7d634190bfe8aa2189432b59d93b |
| SHA512 | fbdc92aa0e2315edd2ef7938538986e2fa8417a129cdfeb31251643a294933308eff69a2576542337c1871565f3c9107ca5e4ad5f2aca34ca2a8d5aeaa77f24b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6313a83c094e9e77cb8c253415df3a10 |
| SHA1 | 2386870da0c6424569b466899710634d3369cc1e |
| SHA256 | d3c12856a15e6af27e088895cbebbb3423e3b2c93a684d9cb38f8b56b0b7a333 |
| SHA512 | ce1e790c05f8872f19459f634e639023b7c9b992f132f5640711428a6aebf651fe584d78beecad561e6e9c0692b535707d72e821efa3520c72f026a158791ff8 |
memory/1760-317-0x00000000745D0000-0x0000000074B7B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpF90E.tmp
| MD5 | e954ac93c04da27a9c76004f4264577f |
| SHA1 | 0145b5e9030744c5a5ef447c8d809e1f67f83239 |
| SHA256 | bd6d4198504e847efd8f900b8666b2606a225736de94f27e89aea51e73267ebb |
| SHA512 | bf02f02590eb012e6f90103d3b90b0ec2ff88cebb537be4c655380ea404fa97a15e935ccb365d4819e5f0117e9f9f7fa17e08e00c767d8358a89f54f076cf0d7 |
memory/1708-383-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-387-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-392-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-391-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1760-393-0x00000000745D0000-0x0000000074B7B000-memory.dmp
memory/1708-385-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-390-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-389-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/1708-406-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-407-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-413-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-419-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-418-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-438-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-439-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-447-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-446-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-486-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-487-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-629-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-628-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-743-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/1708-742-0x0000000000400000-0x00000000007E4000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-04 03:52
Reported
2024-07-04 03:54
Platform
win10v2004-20240611-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
BitRAT
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\AmazonSetup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2812 set thread context of 3508 | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe |
Enumerates physical storage devices
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\AmazonSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AmazonSetup.exe"
C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
"C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe"
C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"
C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe" "/nopatch"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AGbGTkAzcl" /XML "C:\Users\Admin\AppData\Local\Temp\tmp7A1D.tmp"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
"{path}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.amazongames.com | udp |
| GB | 18.244.114.105:443 | download.amazongames.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 105.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.165.129.174.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | gaming.amazon.com | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 44.215.130.143:443 | gaming.amazon.com | tcp |
| US | 44.193.236.65:443 | device-metrics-us-2.amazon.com | tcp |
| US | 52.46.129.152:443 | unagi-na.amazon.com | tcp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 143.130.215.44.in-addr.arpa | udp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| US | 44.215.130.143:443 | gaming.amazon.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.236.193.44.in-addr.arpa | udp |
| US | 44.193.236.65:443 | device-metrics-us-2.amazon.com | tcp |
| US | 52.46.129.152:443 | unagi-na.amazon.com | tcp |
| US | 8.8.8.8:53 | 152.129.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | pg.distribution.games.a2z.com | udp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| US | 8.8.8.8:53 | 73.153.172.18.in-addr.arpa | udp |
| US | 44.193.236.65:443 | device-metrics-us-2.amazon.com | tcp |
| US | 52.46.137.248:443 | unagi-na.amazon.com | tcp |
| US | 8.8.8.8:53 | 248.137.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pg.distribution.games.a2z.com | udp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 44.199.138.71:443 | device-metrics-us-2.amazon.com | tcp |
| US | 8.8.8.8:53 | 71.138.199.44.in-addr.arpa | udp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| GB | 18.172.153.47:443 | pg.distribution.games.a2z.com | tcp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 44.199.138.71:443 | device-metrics-us-2.amazon.com | tcp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | curtisusa.hopto.org | udp |
| US | 8.8.8.8:53 | 170.253.116.51.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\LIXVoWXPPCyc5Jy.exe
| MD5 | cef6d09b553a93f81942da9838b1ac57 |
| SHA1 | c32fbf54b54dadabbae600645c417c163234daf5 |
| SHA256 | d9aa21479a1a55d57839aee6310cd6853b2bc5215337aa72316a96f7be7ff3e5 |
| SHA512 | 05ed612b7d2e14b034a391d45b578e0eda2b52be3b8eeccb3534872de61d05d95b4b3e7f10bfa01ef6913d29a24404c8cf635c804f9fbe2820321078d1007928 |
C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
| MD5 | 02be3726c0a90958a3c30577d3b3a131 |
| SHA1 | bedbab8bd74a9d7313ba32ca033c81ec32c04706 |
| SHA256 | 1a99f1054e51fe86416c59e5c526d69776fdabd7bb9831dbaab8582322121c7a |
| SHA512 | 662eaa8d3b112ef981d27832a2a46b0ecb55e2d1dcf49fe1fbd134e3c4e02758bc9ad3db2e25f53fc174e2083dd278967f405a768fdd814612c9a43bc6d1c713 |
memory/2812-22-0x0000000073B12000-0x0000000073B13000-memory.dmp
memory/2812-24-0x0000000073B10000-0x00000000740C1000-memory.dmp
memory/2812-23-0x0000000073B10000-0x00000000740C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe
| MD5 | 3f1a9950778e30d7e742506da20c0c14 |
| SHA1 | e61f35b01bd30aeb144b9136b52239956e0f1d7e |
| SHA256 | f6e6eb9e27a83689960f2438d86512092db2532c97d460e9b2e6a23834fa48f3 |
| SHA512 | 43f84f1d28bf6ebbf338970c20ecbb153bdbf4d199d036136663c26a504d6ad454dc18cb108e90b4329c74b483e82b513462e119d1f8df01b2e926e123c38808 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Install_2024-07-04_03-52_0.log
| MD5 | 18248df6727579c071d6c1bad0ec1352 |
| SHA1 | 4fab1051a855cb08d25efbe14db03fb0f702b711 |
| SHA256 | 9ae38c15682d5c6dc3b218682fbe385e75a45752c0055120e8196c904647cfef |
| SHA512 | 8357657cde73ccc7d9050f28e0ed152a7b3cd12536ac33a7ddecfebf3e5ff125cf4c2b39cb212b315e0bdbfbf4286a44e28560697b7b0cdadbb727819d8c7ba6 |
memory/2812-35-0x0000000073B12000-0x0000000073B13000-memory.dmp
memory/2812-36-0x0000000073B10000-0x00000000740C1000-memory.dmp
memory/2812-37-0x0000000073B10000-0x00000000740C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp7A1D.tmp
| MD5 | 505d58183b76cac61ecf0ce485bd996a |
| SHA1 | 607fa8d4982f4fb044d4170c0f9eec5b1311115a |
| SHA256 | 069679d4327a4e0f5abe25d710169c07961a469fd98f0a2ef8277bb1168c4258 |
| SHA512 | 75d0ff3be0c961d8b944c9691f87cc9a63637e342860eea225d9c3c07fb99367acfd492fa5af65bce3c4fd98fef9f09a74e3c252b898882a5b26c6d1b662b5f7 |
memory/3508-149-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-151-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-150-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/2812-159-0x0000000073B10000-0x00000000740C1000-memory.dmp
memory/3508-174-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-181-0x0000000074A40000-0x0000000074A79000-memory.dmp
memory/3508-184-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-190-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-197-0x0000000074B30000-0x0000000074B69000-memory.dmp
memory/3508-241-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-240-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-244-0x0000000074B30000-0x0000000074B69000-memory.dmp
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\static\public\core\auth-limbo-40b52b60a701b5c26a7d.css
| MD5 | acf81f08b85de98eca96cc1b2bbb199a |
| SHA1 | 4c089f322370d4461ffa94097d39cc148f45c4da |
| SHA256 | e1326b0de115e4dae4d3157f50636abd85505c0995e4131d68878fedc512498e |
| SHA512 | 9220c6162e604d05c404ea9868a3564b7691e51bf7535d1628d194d3fb7bd2391cae076e5da99f664632fc0c6acd7a0807fcb2d1b4af1e2842cfb6973e2e056b |
memory/3508-526-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-525-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-531-0x0000000074B20000-0x0000000074B59000-memory.dmp
memory/3508-796-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-797-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-798-0x0000000074B20000-0x0000000074B59000-memory.dmp
memory/3508-1235-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-1236-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-1249-0x0000000074B20000-0x0000000074B59000-memory.dmp
memory/3508-1643-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-1642-0x0000000000400000-0x00000000007E4000-memory.dmp
memory/3508-1644-0x0000000074B20000-0x0000000074B59000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-04 03:52
Reported
2024-07-04 03:54
Platform
win7-20231129-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Downloads MZ/PE file
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.amazongames.com | udp |
| GB | 18.244.114.117:443 | download.amazongames.com | tcp |
| GB | 18.244.114.117:443 | download.amazongames.com | tcp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| US | 8.8.8.8:53 | d34q08dqzz17tk.cloudfront.net | udp |
| US | 52.54.36.84:443 | det-ta-g7g.amazon.com | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 52.94.226.162:443 | unagi-na.amazon.com | tcp |
| US | 52.20.206.121:443 | device-metrics-us-2.amazon.com | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 54.91.103.251:443 | device-metrics-us-2.amazon.com | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
| GB | 13.249.247.10:443 | d34q08dqzz17tk.cloudfront.net | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar10F7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5cf590d871890639054fc3701a231e3 |
| SHA1 | 39a6b82aa85d46bb60385ee9bb0904b1ece7b381 |
| SHA256 | d094220b6190e4dec5a5df12ab9f6de49129791e141fbf8eb6f2173ae655059c |
| SHA512 | 041aaa34ac9e206dddb887ec1b1a4c676ab0af5d8af9a151b59e9305004c4bc1b210562626ed7f97bd0529fb495e95e94e53a4cc5c1319e44b396c706af10a0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a730773c1a3acb1aae8d637a7d86a42b |
| SHA1 | 9e4c40030fd7670bfb3ebb735ed7c015975612b1 |
| SHA256 | 8719037900a682c658c8575b0a13b61b2ca4ea6075d91b8bf1a78394798fa2f3 |
| SHA512 | dbb3700c623755b8e2953622f0afeea72c5a6b6f5f8a11d97494b11b6ff3f32b57057c7413a86e6353fa40dcab9778cf0e64dd8f36fab580f244921331839815 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1e98c0a64ec669d3d160e49eb830139e |
| SHA1 | 7c587cc0beecd9a0c2919c73a8d79757aefa673e |
| SHA256 | e2d13c682ebf989945694150879a95f5e310cfeb6c1e41c7bf039548032c6e10 |
| SHA512 | 01a6c28bd39169cda47ac101acb59f202a361fbe0393ae3451ce5aa5dddd56dcee2dd4c14d8b46b077707042784b0fd2c76697153c81f9f19902abde44a32812 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e81a83d9967c4875e09617b61bf1e574 |
| SHA1 | 4e9475949aad8b47c27651f9f90e2eb537c29e9c |
| SHA256 | cac9e07b672d23d7e24423419b907e19446c66c48eaab6a58896e79f832f30c9 |
| SHA512 | 62a50b825d561fb16e5831ccb5120f236b33141fa7b92b81e0d5f823da8daf1799cf846c2f9fb7eaa261911a2326a2f5c17da3162c6622f5c53c1cef45e4ec28 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-04 03:52
Reported
2024-07-04 03:54
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Downloads MZ/PE file
Checks installed software on the system
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe | N/A |
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1208 wrote to memory of 4372 | N/A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe |
| PID 1208 wrote to memory of 4372 | N/A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe |
| PID 1208 wrote to memory of 4372 | N/A | C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe |
| PID 4372 wrote to memory of 4220 | N/A | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe |
| PID 4372 wrote to memory of 4220 | N/A | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe |
| PID 4372 wrote to memory of 4220 | N/A | C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe | C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe
"C:\Users\Admin\AppData\Local\Temp\AmazonGamesSetup.exe"
C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe" "/nopatch"
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
"C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe" " /channelId=87d38116-4cbf-4af0-a371-a5b498975346"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.amazongames.com | udp |
| GB | 18.244.114.105:443 | download.amazongames.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.114.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.165.129.174.in-addr.arpa | udp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | gaming.amazon.com | udp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| US | 44.215.132.170:443 | gaming.amazon.com | tcp |
| US | 8.8.8.8:53 | unagi-na.amazon.com | udp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 52.94.242.239:443 | unagi-na.amazon.com | tcp |
| US | 54.242.128.35:443 | device-metrics-us-2.amazon.com | tcp |
| US | 8.8.8.8:53 | 170.132.215.44.in-addr.arpa | udp |
| US | 44.215.132.170:443 | gaming.amazon.com | tcp |
| US | 8.8.8.8:53 | pg.distribution.games.a2z.com | udp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| US | 8.8.8.8:53 | 35.128.242.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.242.94.52.in-addr.arpa | udp |
| US | 54.242.128.35:443 | device-metrics-us-2.amazon.com | tcp |
| US | 52.94.242.239:443 | unagi-na.amazon.com | tcp |
| US | 8.8.8.8:53 | 73.153.172.18.in-addr.arpa | udp |
| US | 174.129.165.207:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 3.227.83.236:443 | device-metrics-us-2.amazon.com | tcp |
| US | 8.8.8.8:53 | 236.83.227.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pg.distribution.games.a2z.com | udp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 54.164.163.115:443 | device-metrics-us-2.amazon.com | tcp |
| US | 8.8.8.8:53 | 115.163.164.54.in-addr.arpa | udp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| GB | 18.172.153.73:443 | pg.distribution.games.a2z.com | tcp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | det-ta-g7g.amazon.com | udp |
| US | 52.54.36.84:443 | det-ta-g7g.amazon.com | tcp |
| US | 8.8.8.8:53 | gaming.amazon.com | udp |
| US | 44.215.130.143:443 | gaming.amazon.com | tcp |
| US | 8.8.8.8:53 | device-metrics-us-2.amazon.com | udp |
| US | 34.195.175.66:443 | device-metrics-us-2.amazon.com | tcp |
| US | 52.54.36.84:443 | det-ta-g7g.amazon.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Amazon Games Setup.exe
| MD5 | 3f1a9950778e30d7e742506da20c0c14 |
| SHA1 | e61f35b01bd30aeb144b9136b52239956e0f1d7e |
| SHA256 | f6e6eb9e27a83689960f2438d86512092db2532c97d460e9b2e6a23834fa48f3 |
| SHA512 | 43f84f1d28bf6ebbf338970c20ecbb153bdbf4d199d036136663c26a504d6ad454dc18cb108e90b4329c74b483e82b513462e119d1f8df01b2e926e123c38808 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Install_2024-07-04_03-52_0.log
| MD5 | 3f399b5de2e03417f986d485d9ab6232 |
| SHA1 | 410b011a919ffa04479bc634cb72d2f1fa321c9e |
| SHA256 | bf9265a0f24424022691d89b4d5132f11d4e16e640674b913bebb24da29449cb |
| SHA512 | f443eb7ac9bd2491ad2be688d38e2a0a1f04f78a9aac365739b9352b8bde153f4dd0f4dd577654d58e9458265f620892108860c47730bdb0d0f391b510c44b5a |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games UI\resources\static\public\core\auth-limbo-40b52b60a701b5c26a7d.css
| MD5 | acf81f08b85de98eca96cc1b2bbb199a |
| SHA1 | 4c089f322370d4461ffa94097d39cc148f45c4da |
| SHA256 | e1326b0de115e4dae4d3157f50636abd85505c0995e4131d68878fedc512498e |
| SHA512 | 9220c6162e604d05c404ea9868a3564b7691e51bf7535d1628d194d3fb7bd2391cae076e5da99f664632fc0c6acd7a0807fcb2d1b4af1e2842cfb6973e2e056b |
C:\Users\Admin\AppData\Local\Amazon Games\App\Amazon Games.exe
| MD5 | 31c680c73261d867169c9859b0235fc4 |
| SHA1 | 5a94d51dfe4c37acebc1b51d995ea1fcc8ab5f76 |
| SHA256 | cd4de592833fb5bc3ff1897cecb02cd0b24b4db6b9b09649c444388ca4425921 |
| SHA512 | d2f85d52108ee936743e5fc2e81a124d241b223bf4f10d10c807dc00146b537a757c9f6e5451b91f605b6245e4335544d4e1e80def515d219afb17794f41cb07 |
C:\Users\Admin\AppData\Local\Amazon Games\Data\Logs\Native\Live-Install_2024-07-04_03-52_0.log
| MD5 | 6a209704d28c834d47daf7065ccce050 |
| SHA1 | 58becf7b2a838b68d9e00d15ee997341349f9ce2 |
| SHA256 | 14781f848eacf9c5af40f08c9deab307818e7e9b2290957aab1008dbdefd59ec |
| SHA512 | d36191e83d55894e4b0c4b53e8f53f3ad68b0140736ef55aeb2477cf397b739308c7bc47f31d92e2b8bf28749f9662a5819fed1fd18ef5089dadf323d5a72934 |