941de0ebb9425900272204a036579d21abcd082c3f30cb81afea7ce250f90338

Analysis

max time kernel
704s
max time network
710s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
02/03/2023, 18:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Hearts of Iron IV update 1.12.1 - 1.12.10.exe
Size

24.9MB
MD5

ee2821412ef8ae4677c71b1fef169e8f
SHA1

e16366789e3930f77bcfb5322eb8811fc83dbeca
SHA256

941de0ebb9425900272204a036579d21abcd082c3f30cb81afea7ce250f90338
SHA512

e54ad170c5d028bf67b50a47adcdb90ea84860558ad01645fa1ba66b90d4331de7b1f91aadbd5ab37802a84dfbf7905e31562440dea356c5539b25e077584bc7
SSDEEP

393216:D0bnD8ocxXuXo1IeXwMHSgczJH9jQ8L+gfsQNq9eTrgc/1v6YdpRrpNd2:D0bn2+X+IcXygck4jUQQcdv6YXDv2

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 17 IoCs

pid	Process
828	Hearts of Iron IV update 1.12.1 - 1.12.10.tmp
388	hoi4.exe
828	hoi4.exe
2132	hoi4.exe
2108	vcredist_x64.exe
400	vcredist_x64.exe
3824	vcredist_x64.exe
32	vcredist_x64.exe
888	vcredist_x64.exe
3244	vcredist_x64.exe
2820	vcredist_x64.exe
4440	vcredist_x64.exe
2648	vcredist_x64.exe
4720	vcredist_x64.exe
660	vcredist_x64.exe
4552	vcredist_x64.exe
3848	hoi4.exe

Loads dropped DLL 11 IoCs

pid	Process
828	Hearts of Iron IV update 1.12.1 - 1.12.10.tmp
388	hoi4.exe
828	hoi4.exe
2132	hoi4.exe
3824	vcredist_x64.exe
32	vcredist_x64.exe
4440	vcredist_x64.exe
2820	vcredist_x64.exe
4720	vcredist_x64.exe
4552	vcredist_x64.exe
3848	hoi4.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	vcredist_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{5c75eda4-d029-43bf-a70b-a73d380f52ee} = "\"C:\\ProgramData\\Package Cache\\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\\vcredist_x64.exe\" /burn.runonce"	vcredist_x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\5d19b477-8fc9-4fba-abc2-5395300a77a8.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230302190200.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000009865abc95f2d4b980000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800009865abc90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff0000000007000100006809009865abc9000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000009865abc900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000009865abc900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 14 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v12\Dependents\{5c75eda4-d029-43bf-a70b-a73d380f52ee}	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{5c75eda4-d029-43bf-a70b-a73d380f52ee}	vcredist_x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\ = "{5c75eda4-d029-43bf-a70b-a73d380f52ee}"	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\Dependents\{5c75eda4-d029-43bf-a70b-a73d380f52ee}	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v12	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2275444769-3691835758-4097679484-1000\{C5689D14-F343-4670-B7CD-BF5F532E2C17}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\Dependents	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v12\Dependents\{5c75eda4-d029-43bf-a70b-a73d380f52ee}	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\Version = "12.0.30501.0"	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v12	vcredist_x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\DisplayName = "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501"	vcredist_x64.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Sin confirmar 73428.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
828	Hearts of Iron IV update 1.12.1 - 1.12.10.tmp
828	Hearts of Iron IV update 1.12.1 - 1.12.10.tmp
4708	msedge.exe
4708	msedge.exe
2192	msedge.exe
2192	msedge.exe
4996	msedge.exe
4996	msedge.exe
532	identity_helper.exe
532	identity_helper.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
4628	msedge.exe
4628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: 33	1384	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1384	AUDIODG.EXE
Token: SeBackupPrivilege	4812	vssvc.exe
Token: SeRestorePrivilege	4812	vssvc.exe
Token: SeAuditPrivilege	4812	vssvc.exe
Token: SeBackupPrivilege	5048	srtasks.exe
Token: SeRestorePrivilege	5048	srtasks.exe
Token: SeSecurityPrivilege	5048	srtasks.exe
Token: SeTakeOwnershipPrivilege	5048	srtasks.exe
Token: SeBackupPrivilege	5048	srtasks.exe
Token: SeRestorePrivilege	5048	srtasks.exe
Token: SeSecurityPrivilege	5048	srtasks.exe
Token: SeTakeOwnershipPrivilege	5048	srtasks.exe

Suspicious use of FindShellTrayWindow 24 IoCs

pid	Process
828	Hearts of Iron IV update 1.12.1 - 1.12.10.tmp
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
4552	vcredist_x64.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4648	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 828	2852	Hearts of Iron IV update 1.12.1 - 1.12.10.exe	86
PID 2852 wrote to memory of 828	2852	Hearts of Iron IV update 1.12.1 - 1.12.10.exe	86
PID 2852 wrote to memory of 828	2852	Hearts of Iron IV update 1.12.1 - 1.12.10.exe	86
PID 828 wrote to memory of 2192	828	Hearts of Iron IV update 1.12.1 - 1.12.10.tmp	103
PID 828 wrote to memory of 2192	828	Hearts of Iron IV update 1.12.1 - 1.12.10.tmp	103
PID 2192 wrote to memory of 3752	2192	msedge.exe	104
PID 2192 wrote to memory of 3752	2192	msedge.exe	104
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 412	2192	msedge.exe	105
PID 2192 wrote to memory of 4708	2192	msedge.exe	106
PID 2192 wrote to memory of 4708	2192	msedge.exe	106
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108
PID 2192 wrote to memory of 4108	2192	msedge.exe	108

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Hearts of Iron IV update 1.12.1 - 1.12.10.exe
"C:\Users\Admin\AppData\Local\Temp\Hearts of Iron IV update 1.12.1 - 1.12.10.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Users\Admin\AppData\Local\Temp\is-819QI.tmp\Hearts of Iron IV update 1.12.1 - 1.12.10.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-819QI.tmp\Hearts of Iron IV update 1.12.1 - 1.12.10.tmp" /SL5="$90036,25397344,389120,C:\Users\Admin\AppData\Local\Temp\Hearts of Iron IV update 1.12.1 - 1.12.10.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rebrand.ly/elamigos
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffad77546f8,0x7ffad7754708,0x7ffad7754718
      4⤵
      PID:3752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
      4⤵
      PID:4108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
      4⤵
      PID:3240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
      4⤵
      PID:1280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
      4⤵
      PID:1916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=3076 /prefetch:8
      4⤵
      PID:3500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=3060 /prefetch:8
      4⤵
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:4996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
      4⤵
      PID:2552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0xfc,0xf4,0x25c,0xec,0x7ff6a8635460,0x7ff6a8635470,0x7ff6a8635480
        5⤵
        
        PID:4264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
      4⤵
      PID:4316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
      4⤵
      PID:1976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
      4⤵
      PID:4312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
      4⤵
      PID:804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
      4⤵
      PID:2944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
      4⤵
      PID:3544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
      4⤵
      PID:1592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
      4⤵
      PID:1112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
      4⤵
      PID:3276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
      4⤵
      PID:4772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
      4⤵
      PID:3136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
      4⤵
      PID:3844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
      4⤵
      PID:1492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
      4⤵
      PID:1484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
      4⤵
      PID:32
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
      4⤵
      PID:4448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
      4⤵
      PID:1148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1900 /prefetch:1
      4⤵
      PID:1660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1060 /prefetch:1
      4⤵
      PID:2656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=2052 /prefetch:8
      4⤵
      PID:1640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1
      4⤵
      PID:3364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
      4⤵
      PID:4308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --lang=es --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6336 /prefetch:8
      4⤵
      PID:4668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7000 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4628
  - - C:\Users\Admin\Downloads\vcredist_x64.exe
      "C:\Users\Admin\Downloads\vcredist_x64.exe"
      4⤵
      Executes dropped EXE
      PID:2108
    - - C:\Users\Admin\Downloads\vcredist_x64.exe
        
        "C:\Users\Admin\Downloads\vcredist_x64.exe" -burn.unelevated BurnPipe.{6316577C-0A44-4C71-8731-8D5308D10375} {49AC675C-C014-4F5B-8F3C-FA021C887973} 2108
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:32
  - - C:\Users\Admin\Downloads\vcredist_x64.exe
      "C:\Users\Admin\Downloads\vcredist_x64.exe"
      4⤵
      Executes dropped EXE
      PID:400
    - - C:\Users\Admin\Downloads\vcredist_x64.exe
        
        "C:\Users\Admin\Downloads\vcredist_x64.exe" -burn.unelevated BurnPipe.{DB81A653-23CF-424A-84EE-D23A555E0C54} {00C6DEC5-BFBB-4A64-8983-CE6CB908D034} 400
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3824
  - - C:\Users\Admin\Downloads\vcredist_x64.exe
      "C:\Users\Admin\Downloads\vcredist_x64.exe"
      4⤵
      Executes dropped EXE
      PID:888
    - - C:\Users\Admin\Downloads\vcredist_x64.exe
        
        "C:\Users\Admin\Downloads\vcredist_x64.exe" -burn.unelevated BurnPipe.{07B16DD0-482B-4A6D-8310-CB3DEC1861CF} {70885266-82DE-4FD3-870C-8AB747128F9A} 888
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2820
  - - C:\Users\Admin\Downloads\vcredist_x64.exe
      "C:\Users\Admin\Downloads\vcredist_x64.exe"
      4⤵
      Executes dropped EXE
      PID:3244
    - - C:\Users\Admin\Downloads\vcredist_x64.exe
        
        "C:\Users\Admin\Downloads\vcredist_x64.exe" -burn.unelevated BurnPipe.{C5425B84-3FED-49B5-9259-CEF418B3BB20} {D755967C-497B-42A9-BDB3-D4881A6BCE7E} 3244
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
      4⤵
      PID:1988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
      4⤵
      PID:1364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
      4⤵
      PID:3736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
      4⤵
      PID:4892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
      4⤵
      PID:3008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14359017943047271646,17928829588925680065,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
      4⤵
      PID:3844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3844

C:\Games\Hearts of Iron IV\hoi4.exe
"C:\Games\Hearts of Iron IV\hoi4.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:388

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Games\Hearts of Iron IV\changelog.txt
1⤵
PID:4984

C:\Games\Hearts of Iron IV\hoi4.exe
"C:\Games\Hearts of Iron IV\hoi4.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:828

C:\Games\Hearts of Iron IV\hoi4.exe
"C:\Games\Hearts of Iron IV\hoi4.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2132

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x48c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1384

C:\Users\Admin\Downloads\vcredist_x64.exe
"C:\Users\Admin\Downloads\vcredist_x64.exe"
1⤵
- Executes dropped EXE
PID:2648
- C:\Users\Admin\Downloads\vcredist_x64.exe
  "C:\Users\Admin\Downloads\vcredist_x64.exe" -burn.unelevated BurnPipe.{234D427C-7363-445C-973E-C978EDDF3F42} {89601930-7EF0-4192-986F-D0A31E421DBF} 2648
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4720

C:\Users\Admin\Downloads\vcredist_x64.exe
"C:\Users\Admin\Downloads\vcredist_x64.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
PID:660
- C:\Users\Admin\Downloads\vcredist_x64.exe
  "C:\Users\Admin\Downloads\vcredist_x64.exe" -burn.unelevated BurnPipe.{3E221445-91CF-47D0-920A-11C57B6558DB} {98D607A1-B613-490A-A04C-A9596F262B70} 660
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:4552

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4812

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5048

C:\Games\Hearts of Iron IV\hoi4.exe
"C:\Games\Hearts of Iron IV\hoi4.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3848

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Games\Hearts of Iron IV\changelog.txt

Filesize
718KB

MD5
b888ca24b04b15150e2a797f416eb628

SHA1
fce8d9b3542be6acd6a92de67e2ec19ae83b4f70

SHA256
0840998d8d9b7f4b9aba8e9996974562db5ce6eb42ea543e79550bfaef8ff988

SHA512
8f2b8463174389dd14c199ca248ea1d279b9467284f5391feadd4d2750aa10e8db2359750a335f16cfa6baccb2208fbb08eb555c26030d582c8712f12620b55d

Download Submit
C:\Games\Hearts of Iron IV\gfx\flags\medium\is-9A1PD.tmp

Filesize
4KB

MD5
6e20e6f375506bfac5c0584e3e944ddb

SHA1
b58ca323f499a392f31f677f677e14d5349dc6c5

SHA256
259dbae9e0dd9efcbcefb73dbef3a224072f473cca36cd9f83def58448e0b324

SHA512
bc02aba7fcf9275c262327c46bbb7cc362f0467c045fe35ba65fbe6e83d3f6f708305c1dc5974a632c181fbc60a1f43a1186e6b3d692e2943a864e8a93c903c3

Download Submit
C:\Games\Hearts of Iron IV\gfx\interface\career_profile\is-542D0.tmp

Filesize
109KB

MD5
c304706e29e7bbb8368156e30f581891

SHA1
1658b2b5e300e8f1b7a9649fc51f1e93fefe3b74

SHA256
329cac94f21a67bf1994f1d6a66d3b0da68a0a65bfecab0a9bf9d9b356c42abd

SHA512
dc316058c61652779b70eb18bab7219f815a833911c9d7a1e78754f36a8de9969409213bd867ccff410fc70785643a145f3c877b880853dbf9469cae28c77dec

Download Submit
C:\Games\Hearts of Iron IV\gfx\interface\career_profile\profile_backgrounds\is-TJ2NP.tmp

Filesize
314KB

MD5
bfb4a45388afb635b70f4b81ba6eb5d4

SHA1
aa680b27b5675a355b6f0b4b23a61b1ff3790996

SHA256
9c0f624fa2a81212b2347b9d087b909998db364e20f696f48c460d11baca801a

SHA512
f6503a93509664b27d52f78ae775fd1b8ae37876408317de0d69daecd32544a8bd7608c29110922770c87e7054638dc20574af110ef9403259bbf176563b3262

Download Submit
C:\Games\Hearts of Iron IV\hoi4.exe

Filesize
39.5MB

MD5
652b3ce28caa6b6e1028d4f3a6141085

SHA1
00ef513a51a1781e1dd918dbeae1033c29eb463e

SHA256
6677391d506b5ecfb5e8b7ca6a030e83f97700e8ffab3bca353d4a7194b7f46b

SHA512
f2c3b27cd806422deb934b4dfcacfb9306504061af0521d8e1af32754282a76b834e853119ee12a86d4917db0977d13ec5c0fdc8b61a99b00712e6d0f793e0c9

Download Submit
C:\Games\Hearts of Iron IV\hoi4.exe

Filesize
39.5MB

MD5
652b3ce28caa6b6e1028d4f3a6141085

SHA1
00ef513a51a1781e1dd918dbeae1033c29eb463e

SHA256
6677391d506b5ecfb5e8b7ca6a030e83f97700e8ffab3bca353d4a7194b7f46b

SHA512
f2c3b27cd806422deb934b4dfcacfb9306504061af0521d8e1af32754282a76b834e853119ee12a86d4917db0977d13ec5c0fdc8b61a99b00712e6d0f793e0c9

Download Submit
C:\Games\Hearts of Iron IV\hoi4.exe

Filesize
39.5MB

MD5
652b3ce28caa6b6e1028d4f3a6141085

SHA1
00ef513a51a1781e1dd918dbeae1033c29eb463e

SHA256
6677391d506b5ecfb5e8b7ca6a030e83f97700e8ffab3bca353d4a7194b7f46b

SHA512
f2c3b27cd806422deb934b4dfcacfb9306504061af0521d8e1af32754282a76b834e853119ee12a86d4917db0977d13ec5c0fdc8b61a99b00712e6d0f793e0c9

Download Submit
C:\Games\Hearts of Iron IV\hoi4.exe

Filesize
39.5MB

MD5
652b3ce28caa6b6e1028d4f3a6141085

SHA1
00ef513a51a1781e1dd918dbeae1033c29eb463e

SHA256
6677391d506b5ecfb5e8b7ca6a030e83f97700e8ffab3bca353d4a7194b7f46b

SHA512
f2c3b27cd806422deb934b4dfcacfb9306504061af0521d8e1af32754282a76b834e853119ee12a86d4917db0977d13ec5c0fdc8b61a99b00712e6d0f793e0c9

Download Submit
C:\Games\Hearts of Iron IV\steam_api64.dll

Filesize
401KB

MD5
23390ac384575350c1286bb357666b81

SHA1
e1af4f71b612e69a934cfe87ec49a84ca1b7fe4c

SHA256
55bfb4a17b931176304990be2f502c4e8b29c6ee2893527d973740e2104ca92f

SHA512
14c4f03ec7e1629f62fc522804a7c5b2234d27d9942d31df0ae2b46db456ecfab64bf5a56a6f2f67eade6af03eb24e3c5d23ac0998d765ba75584778f4674a9e

Download Submit
C:\Games\Hearts of Iron IV\steam_api64.dll

Filesize
401KB

MD5
23390ac384575350c1286bb357666b81

SHA1
e1af4f71b612e69a934cfe87ec49a84ca1b7fe4c

SHA256
55bfb4a17b931176304990be2f502c4e8b29c6ee2893527d973740e2104ca92f

SHA512
14c4f03ec7e1629f62fc522804a7c5b2234d27d9942d31df0ae2b46db456ecfab64bf5a56a6f2f67eade6af03eb24e3c5d23ac0998d765ba75584778f4674a9e

Download Submit
C:\Games\Hearts of Iron IV\steam_api64.dll

Filesize
401KB

MD5
23390ac384575350c1286bb357666b81

SHA1
e1af4f71b612e69a934cfe87ec49a84ca1b7fe4c

SHA256
55bfb4a17b931176304990be2f502c4e8b29c6ee2893527d973740e2104ca92f

SHA512
14c4f03ec7e1629f62fc522804a7c5b2234d27d9942d31df0ae2b46db456ecfab64bf5a56a6f2f67eade6af03eb24e3c5d23ac0998d765ba75584778f4674a9e

Download Submit
C:\Games\Hearts of Iron IV\steam_api64.dll

Filesize
401KB

MD5
23390ac384575350c1286bb357666b81

SHA1
e1af4f71b612e69a934cfe87ec49a84ca1b7fe4c

SHA256
55bfb4a17b931176304990be2f502c4e8b29c6ee2893527d973740e2104ca92f

SHA512
14c4f03ec7e1629f62fc522804a7c5b2234d27d9942d31df0ae2b46db456ecfab64bf5a56a6f2f67eade6af03eb24e3c5d23ac0998d765ba75584778f4674a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\58e5008d-f072-44a3-a918-f4666f4154df.tmp

Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
62KB

MD5
c75e16ebee81303c7d361cff076c69a7

SHA1
ed658ee2e5f92380ec1cddb47d9294d26980ce69

SHA256
da5719acdf85d2d237fa2afe4cee6fb0c81e42dd8f4d5e85d674932d79a23e00

SHA512
dcde0b218d0288af970d1a2a84ea3f4d203a7148fcb328ce0b6b72fdf49e7f39bfa61242e4a5ebe884daec18387be8582f59157b985265e4ba3fca78721ca381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
66KB

MD5
96ee4912326ee1dd00d12966d2caf74a

SHA1
4112c5a4a72e3f08c4b3d01634ff50530a687f3f

SHA256
8b734fc1b1e6afefcf1b2d9d0d39db9e91f6ab35ba139b38d0f81ad85671abd8

SHA512
41825881f2654ed18ffcb8d364c529dd8b744c9a57d158d1e80696505a3d92ddb58d93290b9b0790bebf78dea95d83bc9c5c279c2e15266fee73de1485c98388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
31KB

MD5
783deadeb8eff34d580c986dac15a343

SHA1
f7830124375accc526f70c833c60ade5f3d111ef

SHA256
23219251ca3d1848dcfebdac233d5bd2ceac0fce4ad533c2b7b8971244cdf25e

SHA512
4de03257c0dd37d8fb298f2aa88b578b4a3950f22a0f3b403790b119ef3cba94cf2e2f0dc1c545aceb12b1d4ebb6fec8c4f8e886004371276cf79203754a370d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
22KB

MD5
09800dff9a5770bdc368ae73ec89b229

SHA1
52864194fec1b7fa70ba6e8bda68f0d8f27b21d1

SHA256
d981d06eaec00bf7feef2b5dc799c3b50332ee867b8048109d45cb6a97e52557

SHA512
1b13a260a4e39b6f828784f0e8be9c2d0e22c6c1fc5b4bb53aeb4a1311f54dc1427b5a5a38656e7652bafd652aef59a70b0c4e81cad54c83f7547f0454c6d84a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
70KB

MD5
43240a275165f71d87c2a8a2b73acde0

SHA1
83e137baaf5d73f1a5365c336552393869dc9da2

SHA256
3c69e486de99b7597a5fc2e11f0ec27e11e14fb3fd3f62c959a3eb085adcfc96

SHA512
ab45f4d8128a1cb85c39235859c8ff3533b3a3a01b1a78f66f4669b6c6b1a11b953af78461bc1f7d32dd7fbddde0c5b579c1d4867e57b0e79b811006cc4960d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
68KB

MD5
a75c9cd3fff4f966339ed290132941a6

SHA1
6aee672b2bb46795818c0675c1a0195a5154c47b

SHA256
fc1dc5855bb1f6ae3a6a39beb853bd43f0a7169acb784c1f8aaccd64fbbf0dc0

SHA512
d3fd0abd385f79d336b45908afc2be9052546ea87a43768efc5515f6c4d7da41877d3289bee7e98aec8c5e8997ba7fd63cdddf4a39844cafd364e94efb8bfa43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
33KB

MD5
c36dcde83f87931be2a03750be60141b

SHA1
3125c5fb4b9e42576ed68885f78021434a38559e

SHA256
4515dac5130e5da2712f9ef9b94fe82ae52a18d3dedfc0bed03b487d14266a76

SHA512
8e1a8b786f24aa8c74a86cb5752f40ad793789faf311ebbf60f1629fa884944a396d02a534150c43de5926c7dc2f044bec0a0f534c077a6c5d76e5b8e51c811b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
85KB

MD5
80f9c1675c866ede50ea2dbaf0fa7ec3

SHA1
737e20b67e55e19659580bd8a8d973933071353b

SHA256
a7defac629578dcf5ef0ca2c82234351345d50215bbd3eb22d1fa4a17a23b9a4

SHA512
0f0dc45e5b0e135a3590a0ffc067fcce568e310d04f584d910533ed8db90dc9a640b483efdab4a0cc4e1343e5dacc37c3ec7066a1996a91822f9477ef5f6dfb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
32KB

MD5
9bd7ec8eb6922b32867009ac3553d10e

SHA1
d3257b3f14caa8ceef47bbf79e25749697beb7a7

SHA256
27f2a70bb5a5ce86b9305629178e7b112d4a0d60af24d59d63b23b7721fa60e8

SHA512
641b9899a7371d346dfad4c838bb7ba32b529ff346b6ccfab451f74864875c3ddd62b4e5518981e2a52d4f791dabc7064dd9e803adacbe88bde24ea5fa4281e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
e79b9f956fb5526258edfa4882324231

SHA1
02db605a8117e235863959ea9e5a3e7f7ea2df41

SHA256
4419ab2d96362d43def670cb55a7814dcbc8de3cadb07586c6f17ae163907e61

SHA512
65958b3631b72618347abdc12ded2df17dfdeac1c15320af1f84565ba217e5c03487d509aa17cfb5d61abcaf5e67e17294dbdc6e9aa00734a443c06f2cbd575c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e84089e787d4f2f6d041f091b6afa89d

SHA1
9033bb918bccb3459ad1818663c0238058c143a7

SHA256
d9bbaff77ed9e9d68b585ca3890cb8110e411c7e4bca2603b6e1fa1b0648d114

SHA512
69a3cd1536561cbac6ebfec6f568b7f2068cd6db09713c8df487df8e9c39990353f17a2090290a0a0d01e3f97d68ad6e054a7afc04c6bd08f93ee42309f3cd9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
19e712679e79bbd959b3b2316e25af1c

SHA1
78c271b3cb6da95562963de1f9edd935686fafe3

SHA256
a427d1ac52ff17f9fe445e3a762e7c20864db8dd9ec0efe40a373bfd7c9b2226

SHA512
2b7c1c7b47458e671544579c2d4f458e5c8dde1bacf21ca26fbf16058c41c540c2f84c4f456f3369efa9761e59234a0223dd0a5ac6de46299948ea4dfbf9b813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f4e9b5ffa97b2843041dcdff22b1e3f1

SHA1
a9266e3172a68243fae3e48c490643e0eb14865e

SHA256
97bf0c0aadb7d6032ae701dc329cd1cc25755e854398cf21be8c1d225adb08f7

SHA512
cbf53f2f600edb1a16c99f85a7844bd76b4cc792e033a324a338f3c7f1f58a97d0cc6f1185654d5162f8a4437b10cd89778c5eddf02ff9fe007bd3d7209dbc94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
c26fb2f244aa968ecb6a0da7cd849443

SHA1
0b672981ac1f44aea0fb50679de140b7903cdf39

SHA256
126d8196b1d2aafaec144a9fb6ac6b482d38e60f9a0e9e29ac004e9ea192d7af

SHA512
c4dbd5b37f123c119f7540126c6acbb048c2f333e0b6b1c0b4e24581a0d911e3f4a241f3ddbd3124139075942b2a173f756c929d830edc25c7d6fe0be966b5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
722B

MD5
afe2c992894d334b737cdf9b07498162

SHA1
c1a4f1161f31f87202d80cc03ae850e94428a578

SHA256
c0c24207e79d527c4995d62a91b8cb2331a46e1c065dd11d534a34f557a0aa98

SHA512
997b7d2047dcc4b53e3fbbaab2c878377fd036fb3f0aa8bd5a45c25a55074f95051ad4d359bb6f8436a972d4cfecfff6e164d184588ad305e2c5e89263bd176f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
929B

MD5
36a9287fd3804c870dd998d5afa6bf8f

SHA1
4fa88dceba21173c22c2b0ddca10f5dffad8d08b

SHA256
7b187406c06a0fa460d0cfc6b1b18a1c997fac8216fa1c0d374d149b9ba29909

SHA512
26c0fa1a2e3246a8d85ab49a7f3eff851614596be6a32f53cdd56b396278f68dfd1f5c24f1b6e6a2f0cac4d8983466c3004f811439ce1c81f552bf16ee5aeb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9ea85e38ad0630ee68a9e55e8faa7bbb

SHA1
41bdc274934a2c5432e26e0964d1389fb44a951b

SHA256
c4ca5f09e16301e68fe37aa9dbb30b0dad46c79f50350b210f169c531f876b0a

SHA512
ed93e035d13da82dac34bb8faafdbae04ee41ca1d4414e213d4ab055aa26b6b0a2a9ee5a11b111204d6003beb952eb200d74f282d51fa46c3695e8c5020d9c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
54dd0f778a81f19b136129fc85d49f74

SHA1
1ee715a0f09d3987db690563fbe8aa1eb85f8f98

SHA256
8c9c00f4beae57b0eb2a3a6d04a0a5ad776d2ec8d70d47e6c45a7762b9391774

SHA512
b35e178ee382e55ef775af4d20eb3667237bf87a396cfa90b2ff47c867687f075f45c36baf5dd50e8e3582581f3ebbff516642482a6e70bed1ec1231e4d38de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2809cf1dfe9f9caf78afacbb82835a58

SHA1
0515337200b451a3f19f4f158feeed61f146a5f3

SHA256
b0e07d6a05bfcf66b92d3e7680629df588dfc85fa0313436bca3bd5b0af72e99

SHA512
f953171a31b735fcbac64247c62bf70818c1ceac02bdc97c4c14c85225c07b047f415bde41100895da12d88dfdb9cc1094c2ed97f9dd369b2fba3429ec5e8fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ccdf6700c097199ab3e99b4b24aceb6

SHA1
650b443f95c4c7d4b254f3fac10412daedd4c42d

SHA256
eea72bbd1bf8bb8448a63cc65580dff4a7b8ce41dbe4c95e0b86bc76034f3791

SHA512
6bdef4b9770bbbae5fe5daf9eaf5c808896aaec88df6bf49c87df0932dece0cd29b38777c923a1a110940bdd239c59e0f2a1d3453c29eb83d5a8c9ca36cdeff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
4715916eed104035735a4046996b860f

SHA1
0382d1bd1e41c0ca3f21d29ed481c1740eee9fd8

SHA256
ce0c25d701c92d5c091e5b7cd47adda9a8d9e0bafc31dfab95fa1781bd4b8778

SHA512
78cd29d640ec6e3a2347c3b5e24ea934078aa1edf3a0d2523448bc725a3dc0df2a04cbadedf3b045a1e277dae905124d6d442bae47ff555560d3c3ca8c04beee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e050b67879c3a1069f7252387d6bbe67

SHA1
6eeb85b0a6deb441a559f479e30fe8c0c66dcf0d

SHA256
efe33db92451a8a4a3bcf2d7bf5f8fda337de4756c4730223b19d9f5113dc75f

SHA512
b0d53dd963efc5fe8f719ed0bdb66e0dd60a48da9f889d4c83bfc31238f335afe0bb025a28db6957795d83d95e130007da9d91cfbb499ebe3b38767364357af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08ce61e3db13b10aa56bc1a237aa7a79

SHA1
3302c091b731bb302274357d6ce1288e60db4d1b

SHA256
a159d162734b7fcc544c01ab0a3f43e08af8581b4cb3a4b7a25430124e9f357b

SHA512
1e145b05d0f61a07cc43bede094003a2edab10ee608c9142d9a4e117d7d3193345fe6ae048dcbc8c6470cb628f7ed5a7432025b902f4a8eebce8f49a9ce11d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b6ff8daf09573c09ed5593555361632

SHA1
8d4c70f91ec392469c36b2f682c36bd82f60c306

SHA256
4c46407d5f1a6e035da9ef62d43afaf95f661a2db460e89ea33b70c2e70024d0

SHA512
21eac17e79ef76ea0d696a53ec70cd6272f2ce5993b401b6933bee52b5d2ac3da283bcf07ad970137a5a4fa1b166a45839e27b5e190bbd3c46d4698e0cf16a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8f04545026a3a672b57ceef6bd31b2e5

SHA1
dc8f28ff4afa64d57d1725429f663f06ea96f7a0

SHA256
5e8cb2741dcb4f1c0b6b41eb74fca0d3387e5fd01ba62135a5067e710fdb032e

SHA512
5342acafefdb7fcc6e09bc5f4dcaf4ce30af4c5897f5707afccc53a1e7a567f557717814985e76e7fefb2f30a3364266290e0f837dc28f7e3051a0ed8a7082e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
26f5331f179d80408030c36ed5248a54

SHA1
20e201de46719b2cdac6d7f5955abdf6c8a9de3e

SHA256
9f61ccb0cc61e8cac5597daff7db5cd9d2960d06b1296a58a15023217dbde859

SHA512
c81b6a832aa402dc11f7b2354e02ef638675c615116d835771847bd19b54cbe128d5e006d4e79c8a84bb8e27291f4fe800926335ae2b17f7b25d0baaba41c75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a00a7189270ce00f09808dd129e40d70

SHA1
e90d9374d33d809bdb72b5c827b80f0056428e50

SHA256
f81cc80500e8964b797284973c4417c07fc9884844122f25ddb9e11bc93bdf8f

SHA512
e6563eec0e069a768231e9972a66e6fe5deb2f45e568c6c5ca176c649c60a658a4a9f1d1c7b1b453cc326212699161cd06d45842d401a6393a41f57e50e85e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f56bfb986dc43b7d725c421f76f49d3c8fb9acfd\index.txt

Filesize
94B

MD5
3f8fdc75fe0dcfc0885561320fd189dc

SHA1
f80dcbbb6377b59d1a28149b900c3cf88258b6e4

SHA256
8a7efc4cde6603874bdcd9cf87e32c5ba50cacc0a392654022029fad9ac80c4f

SHA512
2f651d6bb99531a32287f7ebfcd64e8c3d0014a0ca5b27bfdb3bed8c8bf0956e3358ec752f4d0b05db75395fa4c85e1b5b4feffdbe09a5a16fe67d3bc1734c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f56bfb986dc43b7d725c421f76f49d3c8fb9acfd\index.txt

Filesize
87B

MD5
2b32c155fa284f4ed60d28cbc5a3da65

SHA1
b3b8c30b9a2e76f3c501a2b481c720b26c2bb014

SHA256
b9d3e984f7637575db3adc823a520b25b2b89e59031eac1ad4a308f397b600f7

SHA512
394bbb849d7c5d68cdcdd3834d105d1f27266778ccca7d92d7cc15723aa206b2df09bb53aa4c4fd781fc72f9e8a265e554ebba2c82e104890b4797075b776b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b788ac834091c41044686f061ae13615

SHA1
1a0ebb7996da1d9c977036988fba667b2e01d6db

SHA256
9063db57e6fe436cef082f16c02f30861f57e9e469343b2241a4dfcf872af7ce

SHA512
3fa4871101a7b9193434fc4f6f74a5b030784e91a13eb6e72fdd9a9d2bbe063f04c3bb115767171b3522c5ee89af900970d3a9603f945dedd4d54e3b3322d064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
10eb2b900ec62d0f530bc95fc992934e

SHA1
c2b71e55b289e226bc15410fedc2487ae9b5606f

SHA256
e7b173279cdcd6c9f7f529bc1bd2e0cb9c445ebb2a24efb25e192c33688db9d3

SHA512
e53a6f6a827c4c0c27b0a749cc335b25c7839864ec395d47c3579ff871a59a0e0b4d269afc825eac8a091bc396445bb053c426038751a63e72f4792b5e649c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d6ea6313e0cfa44a4071f26815e14d8c

SHA1
b948918771f2934a8e74e9c73862e7fe3fa88b99

SHA256
99f17253d6be7fd89697615561074eed34e40d79fafc90ec53c4c2382e2a3fa4

SHA512
294f4aa6779c7c719ac85549f5425cf51bfb8f610bef09cf8f257d86ccf4a35cce86dce69129c8dd0e152ef7b134c32c956606b0f9d137763a40514ac181c57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1dafe03640f0236d51896175338bb4ab

SHA1
bd9ff38f1c5022ad5aa7988f4948a3606dd4fe91

SHA256
081c05a0d80731626a3ac3dacbb3684d9766882dc03e7abc4974e0f364008694

SHA512
9c337adbe6d3d74d08709525aa1ef96e4691e6f0329fed20ac71989174063d2240d6db17dbaa3e54a3e7785d30f88f312d99be6f5c40d90f0ce6e6afc0624581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
813088ee535b2a5e4e711e253eedb3f5

SHA1
8bbd445aa46e341f240856b4edc7a3f5a1469d54

SHA256
52596e1e3181763f8a5fcbc5d7575a508a869c260036a75aa29e8f5e0be9b2bf

SHA512
8858fa33e318915887d8d36a141684c5fffff154dfa9d07fffc430f883bda14326888e9ede62dce80452b74260e7e71c0faecf4fcf0c85e259b86179b8289739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
33f808027d08713a1d43aab7cd576f7e

SHA1
fc9e3e557864b3ce9d5d70aaba3f8602c16fbb61

SHA256
afb014401c738df662ba227be7902c2aa521872e6f01dd8bc093c369aeafc6bf

SHA512
2abec89c9c22a2909bdd47d253438d2a7a0d24d16597dab05ad60de78fdacc8e8cf61eef72a172e30b43a1a04ec01df6526ce4222ec406b7d38384921effa14f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24065821ef678077e3adf28903271e14

SHA1
9861d6b31668b92edd7f945607afcc5bf7c8239f

SHA256
fad194087fc44ee2bc67b859edc3bb85502f303a1fb7f6763bbcff49243d28dc

SHA512
6514af4dc59c481dc845c0e6d65866058631344e9f5a4c7a388e4e05420408b722aa791e1b3a6ed4e3cf164d97bcff61cfb213ee63e0c43970513f2caa0e792b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d3684.TMP

Filesize
540B

MD5
9e40148335c2a4dc8ffc7c338d84a552

SHA1
21f2fe1a89e993c2e29be2aef9d0e9e262379882

SHA256
406240e666ff7447d2792c6f28698259d2380a9ff2d9ce16c028ebcce6e7549c

SHA512
41af757ef53d4e9c9fb6172475e0225a7e98457ebd8292cda025a843de0d9521f83162e8d1546b76b53286f253fdf5b3f1288a20b8a4020cfb9b644adc9bea38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
f3b2fc928f6e86fe001165fdf6ceb003

SHA1
e45fedb81bf38dcc8b58697e5c3fcb990d780ab9

SHA256
50637d213aa34e3a59aa4a3ecabcd3eb9e45f53c711b5867b66fdd9b4fd32ace

SHA512
363d999d9e4b4914414ee0704837f54b035c622e1808946c6137f741a56e732b8e7ee659c2741e7c0201397ef2a2cab5318b4a6600ddae02901c3290d4bb8a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
315efcc8ad7c8b3b38de0be302cb6abb

SHA1
44ca6b52e153e25855ad0a5f84f62fed4f9f0ede

SHA256
2fe98a8d6f5abd21ff0d0fcc7862ef4ec11e8e61092bb47de822cec19e7abc27

SHA512
7efb9fdeed0cb5c660570e02ae665d530b39ad22c4b29a78ab2d4636cc3211a5a7f4fd0ee63c591c0be8a1d8b2e9398b8a7079fa9a01417f1be56f5d2e39d998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
93caf613abc1508f997023b481b6d5ed

SHA1
b9726f82cd040e224a24bd76f2a08d62b89c7f75

SHA256
f6d01cf1a3bc9e1b9029bde9ee088ddee4aa3d4cc4414ac75753ddd47e163e30

SHA512
f41f14d0759d79c2314b29e71d40e69524e4f9e5fe9cffc539badaefba3b2c0c2305140f30d95eb14e4944f995d0cec3cbc4944fbb18881043b598eb1a495f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b6fb9091aa0df173a46c0c675a92c338

SHA1
6e75f4ceb5560da844fcd068343b0513d2928b3c

SHA256
29ad583b86065c3b828b3781c9753c927f8a39804f5433edba1b032ff6e71028

SHA512
7ea8481f0eb94f46d71af7f6bff9804446ef607d1f43b7413f654fa61c5566bbcd1bf1b9f8981932a2dc4af0eb3364d7548ad1e4ba0bb895675a45a04a27a0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
b517f06da455b0e067873ced0b9fe7ff

SHA1
44440d502c4db0ed18cd29cbdf04bd8571c176ac

SHA256
f21dbb84ab8f5797b218072492750f939d93b6d54e603362663cb8d5f5c7ba30

SHA512
86ec75cc0153578fbc292e9c87439ff30c8f47f05cded6568c0e94cf0047efe87c6b332a29b4e327109e45a58d4c14bfca6f6182c58147a311c61164cdce63b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
37c2404a2251931012482f30439e293d

SHA1
cff882d952650295e642290cb5d153d336e8c628

SHA256
18fe0913b075d9e956b349d88f34e313ca232512ed643308f1b40a3f56f95c3a

SHA512
b8c6b730cf0ce5cf14b2db5550cb389f9caad48f7bdda9a9d8c33d8c565c3760a34cac0e4e9aa43983934ea39bc65f6823861656635471830809b663a90dd190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a5021113-a378-4412-8a90-44f37d7c8191.tmp

Filesize
13KB

MD5
8ba9146b91cd0051b987b19e9d1bcd97

SHA1
4f5e1c016a2365c13f14a8d62b4ad1a5065d1e75

SHA256
4adc45a14526d410dedb65ac80672b064ac9a9358ee54f3b2a83e43add703ffc

SHA512
e9c410aef50711baf687cef00074e483e37fbe0f5be33a6d9cd368fc09a748720328204e4f16a37aeb6397525e815232d0a9422241a3f9e4bdee881d76ae3b93

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-819QI.tmp\Hearts of Iron IV update 1.12.1 - 1.12.10.tmp

Filesize
1.4MB

MD5
c40818564f1783f5901db45b39687b17

SHA1
320ea93ec29f5a5e8f355712870e2b0970a57fd6

SHA256
7a3d0727540e73fe26d03e18e28a4b92d648f825445b5d3bfa4b2f89ace03fa3

SHA512
2873250308821c480e0eb9f69f83415b9997102e20d02f24de6bddee28ebb536734488f1b8dcfd938bc923841e8b9224da211f276077938865fafb8b06c83053

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-819QI.tmp\Hearts of Iron IV update 1.12.1 - 1.12.10.tmp

Filesize
1.4MB

MD5
c40818564f1783f5901db45b39687b17

SHA1
320ea93ec29f5a5e8f355712870e2b0970a57fd6

SHA256
7a3d0727540e73fe26d03e18e28a4b92d648f825445b5d3bfa4b2f89ace03fa3

SHA512
2873250308821c480e0eb9f69f83415b9997102e20d02f24de6bddee28ebb536734488f1b8dcfd938bc923841e8b9224da211f276077938865fafb8b06c83053

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-82708.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba1\BootstrapperApplicationData.xml

Filesize
5KB

MD5
7c94e382abc4d669996487b732feb1c0

SHA1
2cecabcb54bed106c3ea6c40ee82032dc37cb132

SHA256
170cc2dab05ae9e603fbeb62ca772f00836b4a4034c2c47eeff40ef8134087e3

SHA512
67212576ec61f768c61cc98238230031d1089ede9fbf6c3dc054245aa03cd24170a66c8f4c6c3f84b7d4ad9355ce3195b54ce8ff4129ee3c3f71c3c69e97743a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba1\license.rtf

Filesize
8KB

MD5
fa5c7a758d0dcd865d15ba630d61c390

SHA1
0ba441bf2b71c6153952d7d282e516c148a67f39

SHA256
db5681d01a199314d44566c8f4a9b1474134f04202163fa05d03ae3334b4c6ca

SHA512
00b82cc7dd994ba394ecb77124133c8888a9a519c18040b83aeaede99950f6b7a6828d55443f15f965761a472cfbb18ec0ef8ad86f5527faa39db16d91c2cc1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba1\thm.wxl

Filesize
3KB

MD5
47f9f8d342c9c22d0c9636bc7362fa8f

SHA1
3922d1589e284ce76ab39800e2b064f71123c1c5

SHA256
9cbb2b312c100b309a1b1495e84e2228b937612885f7a642fbbd67969b632c3a

SHA512
e458df875e9b0622aebe3c1449868aa6a2826a1f851db71165a872b2897cf870ccf85046944ff51ffc13bb15e54e9d9424ec36caf5a2f38ce8b7d6dc0e9b2363

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba1\thm.xml

Filesize
5KB

MD5
0056f10a42638ea8b4befc614741ddd6

SHA1
61d488cfbea063e028a947cb1610ee372d873c9f

SHA256
6b1ba0dea830e556a58c883290faa5d49c064e546cbfcd0451596a10cc693f87

SHA512
5764ec92f65acc4ebe4de1e2b58b8817e81e0a6bc2f6e451317347e28d66e1e6a3773d7f18be067bbb2cb52ef1fa267754ad2bf2529286cf53730a03409d398e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba1\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba1\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba2\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba3\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba4\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba5\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c75eda4-d029-43bf-a70b-a73d380f52ee}\.ba6\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0f83af130de0a15a350c3e6220db9587

SHA1
41cdeec8f02a35def255af4151a078dd88989ae0

SHA256
4f77ae51b96571fbabecb588a987efcd0e59ad93a384258defc5d8ff5d28dbff

SHA512
888669cd90357298dd002c3ddd21fa292ef1dd21dc55bc7273c1886461184ad9bbcd3ffa0e1293c2815ca46a316c175d6342b29b99ac5e3aa4d707c807b175ad

Download Submit
C:\Users\Admin\Downloads\Sin confirmar 73428.crdownload

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.9MB

MD5
77ca8f996f83df7676c855a901ed90bc

SHA1
09228fe38b82951523ef00f0ef2e9f0adc11682a

SHA256
e3f98a925c9c4daf2638166f7da66a049d814b8bc3c3d0a928cebd5c17fff641

SHA512
181fbf16655885f30d5751cda67369c8201047a75da678c56f96809cf89ee92f09ccc2b1459483826fbb6b4c779ac5e03f6e4318039405b3557937c66a849dc8

Download Submit
memory/388-2184-0x00007FFAD3AB0000-0x00007FFAD3BC1000-memory.dmp

Filesize
1.1MB

Download
memory/412-1868-0x00007FFAF5960000-0x00007FFAF5961000-memory.dmp

Filesize
4KB

Download
memory/828-139-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/828-154-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/828-2190-0x00007FFAD3350000-0x00007FFAD3461000-memory.dmp

Filesize
1.1MB

Download
memory/828-635-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/828-1849-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/828-150-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/828-1854-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/828-149-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/1640-2832-0x00007FFAF6BB0000-0x00007FFAF6BB1000-memory.dmp

Filesize
4KB

Download
memory/1640-2830-0x00007FFAF4F60000-0x00007FFAF4F61000-memory.dmp

Filesize
4KB

Download
memory/2132-2193-0x00007FFAD8CB0000-0x00007FFAD8DC1000-memory.dmp

Filesize
1.1MB

Download
memory/2852-133-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2852-148-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2852-1855-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/3848-3312-0x00007FFAD9BB0000-0x00007FFAD9CC1000-memory.dmp

Filesize
1.1MB

Download