f26eeca5c4fb53d26817a14f182be2c3bde5a08ad887a5bf96531b793b5e0eba

Analysis

max time kernel
133s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/09/2024, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HDT-Installer (1).exe
Size

99.3MB
MD5

28f5bd4574847e54944f1e2b6e181bbd
SHA1

e04d004bb0d128b35612d85830999231f12828f9
SHA256

f26eeca5c4fb53d26817a14f182be2c3bde5a08ad887a5bf96531b793b5e0eba
SHA512

c4f0fdda9be4fb7f8fea4d567050e4ebff58dec222fb961e032e272514c8e8067ef8c020dce489812293399b13c97390546c1e4e1408a4b00faf644dccb5a5c7
SSDEEP

3145728:IiecVpHnM4Z6JUqN/Kq1hxW/RT98rb777:5VBnPoUGyq1hxUKrb73

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	Update.exe

Executes dropped EXE 3 IoCs

pid	Process
1236	Update.exe
4072	HearthstoneDeckTracker.exe
4204	HearthstoneDeckTracker.exe

Loads dropped DLL 64 IoCs

pid	Process
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4072	HearthstoneDeckTracker.exe
4204	HearthstoneDeckTracker.exe
4204	HearthstoneDeckTracker.exe
4204	HearthstoneDeckTracker.exe
4204	HearthstoneDeckTracker.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Hearthstone\client.config	HearthstoneDeckTracker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HearthstoneDeckTracker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HDT-Installer (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HearthstoneDeckTracker.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1236	Update.exe
1236	Update.exe
4204	HearthstoneDeckTracker.exe
4204	HearthstoneDeckTracker.exe
4204	HearthstoneDeckTracker.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4072	HearthstoneDeckTracker.exe
Token: SeDebugPrivilege	4204	HearthstoneDeckTracker.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1236	Update.exe
4204	HearthstoneDeckTracker.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4204	HearthstoneDeckTracker.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 1236	4624	HDT-Installer (1).exe	86
PID 4624 wrote to memory of 1236	4624	HDT-Installer (1).exe	86
PID 4624 wrote to memory of 1236	4624	HDT-Installer (1).exe	86
PID 1236 wrote to memory of 4072	1236	Update.exe	91
PID 1236 wrote to memory of 4072	1236	Update.exe	91
PID 1236 wrote to memory of 4072	1236	Update.exe	91
PID 1236 wrote to memory of 4204	1236	Update.exe	93
PID 1236 wrote to memory of 4204	1236	Update.exe	93
PID 1236 wrote to memory of 4204	1236	Update.exe	93

C:\Users\Admin\AppData\Local\Temp\HDT-Installer (1).exe
"C:\Users\Admin\AppData\Local\Temp\HDT-Installer (1).exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1236
- - C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\HearthstoneDeckTracker.exe
    "C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\HearthstoneDeckTracker.exe" --squirrel-install 1.31.5
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:4072
- - C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\HearthstoneDeckTracker.exe
    "C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\HearthstoneDeckTracker.exe" --squirrel-firstrun
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\BobsBuddy.dll

Filesize
318KB

MD5
e1f144b317a8895af833ba0295e421e4

SHA1
3cb4f1b0ba6264d5a4c30f550e3c2331fe8225c1

SHA256
5b693e27a5d4c77df854cbe7ba9419c286016c772c926a7ee318d7e5c49f6333

SHA512
f023435ee287b68d613b45d39d3516e48ad034f353d37e869dd423c578bee8b3238f6f11959b67af018c50fe07a6f33d0c1d3e17020d0a7c5cbc61f4d158f01c

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\HSReplay.dll

Filesize
128KB

MD5
8e453b960f6f4642dfd9d59420c56fae

SHA1
a8e2a090481dff367df1e79106af45ce40beba8a

SHA256
e6525ce11ef6323034f29a07334520d8220ad943bf2313ea64ce3a0c1d19299b

SHA512
e30e59d0538b2bbcebff5fb575cd95f4114cfe52a7236e5e3a71d8fe11dbf325113370b6190ced6b197f6bca58312f34f3d2acda2d29b6235743de7ec8e70157

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\HearthMirror.dll

Filesize
251KB

MD5
fe66ca1b6bdf3f2e7baa4576e0097bac

SHA1
a1f0ed3e1e8ad18ef72a0af66a6f3a2a576466fb

SHA256
f85769a1d3481e5b913d48a58ad737fe68d164a86bef956dd567b9f9f2de5526

SHA512
ec010fbeaa5cf09b42d5e5e9a602a51e22925fa7f86eabefdd9ecc8d12c357d9ef100ee27f937d9749de1a5df97c321b70d6a96cd2b4db52b034af9f3e62de6a

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\HearthWatcher.dll

Filesize
64KB

MD5
51731162ab7d8f7a55e50b3be3b74340

SHA1
24a8e3a5caf74edd5ea8a7ad638a3eb06cd24af3

SHA256
c91f696d096c06ae72ac429f47a9508fddcc1f4ce84486903b9d7a7f9a58540f

SHA512
684122c2b067928f67bcc9433eaa960054766e1886dca3f478a3bed4dc9e3a8ce2931088cb239e26ab40c3e3ba9d10d779198a60e270d684ecd310c062273bea

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\HearthstoneDeckTracker.exe

Filesize
10.8MB

MD5
4ecd6bac2fca7ab49c6c3e06d75d9828

SHA1
a0c6917e80815a6c7d9616d477c386d2663c2e69

SHA256
60bdfcfd4df10f6eb06521be58afec2c5010e27512a4b95afac264f515e428d3

SHA512
ba862d55ecc146294933a63c7694b317ce429afa4a5aa890a1eab41c512c86985a5c1ab5859266b6e3cb99a63928a32499b7e5dbdd26348217701740814d5f22

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\HearthstoneDeckTracker.exe.config

Filesize
808B

MD5
488c707fd664052c4014f965f277adcd

SHA1
9290a6f1c34cde02abb16ac32db005708adc7b70

SHA256
703b977a3f38dab4acad4e7d90c90f37e38a3df1d84e2aaaf39580f7fcf67aa2

SHA512
b381e439666253521a1f2209dd6e473d98a3a07aa68d21c596a087a6bd6dfd9fffc773d1f6025349298e7c291cea97555959bd4d7a5159fa78173b179271bf45

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\HtmlAgilityPack.dll

Filesize
171KB

MD5
7f0f463ce244eaba7eed328cfb00f46d

SHA1
24ff2f00747c1465939a0c15cf3ea1e8706049f6

SHA256
5d4988faf3c793055c09df30cdac6e495523185e1ff28ad971d0815b49aecf50

SHA512
8076f263931e8fce9108d4dd16322670db275e0293f4b584d283adbb1443a881993f95a56d1e9eb7e704b2456866f2e55594e1783bff26ca7176c97dd519f661

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\Images\HearthstoneDeckTracker.ico

Filesize
278KB

MD5
86a70ec53fb53ccc0202c874e17e37b3

SHA1
9f98bf62d43f4da885d797cfd4e6e85083087d55

SHA256
dba2ec92dab4ebbeb7b9b0560d9fa8e7918768274ca69a978fe0f000c4cb200b

SHA512
ab8aa7a5386e6ac8db6e369d807d826a225a1251e5ce20681d75f47be795934ceab45dff4fd826bb1da7f14621b9443dea20646704d7619d736f4cd4d5162219

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\LiveCharts.Wpf.dll

Filesize
222KB

MD5
806549245f29b4c9e17d39f2a3389920

SHA1
d5c7c27b94255e782a7d2d79809c59b0da5b5199

SHA256
6b070fea30f1643e2198046c78bca934484509c0c613229528bcd6e969d4488d

SHA512
750593d0d89ee2c17d726e2403900c5f851cdebc4208fd1ddc7a1931010ab6757ff8c2304c35b8d9d326ad0ae5cdb1b54e28d876abfabfe555bf7206f468d7b7

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\MahApps.Metro.dll

Filesize
1.1MB

MD5
b71d79c5cb4b633f69e687c15bda89ad

SHA1
bff15df406d84a8172cc8d21f3ecc8a4aff90835

SHA256
5d1b9be14ce752624a11bef4f3f0fb4f1535084dd9c026b645fb6bdc1c2f5944

SHA512
b0c7db4833239c91be4c9ab2a05a3a0f62633df353c1ac9dbbc4bc92b0a371a4aa2ded8a367429b7e8418d0f27a7d87c3ddc10fb5d126fd831096c5db1095455

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\Newtonsoft.Json.dll

Filesize
683KB

MD5
6815034209687816d8cf401877ec8133

SHA1
1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

SHA256
7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

SHA512
3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\Splat.dll

Filesize
54KB

MD5
c2a954108cf77846c125f7eb5d203d52

SHA1
858df5849e30e836472b0fc73f437cbac2fa1163

SHA256
d7ac1a5b38d99584412a94f51340d3c19aad8b171468cbc1e149b19937c5a646

SHA512
2834c255097d2f5fe71a3e59ef37890392a898515f507d847a7d5912243db1e8918bc5302a504e5a3addf9f5a766eddae2ab5338086be6cdb90c549ea1a937b1

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\Squirrel.dll

Filesize
243KB

MD5
4733660a78977fb9816b4cc593f23037

SHA1
8448faeae1d2bf66d4a007c0d955595924a758fa

SHA256
38f1f4015d92a0d454ccd890ae93e50800e72bc933ea3a874365e1ec19788f00

SHA512
5de59d02bb30e886e12628cacacf775f3844fde7f18159542371395340c939c68180fa0bbf7f9d5f76e612d5f17a3f61db4f0b316c0696c4399c520b5c7c57eb

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\WPFLocalizeExtension.dll

Filesize
90KB

MD5
e2b4b9d825487d65e6340d1b2cc81e27

SHA1
818209e7f021015acdb7fd6b2a07414708abafb4

SHA256
dd374aab7a7af65edb0c6dd73976892069259a2d9bd88b78c57d14b9a82af12d

SHA512
85becf8f4273da2ddf3ee222449db7d00feffdb353e3e98ace4baa42e087f47a5a2640dd75a2f408bb7fd979b0b5c48f872dd076fdfaef8cf6ef7dd3ad903b68

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\XAMLMarkupExtensions.dll

Filesize
40KB

MD5
84178eeebf923d03e3e59013130b9ce8

SHA1
e396c655dac7d9b462d80b68caf5c10506343e87

SHA256
7b2948f947f601b11387e857a32711c06d880aca4be52938864d558da2082542

SHA512
1be10101f76d33b1230b557adb6b81982b69f799be07f45b0a9430dd7310de7ebf69937a6768374047e74f5370687c8d3ee372cd6ff0cacf1f4d5b35c4a599dc

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\de-DE\HearthstoneDeckTracker.resources.dll

Filesize
172KB

MD5
dd84bb3e9cc561107be126e72e148a98

SHA1
1294049492122a42d4dcb965f8b03980fa1a361a

SHA256
da43408e94ba994ef468b8bc116bb0fbbfc53a7deafffe1967728fe516d247a2

SHA512
11a1ec3d91234123e5d902340d2ee3097d6bb56cfd191aaf940f3f5002ddbe994e54ab5d17e4ed22e2664d920daeb4dfb2ad40148016af83711dce2f7ba46761

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\es-ES\HearthstoneDeckTracker.resources.dll

Filesize
172KB

MD5
d2860d54adc1e7de64077ea380edfa5a

SHA1
efc4b4942dc3352dec940d079ee052b96f8fda38

SHA256
de9f96e758fd71913507d8918088969253cdbd973470f18b9ae35a663ee4c512

SHA512
47c4399f474fb19a8dfa7464f8b248aa3aa0e28ca034b5ae122ca1b4bd011e13b88ab044f39a8ce438370568e2040707bce4aa4f5ed4eb8b47add2480d9f5975

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\es-MX\HearthstoneDeckTracker.resources.dll

Filesize
172KB

MD5
976c90872273c3529e05df286bf8a4e3

SHA1
f01a9059b169441ca0b6a370be094a497b0817cb

SHA256
e6ffca7c65d1ef25f3613738e3e9a6137166e6c74437fb3ff01fac5a3fc79482

SHA512
3f7a1c4e5a84af982c0e4ec078e6f805cd0e8cadf4967a9e1b7751b07d3325e1981074f91adb025d461b2191262d08f71f64972a8e68c164c2d676ffc2d7e8d2

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\fr-FR\HearthstoneDeckTracker.resources.dll

Filesize
177KB

MD5
341820839d8a0475e166821048074f8c

SHA1
09ce3297090026fccd7a991a9304c59358e39fcd

SHA256
d9aa7c62bf226bf6fa48b3cc17f69ccb15b5fd0c2bbb9cccfcecae859d24a484

SHA512
ba3fc3481c81f2f2cc57269e62d68103da84d35eadeec9bcaa9ef3fed3105c2afa0a4815140fe4766091ff42b7264b71139dce63a8c379684e306dfb9b892c92

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\it-IT\HearthstoneDeckTracker.resources.dll

Filesize
173KB

MD5
610dff3268a0c700d58a3b30c1c49187

SHA1
e3f90a5e100350efaa896be089704c8c7e89147e

SHA256
61383e0858b8b3a04a5def0612cb52cf307cad5a4ffd8f0bd3e1bc28ba58016a

SHA512
df3a4361bb6ad06b070cc7e46f18021263a1664641d5607cd010de392925bcdc0539d0bd7cfb39a9200b293f7645b89ce4933fc0cda8b5cbb9fad611e64c6e4e

Download Submit
C:\Users\Admin\AppData\Local\HearthstoneDeckTracker\app-1.31.5\ja-JP\HearthstoneDeckTracker.resources.dll

Filesize
179KB

MD5
fa7ec9d18386067bec997da1611732bb

SHA1
d5004cc15fed00badd115bec2e4fcafc21369565

SHA256
b49d22f676cfde9d15a06cc9310d7c999cfe28517500e1e4b4e5317787779c55

SHA512
aca38e64a2eaccf35b112ca695adae0ba518213285b0d83ce10c59dd1132290817ecb53e233690c83a28435bc1407cb1c4aab5be982dbbeaca4c12039c1a464f

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
94B

MD5
2cc2c4bd55d1820042406bfa1d1c7105

SHA1
5a00372c876c27d4b9a14fc0c903f9d0208734df

SHA256
12064235c8d85f468fb3321f6aeef84c843972ac5e85cdb599dd184bde68791a

SHA512
5d99400b61555d8994cc8ebf02308643efc78bdb8f884a6c8a22a47c8ea49e563596be006914b4d88040c882f6c656188780665e589ead1f4b081c9187e8ffc0

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
9e2f80d48052976c0bb8a15e9567bad8

SHA1
03cea10cbe15ffe7be9c7111c491b0be7d8e7f0e

SHA256
29acc298ffe9cd705f48c187551ee02960bc4a1853b8c07d83ac443b09eb8a8c

SHA512
e8ca616528497ff3c8eb8fa4d7a04477b9b5c1c3872574f835fe411dc922bdbbbedfcd9756da2687deb16c7d20e2f790db0e9f3b584d53fd5a66e347cb3d3283

Download Submit
C:\Users\Admin\AppData\Roaming\HearthstoneDeckTracker\PlayerDecks.xml

Filesize
264B

MD5
9e9b30c803b020d10ba89d87f611ac10

SHA1
570473f9d6199dc728263f5f448b34ef9dafe03f

SHA256
a610ec69c77df45e9a856facd30e7d9b0af0a02be5f29f134415fff3887e1a0d

SHA512
d5ae0c412a9eb42b544d680fa54729a04d40c355aa2de1a7abe97074e79311a8e856a62a5089df0756b37a81ee1785fe2d3f736e2ea59386b90e8f4128ffb0f4

Download Submit
C:\Users\Admin\AppData\Roaming\HearthstoneDeckTracker\PlayerDecks.xml.bak

Filesize
264B

MD5
afef6f2af3d256e9e13f8c671dbb80aa

SHA1
b823e927af6c222cacf1603a2f0b28bed0cd356c

SHA256
869a667e8cac286db614e39ea0e9f4015d834518d6cdc1effbc8c2afc972b8d0

SHA512
1c4ed84144bdd94359799205edb5e6adecdc3f360807f3a62e4eef20ef3acca63a848e6fddd2dcf360bd3fd69688d1e855de68b550e87da5f53a9c686129c9bd

Download Submit
C:\Users\Admin\AppData\Roaming\HearthstoneDeckTracker\config.xml.tmp

Filesize
20KB

MD5
20982096dd16909138a1125cc4091fa0

SHA1
d20f68ee4a518463ad1bfe94dbde7d6565242fe0

SHA256
2f4317242d6baf5d11ff50efb69f1f7467277378587f082613bd721d1108c5b7

SHA512
a73fdaa9d4e055ddd15a6fded53f0fc7f92ebf3e531ca6cd24b5d62ceadc86c642616bbf883988b0db1b9bfef8e26c7a1648f9d8f12e1a77a892b66cc8ebf160

Download Submit
memory/1236-279-0x0000000007E10000-0x0000000007E48000-memory.dmp

Filesize
224KB

Download
memory/1236-280-0x0000000007DF0000-0x0000000007DFE000-memory.dmp

Filesize
56KB

Download
memory/1236-278-0x0000000007590000-0x0000000007598000-memory.dmp

Filesize
32KB

Download
memory/1236-7-0x0000000000330000-0x00000000004F4000-memory.dmp

Filesize
1.8MB

Download
memory/4072-290-0x0000000007210000-0x0000000007234000-memory.dmp

Filesize
144KB

Download
memory/4072-346-0x0000000007900000-0x000000000792E000-memory.dmp

Filesize
184KB

Download
memory/4072-282-0x0000000006520000-0x000000000653A000-memory.dmp

Filesize
104KB

Download
memory/4072-311-0x0000000007B10000-0x00000000080B4000-memory.dmp

Filesize
5.6MB

Download
memory/4072-316-0x00000000075E0000-0x000000000760E000-memory.dmp

Filesize
184KB

Download
memory/4072-320-0x0000000007720000-0x0000000007774000-memory.dmp

Filesize
336KB

Download
memory/4072-298-0x0000000007280000-0x00000000072C0000-memory.dmp

Filesize
256KB

Download
memory/4072-310-0x0000000007100000-0x000000000710E000-memory.dmp

Filesize
56KB

Download
memory/4072-306-0x0000000007370000-0x0000000007420000-memory.dmp

Filesize
704KB

Download
memory/4072-324-0x00000000076F0000-0x000000000771E000-memory.dmp

Filesize
184KB

Download
memory/4072-312-0x0000000007620000-0x00000000076B2000-memory.dmp

Filesize
584KB

Download
memory/4072-332-0x00000000077B0000-0x00000000077E0000-memory.dmp

Filesize
192KB

Download
memory/4072-302-0x0000000007260000-0x0000000007272000-memory.dmp

Filesize
72KB

Download
memory/4072-294-0x0000000007190000-0x00000000071AA000-memory.dmp

Filesize
104KB

Download
memory/4072-328-0x0000000007780000-0x00000000077B0000-memory.dmp

Filesize
192KB

Download
memory/4072-340-0x0000000007810000-0x0000000007840000-memory.dmp

Filesize
192KB

Download
memory/4072-343-0x0000000007870000-0x00000000078A0000-memory.dmp

Filesize
192KB

Download
memory/4072-342-0x0000000007840000-0x0000000007870000-memory.dmp

Filesize
192KB

Download
memory/4072-348-0x00000000079A0000-0x00000000079D4000-memory.dmp

Filesize
208KB

Download
memory/4072-351-0x0000000007A40000-0x0000000007A6E000-memory.dmp

Filesize
184KB

Download
memory/4072-352-0x0000000007A70000-0x0000000007A9E000-memory.dmp

Filesize
184KB

Download
memory/4072-350-0x00000000079E0000-0x0000000007A06000-memory.dmp

Filesize
152KB

Download
memory/4072-281-0x000000000C7B0000-0x0000000011D46000-memory.dmp

Filesize
85.6MB

Download
memory/4072-349-0x0000000007960000-0x000000000798E000-memory.dmp

Filesize
184KB

Download
memory/4072-347-0x0000000007930000-0x0000000007954000-memory.dmp

Filesize
144KB

Download
memory/4072-286-0x0000000007110000-0x0000000007124000-memory.dmp

Filesize
80KB

Download
memory/4072-345-0x00000000078D0000-0x00000000078FE000-memory.dmp

Filesize
184KB

Download
memory/4072-344-0x00000000078A0000-0x00000000078C2000-memory.dmp

Filesize
136KB

Download
memory/4072-273-0x00000000071C0000-0x0000000007202000-memory.dmp

Filesize
264KB

Download
memory/4072-269-0x0000000007130000-0x000000000716C000-memory.dmp

Filesize
240KB

Download
memory/4072-336-0x00000000077E0000-0x0000000007810000-memory.dmp

Filesize
192KB

Download
memory/4072-265-0x0000000006E70000-0x0000000006F82000-memory.dmp

Filesize
1.1MB

Download
memory/4072-365-0x0000000008FF0000-0x0000000009012000-memory.dmp

Filesize
136KB

Download
memory/4072-366-0x0000000009020000-0x0000000009374000-memory.dmp

Filesize
3.3MB

Download
memory/4072-368-0x00000000096E0000-0x0000000009700000-memory.dmp

Filesize
128KB

Download
memory/4072-367-0x0000000009730000-0x00000000097B4000-memory.dmp

Filesize
528KB

Download
memory/4072-259-0x0000000000C20000-0x00000000016EE000-memory.dmp

Filesize
10.8MB

Download
memory/4072-260-0x0000000006240000-0x00000000063C6000-memory.dmp

Filesize
1.5MB

Download
memory/4204-402-0x00000000140C0000-0x0000000014110000-memory.dmp

Filesize
320KB

Download
memory/4204-434-0x00000000158B0000-0x00000000158C2000-memory.dmp

Filesize
72KB

Download
memory/4204-398-0x000000000BF60000-0x000000000BF70000-memory.dmp

Filesize
64KB

Download
memory/4204-397-0x000000000C1A0000-0x000000000C1D2000-memory.dmp

Filesize
200KB

Download
memory/4204-400-0x0000000014180000-0x000000001423A000-memory.dmp

Filesize
744KB

Download
memory/4204-401-0x000000000C1E0000-0x000000000C1E8000-memory.dmp

Filesize
32KB

Download
memory/4204-404-0x0000000001D30000-0x0000000001D5C000-memory.dmp

Filesize
176KB

Download
memory/4204-385-0x000000000BF90000-0x000000000BF9C000-memory.dmp

Filesize
48KB

Download
memory/4204-399-0x000000000C250000-0x000000000C2B6000-memory.dmp

Filesize
408KB

Download
memory/4204-382-0x0000000009870000-0x0000000009D9C000-memory.dmp

Filesize
5.2MB

Download
memory/4204-380-0x0000000008A50000-0x0000000008DA4000-memory.dmp

Filesize
3.3MB

Download
memory/4204-432-0x0000000005DE0000-0x0000000005DE8000-memory.dmp

Filesize
32KB

Download
memory/4204-403-0x0000000014320000-0x00000000143F4000-memory.dmp

Filesize
848KB

Download
memory/4204-433-0x000000000BEA0000-0x000000000BEAA000-memory.dmp

Filesize
40KB

Download