a45ab1b5ea9dc10286fcba7b397d9aa5320a68de991c8839bb829f5c7dcfce79

Analysis

max time kernel
1795s
max time network
1139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HP1 Setup.exe
Size

255.6MB
MD5

0ebfe95e8c7fe061a51de599cc7519b8
SHA1

8eab8fc090e3a4711ab817b7a05b3b6ba2074619
SHA256

a45ab1b5ea9dc10286fcba7b397d9aa5320a68de991c8839bb829f5c7dcfce79
SHA512

f394357f397d2a041bcbcae7e7de4a36ab8537ff7ab25dbae9849df90676c275d4f1fbf258c198f94a1e6173f7a560fc25319c32dcf3369b863e6a96aea92737
SSDEEP

6291456:0daalosqwk7jrmPKY+kzcUCqeODA/F/OoQdSwHFiHj:3ays47FLkbOODAF2liHj

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	HP.exe

Executes dropped EXE 3 IoCs

pid	Process
4592	HP1 Setup.tmp
4468	HP.exe
2472	HP.exe

Loads dropped DLL 14 IoCs

pid	Process
4468	HP.exe
4468	HP.exe
4468	HP.exe
2472	HP.exe
2472	HP.exe
2472	HP.exe
2472	HP.exe
4468	HP.exe
4468	HP.exe
4468	HP.exe
4468	HP.exe
4468	HP.exe
4468	HP.exe
4468	HP.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-B8RUU.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-4P8OV.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-GGN8A.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-9JHP9.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Maps\is-M2RAG.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-168FS.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-PQD84.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-2HTBR.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-EUL9B.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-VETMB.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-RVMJP.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Maps\is-L58CN.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-0RLLQ.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Maps\is-7GMJF.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Maps\is-13GVD.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-DDOJF.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Help\is-N20VJ.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-9GNEJ.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-4JH50.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-VHE43.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\is-T3KQL.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Maps\is-2JM1R.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-UO7V8.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-VKJNU.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-2VBH1.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\is-NRG3D.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\is-9C0RD.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Maps\is-EQ9B8.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-NA9VB.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-5250J.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-PB9R5.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Save\is-JQG3V.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-HH354.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Save\is-VBAVU.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-UL218.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\is-9UB36.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\is-F5LE6.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-A8FG8.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Maps\is-RFCIE.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Save\is-KIEL8.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Sounds\is-B2A7L.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-0RBTD.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-M5JRM.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\is-ISGLR.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Help\is-2FTTL.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-3GFF9.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-3TCSI.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Save\is-5E07C.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-B30FC.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\is-VLAKP.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\is-UQBFQ.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Maps\is-53QJL.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-QFBUO.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Sounds\is-SRQ5U.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-QB0GQ.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-6Q48A.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-EF0EQ.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-RO4CO.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-2S19N.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-PDDN6.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Music\is-JLT7S.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Sounds\is-90NVV.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-J2FNM.tmp	HP1 Setup.tmp
File created	C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\is-4OM4H.tmp	HP1 Setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HP1 Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HP1 Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HP.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{4AF8B646-DC88-4143-BC76-BE4C5B2D9237}	svchost.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4468	HP.exe
4468	HP.exe
4468	HP.exe
4468	HP.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4468	HP.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4704	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4704	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4468	HP.exe
2472	HP.exe
4468	HP.exe
3312	OpenWith.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4348 wrote to memory of 4592	4348	HP1 Setup.exe	89
PID 4348 wrote to memory of 4592	4348	HP1 Setup.exe	89
PID 4348 wrote to memory of 4592	4348	HP1 Setup.exe	89
PID 4592 wrote to memory of 4468	4592	HP1 Setup.tmp	102
PID 4592 wrote to memory of 4468	4592	HP1 Setup.tmp	102
PID 4592 wrote to memory of 4468	4592	HP1 Setup.tmp	102
PID 4468 wrote to memory of 2472	4468	HP.exe	103
PID 4468 wrote to memory of 2472	4468	HP.exe	103
PID 4468 wrote to memory of 2472	4468	HP.exe	103

C:\Users\Admin\AppData\Local\Temp\HP1 Setup.exe
"C:\Users\Admin\AppData\Local\Temp\HP1 Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Users\Admin\AppData\Local\Temp\is-D6RRT.tmp\HP1 Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-D6RRT.tmp\HP1 Setup.tmp" /SL5="$90258,267604656,163328,C:\Users\Admin\AppData\Local\Temp\HP1 Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4592
- - C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HP.exe
    "C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HP.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4468
  - - C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HP.exe
      "C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HP.exe" testrendev=D3DDrv.D3DRenderDevice log=Detected.log
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x428
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Help\is-N3T8T.tmp

Filesize
35KB

MD5
be4a0c5ce7f4264b420f32f6963ff0d9

SHA1
99a7fb160944ed0b20902934bcb04b8f88bf0fd0

SHA256
4ef8cd3d25734afe3eb0d7c0bb4dfe9e8102ded5a88a1ea4ec2491238b8a6e9a

SHA512
38dcf4cd303d00ab9d9d95c837cd48ebdf85a8c22d48a087d81fbc3638cb3202c1e1dd51377256a1eb044cc3ae42a35474b0c633b54527b169a05c6a470ee7c1

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Maps\Entry.unr

Filesize
2KB

MD5
59334a87881a1b0572a2ef2ca83f20af

SHA1
20d1d7e85a8808dbb3fd2d90f88fbff99d09255b

SHA256
ca5c1b6b18e6e7f54222a69bf380dc7e5ff16f5b37fab704809f780f3987904d

SHA512
4d7cee31a5bdd6c41256590f2036fd5227d0f39f706b7b4cddeda5a456791193aeb9a53746c67df30bdb36245df19102f349f2200f2750d28cbb4fdac38b71bb

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Maps\Startup.unr

Filesize
10KB

MD5
30e1ac67083158f206fd656fdd810ba3

SHA1
96438148e0180b5bb3a86f3752cbe43ff8ceb039

SHA256
cbf71b9949b080103ea897a3efac3b7622ad8eb02b82b8bb056407ba6426fa8d

SHA512
f653e61095c1bdb914517774bce2f4f3629c32a187094914342ca3cbf366a5631e58eda71a7a94d131ce6d2fdf5cc3f1403d48149587bb71b831257976610d03

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Core.dll

Filesize
840KB

MD5
dba015a4f44b7fcef1c607831dc4ade8

SHA1
8a68e024344061ace21b1f0ae1c664a3a0572639

SHA256
60f441ee152e13fa79de481901645ddc65638b97142e2e3570c1e76e3de8c788

SHA512
a055dae4c7571e9fe7c38a3212f434eee80c4d421b4a4a73438a3e7607a4a05fb09211b4f7e83970c864ebd322406ae3a0bdbfefa9c8ce301def506592031c0a

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Core.int

Filesize
3KB

MD5
6c13da1f33be4d32b8251e1bc6126752

SHA1
8653ef33e31f531c5ecc9c88bee352af079f1f7c

SHA256
3fc4060861611137172b4612a488fc7cf004b662aa5a0598673f44ecd9695b5a

SHA512
932f21d6cf81adc980c073f506697b99f07ac04afbc1f7d56dbdb2b1b707c6049b84379073d0a19ad9706c8ab27a12a55a4e563b5de7ab787bdfcf277db3fda4

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Core.u

Filesize
60KB

MD5
861d821e74fe25223d856af036f2694d

SHA1
b3b844bbb25143efeaf25b220cb4437089a44654

SHA256
b9c9766f1b294f503ab3d025e2753a094b0ffdf2b8d864ccdfe7615fd998e6f4

SHA512
b55fa767873dfdcb0760a7e3c4dd70c3bacaf433396eb558325f50cfcba95073694e2a4486a9be2459d5421b0e67c7e3406b69c2892b302d0f60a1b4f7e3f01e

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\D3DDrv.DLL

Filesize
216KB

MD5
839942c29e51b4bc7b999ae2350438f1

SHA1
cd2cbaaa9c37aeab0bc799d2791f8d8fd845abe5

SHA256
7683b11647dafe3926eff7d0d055abbe3d728648a19f5f8a613fd03efd151599

SHA512
e1d7c1222e8e54352728cf41b85b8aa17f553691291c0b3d24eeccf4c85c7689efb76f0cfab3027a538806a9d47812238824184df5037e9476724f9567ea91af

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\DefUser.ini

Filesize
4KB

MD5
bbc8f48e92c399d1749c82a4651f0e33

SHA1
5e95af5762d4a1049afc0824410ba40ecaddfad7

SHA256
dd809271c47227acea964eacdf0f0e29cba46bb4e3a8790e0e3aa6ad568fa552

SHA512
8bf69a14b453e6ecd949e209d4b867abe0262b8a07647b20edc21789b31fca80d517aba0c812255ba6933e46453760453df79d9ab7bbb4d62e45277744e16ff2

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Default.ini

Filesize
10KB

MD5
0345b6f2da8870bdf533d62f6258be14

SHA1
63f4f8df56e91b973921416ba21c1562d9b36bcf

SHA256
df2aa6e775d19e5ebbccbfa75fabc3346d0486b92dc9bbc0c00cd7363ff0175c

SHA512
c4cd02ee3f6bbc81f088ec1295d5c1a25af43bbb966f0fabc6c76eb6e2750d5d12085888d8fcf2a06f5fc0bd74f7c04b979d9c489e0440e71e3f3a8b8a0af19d

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Engine.dll

Filesize
2.0MB

MD5
4fbbefd78810e27fa36507d325ad0429

SHA1
318353ee6c160093a8c756d61c6742a2f16fe4df

SHA256
7756a2a3df7198d72f4706952196bee8adb3b79edfe7c8b3a5e4d2e3593d8ebc

SHA512
b0f64600146a4de8c0fc6e817dd2783e2df70519cb3590ce172872eac0a897d630bef4146a64fb26719a8a3fdcb7e09d19f42faf8db973a41b12c20b3a2499e5

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Engine.int

Filesize
5KB

MD5
751bf6fc5ddef383eaba74973dfc34b4

SHA1
90da2cf20ad59fc8bfdcdfb69a7c64e9b9e4e5e6

SHA256
057b2fd34d184b1e68ad515d80b30e46042468e6615760c001a894bf34cff48d

SHA512
353fd7d0f4eb60518f3e93e753d30019db61913d6979b178ac6164f66c80895c77e693ff34c89bcbbd543b5d652d012c3d2a710d65f084c9d45ab3cd9d79c38b

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Engine.u

Filesize
4.7MB

MD5
b6fba98c7114bda727d6c7e3e458a7f5

SHA1
55bd84e2784fe13059701ba43dbd750258e84648

SHA256
b3661a1d2afb1f730ba5bb3cbd2a6716efaf55fd0d8cefa753b69026a8bc5a85

SHA512
1a33c5d91b5c231482cbe1e098100fa61593380bbb57eabceb062527ed12453a2f350e2d4d538a13e54171e0d164ad6b89b5bef174ceb0f967ab080429cdfe65

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Fire.DLL

Filesize
104KB

MD5
2158d83e72eec616a9474600eafa2c49

SHA1
b5059b1fbc308674a0af03a551689ef379c7eb8d

SHA256
029ff9562c68ee502ab0a02963341e2b00ab42c4e2d1a33c268f306dc3c13041

SHA512
4c73b6b8257bb40e7e7380fec2ed28b91e5cd4e9b68664fbdce02865c16d995d2d7da59b7fa7bc4ba769143ff826dff82a70a13f1605201ee6c9feff401e55b1

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Fire.u

Filesize
14KB

MD5
723219b9d19f129664278491e5fdcefb

SHA1
39899eb9e8285a970da9cd7e1c95d73509ead4fd

SHA256
a4314b46702d0ebe2ad81d59c04c7791f66ef48bf150d40f01cdd30bb161df5d

SHA512
3b4979eea55b7b2d8d3f6df1ca062a9bd32d2c11b24b91110ed731ced367e9e7b3babe056cc08d69c20873efbe8ff42e34e62fefc93fc30ecbf1acce576515d3

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Galaxy.DLL

Filesize
336KB

MD5
be9c9093d26dd57c2191ef4854fc8f31

SHA1
03cc28bf54e0165843bf34df94f1d61cbd6f553f

SHA256
5d2ce3c62b09de73280316066ea852a53eefb900a37053816ad966b485ae89d4

SHA512
44beccf7cb62306053900c3867087b9da5e20be250b1e12f3778b1ccff640a240102b437728d1d866c1c9264ff4cae462575d4008966f7bc50ecb8ea00da66cc

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HP.exe

Filesize
1.1MB

MD5
abc3b0662e0f567a909c301be451f18e

SHA1
97882c5533b8eae434b10fab743f812a2993cfe4

SHA256
43b2d1471bc36e3290f4474badf4d0fd84b674e4aa820fe4fcbd75dfbb2903bd

SHA512
da216bde46ae9ccb6e75246dbce414ded78cb10afa3af887e644da6df1661bc8cd11ff1403e1e462ed2aec4ebbb6932bb2677776a0f01c64ba915e71ea2df0a7

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HP.spa

Filesize
125B

MD5
6d33639068dfd3544af34f335ab64764

SHA1
26a64219e5b4d08baf805a19c63b9458a0e7dd88

SHA256
d5516d7ef9427c5408ff96d0efb1e48d759b643d3b173e2e624e55ab42ccaa7b

SHA512
48a5092021c2e5616e009e2f7f88fa2d4bc3fd25b2289ef0e71a18b1c65893013aefc70a82b2343bffe439cad58858f182010243478a0dc5e5c94e55a3974409

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HPBase.u

Filesize
4.1MB

MD5
cc00ba12f7fe2fe26f778c23e15dc7ff

SHA1
88cb1a9544570d0df481f8ce395ae73027dc83b1

SHA256
0cec62e098ded3a16024ee15dbc982bf9662b443f630cd19890b7b5d325bf503

SHA512
a798abf19e04691ef17f0424fe7e09d035f0d4f94765eb14ba9c589333f8d0ff42a5f70dc945d0f09ba9e0af508a85f9b4761fbf5e3b5e4621a032ecbf8c5686

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HPDialog.u

Filesize
11KB

MD5
1a99c5ac1a3d2cf7864d68a4b9acea06

SHA1
edb822bd82210420f9f724a73655f484ae1eb491

SHA256
ed4e9a91e2d2e2f19ac853156655587ae1c0a2280d5eb7856a051d5bb1cf8642

SHA512
f48218ff94aabbdbb5e7c8031c558d026a21fa13ffab142bc5c31c7204209c1199ad05d9927b4e1c89659c266d1c0f2e02f8c86af1bef192d973306a465cc634

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HPMenu.int

Filesize
21KB

MD5
d134f0502716afb42391d14f873e22cd

SHA1
ed9b9b37dbadffd7dd99df2a473cf280fe5bcfce

SHA256
96c192db44bf168052a9a2243a11d0ef1aee3430ef38a2479e8a6994178e15ea

SHA512
34770ef38582576acee9ac741f5a780291485ba06b0c81b212a44a1784b52e6fabeadaf5bac89e2a037b87c2a79fc68fe0548e9bc6b27819871f4994724d6188

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HPMenu.spa

Filesize
22KB

MD5
8cedd50a5dc25942a27eb965b7e91111

SHA1
0982dd2a57dc9c65944bef3d17a3e557bd3a1d87

SHA256
4922eab518c1073aafbf22c7ed2c9716e561ebe6485416e3c0fef1cbcb026e98

SHA512
48f547035b6163645ed09be208bf37ca637129e08bbe4dd92371ade09aac2a83632c3504555449fcf2394ace05034c3da82797830b8c2798062dfb9617ed7f1c

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HPMenu.u

Filesize
13.2MB

MD5
8dc03567695adb34953c9e6dcad0590e

SHA1
3d9aa80167bafacfc348eaf6f7a02b5ab56041f8

SHA256
42da2a2f43ac6a15ea87eace4ebd59a69bab7685cda854e9e7a86e7e6d9c6dbd

SHA512
e69ba1f1b10bcba0984401667af9731784e336e68f6216ad7e07a340507055a2f55810460a43d20930035f25c6ca2878d4e77fc45d73f65b7a0f3c816a5726bd

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HPModels.u

Filesize
16.2MB

MD5
6b09540e76791d34c793cd7822385082

SHA1
09f71918f91e4550723ea2278f41fbb31046a876

SHA256
45ecb483a5b2a52e8f17c92326e21cde06eab2b501fb7d539052beb4408c9b65

SHA512
4b5667ed6220c3ed4f20635df71096c07144791bae0e534c526df09c1e680dd48bff72d425b9cdb6dc05ca5861ebcb00bf4f1aae320cdc06ea5907d4b15d5119

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HPParticle.u

Filesize
2.3MB

MD5
2a7f2b221db2942fed81067ba50eff93

SHA1
6ab3ff9d7fa8a7c953cb0d8d40724f6dfdec0f50

SHA256
ea7e5f22c23c3983338f7e974fe5922a4733eaaddb930b02e4d913f10b32ad17

SHA512
e9b750a608b1dea27fa74fbfaab38cb5765934263d065824ff43846d079d8f43e335a666cb6afc565ab0cd697500b69bccc071afcf8498edade5c2e81c4af209

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HPSounds.u

Filesize
28.3MB

MD5
dda184c17184504f1d05538efde14fe9

SHA1
44232de422ac2e736806c870970e026c184989bd

SHA256
1b3a1bb8534cca8da6b19781cd956b00f91215bdf61ce3a74fd1282a6598ddd3

SHA512
ce89252ed0a69ebedb9dfab172e892166eeb2bea2643e98a32e22f705bfd073c7b37b91b2f60834b48776b809a44722d4df5971f417c9623b8453154766d4c4e

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\HarryPotter.u

Filesize
13.3MB

MD5
05642dfc4a57958a3c6eb2db9debbb84

SHA1
c53f048dfe7ac1f12801866d2c5a85a7afbc0186

SHA256
5f18066ac7d6a64ba315a19753308613c0819b3944da551a17bd0f710560cf60

SHA512
27d7ac0588313ffd6ddc70e9fec568b2ac595a401f596ab6c21ab59c16f5f1536de69bef8b578268cc3ec95943ca8b3ffc80882e71877035165fea3cc3dddf5b

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Pickup.spa

Filesize
4KB

MD5
8b08d1425465f5fb8a8f7104c871e3d2

SHA1
0f9bc1a157bcd7e2bf4f4ab3528205a3afc54390

SHA256
800d90637507cf64a34037ad1fd8648703d23bc1269663b0f79554e33435fc00

SHA512
75eac88ac3358df4cd9994520372836c8dbe1da9f0628772f076e6106a288e0c5d8ff4f7c29069dea4eae3c43077f3c992fa0c64ef9d58e12c3bd19c31485ee1

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Render.DLL

Filesize
288KB

MD5
b5f9e9b6d36ce1f776ea2d8be7d99963

SHA1
8364fe75196806385aba117ce5cca3a0af186be5

SHA256
41c0e9939cac1833978c15bb10a13761b3559ad929f060ec88b6aae8b96bc55f

SHA512
0e975ec3f9ff4d3c2f85be0013c3fba79ce66d0b0b1d265047ad381fcf27d92a98d07a684e5bcf68094ecdbd42928d89bf5acab78f07de2f5baa49af4c1fdd53

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Startup.int

Filesize
4KB

MD5
60693b86ed590885c55478dfb7c7fbb6

SHA1
e1bb624006c3bdfb9b8023e02f4918c6404be5c8

SHA256
fcafdc113c29828ab71c9ab20264bcd12c456142ed41879af3dc308221fd88f6

SHA512
b8bda1b0f6c83733c865df726025f4dd3751801ae4d1e6540a46111f585e03c6d2bc48e7782214535df8150c03969f9a1f7ee3e55e357f61e9df0eb86f981bf6

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Startup.spa

Filesize
4KB

MD5
fa0fd5a97c74f25212dd9252562b9913

SHA1
4e5d486d38b4e552d659cbc849485df6835c6a69

SHA256
580177fe4f836c4c8207a69ce2d85bfebbcc7b5dcf2067d57069816160d4236b

SHA512
9e67930648a5af5e1dbd803fc39f76bccb8cc94e6cafda5fd6098d05f60312b6f181b8645609488d5437b86b43469d10b426b5ac06acb4803f176f82283fee5b

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\UWindow.u

Filesize
769KB

MD5
033675b1235ed89e56498a1b36baa532

SHA1
4623a16308ffd02995c28f0960cc291b9b87c565

SHA256
b75f83ba7cbafd163c94ee0c8a5bf88e450ebfc43a8cb74ebecd820d625eafa5

SHA512
dcae9ab593fc2e591901ed02ba0b6ff3c641799586886410e8bf2067c931d59f3e60f76c383223a55cc33963a45bbc005c0d98a94cfd058b83dc2216064047b0

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\UnrealShare.u

Filesize
6KB

MD5
5928577b5f94b0993910ef42764c5d3d

SHA1
6f1d2ba577bb33b87b9f512acde616a0f84b30f5

SHA256
9ede2ef20b53048eff43d3f4e99459cb29557eabed876b2b53f8bbe0dad16d33

SHA512
ab921481f3d17724e0185fbdefa6c2fac33f74b4271bf07459d23054347e53961c5b804af4950b65420e87df60c5f7bfd4d710a97405d8ff1c6209b5cdce7ea3

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\WinDrv.DLL

Filesize
164KB

MD5
b7e44d674fafbe6fffaf9f181f6c51ea

SHA1
02698d4795e223f6334639ea74e455e1e4c0d68b

SHA256
cca53d5eac40ffea2ee2e041e249624c05929dd478475b9346e27ce75fb21c57

SHA512
0fb947f26597c03a3d4c3058a3631ba6a629cd4ae1d2a644b6d8e3357e550010905f2c9b60b893788c20edc33b348bcfc5d6d9f3a41128620f6527f9041be81d

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Window.dll

Filesize
520KB

MD5
e6874931d2920b33217af7b3519bbf1c

SHA1
15ad0a45c94e81f440c8d81f5684e1961efa3c04

SHA256
4df1bfbeb2f9819bc377b3c3519d29a42a847d0d758742013e4d42747322df4f

SHA512
a34ffc91fcf6fb23004e3e2b0b893c15e8072ec7a8674224aefd6831dc0a2aee1af5497412dfa0197df6a0205454606d3008e5666951513c5fe3eebe90170bc9

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\Window.int

Filesize
2KB

MD5
a165a37efcab867be0e1f33428e5321d

SHA1
14987375c15bcc28bf5d66a7591b3959920f75a0

SHA256
112e53e265574ec85e7d2717fbaf9618b1b105aafae81479929e639decff2898

SHA512
f1dd4725e1a4fee4cd10b2ea6cb30396deee2a3cf8079d9a4644b94b3d98d9bf867dd568576cf123e463c511d012d8aa89820a3927d7dba143984698e017e3ac

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\pickup2.int

Filesize
7KB

MD5
b819eb1155c97695e901ed9d28dc3c26

SHA1
24095457966f036f4f1a14d5f985f55c121f9904

SHA256
a6f72b4633dcd086c4ab3eb5ed2fa66d67a4d53708bf2c0511be517a20f3bda0

SHA512
ddc0c62cf85402accb14b13b976c8f3fe68e210171b74166a205c6a542500b5bed503ef3ce70cd21a19a8dd1107c2a77624e74e531f446def9ff47ab5c14d35e

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\System\pickup2.spa

Filesize
7KB

MD5
3dee2396b2a93f021f97acdb8f7fb584

SHA1
caddaab81a228b1552dc9a5aac1d7d43ee31b190

SHA256
be0cc01786627f69af30cbd87f6a8b14b0aac41c6d77c70a9732641602787642

SHA512
1b2b8bc4dbeb2fdbdb8a30c5b5f37ffd66fa03a057afebb4463bd2de2a807523929198301c9a2cfda04883741ab9fd8113b21d5ea4bce6cc171c4efae7f845ba

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\HPEdit.utx

Filesize
124KB

MD5
d8648567ef4d3b9eff9e58dd87fa9f67

SHA1
a2f3a27d0ced5c2cadfca2cb60366b83e839196b

SHA256
0d97ab34542ef8a353bf813a31c324787d9e5cf1ea24bda7505bb78c49043263

SHA512
9c6a7fb18a875180928db2dde10a1506969628d027873a3cbc4aef3aad13b3cb9841c06bc3dd4123c4c265ba945defec0e9915accb0314f6e64d191d661c3ca3

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\HP_Logo.utx

Filesize
257KB

MD5
dda79a17f9826a05fa39d8acd51deace

SHA1
0916fb64849b0fae59892e25733fc0766cf4cce5

SHA256
cfcbe5c27071dfdcb6d90578905fe419a5c32946eb5a6b7f3cf0b7f114d2cc17

SHA512
9a9014b5d479d738851cb45c37c88f42de242c379fd685d1370c90661ca62984415ff89a29a59325576749402166e5e91e448c6b6e83b8e15be9640219e54294

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\MenuArt.spa_utx

Filesize
693KB

MD5
8ec9c4988d34851dc2f59a5a33e1b096

SHA1
f94d002e45f258bb246a9db2254636820d29fd9c

SHA256
8b543ad047da75c9e953b4f126fdab05b45263a178bfd2476b3fbcf258d123db

SHA512
4c3b908a2da4ec8d971385f6ca0814163a55afb9aaabd4ef14047bc0b340741b845e18a40c95c8dad52c9cad18108ead2a658c9426de0fb9ddb1ac94b59ed02d

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\Palettes.utx

Filesize
411KB

MD5
a396c2b691b8e645ddee11c62f80cc7e

SHA1
ad5a33fa0298dd2fe5419d6c2487b8ebacee79bc

SHA256
3433145468a72f36e303036811b8d3be61aebd4f68f6c6ae1eb25a9ba2507bec

SHA512
536f879d917df1f332b3c7003c3b5e31b583409c4ab294b8e2a6aa3fd4f9ca514bbd71ffb9001a9dd67fd608642f5cfe89f8445469095675ee08177b6f042eee

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\StoryBookTest.utx

Filesize
4.4MB

MD5
b245032af1432b13343db553a9563f76

SHA1
271dc29894f99b005041fb7f11750fc4daffc877

SHA256
db6880af1e56caa134cde073dad7f034e90513983b6f924670ea14b31250b201

SHA512
4ba73e69a3a3da3be81cff8c4411a2b75d6a055243c3f6834464245cd5d6753f3b19da9fef8ccd59620282a5981d80882cbc1e253984362826da32c9701074b7

Download Submit
C:\Program Files (x86)\EA Games\Harry Potter y la Piedra Filosofal\Textures\UWindowFonts.utx

Filesize
1.7MB

MD5
a7ce948456445d6489277f81b5d756da

SHA1
a196c0715a854655c0b888175222f270b674eb52

SHA256
91ac2a325d361f46948ebbbda5cf5431add4930e7466667f0fa36819606642c7

SHA512
14d611c96d2d817ad3c6c83f4f42ee43e6dab4f209ccc41b0595f1f29bf465260b815b9bf593f9e7b74a69fbdd23c27669bf81458eff7d65069be741c6b1c9c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-D6RRT.tmp\HP1 Setup.tmp

Filesize
773KB

MD5
cfa982aca74af097dea703eeeb89169f

SHA1
d9ec4f3494489a916cf52d49c401de3f977d7a32

SHA256
878ab0998b0ee0eae16a670e095e04439926a5ed5995dfd7d070c9d42bbbf951

SHA512
be3be5d6126c333fcdf47d25ad728c864a41f738e2913bf637bfc0e8d0d3f867321f2e022395254a09b50ff7f9dc0510d47b858ff5d5bbab0f1854550f87a811

Download Submit
C:\Users\Admin\Documents\Harry Potter\HP.ini

Filesize
10KB

MD5
e3c200a44f1c62bb560181e9e4ac02ea

SHA1
b46fe3e1341aaa167d1295f61bc20281fea19d52

SHA256
f544b966b55e8e454d6d1a69a096a1457d5036fbbc1ea5d393ae50405efe6e6b

SHA512
01ed423789155d2676f9454b66be8f5aa905ddace07792178861b20283c7da0d47e860833514e076a0e2c3fe18fe4a2d5e6d2f0472bf86a07a74b6a53be05421

Download Submit
C:\Users\Admin\Documents\Harry Potter\HP.ini

Filesize
10KB

MD5
9004a553a11cf89cfcaaa8e6b5b1a9bd

SHA1
78bd7d322c32f3912af4745d60b8df4aa64751b7

SHA256
499b85aa0a01eb60372f773fbe074057d4fb73708a20e15b3e50d77bb1020734

SHA512
ae213d9736322139d1ce0491ef44ab1dbc8591bd5685f13956467e6d18642f5fc74d41f8b4654cdbb58a0a51ca919f30d75d6fdec0984c0062d2dc61812aaff5

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/2472-813-0x0000000010900000-0x000000001096E000-memory.dmp

Filesize
440KB

Download
memory/4348-787-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4348-13-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4348-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/4348-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4468-777-0x0000000010900000-0x000000001096E000-memory.dmp

Filesize
440KB

Download
memory/4468-885-0x0000000010900000-0x000000001096E000-memory.dmp

Filesize
440KB

Download
memory/4468-855-0x000000000CEB0000-0x000000000CF36000-memory.dmp

Filesize
536KB

Download
memory/4468-832-0x0000000006B60000-0x0000000006B7C000-memory.dmp

Filesize
112KB

Download
memory/4592-26-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/4592-718-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/4592-376-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/4592-780-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/4592-14-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/4592-7-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download