10190dc080a18fc1c14806d4475dbf2f92432e925814561de506221af0312af7

Analysis

max time kernel
113s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ppsspp-1-16-6.exe
Size

21.0MB
MD5

d90c4d37778073c5940a994103d43f36
SHA1

cabba59cffe6e89b6cfcd042d22f3d83ff194be2
SHA256

10190dc080a18fc1c14806d4475dbf2f92432e925814561de506221af0312af7
SHA512

5c7932cc48a915e2d5af3a3a50fdae60c15729e8c20e87291a021448abc562b85fb0c9f8c91bc04d5b7e4acebcfad234e664cf35dec53296a6a9fb98f2355b09
SSDEEP

393216:QlpY3kCmGd5Q/BuiyAafNE+EibdpMabS/qpR6+Xtyt+BQ8HEGWrx44X5/R/1iH2e:Q/YUAviVANA6dp7FvPXtQ+qYELZPiWsD

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PPSSPPWindows64.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	PPSSPPWindows64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

ppsspp-1-16-6.tmp

description	ioc	process
File created	C:\Program Files\PPSSPP\assets\debugger\static\js\is-D0PL2.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-CB0TB.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-E0V03.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\is-8RAGE.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-0C61E.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-PKHCD.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-F4Q0M.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\debugger\is-733Q1.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-4SF8C.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\vfpu\is-B2KP2.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-80SMC.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-TCP4G.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\flash0\font\is-GMQKQ.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\is-72AKO.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\is-Q2IQR.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\is-RURU0.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-FQD1N.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-R427Q.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\flash0\font\is-KGJH6.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\flash0\font\is-NSLCB.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\vfpu\is-HV6BA.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-2S1G3.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\flash0\font\is-KBC5E.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\vfpu\is-CR29U.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-P765D.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-13MA1.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-O625J.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-CODOJ.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-99DPD.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\debugger\static\js\is-Q2SJ7.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-N29AG.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-P1751.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\is-LSFME.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-TTIQF.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\debugger\static\css\is-F927I.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\is-379BB.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\is-SSBPR.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-VG5II.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\flash0\font\is-JJRU6.tmp	ppsspp-1-16-6.tmp
File opened for modification	C:\Program Files\PPSSPP\unins000.dat	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\is-DMMHC.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-JMCCL.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-RTLMI.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-4OG82.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\vfpu\is-QJAE3.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\vfpu\is-4521F.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\is-0SEEJ.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\is-RVL97.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\is-16HF4.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-46CVK.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-MD9CC.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-GB8H8.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\flash0\font\is-6T96H.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\is-PB288.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-047UT.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-JU954.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-OMGE9.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\lang\is-NERL3.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\shaders\is-J05KC.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\flash0\font\is-KPECA.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\vfpu\is-6VOAP.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\vfpu\is-TOAV6.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\vfpu\is-QO59R.tmp	ppsspp-1-16-6.tmp
File created	C:\Program Files\PPSSPP\assets\is-R33NM.tmp	ppsspp-1-16-6.tmp

Executes dropped EXE 3 IoCs

Processes:

ppsspp-1-16-6.tmpPPSSPPWindows64.exePPSSPPWindows64.exe

pid process

5088 ppsspp-1-16-6.tmp
3948 PPSSPPWindows64.exe
756 PPSSPPWindows64.exe
Loads dropped DLL 1 IoCs

Processes:

PPSSPPWindows64.exe

pid process

3948 PPSSPPWindows64.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3948	PPSSPPWindows64.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exetaskmgr.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

svchost.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Direct3D	svchost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Direct3D\LastTelemetryChangeStamp = "1"	svchost.exe

Modifies registry class 1 IoCs

Processes:

PPSSPPWindows64.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3073191680-435865314-2862784915-1000\{785A1B07-773C-4193-92E6-2FF69D7BBBB0}	PPSSPPWindows64.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

ppsspp-1-16-6.tmptaskmgr.exe

pid	process
5088	ppsspp-1-16-6.tmp
5088	ppsspp-1-16-6.tmp
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

taskmgr.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	644	taskmgr.exe
Token: SeSystemProfilePrivilege	644	taskmgr.exe
Token: SeCreateGlobalPrivilege	644	taskmgr.exe
Token: 33	644	taskmgr.exe
Token: SeIncBasePriorityPrivilege	644	taskmgr.exe
Token: 33	2412	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2412	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 49 IoCs

Processes:

ppsspp-1-16-6.tmptaskmgr.exe

pid	process
5088	ppsspp-1-16-6.tmp
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

taskmgr.exe

pid	process
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe
644	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

PPSSPPWindows64.exePPSSPPWindows64.exeOpenWith.exe

pid process

3948 PPSSPPWindows64.exe
756 PPSSPPWindows64.exe
3948 PPSSPPWindows64.exe
3108 OpenWith.exe

pid	process
3948	PPSSPPWindows64.exe
756	PPSSPPWindows64.exe
3948	PPSSPPWindows64.exe
3108	OpenWith.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

ppsspp-1-16-6.exeppsspp-1-16-6.tmpPPSSPPWindows64.exe

description	pid	process	target process
PID 3080 wrote to memory of 5088	3080	ppsspp-1-16-6.exe	ppsspp-1-16-6.tmp
PID 3080 wrote to memory of 5088	3080	ppsspp-1-16-6.exe	ppsspp-1-16-6.tmp
PID 3080 wrote to memory of 5088	3080	ppsspp-1-16-6.exe	ppsspp-1-16-6.tmp
PID 5088 wrote to memory of 3948	5088	ppsspp-1-16-6.tmp	PPSSPPWindows64.exe
PID 5088 wrote to memory of 3948	5088	ppsspp-1-16-6.tmp	PPSSPPWindows64.exe
PID 3948 wrote to memory of 756	3948	PPSSPPWindows64.exe	PPSSPPWindows64.exe
PID 3948 wrote to memory of 756	3948	PPSSPPWindows64.exe	PPSSPPWindows64.exe

C:\Users\Admin\AppData\Local\Temp\ppsspp-1-16-6.exe
"C:\Users\Admin\AppData\Local\Temp\ppsspp-1-16-6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3080

C:\Users\Admin\AppData\Local\Temp\is-I5SN9.tmp\ppsspp-1-16-6.tmp
"C:\Users\Admin\AppData\Local\Temp\is-I5SN9.tmp\ppsspp-1-16-6.tmp" /SL5="$600EC,21547741,121344,C:\Users\Admin\AppData\Local\Temp\ppsspp-1-16-6.exe"
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5088

C:\Program Files\PPSSPP\PPSSPPWindows64.exe
"C:\Program Files\PPSSPP\PPSSPPWindows64.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3948

C:\Program Files\PPSSPP\PPSSPPWindows64.exe
"C:\Program Files\PPSSPP\PPSSPPWindows64.exe" --vulkan-available-check
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:644

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3108

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup -s GraphicsPerfSvc
1⤵
- Checks processor information in registry
- Modifies data under HKEY_USERS
PID:4364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x4b8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\PPSSPP\PPSSPPWindows64.exe
Filesize
16.1MB

MD5
b4ae50d1085227c1d59b51b329186870

SHA1
e0fe633e9e1352a88ded77b4d43471897cc17c9e

SHA256
47c235af2c9375b1695f6bf7e66d5679d1967c36f1e1059521fe1443eca79ccc

SHA512
2503a296325660d4809e6cc5647e6a20b3cc1cca91e39a31c11b587c5c2c1cd6541c61e56ebc463ed46afd6461eac7563a88806b5fdeb5db5d4af9b81e9c3381

Download Submit
C:\Program Files\PPSSPP\PPSSPPWindows64.exe
Filesize
13.7MB

MD5
22cf5acfb517497f97ba62664fd77fd3

SHA1
52f0d06c132ea8e96c00a776f99e15de269a729e

SHA256
abec18ec921cf93264effbbd5261b675ddd9f453a71a877b0ee3f2953c52820f

SHA512
c77228ec0f07ea843d58a53841f1adfae6e576a847cc356f1791512238ecbf6f34163f8da72c47900f6e6fb2429ea7a5cec680f46aeb6e37d1735ec2ab1591f2

Download Submit
C:\Program Files\PPSSPP\assets\asciifont_atlas.meta
Filesize
6KB

MD5
a062688b08c70a42ff2a0acff6c46d93

SHA1
08325554623568bb9babadc10213bfc0b1151766

SHA256
92ab3d61d17e6fa2111a80bd75d89cc241f2a85461d0f3e58198f84adcf35c9c

SHA512
c23420967e83fbea19579d45b9840ecc4ab312442843cce6fc71c94774ee103bfc8bc332de62f738035c3b3cd4db666044eac059297bfb633db50f3ff766e49a

Download Submit
C:\Program Files\PPSSPP\assets\asciifont_atlas.zim
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files\PPSSPP\assets\lang\en_US.ini
Filesize
53KB

MD5
2339df8da60b69bafafdd472492c2f9e

SHA1
73ec4bd48427c0a70cc15dd7b3fdb105a31e47bd

SHA256
a4e4ac5e1af82fe29a1e03022c2f04db303f7c065756feeef84bbd60bcbf10df

SHA512
5498271c5dc06614854171165b2458f30eac1a7575c65262e75ad89cdc50633507fef9ef1657bbf70bc993257d79513467bd776e2621fc68788a0898be29fd3e

Download Submit
C:\Program Files\PPSSPP\assets\sfx_achievement_unlocked.wav
Filesize
79KB

MD5
ffb05cbb000c2a3e6b2594e5d41b3b78

SHA1
a66070651c75c377c043fa5d37590ee6004e30a4

SHA256
c95f53b1279684c8db5f2b518a63675db3713b3c097c65fd2ff280baf29ffd34

SHA512
5566e34f043db6a65de20edc8825fbe38d2a309e52d6a8fe1c0aadf4a2647c16655e2d5b150cd850508fead828f9e7bc93090f0a8930ced14fd0be666399d689

Download Submit
C:\Program Files\PPSSPP\assets\sfx_back.wav
Filesize
31KB

MD5
c873ac1ea00c42828e03d9898a3b41ef

SHA1
4fff7da19d8810d8fc8f97eb769bdfd15563658a

SHA256
8e6550b975a34511788dbeaacae47c9be6c89c967052c12342c6cc32f5650e4c

SHA512
c86c50b13cd2f5a961c3361f4b183930c62ee1e08ca00921c1aeebb306c69d2dd33a4952df3a8f46287869d55e387b42d2d3274d82d3e215ab06b3d3fb9d6258

Download Submit
C:\Program Files\PPSSPP\assets\sfx_confirm.wav
Filesize
44KB

MD5
c3bc568204bdecc72ef7120cc56d01b8

SHA1
56b05f7483e44889a1703fbb2d7318484e6d732f

SHA256
c2fdb1d1e6e677883f13eb866a1d83b8f67cc94f00aec21163612f61afefb693

SHA512
d3b323a3bf4ab325d230f07e54c84bf85f9739ba03310327ae3d8917034b7a356448d789d8f59200c2e1e7550cfdbe729220703a9f0bb9bdf4e702d8c9083c84

Download Submit
C:\Program Files\PPSSPP\assets\sfx_leaderbord_submitted.wav
Filesize
92KB

MD5
38db23b9f4c7aba3bc831b42a90dac67

SHA1
0b436b5daa14683ee6c8942079b128e9549ded0a

SHA256
61e780e220798f49d15e6d9eb85634a6e21f05765ed2a7aec682e196f4edda7d

SHA512
61510809fa3acbab537080cd27d69c0f178f46df9d83751d1bf4338ff24e49697edd5123cb075d22762163281c63c2ffdfd4a2d4ba75d76147037e9e08042e96

Download Submit
C:\Program Files\PPSSPP\assets\sfx_select.wav
Filesize
27KB

MD5
8f8a25fe78b52bd404c28dd06dc1aa23

SHA1
0bd3eabc432b6119507e4fc43354113b68bdbf66

SHA256
6d108dcae03c5a4ea04136b972c7c202b8b5013f4771791f0cb7348db0051dc1

SHA512
67dd6add09bd2febc19730f0b86128d6c2ea2b95b96dc18934844a0355cda4dbf5837e0a203b8775a25139bd19543445a824be5c10b8e42758d84e1efa7e380a

Download Submit
C:\Program Files\PPSSPP\assets\sfx_toggle_off.wav
Filesize
33KB

MD5
91d7befe927f45c5aaa6df0b3b754a5c

SHA1
d63735758f437788638edfc6cc2ce29afcf02cc5

SHA256
5d3c60e5fd12658ffc562f14331b7d0c962b818bee4a38aa9c928d2f08fb4f6b

SHA512
1c7b4fa8f48ce6230d3465736e94ab39409f20f2d35b04e7f8637e4fdafbd003e34d85a945c06fc976d1dc28a9778de3f89456f6274ded2fd9890de8a8a79591

Download Submit
C:\Program Files\PPSSPP\assets\sfx_toggle_on.wav
Filesize
37KB

MD5
66b4e28e92ebc1b16305c1898caa69da

SHA1
7932cd34fce034aaae6867b41c84978d2d1504ab

SHA256
f56b389dde4da2ad6f65f3ac136c3d9c1a681aa76c3ca531e984410b261b4810

SHA512
d871a003564ed48189b7377debd3eec6aa2355d91af6d729c227fe9dac38baf8ca354fe4ef85f99283bc7b645bc7dcfb113f8fcca47ed96de1ab189231f296a3

Download Submit
C:\Program Files\PPSSPP\assets\themes\defaultthemes.ini
Filesize
1KB

MD5
0ccba6a4a08d22e6496a90da91e9a402

SHA1
17b97d48013cfbda9fc86342e0b2f1cc56d13961

SHA256
b341d69961db4cc9c93156ee1e14b03c09c9ffc1d57529b98ea82e908b6de4a9

SHA512
2105c61b2f46a4dd475f2b32a299cac6093ba5f4e2a314275bbdd26cf6aab6559896ca7ba0f3786a3774b8a5c86729a734f201e2efca1c091bc77e31ce1f93d0

Download Submit
C:\Program Files\PPSSPP\assets\ui_atlas.meta
Filesize
1KB

MD5
52ed13a0d7e8e94a59a4ff7383de60cc

SHA1
87152dfd1fd2c1b30647f0ee6b16c754a420fd5f

SHA256
f846a9f975fc996b120393ee3233b7292dd3298c62872baa7fc31101b528c8e7

SHA512
bc058a949f9a67ea495830ff871488dae474227dc79077d360582b2472674ad3970e0b8d9c8b8b8c6568f9d869cb1bced5058f4fc54551583147dcedd860f0df

Download Submit
C:\Program Files\PPSSPP\assets\ui_atlas.zim
Filesize
70KB

MD5
d984fb2e30f4db7b172b2598fd014109

SHA1
900a8caf1a7a8773becb61068b155c95cbbcdd83

SHA256
bb7df10b1e6caeb539d6c9507ef00d2d984c437a8a57c9be61073b6c9d6f7967

SHA512
716f6caf824a89e742c17941c2680314ce28778ae1455adccbb70a567d01f3cb654e54408787f18b3f11ae6516195a0166513e3da0011c8745947a81659beec1

Download Submit
C:\Program Files\PPSSPP\d3dcompiler_47.dll
Filesize
1.6MB

MD5
4ef2e781c67b8de54fbddf2c3fe4bc04

SHA1
a39acdd37172a5df4b1bc038d02a884c6bd0ce80

SHA256
4bc1f49af06826941f3f6e735a3e80da3ea6f141c358ab504c1298bc0603b880

SHA512
d37e4613b3cca1597db1d0687016cd36b43c9f6c71d8b07a47830d71431c8f629ae29116946d24fac9067b640d172f5391663dd79cfd886d7668fad60283a78d

Download Submit
C:\Program Files\PPSSPP\d3dcompiler_47.dll
Filesize
1.9MB

MD5
8913f22c729912406f3f54247969b4b4

SHA1
21aef3bfe3586e96dd54a3f09553985c93858260

SHA256
2e0a644df12eff58087f47d751aaa184fb761763921c563ac4c3c9a92ee52235

SHA512
174ad5c85a3631a381f972eb3bbafae38f8d417c65162f5750fce51a8c8ed145c44baea2a864f9ef4aa5327260a7c63d05479cda96ae74bd77ad9b2700049563

Download Submit
C:\Program Files\PPSSPP\installed.txt
Filesize
149B

MD5
db96d786bf4def028c7abdf5248b0845

SHA1
8e697e4c4cfd68323112904b0dab4bb85546e060

SHA256
2a0937e6b494bfe812b3f49209dacfd83a3e38b39e561fd5a65706dd5a3bf4c4

SHA512
a4ddc17b387c639d3d7e16ecb33a9d02616d4ed745ddfa2dc86bbc9831c9d36e8ce16ebf90d02f580db9df5fef09cc1cdabf25ae6403127c90fed1f84782e34a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-I5SN9.tmp\ppsspp-1-16-6.tmp
Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
memory/644-344-0x0000027231780000-0x0000027231781000-memory.dmp

Filesize
4KB

Download
memory/644-339-0x0000027231780000-0x0000027231781000-memory.dmp

Filesize
4KB

Download
memory/644-347-0x0000027231780000-0x0000027231781000-memory.dmp

Filesize
4KB

Download
memory/644-345-0x0000027231780000-0x0000027231781000-memory.dmp

Filesize
4KB

Download
memory/644-350-0x0000027231780000-0x0000027231781000-memory.dmp

Filesize
4KB

Download
memory/644-349-0x0000027231780000-0x0000027231781000-memory.dmp

Filesize
4KB

Download
memory/644-346-0x0000027231780000-0x0000027231781000-memory.dmp

Filesize
4KB

Download
memory/644-348-0x0000027231780000-0x0000027231781000-memory.dmp

Filesize
4KB

Download
memory/644-338-0x0000027231780000-0x0000027231781000-memory.dmp

Filesize
4KB

Download
memory/644-340-0x0000027231780000-0x0000027231781000-memory.dmp

Filesize
4KB

Download
memory/3080-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3080-362-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3080-7-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/5088-11-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/5088-5-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/5088-361-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/5088-8-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/5088-336-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download