Malware Analysis Report

2025-01-19 00:30

Sample ID 240507-y5b95agg59
Target New Super Mario Bros. Wii (USA) (En,Fr,Es) (Rev 2).wbfs
SHA256 b2550ad2a0c4e016e48f7f630a24d02749e701eac5d6814c4592100ff6094e2b
Tags
microsoft discovery persistence phishing
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

b2550ad2a0c4e016e48f7f630a24d02749e701eac5d6814c4592100ff6094e2b

Threat Level: Likely malicious

The file New Super Mario Bros. Wii (USA) (En,Fr,Es) (Rev 2).wbfs was found to be: Likely malicious.

Malicious Activity Summary

microsoft discovery persistence phishing

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Drops desktop.ini file(s)

Enumerates connected drives

Checks installed software on the system

Detected potential entity reuse from brand microsoft.

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

Modifies registry class

Suspicious use of SendNotifyMessage

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Uses Volume Shadow Copy service COM API

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-07 20:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-07 20:21

Reported

2024-05-07 20:43

Platform

win10-20240404-en

Max time kernel

1199s

Max time network

1023s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\New Super Mario Bros. Wii (USA) (En,Fr,Es) (Rev 2).wbfs"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Windows\Temp\{F78B6AE2-0D52-4439-AB9D-1A42CC8D06DF}\.cr\VC_redist.x64.exe N/A
N/A N/A C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{c649ede4-f16a-4486-a117-dcc2f2a35165} = "\"C:\\ProgramData\\Package Cache\\{c649ede4-f16a-4486-a117-dcc2f2a35165}\\VC_redist.x64.exe\" /burn.runonce" C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\System32\bcastdvr.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A

Detected potential entity reuse from brand microsoft.

phishing microsoft

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\vcomp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfcm140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcruntime140_1.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcruntime140_1.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vccorlib140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140jpn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcamp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140ita.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140cht.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140esn.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfcm140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140enu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140esn.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140chs.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140u.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
File opened for modification C:\Windows\system32\vcamp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\vcruntime140_threads.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140chs.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140kor.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140fra.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\vcomp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\mfc140enu.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\concrt140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_1.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfcm140.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140deu.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\msvcp140_atomic_wait.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\system32\msvcp140_codecvt_ids.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\system32\mfc140rus.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\e5ed1f4.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5ed207.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{19AFE054-CA83-45D5-A9DB-4108EF4BD391} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\4272278488\2581520266.pri C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ed206.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID4F8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID2AF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID32E.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ed207.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID45A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ed21c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5ed1f4.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{AA0C8AB5-7297-4D46-A0D9-08096FE59E46} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\4272278488\2581520266.pri C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\System32\GamePanel.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\System32\GamePanel.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\System32\GamePanel.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\System32\GamePanel.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\System32\bcastdvr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\System32\bcastdvr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1B C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1c C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1d C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1D C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\discord-455712169795780630\DefaultIcon C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Windows\system32\NOTEPAD.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202020202020202020202020202020202020202 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg C:\Windows\system32\NOTEPAD.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.38.33135" C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEADDITIONALVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13} C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{19AFE054-CA83-45D5-A9DB-4108EF4BD391}v14.38.33135\\packages\\vcRuntimeAdditional_amd64\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\4\0 = 560031000000000084589d64100057696e646f777300400009000400efbe724a0b5d84589d642e0000006b050000000001000000000000000000000000000000cc9b1000570069006e0064006f0077007300000016000000 C:\Windows\system32\NOTEPAD.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\discord-455712169795780630\shell\open\command\ = "C:\\Users\\Admin\\Desktop\\Dolphin-x64\\Dolphin.exe" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\discord-455712169795780630\ = "URL:Run game 455712169795780630 protocol" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\NOTEPAD.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\SniffedFolderType = "Generic" C:\Windows\system32\NOTEPAD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\5BA8C0AA792764D40A9D8090F65EE964\VC_Runtime_Minimum C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\discord-455712169795780630\DefaultIcon C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Windows\system32\NOTEPAD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000080000000900000007000000060000000500000004000000000000000200000003000000ffffffff C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "17" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\Shell C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\450EFA9138AC5D549ABD1480FEB43D19\ProductName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.38.33135" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Windows\system32\NOTEPAD.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Windows\system32\NOTEPAD.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" C:\Windows\system32\NOTEPAD.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53\5BA8C0AA792764D40A9D8090F65EE964 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\dolphin-master-5.0-21264-x64.7z:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\VC_redist.x64.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\Temp\{F78B6AE2-0D52-4439-AB9D-1A42CC8D06DF}\.cr\VC_redist.x64.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A
N/A N/A C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2748 wrote to memory of 3092 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE
PID 2748 wrote to memory of 3092 N/A C:\Windows\system32\OpenWith.exe C:\Windows\system32\NOTEPAD.EXE
PID 1188 wrote to memory of 1560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1188 wrote to memory of 1560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1188 wrote to memory of 1560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1188 wrote to memory of 1560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1188 wrote to memory of 1560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1188 wrote to memory of 1560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1188 wrote to memory of 1560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1188 wrote to memory of 1560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1188 wrote to memory of 1560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1188 wrote to memory of 1560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1188 wrote to memory of 1560 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 3400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 3400 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2948 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1560 wrote to memory of 2040 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\New Super Mario Bros. Wii (USA) (En,Fr,Es) (Rev 2).wbfs"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\New Super Mario Bros. Wii (USA) (En,Fr,Es) (Rev 2).wbfs

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.0.603430316\1375657678" -parentBuildID 20221007134813 -prefsHandle 1724 -prefMapHandle 1716 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36de067b-f879-4d11-b629-5109baff6f99} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 1804 196de2dc358 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.1.150038634\1929236256" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f2d4671-bff2-4552-974b-e0a9eb52fdd3} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 2152 196d3270d58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.2.518082958\1653888185" -childID 1 -isForBrowser -prefsHandle 2760 -prefMapHandle 2784 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fbe7429-ebf7-498d-b02f-8784d2f67b70} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 2668 196e259c758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.3.1453937309\600992137" -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 3440 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {126e776c-50cb-4793-bed3-0a3a904a4369} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 3492 196d3260a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.4.2017439667\1077252372" -childID 3 -isForBrowser -prefsHandle 1628 -prefMapHandle 1624 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ede70144-89d0-4258-b9ab-51b8fd0d08cd} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 1620 196e36e2a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.5.747901116\25879308" -childID 4 -isForBrowser -prefsHandle 4916 -prefMapHandle 4912 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48ffcf61-ad7e-478b-b212-1ec2ea173019} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 4924 196e253b558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.6.292895074\1795139229" -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 5068 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27c9af09-6a4c-471e-9734-18bcba946307} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 5052 196e2538b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.7.1874684141\2076177959" -childID 6 -isForBrowser -prefsHandle 5256 -prefMapHandle 5260 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24d5a76b-74c2-4e26-98ad-9192a8131784} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 5248 196e2539a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.8.408834346\188896203" -childID 7 -isForBrowser -prefsHandle 5660 -prefMapHandle 5656 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a0f1589-1fa3-4c43-b527-7316f0cfc1c8} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 5672 196e6807558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.9.1978583141\175765859" -childID 8 -isForBrowser -prefsHandle 3236 -prefMapHandle 5028 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fbc2b1b-9199-44c2-ae61-6e94e9f8b624} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 5020 196d326eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.10.415355626\1088630922" -childID 9 -isForBrowser -prefsHandle 4988 -prefMapHandle 5000 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcd0cf21-a0e7-4fff-8175-6371ecec3114} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 5080 196e4cd0358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.11.1902671271\249165328" -childID 10 -isForBrowser -prefsHandle 5020 -prefMapHandle 5296 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93ddb950-7009-42b8-bbe0-baf04098b69b} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 5212 196e772f258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.12.278075894\761520417" -childID 11 -isForBrowser -prefsHandle 5944 -prefMapHandle 5948 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c668963-f825-45a0-a8d5-5e482f330191} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 6032 196e7731f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1560.13.2144837925\127820132" -childID 12 -isForBrowser -prefsHandle 5212 -prefMapHandle 6148 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4052e77a-c6db-477f-b8ce-badef98beeb0} 1560 "\\.\pipe\gecko-crash-server-pipe.1560" 5924 196e772fe58 tab

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\dolphin-master-5.0-21264-x64.7z"

C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe

"C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe"

C:\Windows\System32\GamePanel.exe

"C:\Windows\System32\GamePanel.exe" 00000000000D0264 /startuptips

C:\Windows\System32\bcastdvr.exe

"C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.0.1112558090\312479118" -parentBuildID 20221007134813 -prefsHandle 1592 -prefMapHandle 1584 -prefsLen 21136 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08bcef2f-072d-41dc-83c1-9ac0756f9cb0} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 1684 19dda0fad58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.1.164618568\1961885217" -parentBuildID 20221007134813 -prefsHandle 1984 -prefMapHandle 1980 -prefsLen 21181 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06705ad5-61af-4b32-b521-90aa1d074bd2} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 2004 19dd9d36d58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.2.2132928308\2122465976" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2708 -prefsLen 21642 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9e593a4-7335-40bf-b1df-6cb5afee2439} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 2724 19dddc3a258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.3.1047008001\1686888908" -childID 2 -isForBrowser -prefsHandle 3164 -prefMapHandle 3136 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47a6566b-a586-4994-a748-4f07c46c8cb0} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3376 19dcf169c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.4.401139310\764346089" -childID 3 -isForBrowser -prefsHandle 3748 -prefMapHandle 3780 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a10ac5e7-4722-450a-bb56-c874bf3cce90} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3784 19ddeca2558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.5.433270917\2132746516" -childID 4 -isForBrowser -prefsHandle 4664 -prefMapHandle 4660 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b645cb2-1575-438f-ba59-d2763b5ed99a} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 4672 19ddca2eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.6.831571362\1275434817" -childID 5 -isForBrowser -prefsHandle 4808 -prefMapHandle 4812 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80848e98-81d4-4e90-8608-23dc928767dd} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 4800 19de036cd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.7.1921738639\1963520695" -childID 6 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1744a9a1-efb4-4804-b850-d08923093877} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 4528 19de036e558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.8.126353323\1227456738" -childID 7 -isForBrowser -prefsHandle 5312 -prefMapHandle 5308 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5fd9eeb-32fd-41d5-90a8-bd65a2b52ca2} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5320 19de23b6958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.9.2078833213\1756323683" -childID 8 -isForBrowser -prefsHandle 5248 -prefMapHandle 4404 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76f13068-89e6-44c9-aa3b-4cb327c231b2} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 4340 19de2d56558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.10.1166443804\967931583" -childID 9 -isForBrowser -prefsHandle 4728 -prefMapHandle 4732 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6de5ec27-1744-4266-b1cb-5b1c87ffa00a} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 4740 19de2d56258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.11.881399153\2138473229" -childID 10 -isForBrowser -prefsHandle 5812 -prefMapHandle 5808 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85b936da-ea99-4ab1-a578-99959d6078e5} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5744 19de36b1658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.12.1156891880\588527071" -childID 11 -isForBrowser -prefsHandle 5772 -prefMapHandle 4172 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b2a1444-64ee-4fa4-83fd-249e17ac4391} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5820 19de36b2b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.13.880372168\788765872" -childID 12 -isForBrowser -prefsHandle 4652 -prefMapHandle 6184 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f13447af-1c86-476d-849d-3646b6d3805a} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 6168 19dddd2a858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.14.315231393\1897562067" -childID 13 -isForBrowser -prefsHandle 3900 -prefMapHandle 4768 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d955513e-8b06-4d40-a015-02b35d710943} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3872 19de10c6f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.15.1960362666\1125359999" -childID 14 -isForBrowser -prefsHandle 5916 -prefMapHandle 5840 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {571d1c15-2472-45c5-91e0-02370f61eb61} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5880 19de2aa2c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.16.2012200695\1170707647" -childID 15 -isForBrowser -prefsHandle 3852 -prefMapHandle 3872 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d015f6-e754-449a-9ed1-cae38ba19800} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5608 19de2aa0b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.17.182281315\1880249316" -childID 16 -isForBrowser -prefsHandle 4976 -prefMapHandle 5556 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5eb75c8-b7d6-41ba-816b-316b83fd29a4} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3864 19de1fd9d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.18.1531621931\631861021" -childID 17 -isForBrowser -prefsHandle 5832 -prefMapHandle 5756 -prefsLen 26820 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5237caf-d859-4db4-ae1a-bad98fee6ab2} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3852 19de2c58658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.19.526041643\565530321" -childID 18 -isForBrowser -prefsHandle 5580 -prefMapHandle 5564 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91f715c0-9dee-4408-8b72-89f34a64043e} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 6308 19de23b7b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.20.762511662\2004678319" -childID 19 -isForBrowser -prefsHandle 3856 -prefMapHandle 5076 -prefsLen 26829 -prefMapSize 233583 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f8dffe9-7218-4559-878b-f43ee3964726} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 5296 19de036bb58 tab

C:\Users\Admin\Downloads\VC_redist.x64.exe

"C:\Users\Admin\Downloads\VC_redist.x64.exe"

C:\Windows\Temp\{F78B6AE2-0D52-4439-AB9D-1A42CC8D06DF}\.cr\VC_redist.x64.exe

"C:\Windows\Temp\{F78B6AE2-0D52-4439-AB9D-1A42CC8D06DF}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\VC_redist.x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=540

C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe

"C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{582EC762-B5DD-460F-9BAE-5F42313913AE} {63478692-B8F9-4067-8093-462273E8E387} 4772

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={c649ede4-f16a-4486-a117-dcc2f2a35165} -burn.filehandle.self=884 -burn.embedded BurnPipe.{7C97D965-F2FD-4008-B0BC-228A32F7197D} {AEAC6DD1-E51F-42AA-A5A8-4DED0903F9CB} 772

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=536 -burn.filehandle.self=556 -uninstall -quiet -burn.related.upgrade -burn.ancestors={c649ede4-f16a-4486-a117-dcc2f2a35165} -burn.filehandle.self=884 -burn.embedded BurnPipe.{7C97D965-F2FD-4008-B0BC-228A32F7197D} {AEAC6DD1-E51F-42AA-A5A8-4DED0903F9CB} 772

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

"C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{153D706D-0EF7-4407-9BBB-CF86D1BDF3C5} {A6F87B61-5E10-4D98-B111-A730D7D4E26A} 752

C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe

"C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe"

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Dolphin-x64\build_info.txt

C:\Windows\system32\msconfig.exe

"C:\Windows\system32\msconfig.exe"

C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe

"C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe"

C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe

"C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe"

C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe

"C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe"

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "C:\Users\Admin\Desktop\UnblockFormat.dotm"

C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe

"C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe"

C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe

"C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 214.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
N/A 127.0.0.1:49777 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 44.237.171.47:443 shavar.prod.mozaws.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 47.171.237.44.in-addr.arpa udp
N/A 127.0.0.1:49784 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
GB 142.250.178.4:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
US 8.8.8.8:53 dolphin-emu.org udp
FR 185.31.40.21:443 dolphin-emu.org tcp
US 8.8.8.8:53 dolphin-emu.org udp
US 8.8.8.8:53 dolphin-emu.org udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.40.31.185.in-addr.arpa udp
US 104.18.11.207:443 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.194.137:443 code.jquery.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 104.18.11.207:443 netdna.bootstrapcdn.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 104.18.11.207:443 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 137.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 172.217.16.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 172.217.16.238:443 www3.l.google.com udp
US 8.8.8.8:53 googlehosted.l.googleusercontent.com udp
GB 216.58.201.97:443 googlehosted.l.googleusercontent.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.226:443 googleads.g.doubleclick.net udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.178.4:443 www.google.com tcp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 dl.dolphin-emu.org udp
DE 144.76.17.114:443 dl.dolphin-emu.org tcp
US 8.8.8.8:53 altair.dolphin-emu.org udp
US 8.8.8.8:53 altair.dolphin-emu.org udp
US 8.8.8.8:53 114.17.76.144.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
FR 185.31.40.21:443 dolphin-emu.org tcp
N/A 127.0.0.1:55090 tcp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
N/A 127.0.0.1:55173 tcp
N/A 127.0.0.1:55180 tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 code.jquery.com udp
FR 185.31.40.21:443 dolphin-emu.org tcp
US 8.8.8.8:53 dolphin-emu.org udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 code.jquery.com udp
US 104.18.11.207:443 netdna.bootstrapcdn.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 151.101.66.137:443 code.jquery.com tcp
US 104.18.11.207:443 netdna.bootstrapcdn.com udp
GB 172.217.16.238:443 www3.l.google.com udp
GB 172.217.16.238:443 www3.l.google.com tcp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
GB 142.250.178.4:443 www.google.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 216.239.32.3:443 csi.gstatic.com udp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 p4-aadsnirk2zjic-grypc3qyxynkrvqd-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 p4-aadsnirk2zjic-grypc3qyxynkrvqd-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 p4-aadsnirk2zjic-grypc3qyxynkrvqd-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 support.microsoft.com udp
BE 2.21.16.124:443 support.microsoft.com tcp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 docs.microsoft.com udp
CZ 104.64.166.98:443 docs.microsoft.com tcp
US 8.8.8.8:53 e13630.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13630.dscb.akamaiedge.net udp
US 8.8.8.8:53 98.166.64.104.in-addr.arpa udp
US 8.8.8.8:53 124.16.21.2.in-addr.arpa udp
US 8.8.8.8:53 learn.microsoft.com udp
BE 2.21.18.87:443 learn.microsoft.com tcp
US 8.8.8.8:53 e13636.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13636.dscb.akamaiedge.net udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 13.107.246.64:443 part-0036.t-0009.t-msedge.net tcp
US 8.8.8.8:53 part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 87.18.21.2.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.3:443 browser.events.data.microsoft.com tcp
US 20.189.173.3:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 onedscolprdwus02.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus02.westus.cloudapp.azure.com udp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus04.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus04.westus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus03.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus03.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus03.centralus.cloudapp.azure.com udp
FR 185.31.40.21:443 dolphin-emu.org tcp
US 8.8.8.8:53 support.microsoft.com udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 e3843.dscb.akamaiedge.net udp
US 8.8.8.8:53 learn.microsoft.com udp
US 8.8.8.8:53 e13636.dscb.akamaiedge.net udp
US 8.8.8.8:53 e13636.dscb.akamaiedge.net udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdwus21.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus21.westus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdwus21.westus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdcus11.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdcus11.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 aka.ms udp
GB 23.37.1.150:443 aka.ms tcp
US 8.8.8.8:53 aka.ms udp
US 8.8.8.8:53 aka.ms udp
US 8.8.8.8:53 download.visualstudio.microsoft.com udp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 cs10.wpc.v0cdn.net udp
US 8.8.8.8:53 cs10.wpc.v0cdn.net udp
US 8.8.8.8:53 150.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 200.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 onedscolprdcus11.centralus.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdfrc02.francecentral.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdfrc02.francecentral.cloudapp.azure.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 onedscolprdfrc02.francecentral.cloudapp.azure.com udp
US 8.8.8.8:53 onedscolprdfrc02.francecentral.cloudapp.azure.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 dolphin-emu.org udp
FR 185.31.40.21:443 dolphin-emu.org tcp
N/A 127.0.0.1:56175 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 25.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 dolphin-emu.org udp
FR 185.31.40.21:443 dolphin-emu.org tcp
N/A 127.0.0.1:56378 tcp
US 8.8.8.8:53 roaming.officeapps.live.com udp
NL 52.109.89.19:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 97.32.109.52.in-addr.arpa udp
US 8.8.8.8:53 19.89.109.52.in-addr.arpa udp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 e4a79407d5c4d9447b9fdfe9ebf98056
SHA1 9bcac1950da2d716c3bb43d80183bacfc7edaa1e
SHA256 ef8aece47aad39078c14356224df81317d8516059310b738f42df9079d6dede1
SHA512 eecffa49142ac5ff7520e526ba82b7cf9f3f91f94a17d12167c33e923eba4b8a53ae659240ae361dd42bc140d7825c5509577f959a7cf97f35a129f2f106a95a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

MD5 dfcc63733644f268ba4d801f1d75a4fd
SHA1 470503ddd0bfbd94280eed5fd8d5aa7e0c4caf48
SHA256 c27a3b75746846812bf7b8e2946ab928197db363c9f7d0089fe0ae56b102955b
SHA512 714f3f99dc155a1cadeb378a11cd02a3a139a07888c7b7238f2bf82f9f012c7e7a123edfce1df9e9f6a7d525accfe2a141ddbcee4aae6a1763f983fb6d3d4c18

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\31cbafc3-3f34-48f8-957f-0377729197d3

MD5 a6d07cd35bb971a02f37cb41a2e37bff
SHA1 bfcd0ed8db04278e688c280f6b245b03178423de
SHA256 64ef3bf5c645578e2b10f18cc47cfb89118433a2c9dc32ccbb4e6f4bf9b5ac8b
SHA512 c0728fd520b4d94798a999a9c951a5b8dfac7a369535b3e24afc6c194f2a7e4325490c0ddafdc3c5b1b90dfdbbbf8806da1b80b88bc91bd667daba8c88a071cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\86e92f23-fe1b-492c-a271-95aadec35fc8

MD5 8be35f0c2399fa67ab02a6131f66dd80
SHA1 27edd4dbdb6a491bc07acb88f4ad6b1bed424529
SHA256 99d0b71b5e65b294cff125bafcfc21894f4f64786b0cf48f455862a7a92a9244
SHA512 0fcce64753b323849659c2e035ee2e2da81806cee6265a186775fa5bc2da5d3c2fc38a54f0016cc95fc2283a5a270c2656f6ccee71e8180265b83bdf6f865f8b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 9a67bf777be3541646c05c451b4f092c
SHA1 ec879cc777a6f8c5fd4b6fe70d36dd863ad8debb
SHA256 d47e440a8b49e8adaef5104ef7f44819ca079710f26d8c4928f6bf8cf43b8a3a
SHA512 bcf58abeca3a9cec1965742dec6483d6ccca94cf5a7bafb6c968a244660d5ffd92d016acfeaefd6bf22d171b6915d6cbc6382250a7811a75f6237c0f19e4b8b2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 8c00b820a46ef33e4c4683ab976bbcff
SHA1 52a12eaa6c3158c615dfee46d81308934e7a443d
SHA256 da5215207635987c811974d2f22b7c2e6c607a80c1ecd6d602fa5e29d98ea095
SHA512 43d83b760d441a92a73ad1674070f658ff06c333599c91db6a5c9e120ff73a12764b22da4f0369c891cf2aa6d1bfb7f80edbfe5cd832fcc90352b993fab397c0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ad399f53448f5f9704a9603a62f995d5
SHA1 a7d1366e410cbb83e03e83d9efb16377acd8213c
SHA256 57efc97d10e74be1a8c4353b6dec4dfda71aa6c1228e0f30327266f9ace7d1fb
SHA512 ac997c639edf3b551c42412e48c52db6c6b92f98045d275c936697be28afd31b91f21e30a728f121a76dda3d82cd2c160dc3e91f01f8892b1aa2c4312ff584ac

C:\Users\Admin\Downloads\dolphin-master-5.5sj_U8Be.0-21264-x64.7z.part

MD5 962f4c21991bd1a95dc99f2101555b4d
SHA1 7abefb5d19473c5aa77bccfa4a4fac0c5a7f109c
SHA256 ade5bbf243673c6c6f8c1992c202a29d009c14533df977de56150e3b6339a773
SHA512 04cd9fcd1d2c330a228d19afbe960c11af5476148a084849c493b50093d1946530651d0133896ab3173e954026876d1f50492f0c80b7f27e0931f4645b72672a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js

MD5 76b039552e09c04dd8a5fb5aca505209
SHA1 635634c51c542de00aa0b3912b0a5db3deeb9631
SHA256 48b5a27bcc147f980ce5b16240183c98c07748360a7a162c30392078efc03f71
SHA512 f4aff05659ff4c84124d42efa60a6c27afec47aec9e54a7914402d85c7f262c53e053937b98240a7d435f8a8b5faffb2ea7bd125ca7ad27907345c94baa71740

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d88777c48cf1277ce5984e3acf343275
SHA1 51544fca0465ff5c38532399e2b694336e4c0e28
SHA256 f4dfae5e939aa68a44c6a3a16d0a0f8149bb11bd9d45f9070b588bbe025a6b9a
SHA512 2eda89ca298eb67f63612312f714cdf27169544d8d32351e2237b9d44754675b18d7af614ebe6870002542cdeeaefeaf8cb2922dfb17c42b2c090446d45ed1e7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4

MD5 fe4ae3c22e3a9afa368e3b41dba9baa1
SHA1 1c91bb7731269471ede5b2afe20265499e27113b
SHA256 24b8158e417c469dd2132942b4746ffc19f773c0b17034d0b5ec37cf8c6adc7c
SHA512 152d8ed55f5c056d3c1e7e4828945f4af484ed5705c87d7bcf0c0ebf31d1b0bb3708a57c586c8fc545d93e2ec667e59d602ffe05ed8a6c8a4f4245830b08d2ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 d0609fc9c739e0794321f366d48a08a4
SHA1 05ea5a0022a638678a119ecc997a33c3b32341be
SHA256 72606d356682eee08027f434b975d1a24ff508f6b575c84e4ce9abfb33281ea3
SHA512 29cc04432b8b07b3313557991e84091d2ebe706bc4b541b1d55d90b838b4a6c487e5df915f21e67312929b570235e955d4856e3802fc49574d1488032a227325

C:\Users\Admin\Downloads\dolphin-master-5.0-21264-x64.7z

MD5 f3a83964d648c763feb593f7e26bc2df
SHA1 1092647b2b811c8010fbc3a9ff655e79ea8d19a3
SHA256 6924681d5ac84e100c55289ee4c1c37054b76f6a1071fcbd79f9bc93d5b1c1d4
SHA512 2bf1a179832a3c0599069adaa74d75cf48fd08249da72881904de73d0b9de145aef1e6574e52c09accdd22c0a57c7b89002c90b870840d4c3f510a4918b2b6c8

C:\Users\Admin\AppData\Local\Temp\7zE84F7214A\Dolphin-x64\Languages\it.mo

MD5 0a88104ae7f34f10941a94d446a536a2
SHA1 adf4163f19fbf09e7ee24142550e31ec220c1bc6
SHA256 a4b575fbbcf2f0dc19d22c20462a8abf06543c473fba7624ed25c3b826f9ce38
SHA512 0f026d3c4404866eb3c88d945ff43d42e68960608b77fbdd2e3ac3e4ac2d23362120a3f26e204332da4d049df5c24b554d0f640d6b8d81c1450106d97b074a6e

C:\Users\Admin\Desktop\Dolphin-x64\Dolphin.exe

MD5 ce77c818064569829c06eb65cdc154bb
SHA1 a8673c36cfa3c55129859928bbfa07fd4ea80fdb
SHA256 bc116536b2641999d9729a32c2dc91c302d99e4eea054c55844939d3c608ded2
SHA512 0cd789d522995275ff11ae1f57b27b696071c32a1fa8977cf8a7c43a02183b141a7f6e32efc9dc852e239e8a3f1321cb9f8fe34eed733cc422ede98ace279ef6

C:\Users\Admin\Desktop\Dolphin-x64\Qt6Gui.dll

MD5 a821ebb82335187a4c14421a29c2ed78
SHA1 a14b17c24f2c3a05c2c3943d6b584450c6db5f0f
SHA256 fb3eacd5c99a9de5b51ddb676c9c02675640164cc23432f7c24356d04a2ad108
SHA512 ae1339146dcbf08f2939a30629577a582b206dc3b5c9732472de7077bdb84f09212737af7018cda41652c1e0b1c2d77d8aedbbf237baf04779278e586589b07c

C:\Users\Admin\Desktop\Dolphin-x64\Qt6Widgets.dll

MD5 4d3af12226571e84d41bd78aaad0db2e
SHA1 547c95fcd8d1cca207df5834f2cd1cf19ffbaf49
SHA256 afb9b6d440aa36ca55951c13cd912a17ff9f2ba0fa9d4254351d40dff3826018
SHA512 15bdd7789b5a3184e3bf9d261362d4c73915d17aea97f28f35e171e9009b22eed8c4269963aaac7134513dba83c6d345a5c4cd28d3df6cb022d1aaf8f11e8c7b

C:\Users\Admin\Desktop\Dolphin-x64\Qt6Core.dll

MD5 210eb8868000270a4b6526d029b439fa
SHA1 882f984e5f4a6019ad999580f71cf1d3dad91bda
SHA256 21cc245c29b673e49e7fc7c606510aed4eeb52cd92668288997d89409914825a
SHA512 326cab5145798483795895372d87a87fb32e0e2b1fc96b725010085b126d462dfaa456871495ef1b6e91c712f109db362ef974d73a0f771b7f60628cec222880

memory/2700-5117-0x00007FFA8D1B0000-0x00007FFA8D77C000-memory.dmp

C:\Users\Admin\Desktop\Dolphin-x64\QtPlugins\platforms\qdirect2d.dll

MD5 8503ac739e36713371727793f28aa8f4
SHA1 c2ae21a6e76f54360e3c4e40eb95304b3de0489f
SHA256 67ae3e6a62301b5f348c026e112100cc44019e4266c0fe50e25fd5468bcfd879
SHA512 a96434c47398c7f2e56c1b876eb7dcab82ed8a99af746deb4f44ad6938909c00f2de8b4ab5875e4af4cb20d149ec9ddbd3083a1d539d4e164f42315ea08ed1c2

C:\Users\Admin\Desktop\Dolphin-x64\qt.conf

MD5 bf55d7b6dcc1915558d09b9bd3274059
SHA1 9b04a925b9f67b95f51cfba689735ead558b4232
SHA256 a0bc182fdf815d9b42602057077e4a25ef94f9c2fea0518569da7439c97a0d0f
SHA512 13166645988165927e01727dbe7285ea93f27c57ee4bd4320d1bce35513b2e0e6a7965a184c506814de0836bc5c2d2f63aacd01626ec2a9b58f02a9c95b9bc59

C:\Users\Admin\Desktop\Dolphin-x64\QtPlugins\platforms\qwindows.dll

MD5 4c2916e02850bfefe935d3c42bf966fe
SHA1 d8a3f21cf179f8dd68b0daaad7ca1580ac125ef1
SHA256 6a90bd2bccb77f736745c76a1c5a29845e261925b1914d5bf8c6da633cdb715b
SHA512 55edcd09cf4f7c7faab451159ec4b2a714d6cd5e4b67b9efcc9ab6e0f8f41a1ee38e22cd84b73a6e016f56f95137f518d33cdebfaa2879fdc4c2af31eaa4a5e6

\Users\Admin\Desktop\Dolphin-x64\QtPlugins\styles\qwindowsvistastyle.dll

MD5 a94b6933c7509e362d17d7133b3fcbbc
SHA1 c4928d2bba464dfdefe54905d99778fec374717d
SHA256 650723e3165d68dbf82e56e779c873b2bf337d8c61e17cc1b8d35e7cb0ff0125
SHA512 971b5ff775813b681529b2c452b4de2682c57cd717a909c048c32d049debbba6fa8205caff7502511fe4fa5f073a58c4acc55749f85525e6b6c8f3be0d078136

memory/2700-5118-0x00007FF750B90000-0x00007FF752C0F000-memory.dmp

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Wii\shared2\sys\SYSCONF

MD5 9b284beef9b7e5efc9a8f27dcf57f068
SHA1 94143d8704c957257324254d7efaba5349d99354
SHA256 a8e65c5f1031a882001cd551ef2f9d2de969084074eb5cefbc58206f0e3012e7
SHA512 671bdc94b4951678e49653f959dbfce3dce0272bf88ded24aa185f18ba042b0ed782f3dbdfb385a90aee98444d43c70d2118bab6e00700b60c51e723b638159e

C:\Users\Admin\Desktop\Dolphin-x64\QtPlugins\imageformats\qsvg.dll

MD5 4f6643c9420e70a0887f301239aca0ed
SHA1 ad207a3396b246268b4d9dfb51ff1a9e17675b56
SHA256 ebe3a06f93ff8f5fa1336fdefb009105ca23ef875920a60a4dbc0d5af60bf3f4
SHA512 df560b4150d9277b8bb98e28a46b234f261741a624cb3e94da50ba7fb3452190126c0f22a38ea46655807bde52423a31af180795ddccbaf62ac40f5d5942b317

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 ac151849d66ee6d9d8f9e15d2ac040be
SHA1 2422a292ba8f7fa3ac8dfc929303791db17963c9
SHA256 35adfa373d95f514e3087c4a82f2b216c92555f145e4939175e264cbf1d5ed5d
SHA512 b1a528f6f329a8d27e6fe8aad6857f23849ff92ba5706c4b12ad864a192291bb792677a0874cb38e67d699d02177ee9fbc599e317cedb1b1ed1e9c183b145353

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 ca8e6d18ae1297dc1cf5727ef0dddce8
SHA1 3d0eb442bf81bdaf4a95e1477d69494ca583db63
SHA256 84d92fd3e4c64e882a9c8b790669d474e790cceba4d7c5d054e6ab3359134b74
SHA512 41f6eaa23d7f616991c55d3e6d3d444da92936d054b853fd62b8d97cecf02a667194cfb02b16bdbcfaf50b2c1967315b2cb2d081312452c7f64ed8d655ddf2f8

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Flag_Netherlands.png

MD5 eede2165fb80b97f86028e50e90bb92a
SHA1 b533b85777aebfcbd70197f72a79d58263b097f7
SHA256 d19d63959be24a168c50ed587deac450be3fc4f826ce40e8cb63fe61e926e24d
SHA512 96e46495cef6d97411e678f90ab7c96e94f01e8faf9fb2b4777d1bb7b10ed77f83157d193758280db92386be5a0ce62fc300ccb270b850dafadba40d18d93e1d

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 a453acbf85c3aee4711b15fd7e57341e
SHA1 700acc78a7f4d7ab80883f414c769725118852ed
SHA256 7b5b4b1d84991e56e87614cf63e3dfb95a09bbdb18a45e972902bb1b37844363
SHA512 dbdd652456cd461189cb350f6016f72da3ea0ded8a3bdd2d8a42f684f7e821550d6e10e7f0fea482014a20ac69e4bc8fb5f3942b40f1129064b56265535b8cae

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 9a4b9e8b6fd75a11510b5b9c18a6e44c
SHA1 068225d2baf78907ca0c5ec1ed05efaadee62fae
SHA256 0390b919a0b8f1f643b6de4d991c831c752b746c77c9c2b058ea96887d88efdc
SHA512 98282bc466a34a0b006232454fb852ce5e01df3ff784511e65d21bfbe4648c7003cf32f42b1b2c0c7c0d3e54b3ddb0f0d39a09c425f016e9c80eacfe9261a9f0

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Flag_Korea.png

MD5 614a0fbc1ae51559bb0094f05359f56b
SHA1 7ca4f72bdc3de3cb8d66fa23d784e21cca444fd2
SHA256 d62ab7bb62a5b99c57c54fd0bb5b0d541eb077f78295a12121f49d6fdfd6df9c
SHA512 c57e5540251d4a782614a7aa0d950ea583aec6bfc1cd4095896750439578604a999faa4581a6a04513ccd54f7603ff9603a3ce45e47b6e97ee9e686cb3794fbd

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 ceb8bf132f9fb67e5815502fc416ca64
SHA1 11b99d56d3d1a870d90c1ad2298d4f156e598809
SHA256 92813180864b5b9c47cd6b8b44fc1b7f41ad37e5b0c5607d5af0c377467b922f
SHA512 ef35f689e61332e05f24a7b983f7084a0629470a8a24516f2b7e12770c50431ff40e979e52ef53a78e22ea6b963f2a31943653b14ef9ba3ddabc4a3368811fd1

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 cb02b73930114623cf7b39cb1b5a3286
SHA1 5367899bc9048877243ee2347ba3e1102bab0fe1
SHA256 009e281ab449b74843d4ca0c2c6491ed640d9ff15d8818c25f538f92ceadad31
SHA512 fbfb28c0d45b1bb5c4d89fe57ed5fef16d1ba30426f9db423d6a318f4d8d81c7cd95a3d2c07d9ef23452d1995358f971c4fc4ec182de9c455e3f8c9a5f10c2cd

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Flag_Italy.png

MD5 44acfc6801f0a61f3ef4692962e22522
SHA1 51466f08bee9884322d6b0cc95d25c14c8f4dfa3
SHA256 074346b378aecb4f2370e2f84d116ef88affbcc7f9107facb5946dc94ea87714
SHA512 ccb30705d3c1b90c28f56d8bc67e0a16530fa6895340e979031c9b890eb84bb18c21e84f52e1d06a10daf65e5f6760373d006aa3f48e1c98e90b36e75a6eb16f

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 5bb909a0c6fdf3f08a3bcb73d7cc9196
SHA1 41eed52d7d440ed67af74cf6fa48894db042fbf3
SHA256 1970a6e3a368bfea943cdfdd10a4f01f744f3d95ca6901189e7e3348762b5436
SHA512 46062023b5ea39f22cef5811e58cd87ff999bdd5d9d0146e9523a7208764a480c3dae576b6cc5001d90b2c8eedeb48dfe072b4949799857b2222631a8f40fe09

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 5bff8ba0f272647bdd823b87901ba9d5
SHA1 74422aa00b77357e4dbd328d3a747a15de0d0873
SHA256 f5276a8f6feb11f4baab1173a068e8b460dc88f8d5919bd63de209f443d9d69b
SHA512 1ea9298b845769a600403d40f2d0b8254e3c5acf8318cea1d5f0985cadd55b7dbb56c76ef33f4fe27d65a94f4c5a2a0bc57918cfd12c4781c77a50c574b17ab8

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Flag_Germany.png

MD5 40e5d503b0e105510adbb1a6eed66b25
SHA1 7ef1059e2834dab645e30d944a3de48147159443
SHA256 968d370023d37f5574da84aafe267567fe34a36c25b6fb7a15de70658436a80b
SHA512 4d8b4120ccf7afbe6b7edf1cd241d6edc63dc148ccda80e359a2f06bf21bd0386747680ab6c50d21079066cac8a32d11d9ad3968379fee84a09f026c9ee374f2

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 afc93cc9cae887b92394f2acbd65c619
SHA1 fe717a74c42ac1995b83203b66715b148185a3ef
SHA256 5a1ca37fa246ec997f7394628f67f7b163f1a736532e2175f4a8126e93ed4223
SHA512 dab6745489bc6c8642956b22ea4b291660f879f9db8cf973273dde30f0d5caebbc08e8d064d65c35aea439d4ba886c769159a2c94f73b8859c5a25988aff9a57

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 4c76c3a5da3ee28234eb9817be6fc3c9
SHA1 4ce4a4af5c42a19e2cd1bd2de1ae7fbb3b83f98c
SHA256 3c0223daede3ef480002feb8a8328c641024d4a2b9f56e404239d4fdce9ca615
SHA512 ca8eb86d58220c98a932a7d7df87e8b4bf84fdc43cea448f8759833d8e7c9cb008e3ebcfa5c78799c4a0dc5d0c09b7a34a88d8ec31e11f4b7a38c6a2ff0d680c

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Flag_France.png

MD5 fc225dff9ffadb56be40aecedef3e8aa
SHA1 70e34b30e650bbbe8a144bb8e714a7f931f8020f
SHA256 21d283e8ef273640a8b3a7a652f3d171c08ba1a25d1ecf85c7521f871334a781
SHA512 bf113a7a77ab5e678819fcfca151738ac623e0dca345f206b2eb4a14754a6836799e00d367d2d8810818c89396e51f319ed802449cd6fa1049148e1bfe783eb3

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 88c2587d88ee3fe069763de37593d217
SHA1 e3b1b89118bd370e7f309c39cfcd21e29482d59f
SHA256 fc3b297c4bde072950a70e367a67ffd72c1d56059a7580b320827dbcb99db357
SHA512 788b51b02984b50a3f6254f9b06a4211ceca8672aa9173b5e27373a81a112396da27190ca978f8f1113ad9c16a1d4c2d452e77a4eb2f09d08a3858c591cf52e0

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 7e631bbaf9611a6bec2882c0d3015b75
SHA1 b49d14c0cb895f4192ca2ecaa5b7a795b7e4598f
SHA256 5f9b0b662b68a030b63c93d6b0956f87ce129326dfa367390a4a401f68a96db9
SHA512 f2f9626fab6edb7f273617d40eb66d3ab6e510c0ec8c29aca5fc65d415bb37e97b394b4839fad5195feb2101cfea961f1922c2dc7e7e24fce9b26a1b83d98b42

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Flag_Australia.png

MD5 0c4af45b1e93b6738157579555f0152e
SHA1 c5fc6b9385b5f4642544d5fbd4f1ced7366939d0
SHA256 e19bb6f118d5f5950502420622c18b44db1e9608d82a5f48c49834029ac56e4e
SHA512 12f18ba497da09a367579ca648bb815c7d8ccebb1c17ed0b2948503a4658eb1f9f197437944ece322bf6785ec652dd4473272cb196d3857e8b6f48aebb66e133

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 b91d577f1dbc8dfb21baaf1407f353a3
SHA1 d41a677ca6dec3406a9d1df6e92e90b3a38d4e48
SHA256 6e74aefeaa801d121631458e4a662b6f4553c0fdd702c3dd07144d07101a82b9
SHA512 bcdcd1a5f1da3a3f31a505f54cf2191f956093b2923fe67e0d3b90a872a575c020194402be26967a1b8e02bef0ac173e7ce14b1fa3d93c20cf9e7fc9f26a1dfe

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 69ee7eae52048477a1a9487a3c646220
SHA1 ec4c79c6f56c817557334e4b1487b2edda36f11c
SHA256 d88d9f0603468c24d5df09e94377f72ddb158e76025c87ca69042304a1957f99
SHA512 5db849621b019c85958cc01f9a9cf5ab32c66f0d396fafae148c9956efbbdc11112b944b5640cb80ef34fd55cb2020c08f65ff120e31ccab981fee71c20d306f

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Flag_USA.png

MD5 416daa0cdb17e9870eda53030dcd2f40
SHA1 f3dea88a2aec8163b40d7214b08a5b39b54205e7
SHA256 5bc6b5d33ca759c954f987c5d37606b5279232f3e91f0b6ac0fb73ae9ffd03a2
SHA512 91fd262f059d7bab4a4f8b4f4f1859a630169620a35426fd36825f65405c0c265e7e08d9f3940baefb4a7f95c8145b33694479f6295523a923572162f6b0074d

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 8be84fd47b6400d06a4ac600bf5f2513
SHA1 a3522ebd123035837fbbc4bac58b7cb31789129c
SHA256 273e5bbafc08a379cea23e909eddc179d459662e38a6f630bc2953a381e8df7d
SHA512 35bf92a163089c32ef6ae9dc596aeee849556ad5a1710c975ac901288aa7c401731c1d5bf2eb1b2d73ade437c9c9ba16a1d7c4ebf76530c5456155b4d6c322b9

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 486b681501113e580359df488e2a031d
SHA1 5f325d3a9445068c3df464a9e27534b3b528ea02
SHA256 18f90c4fcd08438f657a5329bcc0f5616a07cdac368f47becd7c09d0d5d5449c
SHA512 b4b75d589c98a3a6e94717ba14478798f8b7fd213ab8b053cef53ef028de30fc6a81628613d2f986df1eea808062c5628a25a06a35c1c403b3763d567859287a

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Flag_Japan.png

MD5 4c7267593b7fd189b8cc05336dd86492
SHA1 53fd09ed8ffd47791d6e13babfc36a2076d5e4db
SHA256 d7188b4e11af7260e64364a25d5fabb1c8c0647661ad0e0e2549b7ae3e03455d
SHA512 f52dc858b19d76e71d41072ed05f4d0d859eca97fe245ed6cec1ddf294371b88cbf3dd040d91e0895ee787e32a4f8211adda33e870158e1ad825740209437404

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 38532e400fd233737de0ae3745d6f403
SHA1 ec90f24991cd0ff2dc1f598e195427716b7e59ad
SHA256 81f78e1a42d3ea71bf64d4fbd7adce5b99638d0b1d46ecd3cd2201340b7576df
SHA512 74698efa64b523c4dc36e0af2686a02752f7e55cf97aea920b73a062e11211fdfd8c0487dc26b93e676a08731aa89835f4b25678b8b09d581e3fb41e72bc7f37

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 8ba13f7a20f4a67e2e870315b1c2ffaf
SHA1 e530c1360136e89dd2d65f2fe00cfbda78b253ba
SHA256 314258817715edf5c1f178c658932508b53a86c44e930dcd983255b0e8d0a4ba
SHA512 119607992044914dbf3417e2d6670efa0eda14ecedad9e73dd35e02c4f6df194d23dba2dba6d4965d2ffaee2000ecb9cd917c3e981b8d0ab929b589865e2d1d2

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Flag_Europe.png

MD5 6cfb69d2acefceffa7f62c7ec6fa9315
SHA1 a1666f893b600511cf5e1f499af12268b3e82c68
SHA256 097b83a4e606688fd8523ce99de370d09112da0aa7ffda070f48b8963ae162c0
SHA512 55cc4e4468d32ca5f0176444f291f2d5fdb1a6cffb454e54c9e60ba37e44872257a5eee7aa719ed62e4a92f7b63fd0ecedcb0f997836fe13013a699a5c424330

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 21b7004916c76442094a028292fa37d8
SHA1 acbd0f093efd3d5d470b81814c73f231eb8913b5
SHA256 641db9849e58aa31772beb27b26d9a76e16c8017e257044e6cde1ffc8b3a88b0
SHA512 b66e8d13162fbdda977acc6e28e132a2473898457756d0bbf76fac0c1ddcd18159a82c957b133d6f50ea594138afb5951cbb35653bc7b4bae3db3cd9cfb60856

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 9aa58ff0d60c037597a03d0ac08a939a
SHA1 cb6d90454d9ac376a9d2222adce892eb69aa0532
SHA256 4a7d61045b25034213e23b8f819e9780d76afb942c70ed35efa09611ba46df9e
SHA512 97d8de89380aa89d6ce53faa950eba6e1fd180cd658231f43be69bb613f941b6d5a9db20f1d6359ef1691f91cc94fda6448f1c05f7e89c679e06b7244ba9c56a

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Platform_File.png

MD5 3524f97432b1bf23c5fea4b2012aea27
SHA1 15763d5ef85f6ebae777dc9e571c52c8f21afce5
SHA256 91fce2801245e2eabd46a1d09ad6461af8539c71b11fd4544ab94fc7337760f0
SHA512 9f0a8962f2543e6d4151af7f3c9ba79bb228bb39feae7ea474dfb7f028b6ee54e6ea5a93c3bef1fc82cd21504ca6b18cd38b97b9343a3344f854c6ad29fc40a6

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 ad9f67213b5a6e6d82d7ecc932dbf606
SHA1 b29a3e588ad1a012cbb6565c354a93545c8b503b
SHA256 7ae1d573f045001182e17ea51f0f951f51c148dbd4261107e1acf7454f0b1741
SHA512 5d7ee74e1482ea3813cbf630ca4a55c8c48a8ebb5330df845f5f0a6b851244c9d05359f2a055ce05011c57741fb50e13aa838625fd10c9ceb3f4e77d62ab4278

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 dbc02ab13879ba8f2c70018f539d8c9d
SHA1 a181204c9a99f4412f5f2132b212781790812630
SHA256 4b46eee383b910bc11a15aca92780af764b0f5920f55cc2dbf86303eb3fb7bff
SHA512 7c4b8fb919d5ada4b3c289460a8e139f031d5676b8a1d3971d96627e0f4a58eef2ef56f57eb3b6baa1504e632eca2f20dc3debeede7f6c431ceb84c4d80f2dc4

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Platform_Wad.png

MD5 e1e168047e64cbd6a2f9e6fd2dd45dc0
SHA1 9a4592a9f45a41bdd1d4fc9f144bbaede6230d9e
SHA256 f121451fe907455a8b8bd746cc65af8599b68df52293641706455c6703f5d6fb
SHA512 038eb4f2f68ea67a9c53de12b50cd36d177687d89f222fd2e86e76b521c574493c5cc4de324f35a2c0c4f0cdcf2950486405fa498539ff5feb918bd02a1196dd

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 3ad1629ff9f89110ac67c0e4908c8f02
SHA1 502351cb5ed7afdad72a852b3045d22b14059868
SHA256 7d3c84a5411cc6c9b7bd06893c656e656460826ea6fb6ac5489c8486475be723
SHA512 61ba43410e58da78ace1b838897fa318f4f3feb61fbb9147313a0d464f0c444345f27e6fb0cab87156e4547ba92f6730eb93b79184f0317ec65ad195ef45f02e

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 d4152c7a8aae99e5cc18c566314ad004
SHA1 76756978e85455c002ebbb7de3175ce07d462be8
SHA256 18a928aac0302df957c633a4f52666221499c40791099bc2bc5d20be99c8b487
SHA512 186a6834c86aec54efe8b18f666e9b62757852394c56dbf9b45347e50174b0babddc0e6602773697f58c94a7798de2dbfa5d3214a89d3c6db479be92eb2fee3e

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Platform_Wii.png

MD5 005504f4c5b8099832da72ff70caacab
SHA1 3f590adc06b319eb22ec73e71040756d802d9ac4
SHA256 381da5908cc801b669c2fe17b7cfa460620ab69b3b8a94dbe61cb3d6d0da81fb
SHA512 4f4f281c6dbe085b870010422c8e26d01be241d64d31f86a0c68707a4a0a9afbd4ef8bf7d25bd6f9cd26c69a18a796756f28fa75daeeba6aeaf1f8bb8fea7a65

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 fd7b09f7006682bb4cf7d127675b1c12
SHA1 8aacb052fa37f7a49008e9928bd5a1bd4ec499a3
SHA256 6937817054caf614205295aafae882951864d7c8164916d3ce49472633ac97f0
SHA512 5c7a52630fe7a7875c4ab5ab4e6224becc88cee8806717e3c207ccafbc3ca5dcf230a634257cc18059e4b1caa7b75775e9885f50d2004a5cc8ea263e43606f67

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\[email protected]

MD5 470e0eb1babfaa756c6965e9b7ae0b1f
SHA1 9399527c4d15825927a7d459ed59210ff834e9c1
SHA256 b84e98a3a11e84ed17e74fb3aa57ebd1ead381f731cbab1e0decd832d186fa00
SHA512 5d257d92ac7de6be6f5ade711862b5dba794ce9d6f8ec6de6ecc509f739539436cca62ffeef8e0fc31e88ff883b39c871c315d458d1a07b08ec624b4eceaa86b

C:\Users\Admin\Desktop\Dolphin-x64\Sys\Resources\Platform_Gamecube.png

MD5 5e687a5e2a39467ad4bef37101adcce8
SHA1 3eb0ad1adfcdda74e3c74ade90df928e67116a0b
SHA256 541b51d5c3b9d6263a58a24b242c2b250dacc351615232b90909cd48959abe45
SHA512 2bd09b33bdd377e3fcf880cbd110fe2b6eef5ef55092b4b8cadcf0de9389666da86e23852c8e3535b004fe2b44a225ef30140efbcd4b64401b34b59eceff013a

\Users\Admin\Desktop\Dolphin-x64\Qt6Svg.dll

MD5 ddd98a50f150ea30b610cff0dcbe82bc
SHA1 b81016ce598229196676dcca866ab7d6c42d0e88
SHA256 3687909177e2f1eb4d09f026585a62a13fe8b344c12435d993a621472d7952af
SHA512 478591ce73e59bf84e80feb8acf21dfbd979f3fb0e4fac3ec8ff723c625a471337bbc6eb1a5dad87b065c809b0003cbf5ca3112fc39c70c243cb69611615f311

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Wii\fst.bin

MD5 3338b867fc5f286630566a950f6b9a22
SHA1 fddeee792f9f1837cfe9ac8ed7d49136260f00e8
SHA256 736c78c6c24775ab7b4a537a389d9bba4a19f1da62e7d7873d95953e2817e6f6
SHA512 1e4765016cd48a180f8bb3399e97d8a80b0e402821b97f1cd263fc63841c87d02ef7f86876a5da887fb2de9d73dea9de72f1a649366411ddec153082f14ea8ea

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Wii\fst.bin

MD5 37ae832d52d896e7d618db4d0a224ab0
SHA1 900827f6fad70ff287287b30082dcb14a523066a
SHA256 8eb095117ae7ed857ad0be7ad7a87c214906b390e3901ebdb4670c4c422d3ab5
SHA512 9610a2471c3710afeeac71048250cd40bedcf955dd5ac416b7fa18845ade57986e8a6be7bf6c33a8ffe716eb04621babe232d5b833340da87971bd4ccb2cf73c

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\WiimoteNew.ini

MD5 4c8ab375d1fd506320b179ccf85526c3
SHA1 7cd1b9459fcae2fedc18e63ee6444ded8cb8ba85
SHA256 7a9fa885a237ea7fea15f011624c7e20f81838cac88c24462b6a091954545ddb
SHA512 5cf7079d9570afb8b4841cb8efbe4ad05a96621c1181f23cf8d2d8ef0a5e8eeb2b330cf6fa100beffadd2e6a56bf78fc17209147e512f806778cb232a283624b

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Wii\shared2\sys\SYSCONF

MD5 72d2c3e68e0757920a23871eedbd0646
SHA1 0f429b6f11f7721928a3606b7f020d7401334d2a
SHA256 a4b49819e434fed10c76e793e79d65a597797f3f55c14e36f5eb672c8c480f88
SHA512 6820680fd1b13373615b5b13dd83d4921c1b8ee31ccb314c13db58a39cb4a7a85f0d0e21e5d67165ca40ac72cca416c42f2622d90948732d0d669c6ff1991c64

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\GCPadNew.ini

MD5 b8c5237d4da4ed0189e165f165c7e32d
SHA1 747090dc73dc584c2bcdecf53a7bf255154aa189
SHA256 b999c8abe167aedac10c78cfdb9051c59e439dfbb13cd85e63311bdfee7dea67
SHA512 daa959d4003d33e3d4bdb7d878d744853ba8269d1b374a63d05d492ad2b4636e84b141759e0dec43b5fc7b0997816c9dffb8f758d6567cac0dcf1983fc2b1e64

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\GCKeyNew.ini

MD5 9008223bcf47858f2452f22035e722b6
SHA1 3c785fe0f9eea950630f113e5f145c30f2a90240
SHA256 e65d1eb6f561a0591f93782c63c48ca2d102b7556c1260f31f35697a1d2783c4
SHA512 038b24d7039620cff958498a2ff3dd7e92374d19fc06b32f458f4561e8a872c7fd41ae67013a80ae05a64865dd9f59d6bc761984b3d2cb7c255edd32c37d2e18

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\Qt.ini

MD5 7c80518b9cef1ea9ceef10e63042d5c7
SHA1 94ea3d352da767584a1e2c9fd5f0fdb7bc2f6ba6
SHA256 f2afe68bf3afc4f19c91966f9e0d91280c48f36e6c2216ad17674b47bf4f1a0f
SHA512 fd82b3edab8a503beaba18a6cc8be2449e7bf084e57199c4cfd67dde9009dceaaef892eefb840b43138250a742a79453c0c12d12bc4ee2ef12fd65fa7bd6b5d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\d7d98c9c-bf2b-4a73-8fb7-e1a14ecaf67a

MD5 b4aa63a030ca71a87eabd5e0c1f79f29
SHA1 821658569274d6d4a9c81c1c0203d9e2b851b074
SHA256 c995e73d98cdfd66f2cb74c79e4572d36aeba1f25a1ea8c3cb1d6424fcb076d5
SHA512 5a3f52508645f4bd2c76cafec1a1d015bc341210887463cc3c0b46cadef16ae801fbb18055d0e90df2af1973ec6b93d2e69e6babe20324323a41375b68afd620

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\3296e35d-8eb9-42f1-8a1f-e514d673e44a

MD5 bcd1b412a2a999670c5e42c1a2ac254d
SHA1 2466c842b408c6942b75c17192fd571df798d03f
SHA256 a2bae2f2b49f9a0e480c988a2b10ecc6cae71e0b622da0305f9333236265e6e9
SHA512 0d5f322b101642350447090f30790887088fa5bc86b5c64e37d1eaecbb336b7149662cf08baef119e075ef4a6e7536415ca28aca2f94d8371c64365e1252b9d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

MD5 016c2a8383b37356d7b47b9627e9a11d
SHA1 60a23023531082a86c7f523a92792b774bb916d2
SHA256 ad2459eebeabbe1bcd2433efd754df8a155a32525b29f79ba758715e6251e529
SHA512 0b3898ce21c0a1f1b94685d25df03f0561b4d73a9dfb6bddb9a4aa9d35403b285f746ce48651096eb8859cff0d099d6f24919b039dc1d4a6bff52a586d3c5bcc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d2af6959ed954a6bb974dfd002d9adfe
SHA1 ee1621aadd24bd5d556b4bde026afb4fa2af893d
SHA256 d604b75ad2e8074a92b3d860c2d0272acaff37a86b666182bf68e991a1be110d
SHA512 0d5c833cbb1bc710621437ca30ef572815a0a0f8bd9f2b6b346b4a96115395667f8798431299a82964360ad2be7794fd2cacb657713c49d9d37b527c11eed5ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\643173D8CB65E681F500F9056159F9D71BE6E516

MD5 83c594720422317f9e413f04e69c14ab
SHA1 e174746b441aafa380fc6948475f35c5e82d5935
SHA256 88c3739e4c7095c84a1107840be96bcdad45ac6369e938f453cea927ca9d29d0
SHA512 77c4e90d891be4954bb1f03d9d014ee4cd3a3d6482e243744d49010f067e47d1b6575aee61d4b9cc9943d4cc5e8740bad5c307fdadc44cb85b0818a1d0370aad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\8E111783E22F20526FAC3E2762C9BC06119772D7

MD5 5418cf720f15095d2bf7a19b8a74772a
SHA1 6f62982322d1b31a52e50b481027381602d88a88
SHA256 0c41cc79bceaaffdbdc95060653bc575e879d3f2f0e706f2eb147de9de9cc8b6
SHA512 f8c256f21fda4e21541bccbbc9bc3b939269f2d00e7ce2b41a02ca8391b5017fb482004ebbf6ade28f70ea441bccecf8a03cc9ff5ff82b0f88ab154ff69e0fc5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D16D0F9ED4111C436D04EC79456EAD68CCC8EBCB

MD5 1c81bbdfe7a830fd1daff1a71ce8ea23
SHA1 38442b1ee8f28cba196c84c8a6f7bf8d1e4a91e9
SHA256 4d51873ae91309c55f6b256d46ad011e427f742baa95caacff386c3566e115ea
SHA512 938f5a80ca9eced80fc690f624ead728c7c9d843ca8e4e90f6bba87c8d3b898fd521bc12689b6e37a49a13376c73147ce8a562f023ccd64d767af2a12d11609c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\57BC30F72EA9EAB6EF5561C070B0E1B364D55F90

MD5 00c238856b9c09483bbda363310f6978
SHA1 ab2b5a6825365de865bb66d2eef097833d709dfc
SHA256 9703fd0fc2038bf55c4b40e2983e8780003d63dc769a01a71b2b95855d88c6dc
SHA512 57dbdfc7d48e437a084a4d8061cd920cdd43719ec6cbfacd52521487571905d8441ebe5ddf44737a11d8508d2f929a5f21d9556b6a39dcc373ecace7928f5d08

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D44BE3F2FA17B10B0D7870F504482BBEEFDC3DD8

MD5 49e3f711e88e19f145995cb3dd64b893
SHA1 9960285af2c1db62a93b2373d7c736c5ee04060a
SHA256 3cb9bf716b0bf7220a26ce8acb4b288e0b850440485efe4baca7ebd05bc4550a
SHA512 d4d0c81cfdf1f6b11d2bb37674b4c0de7395dce9cba8c6b5871801fe94170a18192a6832a03771482dbacd8549c295e47e9d43b99aa55fdf0c149a4e0b73baea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\CD431D3E7A92388F300585A67FEA057124B3EF49

MD5 e3f3bd5fd58bdf62cac1753ad2c7ee81
SHA1 f000660424c99b95712911b29104b436ad446ad2
SHA256 c4c2e27ca812bb4f8196cbe1327d78415a91483a3846113f290693ae56371733
SHA512 d88e8b3f9b7d7d21413abe534f6e38120d7be07b7aa49b2855cfaf35f4c88d42151b14e36a059c8fb1da6282cba1c897f691a076a021c7dc563bbc4b176daf0d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\6ABF50A3A273775418F826A76D17C91D5A39B761

MD5 73e5d49e1803043267d024500a04e9dc
SHA1 c36afaf9c43965c8cc719e969f882a0519f72d13
SHA256 e4fff6568ac8bda73f9614a2eadfa272079557caf7d0a11cff82aed7fc675401
SHA512 c6db4eb94c43aef99cc4c8164488bee37eea191c7961cd4911593c10955c7406911677c127e2f4d4420f2f85395a97c7ea29a5d2a8692dfd5db96e03d29b2def

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\33B5486EDAAC49DA8C42B8E8FA075F31A143CF0B

MD5 50ee37a3b9e6ea82a1c6ad91ea72d605
SHA1 403caa69a01496218b447878cbbcdb7f3838b836
SHA256 886a6db8586901d059672b1ae5812c9ea675c8dd5e4b95bb80c1893252abcc3a
SHA512 54f40e70a144e6f4557dfd05fd47ad9a75d27c6291aa00cedee618af93f82b387ce5753fc7fdd22ecdb015e061dbcd61ae2a86d7adc596a54bca23b99dc749ee

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\0271A5DB656A0C474390627407002BF7666E164D

MD5 f5d50498eaabd3279ae9abebbdd3bb5f
SHA1 91f8628a93eee44cd6a7e67f28917496fc9e561a
SHA256 95ff99a171ff1f6c86dd6e5dde50b6eb70770c09ccaeab5d664b7c44a4c04770
SHA512 c039aaef24cc82a415a48af195815697c561e1a3db2c700aa95cb2a3648387aeb3a99fe76c732b619df8abb5f32b1295357168de3e245b3c2d97a73b5f7fdfb9

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\4734BFF640E140A33DD082A8AFA4648DA81AD4BC

MD5 8c8cb59e76720bde752335c8a1d63495
SHA1 e1da1dd0460a8c8181702d6b75126a95d1a2dd97
SHA256 395548ebc86a24ffbd82eb54305e8e9873a0170ec0a3acd998a4ec7662f746d1
SHA512 bb175413da3c334fb2a50a20e75dbbdb506d5967b5559f161c1d22742fcf119cb5dd4df31d115768e415baa60a79211a9338412a2718e2ab81ee1b8246223d5b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\51B76C590F798BC0F9E19237E89229490BAA3A6E

MD5 997dd02da02f3028f70be6e5d24d58d9
SHA1 f842d00a3e9a7b5417014f64304d3577b72569ed
SHA256 868205762882b7c3111a4b38f4907782011c7a216d290a485b1c3aefce6bd6d6
SHA512 e18aa0342cb278d65bc1cbad8a32ca735da39f957f87eca534dec38b880c2980699f4cc5785b00052aa7dcf40217682e9ce2125565601ff16053521130f79171

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\229364D09DCAD214CA8FFF8D7159E49938FAE689

MD5 8fcaaff4a9e62947cc528e947eee3032
SHA1 8de19ce0ec21d486e2a46c244319404b5239d0d2
SHA256 ed14effad1105fcb24992cf5846dda87e86b6e630da59baa087513661b5957af
SHA512 6a8b96c860dabf4b4ac53fbdf3bc02eeac1a7d6e12002062d2767a3539996e6dd62ccf6790264c396285a6a2cd740bea5431d216018715f03fab50494d45dceb

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6b357ac0c6bbef1a13dfa076e6f9d213
SHA1 477a7d9bc3e5de015064ae6a5583e963ec347112
SHA256 4ef3cf2ac7aa82e5731a2474d1712b0b61e34dfee5c2605d9921967b89e8b5b8
SHA512 efb35fc715da2e38606eed22fa20afc6ab7637fc5df641e10fcd96cd4cd9d7c05eb04067d8a1370328abdc08a5ea5c2f01ee337d44535987d8e5a05e40e9060f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\31017

MD5 7120b403fae016c2f8bf66f24e2dc5b7
SHA1 86600f45c5248436df72f3fea07a4475117ead2c
SHA256 176a5c42ad693de9ded390aa7520437ef89c91e77f4214b95141b3258bc30dc5
SHA512 d5bc6ea4e742399dcf9a0dc42aafe09a2273fa10d660c6c519862072549efe5adcaa7b947a6ddcfcbda5db1b0cb9d0db0f9261e0f871c0e9e815ae96e3290f99

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\18415

MD5 1d443c0ea01ec1046692ea2a8cfc7e17
SHA1 5882ed3e5eee1f6ab767af49ecb28449ba7986ba
SHA256 186e26bab524842aa4424ddb33a4aec050fcc3db9060810cc5354030f8aaae8b
SHA512 d50056221f5dfeb0b45659197f9b2a6996503a447879cb179e145063bf6063f23c0479a086fc1910c8611238885bfec377a82b17b0cbc946e166114a4988e058

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\14112

MD5 5f0dda9e6c1ec2e79be925243a203554
SHA1 23ed3ba8d71c2389a93fcd507bc664d6858bf4bb
SHA256 b8430999184a56fc97506382ef05c871119f806f79354fe4158c9ea861460f17
SHA512 33de91d339d669fdef062c7a886c8947e1bcc08b942b517b854af2d47bdbbcbaf83e91686c72ba5e55e3a3cefc569ee2dc74464778cec25fa5576800376de9aa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a3e400e677fa75c96bdc90f1c68d9ce9
SHA1 cbc8c09e75175a41b5edb80b15d1c0ca24f218f4
SHA256 9ad4268284851fe6d1afc353ddcf72397ff9e8fac2ad3ac69b47ec133adec652
SHA512 8e04c08168f2d3ed3c34517f5a5a3e89e1688bb1fd330181b7f44ac886e8fb503f25a4041500af9d2f9ea2ff1bd3f8f430ff99fc5324234d13a392890e6cec45

C:\Users\Admin\Downloads\VC_redist.BGVBrc-T.x64.exe.part

MD5 1a6902e75ca8e97234238e4d1a89fd9b
SHA1 4c2703da02c7a7d63aace1984e7c6d5f02d3e2f0
SHA256 114ab5ebb7cbd320e75f7be0f567ab0b36f6f80e81a92c2adf0308d7217cd66f
SHA512 94411cbedad9c4752deb0cd17578e4b661867f3215256b9df6f214154595849f51b8f846c97d008567ffaa0bbbccde014a9fa4d153a73b616a5ad24ced2f27a1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7c2964acd1f12545ba61bcda1088145a
SHA1 17d68bab951c263af333f2eb3648f28fc8ec097c
SHA256 63a3f77d475ed06abe8e258d3883eac3bab43dd780e635003da8a52a819d3660
SHA512 4f229808a967d919fe1427c9c7a8d74069df20f39d85c2db1bca2eb70607f4c59f3a7fa588fbf13a2fb8729dee4b80e83e065d5746a933fa0b5570606185ba6d

C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.ba\logo.png

MD5 d6bd210f227442b3362493d046cea233
SHA1 ff286ac8370fc655aea0ef35e9cf0bfcb6d698de
SHA256 335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef
SHA512 464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ef79e75b71fe95401b5bb152d204c323
SHA1 fe5ca1556ff30cf1649f5e8bbba5ba3bfa4859c7
SHA256 8b730771e5894e12ea14bdbce73ccbf02a09fa7bb4966d4219903ddabdb2dcc5
SHA512 e5648e8f78ddc250fa5b3b331daf2dcd90a14f83c2b8118cff447d77818636a8edec44ddb675b582d4d880c132f7aaffb5bfd980e684df8999ffe94cf68f1e01

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\places.sqlite

MD5 df688f29fb8063b3ae7ad9368dcfd0a7
SHA1 4a051947ecc96d75ac0cac91f8b14557f17764c5
SHA256 ea0e10c6f400e315b7ec88369532fe68e88765607b12cfbb2e57f455aeec0954
SHA512 269ca58f3d221a01b9ac0b4eec6f70c12b6c908dc2de9cdd639ac74d40c488bd191b66d33632df2d13b70d1a6f77242a956a8d9acea4da6c2ed736ca411cc3bd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

MD5 92ed16cd051ca8194a21347b3d4396c7
SHA1 d7ea68350c4cf38b86c8e7de8f6b4651e4a3628d
SHA256 9bd47b54e847f85cbd6eaf00b2897b905be8999f6332d82a8125ece905565548
SHA512 0212cedf57b9d443d4cc1d5139c5cf336dfba5f748d7eba0416b5e45c0803db04df90c4ab2850b2bfd9947363b991573aed5b006e938e02650f5237aff0b3866

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4

MD5 7af665c6ebd317ec440fa693d575809f
SHA1 c902477d5618c68f4b6d184cbd2ff5cd091062dd
SHA256 67543e310b72454ca113ef18744ff016ba1dff7faf6d5ada5afc6db2e1a27bea
SHA512 bd37861c484b54e968e00ef4758ed91b453dfc744f96bd86a3e826165557ca6b4bfe853a1163d231e7ab98813becf261c9e129112b1fc8d72aae4aaed3c15ef9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Windows\Temp\{3025B856-3C03-4389-9E94-4F75B02C0C9A}\.be\VC_redist.x64.exe

MD5 b73be38096eddc4d427fbbfdd8cf15bd
SHA1 534f605fd43cc7089e448e5fa1b1a2d56de14779
SHA256 ab1164dcaf6c7d7d4905881f332a7b6f854be46e36b860c44d9eedc96ab6607a
SHA512 5af779926d344bc7c4140725f90cddad5eb778f5ca4856d5a31a6084424964d205638815eab4454e0ea34ea56fafca19fadd1eb2779dc6b7f277e4e4ce4b1603

C:\Windows\Installer\e5ed206.msi

MD5 e312d6be7dee2b8f3737e0a1bc92e3aa
SHA1 72487572a3f8b8eff93489997c8a5041ea7a6867
SHA256 d48c8e848a219bceb638b2505132756cb908703fe75dee78bdf475435420dc49
SHA512 b39a0c18aa242887e3f9ae3d49bc9d6765ce15097718964cccd86b824d13481cbd53175105db29d17e3a08f74fe4d20dfb3f9989eca5276c3f5fbb255b80f8ae

C:\Config.Msi\e5ed205.rbs

MD5 54cce6a4da2dd4e3786f5880575d2200
SHA1 cec55f2e07c8125a2bc0b073ffffb37aeb158b9b
SHA256 73600540e6668651d864506e968cd2cac55087c6b066b93b115e9fdd6c11ff8d
SHA512 7ea35956bdc8ad13de90ef9ba4b347709a3568183cee82f0ade5a9fdeac807ea15ba3fc791da91320767ac24695f78d39792693647eb644e45c5c9173f47a7a0

C:\Config.Msi\e5ed1f9.rbs

MD5 906bcfcb2920c9dd56d9d4a028bba0a4
SHA1 e641faa74605487c93ac735daa27b939d2b8b15d
SHA256 600cbe8496c0944473d38c183fb1d4de63139db3a1d388d24040e800f75f0d58
SHA512 c324370c2c7743678a6e2afe2801ae764b16b5f8f36f193c19f341d323655fd0d80afb033ee5d49ebde33901a1d57314631414226208a9634f9496f9f09f3037

C:\Config.Msi\e5ed21b.rbs

MD5 5301ebf1b2fd8b59e10cb9b065766457
SHA1 157c0b2431700109eb8d333644011e343ece2f67
SHA256 0061b2722fe28af0094a4ce0d398a05a3e9131f96b8efe7d7b117b3c00688fce
SHA512 0ec01a7ba5875eb2439499c623050107c97fe559245f2d47dff81493f67a718a1819635fc6e4bebfcf2c2451e597044ffc566c81afccd2a2a141da0ff55d75e8

C:\Config.Msi\e5ed20c.rbs

MD5 bf2781275e98b1528268e9d2ad338fcc
SHA1 e153f685447d2f7237578fc6d5b073b94c27052f
SHA256 70891d36eecb2f89d34b92b7cc924aae92b0b635743ff339985e90b58c1720df
SHA512 fff205c0af0dde187b93ac4fd333d1c574a6814bf57be2ae2c2ff8ede1735199e05d21843981dacf168ba22e523e9ef01c138eae529388ab9bdb9cc661fee184

C:\Windows\Temp\{AC3F9353-EA87-4EA9-B8F6-20E366CF13CE}\.ba\wixstdba.dll

MD5 eab9caf4277829abdf6223ec1efa0edd
SHA1 74862ecf349a9bedd32699f2a7a4e00b4727543d
SHA256 a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041
SHA512 45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

memory/1396-6214-0x00000000001A0000-0x0000000000217000-memory.dmp

memory/4148-6252-0x00000000001A0000-0x0000000000217000-memory.dmp

memory/752-6251-0x00000000001A0000-0x0000000000217000-memory.dmp

memory/2744-6292-0x00007FFA8B2B0000-0x00007FFA8B87C000-memory.dmp

memory/2744-6293-0x00007FF750B90000-0x00007FF752C0F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Wii\fst.bin.xxx

MD5 b25b9675d7fc452cec4f39f638b5fd05
SHA1 b1a6c61a13bf5f347ce297db0341c56e225f1b2c
SHA256 b565224902c8053486902a3077a0e00c1dd2b39a38ce57e6e0d7d2f6ba13b86d
SHA512 255a4f7556a1a99eae7be9f1acff18eb806fe8d618ba287afd9400cc352dbaef463d45c055973117f53170c63bb6905c7d26b56e960966f1f81f34b41ef91816

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\Qt.ini

MD5 dfff388202a8a68f2ce392d5d2e146c3
SHA1 f2fb9d713e0f4732b7b94fef70a7858a68c5c342
SHA256 f0f2b38ab52a1945224d21a545c2dadfc7189e1932b77b77d95685dd6246c985
SHA512 b643aa56d5b1c33f5fd1b57b6ef9e9298da7873ede561dea6697b36b1478c728f2b7d5345cdb6b932931edbd349a189b3c6b44203c6e30cc55f7e74162378136

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\Dolphin.ini.xxx

MD5 ce5f34ff857cd1ced43a45c147bf6748
SHA1 cde24509b756ec29bac8c8cf1dd779d9afa70fd9
SHA256 43550f0e8c4bda5fbce06ccd92c496cbccebf5fb2a17004ae356dc8f9fb8f45d
SHA512 709822f74338c08168e583f3b2983abcfa1d83464380962dc7d8f53a4525e854bd85c0d3c25c38f06fd8df4f22627580657967b53800b6cae9a5d600afb2ba21

memory/3404-6387-0x00007FFA8FC80000-0x00007FFA9024C000-memory.dmp

memory/3404-6388-0x00007FF750B90000-0x00007FF752C0F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\GBA.ini.xxx

MD5 41d3d3e2975d30e654ea29ea5a8f711c
SHA1 280bff4591a0602d18b2aac181a69020a78952a2
SHA256 589e49648eb3d8f8651804545d9b07d4a54af5d8283e9c30eabd193cd6bbcf0c
SHA512 5c44e8d6f1cd2d5d32cb5ba0c0acf5e30e8f08808355ef1b60c8115d44dee6113c8edaec45efb14f811c289c09f101a916d87baff5375dd4b502e7ab6e130be4

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\FreeLookController.ini.xxx

MD5 5b7f4d5d45c2977f4c5af14814076778
SHA1 349b8992554df4bdc99c6dfdc2d0e54467654641
SHA256 53f619b4eb0c664b563074649eaf4b3248b14a9bc709dd7dddf92a2b5b638899
SHA512 4556fcb669d1986ea56a156ae2d0b4657b9d2b595b1a2eba2467e7daed67658a2e8e70269769b8d842d1909456788f1a01b02f37c7f69fcf02603c7884a6c243

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\Qt.ini

MD5 fe51c7cca178948d6e983001348513bd
SHA1 a2a097e1f7df50ea16a21bb3cd759b26d8fd92ab
SHA256 b61ae583e34d1243d5f55775a7d82855143fdbaca3084ff5be5a6bc08dccf8bb
SHA512 e1f68a65747a7871bb6c9b05876c1eac51b1d2e02f902c1703103deef4bea140554ba6fc02ff398c1687c3b0eb04041c437c4926e1b55a91c4b7d3a8c00b609e

memory/2628-6447-0x00007FFA8FC80000-0x00007FFA9024C000-memory.dmp

memory/2628-6446-0x00007FF750B90000-0x00007FF752C0F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Wii\fst.bin

MD5 1854687d852ee9d36b5df8d5536974cf
SHA1 2b14f95c59cc17c5a54d67524d856286742bd364
SHA256 21c28bd8519ed5f82b6f03e6cc1070b2fb7ea227ffecea01232959df14b6daf3
SHA512 5059c2d5d93d7d7cb95e35ae6081f76be3115922704ca1c75a0f6faffe17fe02ed99d7944c4c0e6f0f8fdd81b7a322672efd46d764769d788adb50941296a08d

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\Logger.ini.xxx

MD5 fe88c3f1408264aeaf05c90b882c61d9
SHA1 a7aebc96ff9c4491a8a371195000c5b9b7375fa3
SHA256 b15d166f39134669728dcb37f25d34667609e05ba8f4abe9b0b2c4f67732f2bc
SHA512 5220cf1b7b58e354ad86a70c89e6c2705b3868959cba51b85d2bc642ab45c04a928eea2c49cb14d13f1292fc133483f0ab14d39d660720e9f4810106a07a26fc

memory/2872-6608-0x00007FFA8FC80000-0x00007FFA9024C000-memory.dmp

memory/2872-6609-0x00007FF750B90000-0x00007FF752C0F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\Qt.ini

MD5 5db2bf352b8092573ed1c523d44eae26
SHA1 4880fd4999e1fbfd284570fb84dca02665dad58f
SHA256 8cfacaef55222749708546ae919604df4ad36665606586120a7e1643e5c7fc4c
SHA512 4e485595141a9df7d1df6d7f4a61c3f73939a444fd97db8c5e8898ab04a2cc4e7e9d3921cd3449f2ca30034430e4486df6d92b4be94a94a31a11006c62d9a264

memory/2064-6666-0x00007FFA6CBF0000-0x00007FFA6CC00000-memory.dmp

memory/2064-6667-0x00007FFA6CBF0000-0x00007FFA6CC00000-memory.dmp

memory/2064-6668-0x00007FFA6CBF0000-0x00007FFA6CC00000-memory.dmp

memory/2064-6669-0x00007FFA6CBF0000-0x00007FFA6CC00000-memory.dmp

memory/2064-6672-0x00007FFA69E50000-0x00007FFA69E60000-memory.dmp

memory/2064-6673-0x00007FFA69E50000-0x00007FFA69E60000-memory.dmp

memory/2064-6875-0x00007FFA6CBF0000-0x00007FFA6CC00000-memory.dmp

memory/2064-6877-0x00007FFA6CBF0000-0x00007FFA6CC00000-memory.dmp

memory/2064-6878-0x00007FFA6CBF0000-0x00007FFA6CC00000-memory.dmp

memory/2064-6876-0x00007FFA6CBF0000-0x00007FFA6CC00000-memory.dmp

memory/640-6879-0x00007FFA8F6C0000-0x00007FFA8FC8C000-memory.dmp

memory/640-6880-0x00007FF750B90000-0x00007FF752C0F000-memory.dmp

memory/4656-6915-0x00007FFA8F6C0000-0x00007FFA8FC8C000-memory.dmp

memory/4656-6916-0x00007FF750B90000-0x00007FF752C0F000-memory.dmp

C:\Users\Admin\AppData\Roaming\Dolphin Emulator\Config\Qt.ini

MD5 a65f35b77bca0473016abd36a0cbeb06
SHA1 ca7a852cf0086f5de64ec5cc31a72f4d94c809e6
SHA256 cfc00564d97ce9db4fd728247c9b714cf161b5c2ad87584b5471900c6cf41ad0
SHA512 30640842f1cd4ee37ef0832b818d098b901fcfc1936047360ccd321bd12d24bc7f4e7059308cb4b5ae94b2bcc0fe59cd267aa14b008ce9a694e7dca10a5bb1fb