Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

dolphin-x64-5.0.exe

windows7-x64

7

dolphin-x64-5.0.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

infinst.exe

windows7-x64

4

infinst.exe

windows10-2004-x64

4

xinput1_3.dll

windows7-x64

1

xinput1_3.dll

windows10-2004-x64

1

xinput1_3.dll

windows7-x64

1

xinput1_3.dll

windows10-2004-x64

1

$TEMP/dxre...UP.dll

windows7-x64

4

$TEMP/dxre...UP.dll

windows10-2004-x64

4

$TEMP/dxre...UP.exe

windows7-x64

4

$TEMP/dxre...UP.exe

windows10-2004-x64

4

$TEMP/dxre...32.dll

windows7-x64

4

$TEMP/dxre...32.dll

windows10-2004-x64

4

dxupdate.dll

windows7-x64

3

dxupdate.dll

windows10-2004-x64

3

$TEMP/vcre...64.exe

windows7-x64

7

$TEMP/vcre...64.exe

windows10-2004-x64

7

Dolphin.exe

windows7-x64

1

Dolphin.exe

windows10-2004-x64

1

OpenAL32.dll

windows7-x64

1

OpenAL32.dll

windows10-2004-x64

1

Sys/GameSe...r2.ps1

windows7-x64

3

Sys/GameSe...r2.ps1

windows10-2004-x64

3

Sys/GameSe...01.ps1

windows7-x64

3

Sys/GameSe...01.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    109s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 14:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dolphin-x64-5.0.exe

  • Size

    18.4MB

  • MD5

    eca48982effad82616f206f52336fe4b

  • SHA1

    4d88af3572de650b0b7dccd92dc8de5854edfae6

  • SHA256

    e1b3ae8fc890c6588e5656f77ef2747ae7ddfc90b6530b240c0c5b9d0ab3ce8c

  • SHA512

    778755b2d12c703a2954882a4d333b7cb61ee7ed0482b5cb14c1cbc4b90c8b65f308944a2f9369a89fc54d163c613efc65adf70316c08d447183f65637fcb557

  • SSDEEP

    393216:Y1qyjt4rPX8zs3XxdbHNemtqa7JhnurHTl0WcS4ENyQ4p9Jmm+:Y1qyZePX8khdbtecqa7JhnurHirhENys

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 43 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 62 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\dolphin-x64-5.0.exe
    "C:\Users\Admin\AppData\Local\Temp\dolphin-x64-5.0.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Users\Admin\AppData\Local\Temp\dxredist\DXSETUP.exe
      "C:\Users\Admin\AppData\Local\Temp\dxredist\DXSETUP.exe" /silent
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2576
    • C:\Users\Admin\AppData\Local\Temp\vcredist\vc_redist.x64.exe
      "C:\Users\Admin\AppData\Local\Temp\vcredist\vc_redist.x64.exe" /install /quiet /norestart
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3812
      • C:\Users\Admin\AppData\Local\Temp\vcredist\vc_redist.x64.exe
        "C:\Users\Admin\AppData\Local\Temp\vcredist\vc_redist.x64.exe" /install /quiet /norestart -burn.unelevated BurnPipe.{75DC725F-C6A4-4899-AD83-18A8F073FF08} {9E7D8B2B-0DB2-41C1-A2AF-1486B1C945A6} 3812
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3848
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2696
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "000000000000058C" "00000000000003DC"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:996
  • C:\Program Files\Dolphin\Dolphin.exe
    "C:\Program Files\Dolphin\Dolphin.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:1052
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:880
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6599758,0x7fef6599768,0x7fef6599778
      2⤵
        PID:2408
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1236,i,4685266240445061406,13770734385168284319,131072 /prefetch:2
        2⤵
          PID:2912
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1236,i,4685266240445061406,13770734385168284319,131072 /prefetch:8
          2⤵
            PID:2900
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1236,i,4685266240445061406,13770734385168284319,131072 /prefetch:8
            2⤵
              PID:1500
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1236,i,4685266240445061406,13770734385168284319,131072 /prefetch:1
              2⤵
                PID:3120
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1236,i,4685266240445061406,13770734385168284319,131072 /prefetch:1
                2⤵
                  PID:3104
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1460 --field-trial-handle=1236,i,4685266240445061406,13770734385168284319,131072 /prefetch:2
                  2⤵
                    PID:3432
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2204 --field-trial-handle=1236,i,4685266240445061406,13770734385168284319,131072 /prefetch:1
                    2⤵
                      PID:3528
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3348 --field-trial-handle=1236,i,4685266240445061406,13770734385168284319,131072 /prefetch:8
                      2⤵
                        PID:3556
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1236,i,4685266240445061406,13770734385168284319,131072 /prefetch:8
                        2⤵
                          PID:3596
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 --field-trial-handle=1236,i,4685266240445061406,13770734385168284319,131072 /prefetch:8
                          2⤵
                            PID:3776
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:3148

                          Network

                          • flag-us
                            DNS
                            analytics.dolphin-emu.org
                            Dolphin.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            analytics.dolphin-emu.org
                            IN A
                            Response
                            analytics.dolphin-emu.org
                            IN CNAME
                            altair.dolphin-emu.org
                            altair.dolphin-emu.org
                            IN A
                            144.76.17.114
                          • flag-us
                            DNS
                            www.google.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            www.google.com
                            IN A
                            Response
                            www.google.com
                            IN A
                            172.217.20.196
                          • flag-us
                            DNS
                            play.google.com
                            chrome.exe
                            Remote address:
                            8.8.8.8:53
                            Request
                            play.google.com
                            IN A
                            Response
                            play.google.com
                            IN A
                            172.217.20.174
                          • 144.76.17.114:443
                            analytics.dolphin-emu.org
                            tls
                            Dolphin.exe
                            591 B
                             3.5kB
                             9
                            8
                          • 172.217.20.196:443
                            www.google.com
                            tls
                            chrome.exe
                            953 B
                             4.8kB
                             8
                            9
                          • 172.217.20.174:443
                            play.google.com
                            tls, http2
                            chrome.exe
                            995 B
                             8.5kB
                             9
                            11
                          • 8.8.8.8:53
                            analytics.dolphin-emu.org
                            dns
                            Dolphin.exe
                            71 B
                             108 B
                             1
                            1

                            DNS Request

                            analytics.dolphin-emu.org

                            DNS Response

                            144.76.17.114

                          • 8.8.8.8:53
                            www.google.com
                            dns
                            chrome.exe
                            60 B
                             76 B
                             1
                            1

                            DNS Request

                            www.google.com

                            DNS Response

                            172.217.20.196

                          • 172.217.20.196:443
                            www.google.com
                            https
                            chrome.exe
                            3.8kB
                             47.8kB
                             34
                            47
                          • 8.8.8.8:53
                            play.google.com
                            dns
                            chrome.exe
                            61 B
                             77 B
                             1
                            1

                            DNS Request

                            play.google.com

                            DNS Response

                            172.217.20.174

                          • 172.217.20.174:443
                            play.google.com
                            https
                            chrome.exe
                            6.2kB
                             8.9kB
                             16
                            15
                          • 224.0.0.251:5353
                            chrome.exe
                            204 B
                             3

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Program Files\Dolphin\Languages\it\dolphin-emu.mo
                            Filesize

                            121KB

                            MD5

                            f00a5461ba0b2c95f801923fef70c266

                            SHA1

                            f7717e3f341e1b56c46407df643d4ac6dcc09885

                            SHA256

                            19c8af2231c12fe7969e63595f818baf9421542d1e4f3ea64ac2ff79352a6f12

                            SHA512

                            a9977db27df94510bc75ee961924804c59c0005b9bc9b8961d63b01359c72920a6a6f0f3b014c715f3b0c4208038deb65f114f83dee157422dc035b84a267315

                            Download Submit

                          • C:\Program Files\Dolphin\Sys\Resources\toolbar_debugger_step_over.png
                            Filesize

                            988B

                            MD5

                            926a446e9de7d51c34ae548673386417

                            SHA1

                            5a0a2666b270eca354f1632de8f98fc966864d08

                            SHA256

                            85f27cf7d073c5931530c102d4c39ff731a3eb30c67d506c6626b0ad72f26539

                            SHA512

                            d5117a0a76c22b06aa91f7586f866387ad74b4962e569cab64d6abeb83d701c8b66331dc6193478f36faef616a95f404cb15a7a0b0b86f863c93ab09f908ea53

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
                            Filesize

                            264KB

                            MD5

                            f50f89a0a91564d0b8a211f8921aa7de

                            SHA1

                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                            SHA256

                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                            SHA512

                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            cea8e8c0aba39ff15e5c8938cc6c1713

                            SHA1

                            1cc4559cc7d12ad632428f56525cc2ce354704aa

                            SHA256

                            4e5f5c4ab11bb3dafd22364ad90f3fce520069d9ec652ef17df74feadd8014ce

                            SHA512

                            4f31a7dd1f26e32343052b556cc383bb4af88f88ebcb2f5d4b97bc567a1c6850355b913087eb3ce5049fcaf04c313a557c1fc8c4e3a03df01986e3adeeae373f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
                            Filesize

                            16B

                            MD5

                            18e723571b00fb1694a3bad6c78e4054

                            SHA1

                            afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                            SHA256

                            8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                            SHA512

                            43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\DXF69E.tmp\apr2007_xinput_x64.inf
                            Filesize

                            860B

                            MD5

                            94563a3b9affb41d2bfd41a94b81e08d

                            SHA1

                            17cad981ef428e132aa1d571e0c77091e750e0dd

                            SHA256

                            0d6e1c0e961d878b319ac30d3439056883448dcf26774003b73920f3377ecac8

                            SHA512

                            53cac179d7e11c74772e7b9bd7dd94ffbc810cfc25e28326e4d0844f3f59fd10d9089b44a88358ac6dbd09fb8b456a0937778f78ecc442645764f693ccd620b8

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\DXF69E.tmp\apr2007_xinput_x86.inf
                            Filesize

                            1KB

                            MD5

                            e188f534500688cec2e894d3533997b4

                            SHA1

                            f073f8515b94cb23b703ab5cdb3a5cfcc10b3333

                            SHA256

                            1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5

                            SHA512

                            332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\DXF69E.tmp\dxupdate.inf
                            Filesize

                            12KB

                            MD5

                            e6a74342f328afa559d5b0544e113571

                            SHA1

                            a08b053dfd061391942d359c70f9dd406a968b7d

                            SHA256

                            93f5589499ee4ee2812d73c0d8feacbbcfe8c47b6d98572486bc0eff3c5906ca

                            SHA512

                            1e35e5bdff1d551da6c1220a1a228c657a56a70dedf5be2d9273fc540f9c9f0bb73469595309ea1ff561be7480ee92d16f7acbbd597136f4fc5f9b8b65ecdfad

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\DXF69E.tmp\xinput1_3.dll
                            Filesize

                            79KB

                            MD5

                            77f595dee5ffacea72b135b1fce1312e

                            SHA1

                            d2a710b332de3ef7a576e0aed27b0ae66892b7e9

                            SHA256

                            8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7

                            SHA512

                            a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\dxredist\Apr2007_xinput_x64.cab
                            Filesize

                            94KB

                            MD5

                            743b333c2db3d4cf190fb39c29f3c346

                            SHA1

                            26b3616d7321978bd45656391a75ee231196a4a2

                            SHA256

                            e7a09f8235cc587cc63f583e39fbc75008d9677c8bb4dcc11cb8d0178a5153ac

                            SHA512

                            77fbdb86c79d7228bca2982a3285a417a365af980488a5ac2d470b532fa59fcc15e0e8dbee6eb1a3a5256fc29e0e3391529cd2ac13e0f72987ee0da136000957

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\dxredist\Apr2007_xinput_x86.cab
                            Filesize

                            52KB

                            MD5

                            c234df417c9b12e2d31c7fd1e17e4786

                            SHA1

                            92f32e74944e5166db72d3bfe8e6401d9f7521dd

                            SHA256

                            2acea6c8b9f6f7f89ec51365a1e49fbd0d8c42c53418bd0783dbf3f74a744e6d

                            SHA512

                            6cbae19794533ad9401f92b10bd9549638ba20ce38375de4f9d0e20af20d78819e46856151cc6818325af9ac774b8128e18fbebd2da5da4efbd417fc2af51dab

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\dxredist\DSETUP32.DLL
                            Filesize

                            1.5MB

                            MD5

                            d8fa7bb4fe10251a239ed75055dd6f73

                            SHA1

                            76c4bd2d8f359f7689415efc15e3743d35673ae8

                            SHA256

                            fb0e534f9b0926e518f1c2980640dfd29f14217cdfa37cf3a0c13349127ed9a8

                            SHA512

                            73f633179b1340c1c14d0002b72e44cab1919d0ef174f307e4bfe6de240b0b6ef233e67a8b0a0cd677556865ee7b88c6de152045a580ab9fbf1a50d2db0673b4

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\dxredist\dxupdate.cab
                            Filesize

                            94KB

                            MD5

                            d495680aba28caafc4c071a6d0fe55ac

                            SHA1

                            5885ece90970eb10b6b95d6c52d934674835929e

                            SHA256

                            e18a5404b612e88fa8b403c9b33f064c0a89528db7ef9a79aa116908d0e6afed

                            SHA512

                            a25c647678661473b99462d7433c1d05af54823d404476e35315c11c93b3f5ece92c912560af0d9efe8f07e36ae68594362d73abf5d5de409a3f0a146fe31a10

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\nsy2944.tmp\InstallOptions.dll
                            Filesize

                            14KB

                            MD5

                            d753362649aecd60ff434adf171a4e7f

                            SHA1

                            3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

                            SHA256

                            8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

                            SHA512

                            41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\nsy2944.tmp\ioSpecial.ini
                            Filesize

                            480B

                            MD5

                            aa93f4191d58b7be7f7b3b706ba6e6a6

                            SHA1

                            30cea58673d4eaf430b6fb2efab1ff073daddcd2

                            SHA256

                            c164dfb17b4d2a69c73b50d152c1101d2efd3ceb0ed71464c50670fa7f3fea32

                            SHA512

                            9356c9c0841572b89c57f6cc9ebc0361973552f98a805bd7ce5f13552d87700f2102bd9993f9de19a770e82c83fad6b62b24755ec7a589a7df6a96f95f04fe02

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\nsy2944.tmp\ioSpecial.ini
                            Filesize

                            519B

                            MD5

                            b6c835e6643a9b6dc488decb385b42d4

                            SHA1

                            9bb769e5c7550d28b0073f10520d6d343d8abf50

                            SHA256

                            9f1adb1e484be4473fa2c5c055b74fb9011feaedcdebf91ab66ad395bf988d6d

                            SHA512

                            e01aab5bbd0c8e0319836347f3e404971adf39fd6e0ca70fd9af00f3dd98d4c83640c4a783cad3700ce4af82fafb215c5bb5732fa0e932ed2580d6d5e3785367

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}\.ba1\logo.png
                            Filesize

                            1KB

                            MD5

                            d6bd210f227442b3362493d046cea233

                            SHA1

                            ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

                            SHA256

                            335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

                            SHA512

                            464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

                            Download Submit

                          • C:\Users\Admin\Documents\Dolphin Emulator\Config\Dolphin.ini
                            Filesize

                            2KB

                            MD5

                            7d49f3c7787087dfcafb0071046eaa65

                            SHA1

                            ca17ad9cfd92641a22195a9eed6e467d8e0246e8

                            SHA256

                            8e3456cce2b77660c4287602885aca7cd6de22b8842b898d6ad1b8fe31fa89bb

                            SHA512

                            dcd0ee7964a8c32a32ef781e6363b04f7c57baf49dd1667687c3bf0eef318bf973793119082b57b15ec45b13f12474e517ff89f975f117a9bff26480969a804b

                            Download Submit

                          • C:\Users\Admin\Documents\Dolphin Emulator\Config\Dolphin.ini~RFf774bfe.TMP
                            Filesize

                            2KB

                            MD5

                            78729b7139cfd170e599d1799b6720f7

                            SHA1

                            b495ed0e243d01aecca2996941d8a611fd757511

                            SHA256

                            1f636c55de2ca45e04b34cbedc656c754823d23933ad7a5a8f963fed02ad8a57

                            SHA512

                            c44a2ef3fac2aa3322cd81e6005ca4578f432a37a2017d315002e3883266d8fe8e5f96c4f1cd8462669b7a2963290fa6cb657ccb80dec8dbb2d59ee8568a0e2a

                            Download Submit

                          • C:\Users\Admin\Documents\Dolphin Emulator\Wii\shared2\ec\shopsetu.log
                            Filesize

                            32B

                            MD5

                            70bc8f4b72a86921468bf8e8441dce51

                            SHA1

                            de8a847bff8c343d69b853a215e6ee775ef2ef96

                            SHA256

                            66687aadf862bd776c8fc18b8e9f8e20089714856ee233b3902a591d0d5f2925

                            SHA512

                            5046adc1dba838867b2bbbfdd0c3423e58b57970b5267a90f57960924a87f1960a6a85eaa642dac835424b5d7c8d637c00408c7a73da672b7f498521420b6dd3

                            Download Submit

                          • C:\Users\Admin\Documents\Dolphin Emulator\Wii\shared2\sys\SYSCONF
                            Filesize

                            16KB

                            MD5

                            9473c879a5e51040e7a202b4538773a7

                            SHA1

                            3256c026284a24fb99d2ec1558d95db3b5dcc2e9

                            SHA256

                            a8ec1ec377ee3a3c93a27f74dadf9edf95112ce167fc23d1abdbeb4fa15eb179

                            SHA512

                            139dbb6648a1c8b7e5224e52ca8f8093f069b7d5f83e2b84099688b927eb77cb8445bc46f9da98ce56d3b883bfe8e38905b5e252c87a5295a334fc8b6890bff3

                            Download Submit

                          • C:\Users\Admin\Documents\Dolphin Emulator\Wii\shared2\wc24\nwc24msg.cbk
                            Filesize

                            1024B

                            MD5

                            0c425c24e91335f18a3246b1d611a8ca

                            SHA1

                            caf8a96a36573d7e67f086f73fec675a5d1c4245

                            SHA256

                            7afebf33eeb0035397cc74e15e892e700cd2903641d26562f5d46cfbb6171109

                            SHA512

                            001e0d8dd5e5b2e2d8b8357bba7d8c20ac33dca3a6b7897f11a1f01f391118da4f457d5a5c6531eedabebd6883dcde0bb3526b97ed7b3357a7e6d768d9c322af

                            Download Submit

                          • C:\Windows\Logs\DXError.log
                            Filesize

                            705B

                            MD5

                            c16323b0eeaabbfc0b9f75a4e0fa02c8

                            SHA1

                            06cec3192f94a10124efa18c1ffa126007c85634

                            SHA256

                            1efea3061aed96d1f955b7459dd3850b7e30bd43eed41abf3b926c0d22691790

                            SHA512

                            abf21ebae4fce5ee53a0a833375521561ff2a7a3bca282e4b37af547333f50e5259b49abf45fca48207a70004b166912f8c39e5db5924605e217e4910005e937

                            Download Submit

                          • C:\Windows\Logs\DirectX.log
                            Filesize

                            474B

                            MD5

                            f1253dedcf8031ef6d20a3cfef5388a0

                            SHA1

                            6b03db65775440afda638539f62a3b1d83ab84df

                            SHA256

                            0f203c30f2478fb7d549eed0234de3f4344c97e3ebeb500b886f8ec98508ad08

                            SHA512

                            86419e31e21cad0bb60afc35f7e0f313cbde412d89357b02f34e4b89becb63fcb758373c929d6b97a8f41ad464144adaa349fb7834b6a2fd9851edb02542dadc

                            Download Submit

                          • C:\Windows\Logs\DirectX.log
                            Filesize

                            11KB

                            MD5

                            d9fba3e2b0256d7ce89dcb9fd887f7ee

                            SHA1

                            febf9123e898b540608abce3a2a53881d6ae760b

                            SHA256

                            7fb8d0cf6c736f281d485ef599849da6426542fdfb3e6684d007079d9d8a551d

                            SHA512

                            a8ae3de5ef2270be7db60440f4f4404f968a11e74f612cc431dcc9a655553c80ac307a059a0ef2852ce883760ea9299e858981467a310d1e6abfce39e933e3d4

                            Download Submit

                          • \Program Files\Dolphin\Dolphin.exe
                            Filesize

                            14.9MB

                            MD5

                            9660ec7cddf093a1807cb25fe0946b8e

                            SHA1

                            5986661c62d689380476db238d7c18fa37d1b616

                            SHA256

                            19d5c382204d7e40a764e116967aec610f502b9be60b9d3b095073827aa93c66

                            SHA512

                            5213c828d4f0742c3cde59ceea7b111a1402779602f09fa5e898083b07f2860bb33119f97741bc049fefc0cd745879d22a12dc37ece8e0dd8b308dcc84079755

                            Download Submit

                          • \Users\Admin\AppData\Local\Temp\DXF69E.tmp\dxupdate.dll
                            Filesize

                            173KB

                            MD5

                            7ed554b08e5b69578f9de012822c39c9

                            SHA1

                            036d04513e134786b4758def5aff83d19bf50c6e

                            SHA256

                            fb4f297e295c802b1377c6684734b7249d55743dfb7c14807bef59a1b5db63a2

                            SHA512

                            7af5f9c4a3ad5c120bcdd681b958808ada4d885d21aeb4a009a36a674ad3ece9b51837212a982db6142a6b5580e5b68d46971b802456701391ce40785ae6ebd9

                            Download Submit

                          • \Users\Admin\AppData\Local\Temp\dxredist\DSETUP.dll
                            Filesize

                            93KB

                            MD5

                            eb701def7d0809e8da765a752ab42be5

                            SHA1

                            7897418f0fae737a3ebe4f7954118d71c6c8b426

                            SHA256

                            2a61679eeedabf7d0d0ac14e5447486575622d6b7cfa56f136c1576ff96da21f

                            SHA512

                            6ff8433c0dadc0e87d18f04289ab6f48624c908acbda506708f5e0f3c9522e9316e587e71f568938067ba9f37f96640b793fdfaa580caedc3bf9873dc221271f

                            Download Submit

                          • \Users\Admin\AppData\Local\Temp\dxredist\DXSETUP.exe
                            Filesize

                            505KB

                            MD5

                            bf3f290275c21bdd3951955c9c3cf32c

                            SHA1

                            9fd00f3bb8a870112dae464f555fcd5e7f9200c0

                            SHA256

                            8f47d7121ef6532ad9ad9901e44e237f5c30448b752028c58a9d19521414e40d

                            SHA512

                            d2c354ee8b6977d01f23c6d2bb4977812bf653eae25e7a75a7d0a36b588c89fcdbdc2a8087c24d6ff687afebd086d4b7d0c92203ce39691b21dab71eafd1d249

                            Download Submit

                          • \Users\Admin\AppData\Local\Temp\nsy2944.tmp\LangDLL.dll
                            Filesize

                            5KB

                            MD5

                            e447e49175c0db1f27888aede301084f

                            SHA1

                            f5946c743265cd8e81f3e7b6376dada57f99877f

                            SHA256

                            fd26ef21d72797fedecd3d15f2001cea793383aceb3cee19a5ae2a3d30e197b6

                            SHA512

                            e6543bf81bedce94a58f48cd6f9daaec891775e01ff76b771c22d459a778490f9bba0bebbf111b1ca3091b3ca69bca806a9b5e68ce12df03abbaa6ce5c4b7cec

                            Download Submit

                          • \Users\Admin\AppData\Local\Temp\nsy2944.tmp\System.dll
                            Filesize

                            10KB

                            MD5

                            56a321bd011112ec5d8a32b2f6fd3231

                            SHA1

                            df20e3a35a1636de64df5290ae5e4e7572447f78

                            SHA256

                            bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

                            SHA512

                            5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

                            Download Submit

                          • \Users\Admin\AppData\Local\Temp\vcredist\vc_redist.x64.exe
                            Filesize

                            14.1MB

                            MD5

                            883c499d04c145a69622f7658e353265

                            SHA1

                            bb64084762abd4a06b2fddd16f0092860bc3043f

                            SHA256

                            df58f4aa566a10776c864c1007e0ac0987835fa1e9f7445bed8ba21a9101d414

                            SHA512

                            ce840c9420e928c9da6c30c3cd97eeb047d34ee7046b8cfcd20b512fbddfe885329ab4db3ca53f7094bf1caeb600c834cb2db10797ceade859c21786144206c9

                            Download Submit

                          • \Users\Admin\AppData\Local\Temp\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}\.ba1\wixstdba.dll
                            Filesize

                            118KB

                            MD5

                            4d20a950a3571d11236482754b4a8e76

                            SHA1

                            e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

                            SHA256

                            a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

                            SHA512

                            8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

                            Download Submit

                          • memory/1052-9144-0x000000006B600000-0x000000006B69F000-memory.dmp

                            Filesize

                            636KB

                            Download

                          • memory/1052-9157-0x000000006B600000-0x000000006B69F000-memory.dmp

                            Filesize

                            636KB

                            Download

                          We care about your privacy.

                          This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.