cb9e6e843b567ffd09da5d212b77c93d9e9c20e9e177e14b7ad8445bbc680457

Resubmissions

15/07/2024, 15:14

240715-smcv2szbng 7

15/07/2024, 15:07

240715-shlmdswglp 7

Analysis

max time kernel
150s
max time network
138s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15/07/2024, 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup_travellers_rest_0.6.4.12_(72084).exe
Size

330.1MB
MD5

823362dc71636e2d60618d127d06bd00
SHA1

8a458d7a9f0e2e5bc966f4843218846571d70ebf
SHA256

cb9e6e843b567ffd09da5d212b77c93d9e9c20e9e177e14b7ad8445bbc680457
SHA512

a38ca3b8ca31830a738e2e825b5b6491a763f987fae0e8abe17d49e6725ea40505b5792e1dc5360c67f3a24e4e94993cf63f832c11fffbd35a1daa779cef96a8
SSDEEP

6291456:yBqd1mWvyjkvVpLBvHahwbaQo+XuUUqTCjYHt4uaoFWFpUVPqbDIoMvqT:n15vDVNY4aGuUbTCjYHt4ulWvUVibDfj

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
2552	setup_travellers_rest_0.6.4.12_(72084).tmp
2332	scriptInterpreter.exe
4544	scriptInterpreter.tmp
4372	TravellersRest.exe
5084	UnityCrashHandler64.exe

Loads dropped DLL 16 IoCs

pid	Process
2552	setup_travellers_rest_0.6.4.12_(72084).tmp
2552	setup_travellers_rest_0.6.4.12_(72084).tmp
2552	setup_travellers_rest_0.6.4.12_(72084).tmp
2552	setup_travellers_rest_0.6.4.12_(72084).tmp
2552	setup_travellers_rest_0.6.4.12_(72084).tmp
2552	setup_travellers_rest_0.6.4.12_(72084).tmp
2552	setup_travellers_rest_0.6.4.12_(72084).tmp
4544	scriptInterpreter.tmp
4544	scriptInterpreter.tmp
4544	scriptInterpreter.tmp
4372	TravellersRest.exe
4372	TravellersRest.exe
4372	TravellersRest.exe
4372	TravellersRest.exe
4372	TravellersRest.exe
4372	TravellersRest.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2552	setup_travellers_rest_0.6.4.12_(72084).tmp
2552	setup_travellers_rest_0.6.4.12_(72084).tmp
4372	TravellersRest.exe
4372	TravellersRest.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4672	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4672	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2552	setup_travellers_rest_0.6.4.12_(72084).tmp
4544	scriptInterpreter.tmp

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4372	TravellersRest.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 2552	4764	setup_travellers_rest_0.6.4.12_(72084).exe	73
PID 4764 wrote to memory of 2552	4764	setup_travellers_rest_0.6.4.12_(72084).exe	73
PID 4764 wrote to memory of 2552	4764	setup_travellers_rest_0.6.4.12_(72084).exe	73
PID 2552 wrote to memory of 2332	2552	setup_travellers_rest_0.6.4.12_(72084).tmp	77
PID 2552 wrote to memory of 2332	2552	setup_travellers_rest_0.6.4.12_(72084).tmp	77
PID 2552 wrote to memory of 2332	2552	setup_travellers_rest_0.6.4.12_(72084).tmp	77
PID 2332 wrote to memory of 4544	2332	scriptInterpreter.exe	78
PID 2332 wrote to memory of 4544	2332	scriptInterpreter.exe	78
PID 2332 wrote to memory of 4544	2332	scriptInterpreter.exe	78
PID 2552 wrote to memory of 4372	2552	setup_travellers_rest_0.6.4.12_(72084).tmp	84
PID 2552 wrote to memory of 4372	2552	setup_travellers_rest_0.6.4.12_(72084).tmp	84
PID 4372 wrote to memory of 5084	4372	TravellersRest.exe	85
PID 4372 wrote to memory of 5084	4372	TravellersRest.exe	85

C:\Users\Admin\AppData\Local\Temp\setup_travellers_rest_0.6.4.12_(72084).exe
"C:\Users\Admin\AppData\Local\Temp\setup_travellers_rest_0.6.4.12_(72084).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Users\Admin\AppData\Local\Temp\is-F64V6.tmp\setup_travellers_rest_0.6.4.12_(72084).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-F64V6.tmp\setup_travellers_rest_0.6.4.12_(72084).tmp" /SL5="$70232,345503404,192512,C:\Users\Admin\AppData\Local\Temp\setup_travellers_rest_0.6.4.12_(72084).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\GOG Games\Travellers Rest\__redist\ISI\scriptInterpreter.exe
    "C:\GOG Games\Travellers Rest\__redist\ISI\scriptInterpreter.exe" /verysilent /supportDir="C:\GOG Games\Travellers Rest\__support" /SUPPRESSMSGBOXES /NORESTART /DIR="C:\GOG Games\Travellers Rest" /productId="1353960921" /buildId="57415363991000954" /versionName="0.6.4.12" /Language="English" /LANG="english"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\is-L35PP.tmp\scriptInterpreter.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-L35PP.tmp\scriptInterpreter.tmp" /SL5="$302B8,662929,192512,C:\GOG Games\Travellers Rest\__redist\ISI\scriptInterpreter.exe" /verysilent /supportDir="C:\GOG Games\Travellers Rest\__support" /SUPPRESSMSGBOXES /NORESTART /DIR="C:\GOG Games\Travellers Rest" /productId="1353960921" /buildId="57415363991000954" /versionName="0.6.4.12" /Language="English" /LANG="english"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of FindShellTrayWindow
      PID:4544
- - C:\GOG Games\Travellers Rest\TravellersRest.exe
    "C:\GOG Games\Travellers Rest\TravellersRest.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4372
  - - C:\GOG Games\Travellers Rest\UnityCrashHandler64.exe
      "C:\GOG Games\Travellers Rest\UnityCrashHandler64.exe" --attach 4372 2903157641216
      4⤵
      Executes dropped EXE
      PID:5084

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\GOG Games\Travellers Rest\MonoBleedingEdge\etc\mono\config

Filesize
3KB

MD5
d9bc824737177af5792846f26507231c

SHA1
c44835e4881d95a97b597bebff5deba0233a5887

SHA256
60099cf91bb1a5717fc1f2d23cf36a61d3bfb70d9489fbb6f4bae98c560bf3d5

SHA512
f9558f9e985643d8205b5534998412a5896bb6f5712bce5d6cf27469200eed64f29efc01936ab00c4a93625b0fc573036fba00ba2c4eb1d1d7c47555608f11e8

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest.exe

Filesize
635KB

MD5
36408b32e47dd0e6744418d16d58fd6a

SHA1
46b304dc6b239ca641f8252e8bd6f239a7b6fc0b

SHA256
4af467d904a372e52d4a01531b3b0b5b0696a830a06b3276997bc9e81d649fa6

SHA512
6688ae11db8eff34c3f1a74ae443302ab0c2d3eeae1ae5f95b08df70614d15c24caeaebcdb914e5bd9f092359d4d368ffce5aaa067747eb7ecc1e3f19436efed

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.AIModule.dll

Filesize
43KB

MD5
633d9e1bdd84eb2e481f73735b1ee590

SHA1
5a0f7431d42d1890a521d15d1903c9d558ac5f71

SHA256
d2e03f7378cf4cd77d5d161b2988992350bff321a8706199bf96368752dea21b

SHA512
cbec73bb88027ddd16e64cc16cc068444010d22cfabf227e2da463662415896948ecfc0eb6e75d17adb00de8fcd83793c886e749564bf8503db6e90015298c86

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.ARModule.dll

Filesize
12KB

MD5
29dde4171e02eb83b0954a4de54eefc9

SHA1
accfed6301a87711cb6d6610ee2161fadfc35253

SHA256
224ffc2da15de67fb2139399af3bde237fa8556a4d5ddc2e5a45a97008e7b213

SHA512
522aaff972f2e8dc63a208d29bdc235fe21a85c94631005dd2b08601dc8fcc5488c1e4dec47558cdcdbbd6020467850747876daccb73844b4a341e251fd6fbc9

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.AccessibilityModule.dll

Filesize
12KB

MD5
67170f387b094bc2687567ad1c603ba0

SHA1
6704b9ed3b8bc8936495d520299d6fc41b9c4c2e

SHA256
1e5f0b96c8b5dc10c37d2267e8e07b5d246ab7f09bbd3ebfcd527cd310dd64fd

SHA512
58676f9625665722a989cb875da36e635482e6c3a1ebdb202ee814eb5660d2ca6d8122a8710768341ab450735cf83e61ddc54b01d5ec77e57fe2560231db091a

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.AndroidJNIModule.dll

Filesize
63KB

MD5
314e551b8b9c44802632f68d893436aa

SHA1
7c14648180f7c097c0e0d17d640e2ea00b60e3b0

SHA256
3e2ca394531b298b163e7d7019c8f06e263bfbb6c6ee59e693a2ef6b6b7fa553

SHA512
f0979d8fb45fe48d53efd8fa585045f961d325c24423c4906e33c23966754c3fb3f0b67abd524649bf510ec1351b30ed1162e5c040e571d2c3aa07417a383236

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.AnimationModule.dll

Filesize
142KB

MD5
3c7e9da9c88fed819ea677b1dc2d23ef

SHA1
f15a21e03c3fede6a3d43f21158159c0867b0f1c

SHA256
4043c95960b13d221c76c287e02e72b0e089400662b54c4ee578cfb6b7d581ce

SHA512
6e220c0955ebd693bb496931ab02501826aba2bbe0099fa63f0d08763432da0a885f12efb45a4ab86f9dfeb845c7c9eec067c578fa125bd4436933fa5dba7bb5

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.AssetBundleModule.dll

Filesize
21KB

MD5
41ee0728dc4f3f1fe2235ed38750e30d

SHA1
1bfdac672fbe2a5493c97e5f29fb2b28cbdf3b80

SHA256
d481567df81a4de96ac35c68a23fcac42131bd8154eb0f7b7ff383ea460be34d

SHA512
dea670ae56710eb38cf35a0427852b4f410b204f9dadd15375bf7df96322d10255aa02488c5625906efd6f9793172d418e3fc3bfd6b5c64f6868c56eaa220dd0

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.AudioModule.dll

Filesize
56KB

MD5
0e20bbce7d1f3827ff84008e3f586974

SHA1
6868cd8f91f488809c35aab83c9a76abd125d76f

SHA256
5efd437ecde83296153a63172bfaf8a54729d6ef49cc1a90787c670b9c436a3a

SHA512
8f984e18eceb76d67dd595fc9e32a965f45177453dc509f2371147429391c1a0a0f68d81c3803c288cbfa55e4009b2566677668211161d012607b076a1196f65

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.ClothModule.dll

Filesize
15KB

MD5
fa93ee2c83c263ada2d105a507b902a7

SHA1
bc718b2365513ac4e0e59f1beb354d3b32688a56

SHA256
d2bf168458c90f4531f9a5468ac0b6064271ab701dad813a4fd1df93fb84f825

SHA512
32a36aa8d8000be9afc4ea716357edfa1d0653f2acf3d6254fb27663040bd9743202feda40379d75c298263cb0802803eb7eb2ff6a83ce66159b3db8ce86047f

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.ClusterInputModule.dll

Filesize
10KB

MD5
12fd008f8770717fd6bfc3f63618b433

SHA1
b77b62f5d06cf05ab75d541e7335309e0b0f7e65

SHA256
5d22a99279aaf71f79d47c65e30936b8e6da3f354a5c34baff62266ff3fbe85d

SHA512
cfe17881bf9eeab81254f7d2a9579486a2c97a5649c3981035ff486120626879b0b1084a59588755b1e4b8d3c4e8e2b5a03c4f2b68c59d0f41789b6f73833345

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.ClusterRendererModule.dll

Filesize
9KB

MD5
de7eb49ce4c01408dc2e73d5abf402f9

SHA1
eb9527d9dde55fa1114b2cc81d22de1da978d91b

SHA256
5b1cb68a9bfb1755d0a6c4d6446161f26128999a381a85c1286592298405ed6a

SHA512
ab45d92cb35c523f8db6bf63762141ee2be94ac5e0b84a96a778cb0309541caa8e74245c7eb1175eeebd1812fca1da340cbc9c69d385ded4c3b9463eead6d07e

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.CoreModule.dll

Filesize
990KB

MD5
32f769addcd79e8faf8acce08d6d9a58

SHA1
f58d7cba21645b8414fc6e9d3a93058f6973eec4

SHA256
9cbd669f76900a90025b7ace9a90025360eda03ed0877f630bd2ad91713f9969

SHA512
cbb7ce6ef90cf39c281d9d8d1e4003480ae92c96b9f9f4bcf4a55854d9b04dbcf06b47108344f0169b304fe7f4477a1267f62e77f785341999adb8e8c3c697a2

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.CrashReportingModule.dll

Filesize
9KB

MD5
008ee519aa035ca253a895ac60584d3c

SHA1
4016319e737ab17577bd8f2d7ffe0ab1660ede1c

SHA256
6e84fe8e3b8633257d337b9ed1faabec0ba17d420cb4497914f3a302eef625bd

SHA512
68e7da83a9d7a291d26b34f12a32d4aa1c2a72b362366d408dd1d6fe294534272bd164d9c2fc8e7d705a9e3006027e695eb323c3a7a09c99bf5d62b013002b5e

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.DSPGraphModule.dll

Filesize
17KB

MD5
5b56e7cef5ce1a7e04aef5bed6266c34

SHA1
97f97fc585dbcb63fec24f878d7eb2b9ab86a399

SHA256
77e268f9400d5ad31f992318733caa485bce5b8a0730761d13cc340695a4a623

SHA512
154a282049440ebe3a2f29780ff5e3958dd4e6b3b012d97b1216abfaa488d6386dacbbfc3dafdb9154a0c140efbf73bd8799576ce8b175321783e59eada360dd

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.DirectorModule.dll

Filesize
13KB

MD5
0bb287638c9a4c16b0d2f51ceaec7642

SHA1
3f8bd6df7f06e54ebb679d8e3f892d9027559c83

SHA256
d6f78c997409439f998b053c3d75865323cc7985461524846efb09de1c7f9d90

SHA512
4915b6c4a018572f8e7714d45a61392647635f2b6c58d7d276ae455ad9b665faa3410ebb6fa6a7fd3c737b3bdc34247ed23918bdc19a354562c7461fb1647c01

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.GameCenterModule.dll

Filesize
26KB

MD5
ab88b1a810e4127648a57834ccc965c5

SHA1
4f8a5e137040da21367423a936294b9460aaa565

SHA256
8831dfadef1c9a97beafde9cb911fc2678c0e8e981e5172b4cc05f37c23aeea6

SHA512
718f1d59c2aa32dd98c4919aef3d634966221f7d92fec617b7fb8555b11b16eaa11ad601c8b21ded7bd588fa908ecc63b38df11e542667f46a07cfc1e85cbcc6

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.GridModule.dll

Filesize
13KB

MD5
2eda0d49e619f28fe2f2199320e8f132

SHA1
f105637a3e300f3869432046b27339bdc24d3c73

SHA256
e0542742b63793b769edc0bbece9c1905b435337602d22617bf8d04c0d4a3a50

SHA512
638d5486336b279f547e5add962a14f6fb99541e3f8eabe901b48b82f1b16f961047f3cc49e80872c33133d47ced9bd1ba93b3a333007843ca81dc39ba1bfeb4

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.HotReloadModule.dll

Filesize
8KB

MD5
a913a0662a1171cb84f326b2410d05c2

SHA1
648ff9d56bcae49fae899f646c06d2f9c86f9192

SHA256
82ed52a4ec966f124762d83e0f59928868a98ddbaa4ee5a92eea48a34a5c4114

SHA512
6756b75b865e1ff3a930f06f2d098cae17be78188cbf4261379f1fedf36c9c3c4d3cef14a3f82e36c9cf088ca2a0d9e56197f12acd1b7c4daa2e4f7c758499af

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.IMGUIModule.dll

Filesize
153KB

MD5
fcaff9a3e2f1bd9ccba06a5f5d5230e0

SHA1
6233f094b655a522de9a8602b876b1e1fd7ccb71

SHA256
ca85b168e1576f47d7216c069d217ecba84f6be9f3a32d9d2f5a29b8750a0cdf

SHA512
da69749c25e4757b07337506bbbf546ce756ae42e69ca94ed03d8d1b5007b3bd83f4128d4cf274c545d8ed9f176aaccdfdb4b65d903b987416983da7a157b77c

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.ImageConversionModule.dll

Filesize
13KB

MD5
dbbe8050b1c38f42c52fe566bc306a9d

SHA1
83655db29cf195c34896213d0f366c9e073db055

SHA256
f139ba93472653aeb2118b6ae19aff688d2ce97070e40afcd2e43b06c76d7314

SHA512
781902f780aff57fc0d143591a6f4fa7f367397cd97c0800ecbd003d686d0d237fcc16fd4b659f9bdb241dccbfdfddf033b8a220ad013a273ca97f062a0e15e4

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.InputLegacyModule.dll

Filesize
25KB

MD5
369b66ad6db24e0327a8cd391826a01d

SHA1
fd9ab9232081186f880b165af36cd29612a2ab8d

SHA256
c61311358e85d9f568aebefb1ce3869af5180bae8478ef474bf095e7cf322fa8

SHA512
b3dc25ce8aa6238b945e029ebf92cf08652f3e0be1cceed7864985ad2a64b81c05cb9066d14c7295a44d8c77234890fb1617fb613b23a09b5b1e863188bd5d18

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.InputModule.dll

Filesize
12KB

MD5
85181a3fe6980b7fbd1199b247525933

SHA1
9977c7efb21c7c4bf9c235fca072697466217352

SHA256
c8f640669f51abfb1ab3e5634f4b2b2f18e09a6da1f595ffe1cd9297bb2bb234

SHA512
93dba4086b18296a1c8d034c68ac25999b87a9129f42b4fda2f69e094382730b0561d2d1f6f004995d4d469289c0f6fa1f3be2c95b51b5c6ea51a5762ff276f3

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.JSONSerializeModule.dll

Filesize
10KB

MD5
688645525d7316aea069d45b89c6cdf0

SHA1
e618615c9916601182c54d761ab3b0126c973b40

SHA256
73f67e7e493417a50db3b2a33310dc3b2aae47ce6bd4f846a50bce92a086143a

SHA512
70abbaa51dab662b5588c2238f48c7bb4833278d454b341af260c8617598c42d641748630e9f70abb45604fb6a983873f879560e028dfe91a31f1749ac5252d6

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.LocalizationModule.dll

Filesize
9KB

MD5
239b326911795fd245c87e6d1bdd3501

SHA1
e922395610753a0ba3b22c566dc7a47d16c751d6

SHA256
8e5a46e68b0bcea0caaa4688066f169dff47c5b38fdb171b1125764b081ad5ac

SHA512
ccd7cb0db4fb95cc4cd4d304b61e5feb961d5ab1141bdf8a94524347ae08d3a5a8356711a702c5f0971290776e93301b8266507c37bcc2171c1455e3372f167d

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.ParticleSystemModule.dll

Filesize
132KB

MD5
40af01be3880ce9ea6908f6079dc6698

SHA1
912d0adb62345929245d2e5485eb50105ba1f9d9

SHA256
4a047608187bce1539f144ee246f04a0140cd16fbdddd52eec33e66db0e54299

SHA512
72598070fa20c3427f40c5bb3faac7ac8d4fbfef54327b956dee5430106f3967f56672e2f10d15887e105dff2c0eaf3fce110e458c4447af6593c9218980a164

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.PerformanceReportingModule.dll

Filesize
9KB

MD5
69422e06705926a41be1e8165bbe409b

SHA1
6ca82754d2077a874f3225def34255bb692025c0

SHA256
d5a03585abe440233a64f97e3e3385cfbc53ef7b3ac05229da12c944b1178a4d

SHA512
c47bc6b4b5d3ae481a9fc56da96064ecd1a85382d6a1ef1a80228c93d7c8140f9d9db7a55e7cd626b64a4f476366938fd32a1ffbe3625461ac053660c982eb01

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.Physics2DModule.dll

Filesize
103KB

MD5
58d9ba97fd7edc021278f36007c1d87b

SHA1
4c365d8ffce72c2beea0b69454656405f8a52728

SHA256
a3cbcf28f3c58c1bc819b10305f271eb3941f08b0450329f8752794a6a287253

SHA512
22f224f62b0754ceff6aac15e637a5b5e393c808ec27ecc5239f17e8d74ed68ea02d249a6a4f68afc68211730fe3096eb7aff7bbea507339bdb7632ccfb16077

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.PhysicsModule.dll

Filesize
85KB

MD5
3ab3b2525166a3c28cf867c281e7ae08

SHA1
cb5717fb6dceefb3689ee294a87d1538e96cbe25

SHA256
30569022ff4d831b858ef5d51ff970c1521d5b003dc3ee9c7507394e19551e16

SHA512
b9da3748c0b03c28789134261674589168e12648b3e14e953931fa1e9cf2cd0a29977e6da4087e4e1c43ced3e779d5e39c56329f6c92b85dfa6e104ed8614cbc

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.ProfilerModule.dll

Filesize
8KB

MD5
770362130d4d1ff4ffdfb0bd29ada728

SHA1
09d6a7d2f492a963d0aaf1ea59fc46ecd6b205a6

SHA256
3f76f1db00bb104d0fcdd6f0196ed773f3868b3bcad24bfbe25ce18a10f698b7

SHA512
b31c3a16a687b2e693a847945e510ae7bdffa40fa7e757270d58eb38e0fc0efcc441ff94dfcfc690fcdc4dd7c5fcc5a4ed75c8e7db0a18e2671e2a800fce2cd3

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.ScreenCaptureModule.dll

Filesize
9KB

MD5
f77c38ae0aae1efea9bc65e7fda70e5c

SHA1
4b7649548735d6583d77b0fcc08406cb454da357

SHA256
3a2037535b3a7e6acd65ee973c96af0052ccd4fd60266f7f6dd429327a8d9d2d

SHA512
d7e1c6da2cb5a1451f42df0200db48b73d2b4173a2dddbcd28de96c27f2a2949f80547dcba39bf43358d0fa7fdd1e77cc02f2120f5711c70ed3594ab5525a92c

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\UnityEngine.dll

Filesize
84KB

MD5
5af199bdf50ae1cb0dcc25a53689643f

SHA1
72277de663822590ba358ad182c5fbfb9f87cf91

SHA256
3742efddb93a4a4ca3d66742783f7c5df688fae72e7187c3d13835bd340729f3

SHA512
f951e1e2852076d2e0f79f12ebc10d60452421e1b43b23da188c6cb5044cd33c00fedbade7d6c486b9c4978a559590a8c64d8e05a65bac5b4321b9434035f865

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Managed\mscorlib.dll

Filesize
3.7MB

MD5
9eb7dad17e1048ec2ec8c42ea58a1f39

SHA1
8f6847db7dee2b2b5d2b0dae12d6bfa8b654d18c

SHA256
184f3a9c4524db4bff81ef50b93441c6a5255397e6b78ee219f8c0b193daa2ee

SHA512
534a10ea11a07686090b6d9063e96eda4ad7c74c66ee8bc33989235e09a64fd59d7f28381afff7454245e0cc745dd413b1334eebd162bddd0bab55da377f98e4

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\Resources\unity default resources

Filesize
3.7MB

MD5
dab5f3c3e100824ae7e91815c564a608

SHA1
5af241574144085d717215f88caf20c56d07858d

SHA256
7b4ec48745b3a28232f7598738754255c9536f00ae3dfb0279f564a0bac55241

SHA512
1584d2dc5f65cb523ebb056d321e0312ad92cfd15da563c1c1fbf4cc3065b4eb85a82c977259441c05c31e35128f49a06e711d26718c4d2614eb86123a588ecd

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\app.info

Filesize
21B

MD5
8c59d0231ad092cf99c90befa10440cd

SHA1
5678a927f8d47f7bd425c8405c0d5367859e5d6e

SHA256
01674ca4d11b94d188ddf684a2b8e9ef869a0183317a5d4d6136207e786c0eb6

SHA512
51c7a0260162cac07648f7701023bcd7a9b2018f72b4641c8fcf108024e2cf9b8621c4972c8693ea12bb4b5ee92ad21e784a81c7ffc3c168ae014b9874b89d13

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\boot.config

Filesize
82B

MD5
3c40b942f981e5e0a54b37fdec15bcc3

SHA1
de141d86f7de6850087ee2551545d24542537724

SHA256
15f9d353f11c5a88eec9ed982e06a9a7ae3465d385b16b326aebfcc5c14f8a4c

SHA512
a02e0171ccbba8fbad8ec6ab2ca226c301274ee53b6def4a6e1f139d2a803b9477d41f7e3bae48b54066c46c1ab8131cf60fe63e37dca990e2ab5f0221794403

Download Submit
C:\GOG Games\Travellers Rest\TravellersRest_Data\globalgamemanagers

Filesize
5.9MB

MD5
bf6d17af3a727c94f998e442c24d1222

SHA1
cb59c299a8d9d0e43f74b56ca27c5e534b9a1fae

SHA256
a5f29aed48eeb6e9500368faf8e0191dd096e4cb2aa5496112b8a48ea01d700d

SHA512
34a63215b1a751ec62ba04e5a2b1bae0c6334f7caa3e7078ae5a58962ba8bfcdd67fe73347ed2424d98170afacab5212bf8bc242b4fa1972f05e4c17ab355655

Download Submit
C:\GOG Games\Travellers Rest\UnityCrashHandler64.exe

Filesize
1.0MB

MD5
dde6d2ace5a081ce8f855ff48aa236cc

SHA1
6eea57878f9f252c539ff35603173bb4f30352fc

SHA256
c7e163473d9f3e152bfd93f285c604269bb495b399808d21277f9801719fa13c

SHA512
1ca2625d2f57048dc9b3bca76ca2d1bed04c488cddb2561ab6cb788dbc5cdab2ff75291e71020fe62e3544d242fa2dc6596c48265736b351ba9cb62ea61d6558

Download Submit
C:\GOG Games\Travellers Rest\__redist\ISI\scriptinterpreter.exe

Filesize
1.2MB

MD5
c8aaca5f97815ab662436e5449aed17e

SHA1
4e47cbf558a813d102aee87284c404a02274eb0a

SHA256
d8667e94d5a9fe2d81e04df7e38f792bcf37aa727c24787014a51bd77fb19c65

SHA512
50e16042834a7ee6bd30b471142d17e526419b325c45b1f945323a01d773833a7011d9a820594515114043c06b6cfbebd7948778a6f6f6883b44680c13535f97

Download Submit
C:\GOG Games\Travellers Rest\goggame-1353960921.info

Filesize
540B

MD5
815862e99e7955681d29e1213bac1771

SHA1
3686663326e92d1f0f5661040d27d0e730252617

SHA256
e6e3480adc8743cb9776e26f7ff897c15d101f0f264a249b1c69cb4e8d5139d6

SHA512
a8ea80e61dfa2c9c78c2dabc0f4dd827752705996de5ee3105a2f9cdf4e67ad43766ec9708090f43fe9a379c2364014c085ae2ca780740f6470308b3057c8c87

Download Submit
C:\GOG Games\Travellers Rest\unins000.dat

Filesize
484KB

MD5
ecb693a6f91d5d3f4c90574e8db6f871

SHA1
6a6c79c930c7991dfa6acbf0546baf672ef8f9cd

SHA256
da8ddcd7ddda0cb328d926cb003ccac927fac7e76f5e5495753bc53a16c83634

SHA512
eb086fa5be5b93e3888fe30db441fd35d7a638b782a9836b6fa4d4e82107ee1343c7484cf30b9cee33547653dad6a7ea351c3e5e98731e4ea4fd7a788c39594c

Download Submit
C:\GOG Games\Travellers Rest\unins000.exe

Filesize
1.3MB

MD5
ead620732571dee2edf8d6ac28901b79

SHA1
42e96d15d610520fb92f687cc389b7aa0ab20258

SHA256
660fd71acdc6f3ccbacee49d3c50ac4de09ab90ccc48277f3156d2ecb14603af

SHA512
a662d56d3271ebf62d610abe2f8120f056c2ffdbe082e03b5197c96acd49a97cf326a8e0c987e86ab1f2824b9c928b85df471c825c96dfe3568298f2adefc32a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-F64V6.tmp\setup_travellers_rest_0.6.4.12_(72084).tmp

Filesize
1.3MB

MD5
ff5ebf66cddd9913b729de78eeb638c8

SHA1
ca23d5639d1c516e3defc8f5b267bb5c040238d5

SHA256
abf8d4d522ca94a179d644ec0464474b580ec82441b118b663da3bd879f91d85

SHA512
4fa3a2dc8ad68bfffc0e039171d2da71c3c37eade709d5495e825bb53f576180eafee57e3c1f78d7dcc8d26e26cc24e1e99bb494d9b4a55f74f4145eb6e5a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\1207658715_english.jpg

Filesize
179KB

MD5
4d190bb30daef144b4f458de85bd3b8f

SHA1
e229bec234e80ab8accbd36b8253ae71e052e9e3

SHA256
0b461d282a2a9825db7afa8d00d5226242221bc14e7170ef14ff4ba7133bc5ef

SHA512
ad917109e4533e4e77c3a64178d14940369b1d03c3f1da3e6a7022bf939d1f7b18188767b0525d98f70e1f5c7dca5fe9df52cd0c4dcbf5aa172abc8070a990b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\1207658926_english.jpg

Filesize
198KB

MD5
7dbe1c54d5778f9c07d489f693bcdff9

SHA1
c018b242ab006af01c9cccc75b324ba20125f2fe

SHA256
242e4ec6467b2b06787149c8784cd43189401c9e9a6ee02c29fb99bd3786cf57

SHA512
2d4944038406e473db023b3aec8fc0a6806e8a1b935fafbc544fcde419f846a973d67b896d2b7c0d030a44411f205cad28359ac590c01b9a1fced9def8547614

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\1230412827_english.jpg

Filesize
215KB

MD5
83b9715b148668bb57b2b0093245d1c5

SHA1
e0d78ab460cfb4f95dfffb33668504f6ab52de58

SHA256
b5c027a0d876a0fa342e25bab831cc588e834cfb8b357c16effef6c74251e250

SHA512
75010380b3a6c87b53353fdc4f29128987f3f43c12fb923bb39e3b3d9755529ac021fce21e576c73b73152a33f883426c06c471bee66b240116f3a4230c35520

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\1456141688_english.jpg

Filesize
152KB

MD5
e5b73684a2d045f98f84d309c7192809

SHA1
f583ba4498f2e2411523da929bb2c705af507466

SHA256
be6699daecd608b4dfee79a5c5104f2915d194c6dcb3f75a4ce8010a2f3f5080

SHA512
dc9d34be77ca7f7fc1110458e20df762b18c3f44b247a263d39893c73a3835e5f340e8964ae1f02192d3b0aa17d9a7790e90bf23ef9f2a3ff3767893a66f38d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\1513553405_english.jpg

Filesize
113KB

MD5
746a47c5b45321da5c99948c275e2391

SHA1
b8579ee62c08ca1fa98abada4753a090b8c858ba

SHA256
d10824f49baaa3c5a788de17175a6e93ab9cbaddead0a005e7b799476c377075

SHA512
5f9c14b9c4d0aa110855bd5dc944a2adcef981efc61b1155fb11d8883cb8279b3f8d014a0f58843d59e957c24eead23d317b09d828bc9443b665f0d05202738b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\1c\79\1c794f92a422f1885485e4eb14361039

Filesize
4.5MB

MD5
1c794f92a422f1885485e4eb14361039

SHA1
1c78dd0667eed6eabc581e633bc5f1ca9d123b91

SHA256
74645222d3ed9daafdf101460ca34de7757d9c600ebb7d3abcd6bc2c0add6e01

SHA512
fd7c21121b87305410edc1dfe9335d5513453eb83e2d0c6f9ff3ca60ad5d816f3fa1a38e47cd2b08afedbbd1e149e9e24a473265e02af54eebb730a8143a329b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\2071628374_english.jpg

Filesize
213KB

MD5
e28f046c1d66fc157821800eab258b4f

SHA1
ed9012bdc5a7e154ef6b480a620e416210ac9461

SHA256
e80f5ed99834f8640b1467662bc5b005f827e8a59eb27f0a08b48f367d0ccb58

SHA512
0d180ee9905d8461cf063e2f541be46c0f4bee4c5a9bbced4ae11e4f20a711be0088cc540e4ccd4a965381b4e69e1c5b9f5645af89ece4176d5699f029adb2ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\68\8a\688ac0fe89d3b5b8545a8f8226987237

Filesize
558KB

MD5
688ac0fe89d3b5b8545a8f8226987237

SHA1
a70d36998e40ce651a3e05f5983df31c5d94cd68

SHA256
5bc949bafcc7ea9ea452de914f5b3c968d60b2406b198e2412156dbfcd65f05b

SHA512
86769acefcdd2c818f7e509cd2fe3a885e0d8a169f9afa4f9e69aea58f71469b3b783da9c3d3882df525d37823f8f33aed44710d72459992f45c47877d3e3d94

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\68\f3\68f3888dd273013a012df1345f769531

Filesize
573B

MD5
68f3888dd273013a012df1345f769531

SHA1
262045de5e2464e7cc24b5ea3e95c02e18d11c7a

SHA256
97cf76bc9772275dc992086602435fe6f1b26e2fdfacceb9914d1e1ac2138b41

SHA512
9c21ac94936169e914f9321b331f4b9abd63dab43ea1eae87b1ae7d1b078df063fb5af1a84956da7a8af640136b315fa71ff9362de25597f8c8feef4f457604c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\BigOK.png

Filesize
3KB

MD5
5b43a5d975a53f4fc1da67ce9f7784c1

SHA1
8543fa1e471030049942252b23cb22e0880c3af5

SHA256
59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

SHA512
5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\EULAAccepted.png

Filesize
2KB

MD5
461dfeb75927bdb39f9db5348612a611

SHA1
b7893b1fff6801e37ee7337d876962a09184941e

SHA256
0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

SHA512
68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\EULAShow.png

Filesize
1KB

MD5
c596bc9111edc702bbbb29b70984254f

SHA1
d4712c7b91ff4f8994e7907d31357c42eb47c738

SHA256
6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

SHA512
db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\GOG_new.png

Filesize
3KB

MD5
d5b63bdfa47ef5954917c148bacf7b13

SHA1
5302c6715d9e9b5d2768b130f3e516e175684cc9

SHA256
0804b385c1736e009fe8c3b1b14085b9b9abb40ce487360002ab4a8f3505f4e0

SHA512
b5cde681be9ad1c1211559dc4b363003bf547e8dc965dbb9560fdddfc28ee1d8f27cc534dd00864d800fd351c48694d7dc8df55fc3d8d69acf8b702c7b421aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\OpenSans-Regular.ttf

Filesize
212KB

MD5
629a55a7e793da068dc580d184cc0e31

SHA1
3564ed0b5363df5cf277c16e0c6bedc5a682217f

SHA256
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee

SHA512
6c24c71bee7370939df8085fa70f1298cfa9be6d1b9567e2a12b9bb92872a45547cbabcf14a5d93a6d86cd77165eb262ba8530b988bf2c989fadb255c943df9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\background.jpg

Filesize
422KB

MD5
66f114b9e65b6c2bfd9eb9b1636c873d

SHA1
51176368655708873c9812abdf8323afdec6a50b

SHA256
baa0fe20c7a8b49b4c4e944bef6ea26189ba7414c5c66d57f7ef0a8740e6f8ed

SHA512
4396f9993b87f03c2c3a8986e576c9882672e03b9e38438581cc2db8f2778d387282e0ab4bc5f76be7eccff4711b318b4af2a47bb3476e207f3adbc21f5659ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\btn_md5.png

Filesize
8KB

MD5
3befe9739354ee24a0b1ea8df05ce274

SHA1
ab0bda986a8c46aa19f57b75a2b7b22445a3c625

SHA256
b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

SHA512
ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\c6\ec\c6ecc54be1ee39205e478ea3bb140496

Filesize
13KB

MD5
c6ecc54be1ee39205e478ea3bb140496

SHA1
2b8b2e08add075c912d9f65b4611f7da03026095

SHA256
2f08d8815b2a43b6d89b5c14bbf92a1ed0df52d34dcc2814381190ae52b51e43

SHA512
a37721ec5b66f8f08dfbb874bfd712f2fb97e5cbbce2243161df6164f1576ccacd675b1abf61eeab30e40e27516f328b5393dc57fc6dccc1d0f1ba90d83a42c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\c6\f5\c6f51963ab841019351709e4b8c5a902

Filesize
657B

MD5
c6f51963ab841019351709e4b8c5a902

SHA1
71d24fc5620f4f58d638c35d2c4e81ad6464d0d5

SHA256
60829c9d99e73c76bed4ee1517cf391345f6fd502a5f76ec5c8462459f8781fa

SHA512
24f4b5b1956f9159be65d0333e0a4a44f042b76c592a473cdadff4807de1954a20e5fc3986829a496c873075d69335aa7717fc8a1a79155c98c5982ef77ba8f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\error.png

Filesize
726B

MD5
df10adc25b673e74e19971c17bee5a98

SHA1
ee16fb1cf9491f5e611282f0574b27d76fede412

SHA256
142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

SHA512
dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\error_icon.png

Filesize
1KB

MD5
263720c4b8bb111567a2a49989b8f467

SHA1
cf346fa3c70164648e0eaf72a37c6f4920ab4792

SHA256
acdf96ee4261fae138e6350a0ad50b367022ed5b908fa168baad92644f566ee8

SHA512
94f06a81dc735cf264abde86e6169e5fd78d873d2e926fd48287d2ac5208fc930c3c432186e3510add002bd1b4ae32ad8d35270b17c3ce5f18c43764a8e9de43

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\ok.png

Filesize
1KB

MD5
103c1368e60806b1b7995a0894eacf87

SHA1
971392527f6e4b655044773132505c901a6b5469

SHA256
0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

SHA512
652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\progress_center.png

Filesize
1KB

MD5
ad7fc1e37e40da38dd57adc446cc6c0e

SHA1
08033265deb9b45243cfa0065d98ffe13a039e26

SHA256
2b9dae87340e66b67ab1d8247d4a137628e324969f92fe1098f95a7c5bab2f43

SHA512
dd715d74f8e1ed6ab75b7b6530b383ac47040d8baa7728be160f6d230bf485a9cc54f15f7dc85b122ce56e54d63fa4890e510dfc89d9c9344e31f789ebac8756

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\progress_left.png

Filesize
1KB

MD5
290c7612ad7a077028cd3dc78ce99673

SHA1
18995fbe39d05e4a1cafc7cc2e0f6fb745442f77

SHA256
85e39d909a7300fa2043ec42818582867b981401264b14fc5408e477ae0b4668

SHA512
799841f5b8a1056e78a49c823009750e4b93af130a6c4ff9dc6d386c06b88614e53b46a6df62f5a217d5c99da01cf4e2fe8392c73d39e81000045291cf24205a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\progress_right.png

Filesize
1KB

MD5
c25a41f022a74308d944d1e807d72f44

SHA1
83c6bbec3fb373fcc78ce0e737742100994cd6d4

SHA256
396a3351fe409328782ab138282cf9cec061a5a9540a3506700a620db1f54e7d

SHA512
d2f4449195f3e60c826cfabb52a083d829eb9d0509272977d8fdb33bc5214678949cd27d0594684594e0a3eda2351c39cec8d91923cb716ad144ccf2b966c8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\slideshow.ini

Filesize
804B

MD5
2d54ebc4aa050296d6cd5b84ffd4603e

SHA1
1e85222447b91b6bf332b5a11d06ece12da413ea

SHA256
cc19b04b54ed356619c7f53fe64871ae1f525c7788ba639e063adf053a6bef2f

SHA512
9b298a0c2fc35cc346b29b967035302e30bcb63942edf2b12ca95154cf18900be8b85f10f2e448cc8ef824cc41b06f549a8130880487ab560c038a3817a76c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\track_center.png

Filesize
1KB

MD5
3f2b0c22f8ea28dcbb82b39a16a039aa

SHA1
b3f4dfc2ea86fbdad05877b4c356b7fa8016731d

SHA256
794f9eeca7fd99846968376b76a296c927532cef1271325cbf555caa0d0d5860

SHA512
b4bf65d751717e85418947662d315ae3bcb177f60914832fefeeb95da9eddb75eb5531c62e5a5a70ff03c8a025b5a03e61ffbdecc9f483bea9684454ca9362d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\track_left.png

Filesize
1KB

MD5
55dacb00cbe2825a8540236c5777a205

SHA1
18a52ac6c741b558500fbc1716d46b4fe4471982

SHA256
a8340fb5380c922b60ea40043590dba067dcfed6e22636851691df38156a3aa8

SHA512
2ea444cc1080f20761c8d71d96fcd04ef48254cdc1dc41d1d139f459ea5613fe12f6e4bd026bf33a5c01ff038e72e05dae2f8fba33ff517dd395e1911f10ff10

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\track_right.png

Filesize
1KB

MD5
ddec70b6c49be3e8c3a7d01c2f6ff1c5

SHA1
5383271999f787c36b1dc8f3cc13c8407b195439

SHA256
f54cd6e42f2b2bc5cb8a15f6a28f1499abf094a519ebdf39f4c4e167312c9c16

SHA512
f43f94b194b5a7eafcec9e831f61042859c30e1af2e2447195bdd06b12c90982181161a1c1be5aa5223ff664f88e4891bd71cfffb7ef672d6fe4f614030e0e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-L35PP.tmp\scriptInterpreter.tmp

Filesize
1.3MB

MD5
01190d8b6805fd4d2a68750fbd041966

SHA1
c5c967d47cc57112eec5fe7db0229b36e22ec661

SHA256
5761e7789d813626cd68ee1e62429cfeb92bdd814cd29ef12fc4ae9ec1dbaff3

SHA512
c079f1674f800bbcfe97d95e596314ba9f74bc7f87433dede4da91978c9ba9b1f0b22a4b690a07171983c46ac35e523a52df143072f700279914279de133957d

Download Submit
\GOG Games\Travellers Rest\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll

Filesize
4.7MB

MD5
aefb64750701a2b59aec40eb86c1adda

SHA1
15a21b946950780dea5854884e30f69701acc952

SHA256
bb94b8282379d4dac5fd8e4a8bafab47b09488e3ca0fb1fe5e2493686c71caf7

SHA512
a01abbaf6d93c9405b90b661d58040fc2cedacefa0a285274c6d3a1c2d5167ef7235bb6525ce0707a9faa0308e4a684bf527e6df8a5d0630b0db177dc0f84cfa

Download Submit
\GOG Games\Travellers Rest\UnityPlayer.dll

Filesize
25.0MB

MD5
81bd793aeb5d2cc3d06c42e895529a3d

SHA1
fa1239aa31f0f685a80a753574abf0d4d6ee3039

SHA256
6f2a1adb75d3f85449441307f51ef746cf6d293923be36611e0e764c1c919cc2

SHA512
10c13567e38c7d67a7186d9272c49ea198c9d123a6776cdef1c52674177357b1727ed1bbee5ef7cf3881de22e42c7ba32b1bf77d33cafb09e85641a678769491

Download Submit
\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\crcdll.dll

Filesize
69KB

MD5
1d51fac9e2384eeb674199cfd5281d7d

SHA1
861dfdc121357d605d0cc3793266713788109eb2

SHA256
23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

SHA512
921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

Download Submit
\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\innocallback.dll

Filesize
63KB

MD5
1c55ae5ef9980e3b1028447da6105c75

SHA1
f85218e10e6aa23b2f5a3ed512895b437e41b45c

SHA256
6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

SHA512
1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

Download Submit
\Users\Admin\AppData\Local\Temp\is-FR8VH.tmp\uninstall.dll

Filesize
691KB

MD5
7db706c324cc9b6fda497d081eed6e26

SHA1
ca97392e573af0cf61bfa3301801a85f2beea44c

SHA256
cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

SHA512
8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

Download Submit
\Users\Admin\AppData\Local\Temp\is-IGB47.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
\Users\Admin\AppData\Local\Temp\is-IGB47.tmp\uninstall.dll

Filesize
712KB

MD5
f3a88277fc7e0c057c40e47a7e43f9ad

SHA1
78ae0052b323139a4de7a5361a40503a39339f4c

SHA256
d88bcf910e7a5ce4d76ca48b263ef226911b455d3a8db80c9fa69aeb2b3898a1

SHA512
3c40377600fbb814fe19423404d2fb29f6342ab2a3a6d5dc50f42086fc0f59174184a0870d7f04fb6ee5f84828e1ed282396bfcb70842084af25f5af15cc8a1f

Download Submit
memory/2332-1693-0x00000000003A0000-0x00000000003D9000-memory.dmp

Filesize
228KB

Download
memory/2332-1746-0x00000000003A0000-0x00000000003D9000-memory.dmp

Filesize
228KB

Download
memory/2552-747-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-542-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1761-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1760-0x0000000000BD0000-0x0000000000BDE000-memory.dmp

Filesize
56KB

Download
memory/2552-1758-0x0000000004A50000-0x0000000004A65000-memory.dmp

Filesize
84KB

Download
memory/2552-1762-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1763-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1765-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1770-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1771-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1644-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1140-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1756-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1134-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-860-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-823-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1754-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-796-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1753-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-661-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-624-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-562-0x0000000000A70000-0x0000000000BC2000-memory.dmp

Filesize
1.3MB

Download
memory/2552-1861-0x0000000000A70000-0x0000000000BC2000-memory.dmp

Filesize
1.3MB

Download
memory/2552-563-0x0000000004A50000-0x0000000004A65000-memory.dmp

Filesize
84KB

Download
memory/2552-564-0x0000000004CB0000-0x0000000004D67000-memory.dmp

Filesize
732KB

Download
memory/2552-565-0x0000000000BD0000-0x0000000000BDE000-memory.dmp

Filesize
56KB

Download
memory/2552-566-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1757-0x0000000000A70000-0x0000000000BC2000-memory.dmp

Filesize
1.3MB

Download
memory/2552-453-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-322-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1752-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-6-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/2552-1643-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-8-0x0000000000A70000-0x0000000000BC2000-memory.dmp

Filesize
1.3MB

Download
memory/2552-1718-0x0000000004A50000-0x0000000004A65000-memory.dmp

Filesize
84KB

Download
memory/2552-184-0x0000000004A50000-0x0000000004A65000-memory.dmp

Filesize
84KB

Download
memory/2552-185-0x0000000004CB0000-0x0000000004D67000-memory.dmp

Filesize
732KB

Download
memory/2552-186-0x0000000000BD0000-0x0000000000BDE000-memory.dmp

Filesize
56KB

Download
memory/2552-187-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/2552-183-0x0000000000A70000-0x0000000000BC2000-memory.dmp

Filesize
1.3MB

Download
memory/2552-181-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/2552-1719-0x0000000004CB0000-0x0000000004D67000-memory.dmp

Filesize
732KB

Download
memory/2552-65-0x0000000000BD0000-0x0000000000BDE000-memory.dmp

Filesize
56KB

Download
memory/2552-1721-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-1722-0x0000000004A70000-0x0000000004B70000-memory.dmp

Filesize
1024KB

Download
memory/2552-20-0x0000000004CB0000-0x0000000004D67000-memory.dmp

Filesize
732KB

Download
memory/2552-1712-0x0000000000A70000-0x0000000000BC2000-memory.dmp

Filesize
1.3MB

Download
memory/2552-14-0x0000000004A50000-0x0000000004A65000-memory.dmp

Filesize
84KB

Download
memory/4544-1708-0x0000000002AE0000-0x0000000002B9B000-memory.dmp

Filesize
748KB

Download
memory/4544-1745-0x0000000000370000-0x00000000004C2000-memory.dmp

Filesize
1.3MB

Download
memory/4764-0-0x00000000010F0000-0x0000000001129000-memory.dmp

Filesize
228KB

Download
memory/4764-7-0x00000000010F0000-0x0000000001129000-memory.dmp

Filesize
228KB

Download
memory/4764-2-0x00000000010F1000-0x0000000001102000-memory.dmp

Filesize
68KB

Download
memory/4764-1862-0x00000000010F0000-0x0000000001129000-memory.dmp

Filesize
228KB

Download