1657ce9fcd9d1ab14ad8e0d0dc146d9dece0bd3cb2ab8d460df8214e7e498318

Analysis

max time kernel
151s
max time network
160s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21-12-2024 17:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Rewind.Launcher.Setup.2.0.7.exe
Size

433.8MB
MD5

5f8835d4c9f82fa29f3189764f031ca9
SHA1

d0d690a58da0ff16f717d11cf83c4536f4f03606
SHA256

1657ce9fcd9d1ab14ad8e0d0dc146d9dece0bd3cb2ab8d460df8214e7e498318
SHA512

91404e21de8d26e6a9faddc3cd467f1e4c44fa16d772d7cc47e9e017ffc5005e078506692b32510d99cc867065e740b7ccaa447526c8bed579b1538b12a5ae7f
SSDEEP

6291456:AwJrJjKCo0uBPUNFHZHFQUIt3WvRPwrL9FD/BYYDuIE34v7ndZB93lPl7:prE0uc7FSt3WJPwv9FDvTPZ

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3829776853-2076861744-2973657197-1000\Control Panel\International\Geo\Nation	Rewind Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3829776853-2076861744-2973657197-1000\Control Panel\International\Geo\Nation	Rewind Launcher.exe

Executes dropped EXE 5 IoCs

pid	Process
4816	Rewind Launcher.exe
1240	Rewind Launcher.exe
4648	Rewind Launcher.exe
4544	Rewind Launcher.exe
2744	Rewind Launcher.exe

Loads dropped DLL 21 IoCs

pid	Process
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
4816	Rewind Launcher.exe
1240	Rewind Launcher.exe
4648	Rewind Launcher.exe
4544	Rewind Launcher.exe
1240	Rewind Launcher.exe
1240	Rewind Launcher.exe
1240	Rewind Launcher.exe
1240	Rewind Launcher.exe
2744	Rewind Launcher.exe
2744	Rewind Launcher.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Rewind Launcher\locales\cs.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\el.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\kn.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\Uninstall Rewind Launcher.exe	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\bg.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\sv.pak	Rewind.Launcher.Setup.2.0.7.exe
File opened for modification	C:\Program Files\Rewind Launcher\locales	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\fa.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\ja.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\th.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\tr.pak	Rewind.Launcher.Setup.2.0.7.exe
File opened for modification	C:\Program Files\Rewind Launcher\resources	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\vulkan-1.dll	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\de.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\es-419.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\es.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\id.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\zh-TW.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\ml.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\resources.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\Rewind Launcher.exe	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\af.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\en-US.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\et.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\hu.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\ko.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\ms.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\ur.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\package\icon.ico	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\te.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\it.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\sl.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\sw.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\ta.pak	Rewind.Launcher.Setup.2.0.7.exe
File opened for modification	C:\Program Files\Rewind Launcher\package	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\ffmpeg.dll	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\LICENSE.electron.txt	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\v8_context_snapshot.bin	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\lv.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\zh-CN.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\libEGL.dll	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\fi.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\bn.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\fr.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\gu.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\resources\app.asar	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\LICENSES.chromium.html	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\vk_swiftshader_icd.json	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\sk.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\ru.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\chrome_100_percent.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\snapshot_blob.bin	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\am.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\ar.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\da.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\hr.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\nl.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\vi.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\d3dcompiler_47.dll	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\libGLESv2.dll	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\ca.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\en-GB.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\he.pak	Rewind.Launcher.Setup.2.0.7.exe
File created	C:\Program Files\Rewind Launcher\locales\pl.pak	Rewind.Launcher.Setup.2.0.7.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	Rewind Launcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Rewind.Launcher.Setup.2.0.7.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2728	Rewind.Launcher.Setup.2.0.7.exe
2744	Rewind Launcher.exe
2744	Rewind Launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2728	Rewind.Launcher.Setup.2.0.7.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe
Token: SeCreatePagefilePrivilege	4816	Rewind Launcher.exe
Token: SeShutdownPrivilege	4816	Rewind Launcher.exe

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 1804	4816	Rewind Launcher.exe	94
PID 4816 wrote to memory of 1804	4816	Rewind Launcher.exe	94
PID 1804 wrote to memory of 392	1804	cmd.exe	96
PID 1804 wrote to memory of 392	1804	cmd.exe	96
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 1240	4816	Rewind Launcher.exe	97
PID 4816 wrote to memory of 4648	4816	Rewind Launcher.exe	98
PID 4816 wrote to memory of 4648	4816	Rewind Launcher.exe	98
PID 4816 wrote to memory of 4544	4816	Rewind Launcher.exe	99
PID 4816 wrote to memory of 4544	4816	Rewind Launcher.exe	99
PID 4816 wrote to memory of 2744	4816	Rewind Launcher.exe	101
PID 4816 wrote to memory of 2744	4816	Rewind Launcher.exe	101

C:\Users\Admin\AppData\Local\Temp\Rewind.Launcher.Setup.2.0.7.exe
"C:\Users\Admin\AppData\Local\Temp\Rewind.Launcher.Setup.2.0.7.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2728

C:\Program Files\Rewind Launcher\Rewind Launcher.exe
"C:\Program Files\Rewind Launcher\Rewind Launcher.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Windows\system32\chcp.com
    chcp
    3⤵
    PID:392
- C:\Program Files\Rewind Launcher\Rewind Launcher.exe
  "C:\Program Files\Rewind Launcher\Rewind Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\rewind-launcher-v2" --gpu-preferences=UAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1812,i,8309155296874153063,15484115532497672054,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1240
- C:\Program Files\Rewind Launcher\Rewind Launcher.exe
  "C:\Program Files\Rewind Launcher\Rewind Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\rewind-launcher-v2" --field-trial-handle=2136,i,8309155296874153063,15484115532497672054,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4648
- C:\Program Files\Rewind Launcher\Rewind Launcher.exe
  "C:\Program Files\Rewind Launcher\Rewind Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\rewind-launcher-v2" --app-path="C:\Program Files\Rewind Launcher\resources\app.asar" --no-sandbox --no-zygote --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2544,i,8309155296874153063,15484115532497672054,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4544
- C:\Program Files\Rewind Launcher\Rewind Launcher.exe
  "C:\Program Files\Rewind Launcher\Rewind Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --user-data-dir="C:\Users\Admin\AppData\Roaming\rewind-launcher-v2" --gpu-preferences=UAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3396,i,8309155296874153063,15484115532497672054,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\LICENSES.chromium.html

Filesize
9.0MB

MD5
c5de877a372447fdd303c1026fb432f2

SHA1
6fc0a751edacbe061e97248fa550691225891030

SHA256
4bf4dd1a05ecba975c90d85117dea74b0e94114f882bb26a7e7d1029afe8fda8

SHA512
b3079b18419ca854118e12e8d4681c9e66ae55fbb1f69cfb3ef6322a1c17557c0adbfab5ced030133af814d39483a2b5c7090ca3abb545e8808ffb6abe6b3ae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\chrome_100_percent.pak

Filesize
147KB

MD5
3c72d78266a90ed10dc0b0da7fdc6790

SHA1
6690eb15b179c8790e13956527ebbf3d274eef9b

SHA256
14a6a393c60f62df9bc1036e98346cd557e0ae73e8c7552d163fa64da77804d7

SHA512
b1babf1c37b566a5f0e5f84156f7ab59872690ba0bdd51850525f86769bfebc245f83988a3508945cf7617d73cd25e8469228974dd2c38415388b6a378552420

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\chrome_200_percent.pak

Filesize
222KB

MD5
3969308aae1dc1c2105bbd25901bcd01

SHA1
a32f3c8341944da75e3eed5ef30602a98ec75b48

SHA256
20c93f2cfd69f3249cdfd46f317b37a9432ecc0de73323d24ecf65ce0f3c1bb6

SHA512
f81ed1890b46f7d9f6096b9ef5daab5b21788952efb5c4dcd6b8fd43e4673a91607c748f31434c84a180d943928d83928037058493e7e9b48c3de1fc8025df7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\ffmpeg.dll

Filesize
2.8MB

MD5
af6e7c9a3b89e318a6d30f5e6b0b264d

SHA1
e5b9af5ab5e916c352c6f6c5675f60d1962fc490

SHA256
04d0c51e432e72bebf00afc42789567d76095973f6031723f81b97a6aac933e5

SHA512
cdeac1be5183d737aa60126404ff8739b072e98cc63c603f026dafb2ffe9a5786718cbeba19f5bf1947dbb1f7615196017cf8f321029abcfeb480d186b6715fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\libEGL.dll

Filesize
473KB

MD5
fc6eaf6a41f3c5009cb59bf7c31f4e71

SHA1
1637a7de0a79095a29de0c20f73d9bdd21383447

SHA256
35fc03a6fc2f308428801b0179780ae25373a09640225bfa6611b442eaa44783

SHA512
62b53cebc20f8d55765face7b30d205b450b20a0467d6a6d6ae7a1e6f3cdc220f268d177a14572631304e5314c83b69753605688da6be912412c3f101483012e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\libGLESv2.dll

Filesize
8.0MB

MD5
089b0680bef6f1e8a070be3627c26261

SHA1
d74cee5db729cbfb1b9d2ce4b86e0d2eb2d9501c

SHA256
171d72ce6518a10eb38e5403e81d2cabccc2c88f8ee4b507d18fb3cdc3668a8f

SHA512
cfbfc14ee59d89f0ba171f5ec0588c843a98ff4c6cd981fca3513895bf7cefafe5c8fbec0aab0c9f7a5b157152fc740a02669d8f892cbf00d9b5521607f5c161

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\af.pak

Filesize
509KB

MD5
6484a2029d88dcf78a569e65f2987933

SHA1
9e9a6f609333d14ca692730055cbd8be56b98c32

SHA256
5bd93621de82965b8a7d425660d4afef8102d058e48e8b42e0a45ea2b32ab2fb

SHA512
6ac6fd8cb28c0c41beb5fb6ab1352681833d0c85507a752866db1139b75b75c2572aa0768ca82513235514af064e26cbbf0d76dd6a6fe0d20eb309e9c9ff72ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\am.pak

Filesize
822KB

MD5
e429defda7e6297a72c0bc4e36aa3f5b

SHA1
c609b50a3108558891a6ba6ec55e4d08d28faea2

SHA256
d759c21b9569163629f2443e69f274ffdb3b1417eaa2b72d1dacc9a31819dbf3

SHA512
e2933099d010932a5468bca06f8aa74f9d387d359be57a58a16886c4702cc7d445aa977dffb54b9d35d69517670a428f041561d198143b7df621c2a47a42c12a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\ar.pak

Filesize
901KB

MD5
27f7382231e5edd297fce25db6c212bc

SHA1
a12ac371d96a713302350b91e85ce647f6b77fa2

SHA256
3883cff8aacb76e0ee906eb27eb5e5437674bb9af85bce1087fb49667d0c47d1

SHA512
34b43f75c6600905194e98645603dae0188d09c84d7d31586f8bfa92df14221a9cae8ea0876c1ec37a19f07d01bb3542f950a623a4ee5f9f0f71b62c73291e58

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\bg.pak

Filesize
938KB

MD5
ac47647ebc503ce6f77e036b218fe3f0

SHA1
e956c1a99025b8b8d92f8de8869a97a8cefc8285

SHA256
c87083562fe57e1168aaed1f432e74372919c2008aa690ca6ce719f1787d9522

SHA512
d3bce66e1ecbb1c216942a79102cbcd264b8d946de3723ab1f26b3b8e299b9569a0fda833cf72eaeb12d9656b0d681e5bd89952fddc5d8e51efa059041a8b4f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\bn.pak

Filesize
1.2MB

MD5
6a454e70f4587d7d767e3cd914a0387f

SHA1
a238ab368326c312815b194a9b057dda2a20d6f3

SHA256
09dc06e2f6fbf4089cad32a23151cdc8fd873c17def2e85eaad31353743aac70

SHA512
13204dfd132df04fad51b4e1a636de5f2b63267c394411fcee57ae81d34193946a08634270800d86a30717be78eef20ec821659dae367328b1c6cffdaf2b838e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\ca.pak

Filesize
571KB

MD5
a7f88df4c6929843e3fd867aba68775b

SHA1
5c911c2f451ce38f5d505eeed3b3b27870559694

SHA256
17db67b5c28354db5bfa08697fae29c3555728a6409a653e0f136216c2d05e6d

SHA512
0f93247a1f05ffc4aa51b185c4400f1e38507ec257930465daf61bbe25ac85aa44da609d74f8cd22134d247df3447e5e634b33ad29582ba31a805b7d3f9d2e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\cs.pak

Filesize
589KB

MD5
a13e490df259331b90d3f0eb7690dfb2

SHA1
9c8ebaa5eddaab4f1d962dc6196ac7ad5a532127

SHA256
09483aa859d024639f5bd2325007b4d2a35ce339231e051a943e1f0eed1b3336

SHA512
392241b41167af66a71ecfc719feb8e3f35ec23f2f9d2bde9bf0447d6baa1096a654d02429261a95bedc3de1cace712528e611787cb86a5e6c988e2406df34bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\da.pak

Filesize
533KB

MD5
d52825334984cf13c45f71c38bd07ec3

SHA1
f2ba6d65d15f50f1ae244581bf13747b2b2b1f26

SHA256
19d135158a35608e646299defa1647743132a9436c0411ccce2b595ef9738b45

SHA512
21922efbc307912e02daaf3ff66149e50d8fc05b2db2d0be0e3e7ea0fd420a9dd29a334e83df59f42f4168d2c04d4946bd4671a4495855884259e959ad87917d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\de.pak

Filesize
569KB

MD5
62fec38cacd3786d15a6299947e36a34

SHA1
927aae72ca89c1d1b7f15ec5c3a2a9823cc615e3

SHA256
954451a308b8c451f080ab628f53a16e6638c201b4d79a094ac5f3ae263c50e2

SHA512
957d6ac274db6bf63c789a90dfc5c437db316eeb6e30ffaf4899faafdabb8738cf2ed54acc100d15c41398bbc9f3d546d497f29e4675db50a02e1003f61fb339

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\el.pak

Filesize
1.0MB

MD5
de1a605a023f9f70c167c0b5dfe3a3ab

SHA1
bfc7f3ad1782ba103227401cc40508be58a931bb

SHA256
627dfa327bd3971ae2f26048c247fcbeaa33b3301c3b78f72ec3f199a365ca2d

SHA512
2f8f3c40419761b6331927c0287b1e65067ae5815e6c4fba764d17a2a4d670a54a0db2b35108d5967067c40ab987e458b0e84af9a4ad851afdd6286758cd8265

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\en-GB.pak

Filesize
463KB

MD5
f5e4073325dfebfd35aa09016108f480

SHA1
93919cb1a28ac0a4a77e966d6599fd832edafef8

SHA256
811cc30238e961c852267a897c579d6cbebfb957fde9be662d23e4ad989ec894

SHA512
503bb198fbdad64c67df0a2a1a2730153758e58fdd3c0139bf7e89477b96cf7c8ecebb23184d48163e6e96d1dfca9646870aed77bb393a5355605efed49032eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\en-US.pak

Filesize
467KB

MD5
45b984d76459ab58884ad190f54bd93b

SHA1
6c70aad992986beecd86aa35d04441d345b9beca

SHA256
de60674fcae1e9395cb9a2a2987dfbd97defba59dcf7e5e61a452602e38179c0

SHA512
57635aa89a30a0dbece3586ef4b92ef96003faa11c8f666b8bab6522f7c26d7d6431e08c6335d41aaf5e33844e5fb735a22ee7aa621956dab6fb6615ab54795d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\es-419.pak

Filesize
562KB

MD5
7c122de65f4203421225e792afd77fb9

SHA1
964edb32afbb973635397b66f36a42255f9e89cf

SHA256
99d5177b232925a00917b191ac358d88cd8e9a3eed73ed456ac4a62928345b49

SHA512
fb8fb7d87500fb1ff2ab16a2c960428ab5d9548a17ae24aa313d8ea60b11a36478f86ff99bc45d29e0cf33e7a97ab9a99b05412337aa5f6a7a076c7df506f1f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\es.pak

Filesize
562KB

MD5
3c4e61e751fd35dba90695f806011bfe

SHA1
c29105b94443f3fe8400eead098d8c53fb9b7dca

SHA256
d66d7ac73c09edc6dd00dcb1b414bb662de6b588c06621764eb2e212db80fe9e

SHA512
de3fb60248914f470a6677de2769efa485151b2e5c7a9f972c829cf7ad1c61d4542e71dea3df132bbb5202daaac45a60b01965ca03d39179d7830a6604072e1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\et.pak

Filesize
511KB

MD5
c4e47186acd7c727283b480ad18e6f33

SHA1
96ba904d1a82286692f16cdbe8c44e310e5adb92

SHA256
7b17cf34b75cbcf65476af00a0751f55f77ade6caa68513ab3629a5254742b9c

SHA512
a105c16e26b43a2f983096e9a7a2065fb255d951e365716faea81d3c9fccac3b93197052eea0cbb61b51fbbce48f6ff062c5d87574b2f9a7d8638bbbed2b4da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\fa.pak

Filesize
836KB

MD5
6e6eff8214f35735566b31d1754ed6b9

SHA1
bcd1fb9a6202d98ed0db195c3c9748d6175ff8b6

SHA256
00a9c5e4915408b948667b7b5c5715fc3fc8e6d628210bf9a341a55e86b6dfd3

SHA512
4c95e42e65e287ddc62266d39ab580cb1d552756a1576477c2e0af3e6f7555e6bdae0fd1c3e2b3840630e73bdb7be4eb6bc630b19a4a4e1f7d268d1484484221

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\fi.pak

Filesize
522KB

MD5
1920bd8cf37dedd27bedf200f350e1aa

SHA1
4c39426f62b03091130704ba5e6c9bd5442a1921

SHA256
c2e954d937baa4a8ad382d064d8c6b0ce2fc3375c576dde7b8f8adccb83e4bc5

SHA512
f42a61efe41b6f4e2eedb4690f48b876af4a9c08a596143c3e6b6e12f7e546fcf2cf7f42f3d1fb0072ee98496255811d11934465627096feab5792c76b9b6db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\fil.pak

Filesize
590KB

MD5
f244bdb007787a98e41196e403a002fb

SHA1
95ba50906890d275674d254ec39880e642733f37

SHA256
70e5b30013027e3406ee0a9953bb34e27229d3e0ff60758a7c53837336966833

SHA512
8720503d85ec0f2ea6ff8127e7c40786d5ffe7545845c7d0795c4fd7b58044549c6f194f0f7e54c49a1b32a78b5594e5bc1637eb62d61927df081b5c4be14882

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\fr.pak

Filesize
609KB

MD5
c4a35720d8c9397215cc73ebf096ca44

SHA1
fddfa670699437b1b7b86975734de0279ff442f0

SHA256
fae930c71e897b3a6275d526384e9a5ac62fedc562b76904dd108b55b26f1246

SHA512
ac0b1a210a30719b58223894367d28e3f8ea1c29ab782181ad135df07174bcbab4274d73b6bcfa850b72f5dcb6b35332040018274fe7cd24f7331d7831a04e08

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\gu.pak

Filesize
1.2MB

MD5
0ae1b87656ad93fdf7077743964f25d0

SHA1
501e4abb0e046e80812140bc7ae4db8d316ad759

SHA256
391a825c8f33718bc87ba6d8407e7fbe951b0fe554d0db689a6762eed38f3006

SHA512
196b92f0c7d51cbff1a8c298656559b2a5b00685fbcba1d44ab6a002abe28c07347400eb5c4cd3b790a7912009c430af52a38d695e49eab906d80b9a1f5a946c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\he.pak

Filesize
734KB

MD5
aab6517caad0afbad64ff1736ecd15d2

SHA1
33782592c0e22e54e91225dcb33a3b703c075ff3

SHA256
1325b70d40e5d5019276c50b4777451875f6dda15e9bb4e23df0de404a2bf76a

SHA512
1497a5069015c37296ad71f6a37ad155f70d4cb06c4c63431382eaa18b2a12870511b7e754968009f5b200537202083cdd272401915a478284f22675127d7a8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\hi.pak

Filesize
1.2MB

MD5
af21f47fa2fe383621a66adf29101fba

SHA1
85492bdf2ad120f2885053bd72b3091ea9d0f121

SHA256
92b057a1e57bef223a3fd8c4789c0b8b94825822a07c29b2e7c057853cc627ef

SHA512
f985a3bc72bcce3083c17fd968e6c9119d0abe281b24738a0829c77d6c172b71694960b2cb23ea6bfb7545bd045d31410e0f04accdae60362c44abcdcb710433

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\hr.pak

Filesize
567KB

MD5
512e38d6328c71a24b8a9e068d2a4db9

SHA1
66fdaae1696b4cce1e0ec0d13d346ca5ebd8bb37

SHA256
5df6daf8c34c3e74eea274c8d608b3a177f4d6070a3bfb481cec19ae853b58dc

SHA512
116f8cbcf0d59139d7b1d197bb2117d34b9579dc418c0c6f17d0b3ffd338836e5d5ce8f1439f792a08839e0a1079ed4afe4f85752c5aea22844a70cbfd551a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\hu.pak

Filesize
611KB

MD5
ac4b7e349c25d9d2b29f2cbf2ef866e6

SHA1
d56fc6fb8f66a0b0a0883f572f8345b6ec2072be

SHA256
a09f07ffc112438f9e79b88907b7853de161bbb91a807af96f57d01339e365bf

SHA512
e70066da52cf2d6752e6e22465c9ff891bfcdb5d04c9f2b2cd052c5059e0229f86a188cf0cb3435b059f66d2e97912d8df33c7ef4b400b5e51e457fe4e84ecfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\id.pak

Filesize
505KB

MD5
5785c0a1142b99b41b6118e096e37e1f

SHA1
a2e8ed5ca1fec60ec811ae9cab74c1286467a4ba

SHA256
8bd54bf3b8cd369b4a92804c160bd3d2b888cc0a716d910c7a324569777f4e95

SHA512
2a2a374f74c24cd1876859e4fca2525b5bc8e6d86f88212af1e13970cf4c5b52e7dac31911f6dcaa54c94c0829fff39a984f738813be68c3a80d30051b02249a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\it.pak

Filesize
554KB

MD5
4e6fb4c153c436faeadf56125b6d2ced

SHA1
bb50f6204e0b7c2d08845ebb46136e552a72c229

SHA256
d881daf64575dab20072130995d602d21381ec4536b7c57d862b511fc7b34e63

SHA512
b44b674e10e726e4eba3a4b0a6e22a14c0cedbabc41e8af42bf2ce0ee008ed944e54e0ee185b116971dd9e14f145c9365c949183cbd27d0c629d0fffeb28b202

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\ja.pak

Filesize
675KB

MD5
26579ff78414768486706a010168661e

SHA1
e56243b75fc025bb75d75a6889b6627100c78bc8

SHA256
c772f5030a7fa6437e8ec2161694566c8e22319b68c2a2d4777eea7b327f8142

SHA512
814984f571a79026b855efb435cbc7e6e24c67a60899cfde9f055375c1b3ba072f47483bb3e059ac3e9d3607ca76bbc4d4f9d97a25538c5de92b2d5a9b8bc22e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\kn.pak

Filesize
1.3MB

MD5
ab565e8d33e64bd5b2b33ee54e3ae644

SHA1
07fd172a4b28dc2eda3081befbf9f6a03d5130e0

SHA256
29e2613bc55ebf10dc0e6318233aaac0b39428a3af0b1e0867805ba60194e88e

SHA512
6698acdbfa8116e124512644de545b5b28fcece8e745122fb53bfb3a81f16dca128bd657c8b5808aaa4b7f055d10b2484c9c92bf425a3f3c82369b6220e0cbf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\ko.pak

Filesize
572KB

MD5
d1ff388e387db1ce20d5f2d462e49981

SHA1
c5a5f2ea00be1d4d8a10960564deceaee958224c

SHA256
6b32ceb4d71dc8fbebde2f4ca3a543dbc4963525345c9298e8daaa3279663340

SHA512
0dfd299a6c3a3aeafa1c50254a1a422f7247869cf99548b477802cb0d24cfc6c105172538a9c9f4651a82fb562c40c4757a7af8a34cec2fd969fbeed3e6ed521

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\lt.pak

Filesize
615KB

MD5
24d1fc605857a53ee7a92e6003d032ad

SHA1
dc744cb97b47f26cf74ba9e52666cd6c21656456

SHA256
1334d488e5b1a8357cb480508c8f6ce2ad211a9997f347e9ed1b9f712c60f74d

SHA512
552b1458337403c697b5112e5486aefa50ad994ed8cc9e11bb12a91bf0de2be92e934debe8af1dc670e398464096c925542eb63009bdaba8ce348cd597281a22

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\lv.pak

Filesize
614KB

MD5
5d5b4c71b5d3cb178511d2c7d7488d1c

SHA1
3bfbfaaf6ccc59e49649ed69a42fbf0d4151f887

SHA256
2486f896cf18c55462835ad2f363866995cbb992d5d9d39239b569727afa58b0

SHA512
ccbab44c35da319eab4563ec15d4e612462074e6a99ab35a775531badc6160c5b379f8000420f57894be691da46b9579e48d1c0f57e6cedac350871b19da1c85

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\ml.pak

Filesize
1.4MB

MD5
af63dfcb2b13d55a37875fb74c30d1cc

SHA1
b3b45850a5a07d1561412882526d5b4ebda643dc

SHA256
3335642c3f0c852beb595889d8a86431001133cb8c14c45bba688b764008b1d0

SHA512
73b8ea93e3e0c35b5792cda9e7044c86111b7229d5d83005bbc1efd13a2afcc06b48899a44d50710567234c5788ab8331aefc61f09ac65aaac13e8a0b86f2f93

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\mr.pak

Filesize
1.1MB

MD5
d9edbcd139a2dda14efb088dbb99d36f

SHA1
757434df97d64e25bbd2e7f9f456283807a49c0a

SHA256
39b3080a83994129a5dd5222dce549640bf51de644da13f2769e836126b7b782

SHA512
0309a16c49920b45e2add8020c527350dc6613ffcd3ad3ad22694ba419396b583108698ee6dfcdc5c28cd2562c5bb1bf82f1313243a4fc969e1914599d3b8b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\ms.pak

Filesize
529KB

MD5
6f0d9ca4630b5ffe349247ccb3f34589

SHA1
ff9a079ada57344154741070ad85902d576476d9

SHA256
0615106f5c7adbeccd9bb1ea207c8bbdf5e917499e3860103a3fa60069b835b2

SHA512
d63db7111f9f92bb18c908bc5a499bc918df54859dca5267e352fa9355968198bcfb42872d96a61c5e4355713ecd0c21aa72383e84bc3713d15526de613c3ae2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\nb.pak

Filesize
513KB

MD5
8788fd146d53925f54e127a2b99eed0d

SHA1
0e892f0ea357ada0e66a868dc908cee3a448c858

SHA256
114ca3cf8ba38df9885e54feced2db9f25c789c12fbf41ded07e58ffeb7d852b

SHA512
45927030c080846ce3c533c84cf26ad93f15aed8070edc07f6e12d7a4b4aad3eff6d84cd0b998314635a1655e0c8836199e110ff7f86077f46caebbd268353db

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\nl.pak

Filesize
530KB

MD5
fc2f845462d8fd201dd55a9bab0c13ac

SHA1
d07988fc8baaaa94cc70e0b3152f96944c8579b5

SHA256
f7577370e356b5d1868b0faee46a3030aad4d7a72ff068e8910972862f7e43be

SHA512
7712854e94730be7973231a55379d51271969cb156bfb88c45497c1b1563f1c4817595397570a2236a43aaaf07db9de89bf3294d76b35952491d9461680e0f69

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\pl.pak

Filesize
591KB

MD5
b6fd1e076dd7b6027d27b09c86440513

SHA1
0a59a7168c7a5f96a4c675b8191c9581f6d61a28

SHA256
4f12dccb61513bad8306c4f8865daf59d5f666c3540c81bb9c56ef52a972819f

SHA512
d5b77baaf891fbba7786bd67b280fb1289751f9535586a236660a8e573d6ea87b4aec8616076d9987659d4d08b58ef6111766efdef1c15eb5793bd7b000a86b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\pt-BR.pak

Filesize
555KB

MD5
b00063d518dc48d46182bb86a2676357

SHA1
850c6757ebf56758f4ad9452e394427903527889

SHA256
74f1be3440a80f55b028cb3c42f291fe41c1626267603d94f57fdececeda3358

SHA512
75459d63e98eda8b450576d9cc1931c0e11f208ddc0742b9962b5e63c47dba92b6cffe2ef8bc5fb288a2302303628dbc6b9b7837a61b50e9dad1d6df29a16345

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\pt-PT.pak

Filesize
558KB

MD5
27c720e2920e684d908f6037a9d9efd7

SHA1
28384d13c87368cd4196c461b86315eaa91525f7

SHA256
72d9a069944ccf2ac4a6ef44110a2e3e70e8aa550664bc70445947ff72847038

SHA512
136d22693d858e968651c50d3759796f15bdcf20d002a41e70939291398d30774c4677284d13d20332571e04b54653880fa03cc310c0ea18e33c2b5bb7c2ab00

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\ro.pak

Filesize
579KB

MD5
f9d153fc60c03ac552c775c79f862513

SHA1
7e3dc463ad9c4e2d3cea0e5af84aa6afefef086a

SHA256
432c9424a471857301b724035c973ad009502a7dec2a9df95ccfa73fc46dd0f9

SHA512
3fa61ff461ad751e51270ffea575cd0a2c70691afb895de2860c45d3b77e669061d3fabc2fca47bf4b3e2dbd87b2cd150f2d827eb4a5466658fcb223c3a11d20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\ru.pak

Filesize
952KB

MD5
19ee869997b40de66599e7dc8d4b8432

SHA1
d7e320dd0a46e1137a2792ed37eb937545544455

SHA256
d9dd48e68d20de6d90f8ae074b4f0f94ad8a9a9fcf20fb86a9a2a41caa618ea5

SHA512
be3899306e7fdc8de376e2bb92469c61040e3f6256301d04f60578f705ec8e69f2c58e7e01c98dce1a2295f786748f1aabe0d84fca5f1657860850eeb3c26bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\sk.pak

Filesize
598KB

MD5
93d13caf1d389a6489d911468af1df66

SHA1
e57c07f3a46518edd327166b31f443b20e419209

SHA256
99ed2b13a2804a399a6f4bd5e5608221ffb5874229dea14c33ceb24d99dcbbea

SHA512
4f449e4fe79393c228936c76f11088ec1cf0df887a9d3e6781e9bf4e5d5c41b9f7ebbc1c7f94e8b5b7527be8a3d1037453e7dbe3b585f84d0f83ea59da318476

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\sl.pak

Filesize
574KB

MD5
acd74a626e4e41f0e5f3516790ffc410

SHA1
2becb9f0394e61459530cf7028caca2d5b77fd3e

SHA256
d6a8d1e4539dc08fc4dd6ac5a048dc20047b6f202103e3782ce59e3f2d908696

SHA512
0e5d2ca27d1331e916f0a71546351fedbe060efa44726a41a117b3a8fef949604d30a194523a88421bb9740e1092bc288ab19a5eea326c8bdba70e4673a48b28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\sr.pak

Filesize
884KB

MD5
b4c168b797939706eeab8e590df41a87

SHA1
96aef6c5565c407c1b8558630829e8df34e00caf

SHA256
de79d880a33f7ba3e5cd8ae457321671582e8fe513eb4e6f5b9e257f6fd3581d

SHA512
12d3c08f4d28f7bfb7bcafb3df6ceda91c371d58d6df819810df3a9c0db11c89378cad0a2c7b0c63b618c92d6db7f603ba043c28c494857ede5c6df1a9ba3905

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\sv.pak

Filesize
516KB

MD5
409223e938df09ff042e51247591bc47

SHA1
19d98ed2b4e7f6eee3d07913e442c65195aedc5e

SHA256
298cadec1174abc1b918bce83b22a09835cf8dcba87a3438dbe114bbc0463bd9

SHA512
208266b425d6813f6889d7abed9dfd549602fa26f21231beedf13f8b09f3b2f9ae33d709540a3bb5d637d299fc2976bdbcfc9c7d4671851519318ca7559f7bb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\sw.pak

Filesize
543KB

MD5
40c6e45bbe6afb7e05bf476c9a9b0fa2

SHA1
3d9b166d7ee7eecd748ef5b5796105397fde437f

SHA256
c39c3ada455757bfcaecc3d80652e79201d2264578d42d221c52d7c50a601b0e

SHA512
112d77897a9676220bc825ecee6598f0ebbcd5618f7756fab651ab8d6990959bbb16f1f481397f365f4a202366f714d432d3976ffa3e6e787bc3e62f12262f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\ta.pak

Filesize
1.4MB

MD5
2401a2e74b1462715a3322101e76e1e4

SHA1
f3ba3ee37edb088faf069de6f83e92ca7426504b

SHA256
c66ce9d65f8691cc431db79178e77bc615bc1f212b27a754d395e5c8adc0fe13

SHA512
28505fbed2d8b665b623053ad4cecc8a7226071779ce50f735efdcf5fa472a5cc00e1a89ab6fcd46a5df11d14b32a7b2f9a99161ee2bf15e4396c6dd9018d629

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\te.pak

Filesize
1.3MB

MD5
e9933a531c8c72a589de854195e9c45b

SHA1
ca9cabd1c81bdfffff5da404b7f2cda5a2fc5905

SHA256
4d9ba6b2727f5f62d90dd45019c68137f3d55efc23a85f62b4fa52ece972a073

SHA512
444d751674d9c6a00d571f918582b46ac78fc4be78636c4a1caf9fb52bea63469f70fc8a0f57fdaccd79f12327583f24ab575890dad6d2613bd38d2f29ea0da1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\th.pak

Filesize
1.1MB

MD5
aad565b6857b6acce9bd4d551c80308e

SHA1
fc4883a2ef32230f8fbc768e949a443f57217dfa

SHA256
77209d15decca546704f621bf4e8d9269c56add000c057c568d0fe977c447e21

SHA512
eb75505f6fa302d68def6cab133c6b448f40a2a9e1f4c2910bf56f68388272c8515253143fdf69f0e1febcb9596980ad4f2be0a9b3b96ae229c7f6d5aed31fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\tr.pak

Filesize
554KB

MD5
f5ffed9e08e2456bec4f4304358f37a3

SHA1
7fa837edec8f65c80a9873a24f9040046ce1a69f

SHA256
df9220e39703440ea7c9d9b74796ab5196fdd0ce7b5953af8813567f39ff500f

SHA512
473b831dbe75c08ccc4668920fde200abbb23a4145b255d56fbea41ac1f51e0c71801f8b194324b46c0319d4a86adb89084c7e6b86e3c5cf92de2f313ea9f3a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\uk.pak

Filesize
952KB

MD5
1ac5ee33a091d5c44ea7b0c9dbcf01cd

SHA1
97eba903ca99c5764ac11fb075eb06fcfe7fffdf

SHA256
b76695b9352440d27c0319f59cd66df2d8d76eb1162d5f78a8374748562ad210

SHA512
74c72262cdf2d9e02e91490d03c1801416851150a910221cb5cefc4ac5e7f888978d0ccb7583f98d7abd54695a97279b91a4bd466d1fa5a0d66db19212712278

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\ur.pak

Filesize
831KB

MD5
b105eed802ffaa71f4c5d802d286a6e2

SHA1
369a0042ccab4ccc1f629f0fa186c62e96feb12d

SHA256
78799d1065fe84bc64c8c851d5457639172830516ee5c74f08e210973908770e

SHA512
94c08fbb7eec3398ff1a9082c558b5c6830122ff8cfeee03361783a777d0393dbd99a4d654e9d40ba941f798185c171a3b9232f696828aba2a7830453df22c77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\vi.pak

Filesize
658KB

MD5
95daebfa784e7401c2261f4b3e85013a

SHA1
47e290ed5029f297054eeff67089d974fd3a6c6e

SHA256
55bbd8fed3330da92aee877fb18640cf7c6391d7a6c6bb5aa2d072b4800d3ac4

SHA512
fa84e9cd8ba8bd6ce1067ad90373433c8183ed70595fd73915f48823fdbdf9c1b581ab8f10fe738e1b4c7fb6986c62f965e2618b7044e7ce6b7ca0b6d34fe034

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\zh-CN.pak

Filesize
473KB

MD5
780ad68339ccbdd2d0b3590fea4f0d0f

SHA1
c9fe2e935a5f43e90ac6d778d2c7f77209f6c2b4

SHA256
67e96bfc54394701cb91e112bb07b7b7042ce9f285db3332a19476af566444f6

SHA512
c77f4eb2639f6277404be4a0c70ae68626f119b4a47b8dabd86ed599c07bbde3bc5fb8eae2b2c36b5806def0d08fd9ba756c770f4ba365897368d4166170a35a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\locales\zh-TW.pak

Filesize
468KB

MD5
550e545b7a3a3ae0e5b73f127b09813c

SHA1
23592a5cce7a4791366653fdbebcb21b456b2651

SHA256
ed372b000597fce75c14edd18ccad1c99e2100be884b58a7e7498488163f2554

SHA512
0e4b4851b0f73159ef0e205e9732eaf3e7aaddfb786327f81571b7f8304a13f26ef27fd901f19a6f4805834615b8b683637dab0f9cb551b3d9eb7b5bdd488412

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\package\icon.ico

Filesize
264KB

MD5
fd32289ee45a24f2db575555576b7b3d

SHA1
6c032c1525f68549c113843d2be41fb3cad9d4b7

SHA256
084844d03eb9ddb3fe69a760fba86666d51e4e06b0738a53e5a8abe4a68daf49

SHA512
46fec23c6a741b149b5a6b1643515ccf5bf83883ea0b53fd6f5af43c597feda6de103b550d63ce0711bcb3626286531816da5354bd761255aab2708f3fdbdc63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\resources.pak

Filesize
5.4MB

MD5
0db1896c517ee4046bcd033fee82164a

SHA1
b75983857715a55160de8fc89d22469181f1c465

SHA256
585bbdc05da4ceb1dfb0ce6fc3001dfec3c798140da3004a39b444900bda7679

SHA512
e352591866742d9c44ec40affecd46d9706b4f1eda90fc6cc0790d3de60cbc74bac15fd55ba90924412611eb4495427df8235e2827528d0e707b747ba33a68f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\resources\app-update.yml

Filesize
102B

MD5
7f9a4f1188926d50fe6a646d40ddbc56

SHA1
d2ea595c15d7e1a21006a3010e2aa44137c039c3

SHA256
f9d39c0a4ed00e3c7c6b7ad8dc9f75dae5ef52d1a32d9cf5eb7c44972367f730

SHA512
bcd4d6e12c371a9b9bdb636f4a403c7e0c4eb7e0979ac73834d42f7988ca4cc4b06a9f5a55491d360c6d88f72f7f0d2eb0de49ca3debf56700a70daba6874712

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\snapshot_blob.bin

Filesize
306KB

MD5
41a4e7070733f20097218576f6484fa9

SHA1
495a36f4d85946a8e95d8f0ba85c8b2a400e1670

SHA256
318c99695b76079bc82378d5bf38dc9f8bc2d28fe4fbb487a1eda03170af233e

SHA512
e644a726d26d887305018f337c91db8d7f207f3a9d75e71f531cd58e62fbeb0a4b2ffe6d14b4e16c8b791ca05d249573ea04964df46f597bd295eb17c2b493df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\v8_context_snapshot.bin

Filesize
650KB

MD5
c3048304913b58e1f8e0df23f15bc864

SHA1
241013fabc2e905dbcd8f02af4d008676db421b6

SHA256
8ac45d2ee2705bab53e3ff9564936455301ff722c3b0af0680fabb83d3c27bae

SHA512
a9a1e2b3af0fee8eafede606594b4f934ee4f0c34ed288b6366897cd42042a1ce3fa9d55029f9a87e6e692ae7f7d5e83d007bcb8e6bd685d84ef0df0fdffa9e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\vk_swiftshader.dll

Filesize
5.2MB

MD5
927d6c1b86658ea2be2ecb7f2887d9b4

SHA1
f93bb3faa9d4d557e14c561597241bdc785314c6

SHA256
c23e54b466231ab80b6806e5cbde58a986a49d34401b07651adcf74d9e793db8

SHA512
200f3817141484f2e7574293b95ffb641173ae37fddcc9bbc55fb547de5bea4a9b9ad83e453ad23e803393c7dd22e154ce8ae69c6a0db39b89f5514148aea74a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\7z-out\vulkan-1.dll

Filesize
874KB

MD5
672dee6d5b599d3a149d44a637de584e

SHA1
7dd4ea57f85f601b446ac42064c82075bd833fa0

SHA256
bc9a6302b3e37ebda7f4a581017258774f58d12e3bf2527aa8b960e95a48bf05

SHA512
42d991431e86fc6cbe0cacdd37caa8748d01100e2249ad69877787dc66a6a6f7452abf6a92392857d202623ecf41d39a3073371736912e2a37723baf2a9133a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\nsDialogs.dll

Filesize
9KB

MD5
466179e1c8ee8a1ff5e4427dbb6c4a01

SHA1
eb607467009074278e4bd50c7eab400e95ae48f7

SHA256
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172

SHA512
7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsmB0C3.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\rewind-launcher-v2\Network\Network Persistent State

Filesize
788B

MD5
c4f62d95a2b787a2be9dd75aea377b2e

SHA1
03c343996062f10268b252d9cbae7af1424b7c3b

SHA256
1f44b458e92c1a07742181c4b7802893bd8634c5cd3bda08d8d8aa51f2ccba30

SHA512
e882e79d5bd1c259506a3f8a9893c7e0dee33d5acbce4cbb981b3cccb395ffc47d4d8366df36c54bd3cbb60091eedc271299b6109e9009693d70c913079897fd

Download Submit
C:\Users\Admin\AppData\Roaming\rewind-launcher-v2\Network\Network Persistent State~RFe59046b.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
memory/2744-702-0x00000196D4B70000-0x00000196D4B71000-memory.dmp

Filesize
4KB

Download
memory/2744-700-0x00000196D4B70000-0x00000196D4B71000-memory.dmp

Filesize
4KB

Download
memory/2744-701-0x00000196D4B70000-0x00000196D4B71000-memory.dmp

Filesize
4KB

Download
memory/2744-712-0x00000196D4B70000-0x00000196D4B71000-memory.dmp

Filesize
4KB

Download
memory/2744-711-0x00000196D4B70000-0x00000196D4B71000-memory.dmp

Filesize
4KB

Download
memory/2744-710-0x00000196D4B70000-0x00000196D4B71000-memory.dmp

Filesize
4KB

Download
memory/2744-709-0x00000196D4B70000-0x00000196D4B71000-memory.dmp

Filesize
4KB

Download
memory/2744-708-0x00000196D4B70000-0x00000196D4B71000-memory.dmp

Filesize
4KB

Download
memory/2744-707-0x00000196D4B70000-0x00000196D4B71000-memory.dmp

Filesize
4KB

Download
memory/2744-706-0x00000196D4B70000-0x00000196D4B71000-memory.dmp

Filesize
4KB

Download