413a460fae724b972ab9c52aeab029552245555c7df5b79eb2a6529e1dd7a090

Analysis

max time kernel
68s
max time network
131s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-02-2023 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Salwyrr Launcher Installer.exe
Size

46KB
MD5

38633bfef3c1fe505a39a688b5c31828
SHA1

4e053e5ca9e8bfcf372b4331b18c36d637332bbc
SHA256

413a460fae724b972ab9c52aeab029552245555c7df5b79eb2a6529e1dd7a090
SHA512

812ebfa26ff63ade8ab4851230fe47c0ffb797b5a8c48d6ab7ad3293a4995c088bedb8ca7ad6c48a63b3c7f60cdf5b2b318b39dc232ef2096721aba7734ea8f7
SSDEEP

768:PE55gC6d1VepljbMBMxECL67qtjMGF9TtgmAtugTtyKr:svh6dTepljLEf44u4mMuAyKr

Score

8^/10

evasion

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 12 IoCs

evasion

Modify Existing Service

T1031

pid	Process
1948	netsh.exe
1628	netsh.exe
1428	netsh.exe
568	netsh.exe
272	netsh.exe
1100	netsh.exe
1600	netsh.exe
1584	netsh.exe
1704	netsh.exe
592	netsh.exe
968	netsh.exe
2028	netsh.exe

Executes dropped EXE 2 IoCs

pid	Process
1608	javaw.exe
868	Process not Found

Loads dropped DLL 16 IoCs

pid	Process
2008	Salwyrr Launcher Installer.exe
2008	Salwyrr Launcher Installer.exe
2008	Salwyrr Launcher Installer.exe
2008	Salwyrr Launcher Installer.exe
2008	Salwyrr Launcher Installer.exe
1608	javaw.exe
1608	javaw.exe
1608	javaw.exe
1608	javaw.exe
1608	javaw.exe
1392	Process not Found
1392	Process not Found
1392	Process not Found
868	Process not Found
1608	javaw.exe
1608	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2008	Salwyrr Launcher Installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1428	2008	Salwyrr Launcher Installer.exe	27
PID 2008 wrote to memory of 1428	2008	Salwyrr Launcher Installer.exe	27
PID 2008 wrote to memory of 1428	2008	Salwyrr Launcher Installer.exe	27
PID 2008 wrote to memory of 1428	2008	Salwyrr Launcher Installer.exe	27
PID 2008 wrote to memory of 1428	2008	Salwyrr Launcher Installer.exe	27
PID 2008 wrote to memory of 1428	2008	Salwyrr Launcher Installer.exe	27
PID 2008 wrote to memory of 1428	2008	Salwyrr Launcher Installer.exe	27
PID 2008 wrote to memory of 568	2008	Salwyrr Launcher Installer.exe	29
PID 2008 wrote to memory of 568	2008	Salwyrr Launcher Installer.exe	29
PID 2008 wrote to memory of 568	2008	Salwyrr Launcher Installer.exe	29
PID 2008 wrote to memory of 568	2008	Salwyrr Launcher Installer.exe	29
PID 2008 wrote to memory of 568	2008	Salwyrr Launcher Installer.exe	29
PID 2008 wrote to memory of 568	2008	Salwyrr Launcher Installer.exe	29
PID 2008 wrote to memory of 568	2008	Salwyrr Launcher Installer.exe	29
PID 2008 wrote to memory of 592	2008	Salwyrr Launcher Installer.exe	31
PID 2008 wrote to memory of 592	2008	Salwyrr Launcher Installer.exe	31
PID 2008 wrote to memory of 592	2008	Salwyrr Launcher Installer.exe	31
PID 2008 wrote to memory of 592	2008	Salwyrr Launcher Installer.exe	31
PID 2008 wrote to memory of 592	2008	Salwyrr Launcher Installer.exe	31
PID 2008 wrote to memory of 592	2008	Salwyrr Launcher Installer.exe	31
PID 2008 wrote to memory of 592	2008	Salwyrr Launcher Installer.exe	31
PID 2008 wrote to memory of 272	2008	Salwyrr Launcher Installer.exe	33
PID 2008 wrote to memory of 272	2008	Salwyrr Launcher Installer.exe	33
PID 2008 wrote to memory of 272	2008	Salwyrr Launcher Installer.exe	33
PID 2008 wrote to memory of 272	2008	Salwyrr Launcher Installer.exe	33
PID 2008 wrote to memory of 272	2008	Salwyrr Launcher Installer.exe	33
PID 2008 wrote to memory of 272	2008	Salwyrr Launcher Installer.exe	33
PID 2008 wrote to memory of 272	2008	Salwyrr Launcher Installer.exe	33
PID 2008 wrote to memory of 968	2008	Salwyrr Launcher Installer.exe	35
PID 2008 wrote to memory of 968	2008	Salwyrr Launcher Installer.exe	35
PID 2008 wrote to memory of 968	2008	Salwyrr Launcher Installer.exe	35
PID 2008 wrote to memory of 968	2008	Salwyrr Launcher Installer.exe	35
PID 2008 wrote to memory of 968	2008	Salwyrr Launcher Installer.exe	35
PID 2008 wrote to memory of 968	2008	Salwyrr Launcher Installer.exe	35
PID 2008 wrote to memory of 968	2008	Salwyrr Launcher Installer.exe	35
PID 2008 wrote to memory of 2028	2008	Salwyrr Launcher Installer.exe	37
PID 2008 wrote to memory of 2028	2008	Salwyrr Launcher Installer.exe	37
PID 2008 wrote to memory of 2028	2008	Salwyrr Launcher Installer.exe	37
PID 2008 wrote to memory of 2028	2008	Salwyrr Launcher Installer.exe	37
PID 2008 wrote to memory of 2028	2008	Salwyrr Launcher Installer.exe	37
PID 2008 wrote to memory of 2028	2008	Salwyrr Launcher Installer.exe	37
PID 2008 wrote to memory of 2028	2008	Salwyrr Launcher Installer.exe	37
PID 2008 wrote to memory of 1948	2008	Salwyrr Launcher Installer.exe	39
PID 2008 wrote to memory of 1948	2008	Salwyrr Launcher Installer.exe	39
PID 2008 wrote to memory of 1948	2008	Salwyrr Launcher Installer.exe	39
PID 2008 wrote to memory of 1948	2008	Salwyrr Launcher Installer.exe	39
PID 2008 wrote to memory of 1948	2008	Salwyrr Launcher Installer.exe	39
PID 2008 wrote to memory of 1948	2008	Salwyrr Launcher Installer.exe	39
PID 2008 wrote to memory of 1948	2008	Salwyrr Launcher Installer.exe	39
PID 2008 wrote to memory of 1100	2008	Salwyrr Launcher Installer.exe	41
PID 2008 wrote to memory of 1100	2008	Salwyrr Launcher Installer.exe	41
PID 2008 wrote to memory of 1100	2008	Salwyrr Launcher Installer.exe	41
PID 2008 wrote to memory of 1100	2008	Salwyrr Launcher Installer.exe	41
PID 2008 wrote to memory of 1100	2008	Salwyrr Launcher Installer.exe	41
PID 2008 wrote to memory of 1100	2008	Salwyrr Launcher Installer.exe	41
PID 2008 wrote to memory of 1100	2008	Salwyrr Launcher Installer.exe	41
PID 2008 wrote to memory of 1600	2008	Salwyrr Launcher Installer.exe	43
PID 2008 wrote to memory of 1600	2008	Salwyrr Launcher Installer.exe	43
PID 2008 wrote to memory of 1600	2008	Salwyrr Launcher Installer.exe	43
PID 2008 wrote to memory of 1600	2008	Salwyrr Launcher Installer.exe	43
PID 2008 wrote to memory of 1600	2008	Salwyrr Launcher Installer.exe	43
PID 2008 wrote to memory of 1600	2008	Salwyrr Launcher Installer.exe	43
PID 2008 wrote to memory of 1600	2008	Salwyrr Launcher Installer.exe	43
PID 2008 wrote to memory of 1628	2008	Salwyrr Launcher Installer.exe	45

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher Installer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 1a"
  2⤵
  - Modifies Windows Firewall
  PID:1428
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 1a" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe"
  2⤵
  - Modifies Windows Firewall
  PID:568
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 2a"
  2⤵
  - Modifies Windows Firewall
  PID:592
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 2a" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\jre\bin\javaw.exe"
  2⤵
  - Modifies Windows Firewall
  PID:272
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 3a"
  2⤵
  - Modifies Windows Firewall
  PID:968
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 3a" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\java-runtime-alpha\bin\javaw.exe"
  2⤵
  - Modifies Windows Firewall
  PID:2028
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 1b"
  2⤵
  - Modifies Windows Firewall
  PID:1948
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 1b" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.exe"
  2⤵
  - Modifies Windows Firewall
  PID:1100
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 2b"
  2⤵
  - Modifies Windows Firewall
  PID:1600
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 2b" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\jre\bin\java.exe"
  2⤵
  - Modifies Windows Firewall
  PID:1628
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 3b"
  2⤵
  - Modifies Windows Firewall
  PID:1584
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 3b" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\java-runtime-alpha\bin\java.exe"
  2⤵
  - Modifies Windows Firewall
  PID:1704
- C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe
  "C:\Users\Admin\AppData\Roaming\.Salwyrr/launcher/bootstrap/jre/bin/javaw.exe" -Xmx1G -jar "launcher/bootstrap/updater.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1608

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe

Filesize
223KB

MD5
68f55ca782ebe9bb2f932e3a3d6ffd8a

SHA1
0f13e8e11ce24123bacf23a8b116bc777a0ac072

SHA256
6e6517ee65b753af161608be59bafc72ba3f670e4c48a8eb7e30170b0f0ef80b

SHA512
f6cc93e8b6f9f9ca72c870f2a1711c41bcba8d7ec7cd5d1003fb96e77f7700b1627738ed83493b863424edaba6e3821818b7977252edad3481bb4404c184c76d

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\msvcp120.dll

Filesize
645KB

MD5
4e38c42ff10a1689cf277eadc895d374

SHA1
6e4934c413ff2943ab535c2f7590fda1f4ecf1c2

SHA256
bdd61f3ec686965716c4c6048aa4ef46088739c63d6f314f37f691ef13fd22c3

SHA512
b7e309e3c69a678793465af1c3041bd66adb88cc8c03362bf4b3941881d9f19905ede7fbb8e2fbc2ce0c05495aeef9af99ae17364f37661d0c635310c1b805bb

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\msvcr120.dll

Filesize
944KB

MD5
e9c471b35f7cb4eeccfd7bea873262ac

SHA1
5cd7885b5e81ac9d2fed4015b1080799ead0d384

SHA256
69968e25a8f5554e7b09423a6da659ad6175a2c62725b0ae42a70c99f424cc69

SHA512
1a7351cf3f205f804eb796b57cbcce49b4bcd8c0edc9c62af130df0d3f8b61d56663b51bf1caccce8ea1862dcc1b61d85dda36ab9fd2b6eb42d7d4d550eca2ca

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\server\jvm.dll

Filesize
8.4MB

MD5
62fffae8a5d1fc7cf105ae5cf0073ca5

SHA1
bf4fcddf4551a36a211670581897beeeda898f9b

SHA256
1689d8a76fd30487f63a1227a2a47d4f017a8eca0045eb4b04d06a876155e4bf

SHA512
737324142c2c0d53bd7ac4f09552241c770f58051189397b59996688a2751396209df9d8c5f442a60858728b7e31a5885c011d74733f86301b3f52573bec0d86

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\sunec.dll

Filesize
139KB

MD5
a0990f0a1d3bd9222f7f97f3d9786efa

SHA1
63bc9c4ed285e977ae80e909a42d243ab873fa5c

SHA256
660d0b884e9daf7ba050caed8e63f076336aafd8799ecfe1fbd9a95ce0df02f6

SHA512
e5311eb8691561d45c4adab1ebcfd71baa66140345a70926709f28cf55d48577aceb37751412b6a29abc417da45f5a86f310e4c0fa6b68a8e0fabd4cc0b62a4d

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\verify.dll

Filesize
54KB

MD5
e550fce5ee668230ae0b71bf702fde82

SHA1
8efbe790a626d70ec59f28ba907eabd9f13e7932

SHA256
96cbf775c060744cf158d811b0f45c4abfa9a89d7ff9920ab1bbe05c283e8224

SHA512
7a5a1270391a096a81c868e8c1cd9fe2cbb0dfea53c388c636c7e5c4012b13ebc7eee1b54b563b6def263874784b57c5b131757b393a1e5831958e3f18313106

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\zip.dll

Filesize
84KB

MD5
14eab665f7878d3de543e381cd6b1c59

SHA1
b8495257225ca855a38edb88111b6a5a6c457e03

SHA256
1ede94dd6c5521fbd22796ce171164c2712604eacaca0179112f5f0b93959c20

SHA512
9058133e890678246bf9249dbfdf7020e3ba069e4c4e0b368e4e2fd06606ce975e6011d3370a95b7ec3527885b53d37fc87b405e7714a77352ea32e6f7a91a2f

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\amd64\jvm.cfg

Filesize
1KB

MD5
c60e77ff5f3887c743971e73e6f0e0b1

SHA1
9b0cfd38ec5b7bd5bd1c364dee2e1b452a063c02

SHA256
23f728cc2bf14e62d454190ea0139f159031b5bd9c3f141ca9237c4c5c96ec1d

SHA512
07aca3de1a03a3b64b691fd41e35e6596760baf24c4f24e86fca87d2acf3a4814b17cd9751adc2dcd0689848f3d582fb3ee01d413e3a61d1d98397d72fe545e9

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\ext\jfxrt.jar

Filesize
9.7MB

MD5
8cc3d2ae8bd584aa50b3c2cb31d41296

SHA1
60a52c79669b6190fb64d303f43ecdee2febddfd

SHA256
7901fdc730540b39636317efeeb3f73a632b068077ac43100c928a288719e349

SHA512
18473bd6e365aca2390d68e8127ecc756b69f09d68e760e627e56f9037568b61fbd5dad81b6a12b48f1cd2fefac555d11cbf23a4fd22445f3aa74cf22be8d21f

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\ext\meta-index

Filesize
729B

MD5
c13d39595f3ab17500d6963b323558a5

SHA1
65e8806bdc09e1433e0c9c4ccbce759a3db0df98

SHA256
f3c5b6ec18f23aabcb3c33ae6972c5f65fc3220196e4a3081e25341ce530cf64

SHA512
9e5821660a85337ad94a7d8dd488ca400e58046af7ab0785080b257c35d22462304b59d157579c3d79315a9d51bad3970988a8e45f34d8d741265f6e3ff202d1

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\ext\sunec.jar

Filesize
37KB

MD5
d18aeb8c2924ecf099a595784335a2d8

SHA1
b85c9bb17fc2c04e33e627f3c7ad7de0f6d2f093

SHA256
9d40bd263a740d757848caa677014b26feca781c06c037abedd05bb84e6671b6

SHA512
e71dc069b3e7c07ab65231eaed76efb70cd4fae71958de3a81ac54dba2399118842501ee414dd4e24a0e9fba536574f044d8a71e44e4344e44533d6a08d7e5be

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\jce.jar

Filesize
94KB

MD5
370320b75a692da11c577049511d72f7

SHA1
c82d11222c0d90da62471f2bd5035190a66af591

SHA256
b0c1d61a8cc03193020349653216a482b5924fb0dc3310a0fdb8f00261d3a194

SHA512
fbcd5428a90cb809b80f7b53c94a960948799559ef5ca42812742460204bed87aee1fa03a124686085d9c3bb4e3ef767eb52aa3be883b0b51137edf3a18d725a

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\jfr.jar

Filesize
868KB

MD5
a5baca209f6b3e144e44029aee4ab71b

SHA1
419586d970faed52472dae63065c3d7ccc4d27c0

SHA256
58b290db3417a178c4e1d33bbfdd05f89981e328e70a83d98cc1fc91f8e7d911

SHA512
c855fdd1a1836913a07c9d1353a62d00d6e5d88f4701fdf303877a7faa59074c525e8da59a9af0072455657069bda9e51f452d6b56c34faec1c22a35aabffa5a

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\jsse.jar

Filesize
1.8MB

MD5
07bb3c71f1c17925da6309f088cdd3a3

SHA1
7e248490e7913bdfe5a8adca0f63cf2e8bb7f690

SHA256
01ce4ad1ca12b28b6d8f415444dbe63637ca6c4ee6370ec4cd563c50aac8b2c4

SHA512
667553e4fb35a1ffd40a94ea56e6c2fdd652e85c588a51d67e22c25964e6ba690b8fc5194b0ebfd774f5cb6f551551d01119cb5c6b8ade6017441b02acf882b4

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\meta-index

Filesize
1KB

MD5
83964354d8e8e69dfc1001f01682bd70

SHA1
1f2012a464683ccc1c284d51b20778811641b2ee

SHA256
dff270e76bd7d851cbcf79702aebd71122c3a9e93836ae4e9f650234a754b5c3

SHA512
4be6e0c8ed2bd2f59286bbfa5041676f352e32731e070d7c26511e1e570bd8d6940ff2cc59b0e1656c9c8b3f86186a34709dbf19c303d80840307dacc39d9956

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\rt.jar

Filesize
60.2MB

MD5
0070af149ddf6e36268ae49ccbbb9a65

SHA1
64dd548ece5f88717b96a2bdc63d1d40cf6192ce

SHA256
5233b5c2ab1da4cba5bf180b38bfc07f086fd0228621e71f73d6e0b5fa8db85e

SHA512
1c2918114d9ae3c5ce3117168c16c85b2a877f7bf5cf734806246c254dae21f00cdf179181c7290b79be71113d5415d2b37d39ff0db195e951d3282c34e68134

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\security\java.security

Filesize
53KB

MD5
f493af6814af8e96ca9837ce371cc23d

SHA1
8e5e6a29534ee0f6d7722ad902906b8cb2371788

SHA256
16193caa769dec20886a57b3863a431a17de7374a8a13c4a342207be191ab40a

SHA512
fc8ab5b239e565840ad56fbfddb355153b2b4b41891b85c7be6cbc1f59a8d630be042e21f96434d630cb57e439c95bd057efe721fc2c469ddc1f06781ec9e9fe

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\updater.jar

Filesize
807KB

MD5
a616e898ea735980492f41da00f88f39

SHA1
6de46eb8ddc768bb6652d45fe59904371e153c5d

SHA256
f018c09f5f093f5aa02fe54efb36d2c79382da298bdd16731f22a51ad69bf240

SHA512
130337c5738e9cee84dff629c5d4a34f9b2bbf587e7b0eaa518075a76a8086854e7604c9ae23455eca239fbbf36c3c1472b477d306a347a1dba9b1c63c61ee3d

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe

Filesize
223KB

MD5
68f55ca782ebe9bb2f932e3a3d6ffd8a

SHA1
0f13e8e11ce24123bacf23a8b116bc777a0ac072

SHA256
6e6517ee65b753af161608be59bafc72ba3f670e4c48a8eb7e30170b0f0ef80b

SHA512
f6cc93e8b6f9f9ca72c870f2a1711c41bcba8d7ec7cd5d1003fb96e77f7700b1627738ed83493b863424edaba6e3821818b7977252edad3481bb4404c184c76d

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe

Filesize
223KB

MD5
68f55ca782ebe9bb2f932e3a3d6ffd8a

SHA1
0f13e8e11ce24123bacf23a8b116bc777a0ac072

SHA256
6e6517ee65b753af161608be59bafc72ba3f670e4c48a8eb7e30170b0f0ef80b

SHA512
f6cc93e8b6f9f9ca72c870f2a1711c41bcba8d7ec7cd5d1003fb96e77f7700b1627738ed83493b863424edaba6e3821818b7977252edad3481bb4404c184c76d

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe

Filesize
223KB

MD5
68f55ca782ebe9bb2f932e3a3d6ffd8a

SHA1
0f13e8e11ce24123bacf23a8b116bc777a0ac072

SHA256
6e6517ee65b753af161608be59bafc72ba3f670e4c48a8eb7e30170b0f0ef80b

SHA512
f6cc93e8b6f9f9ca72c870f2a1711c41bcba8d7ec7cd5d1003fb96e77f7700b1627738ed83493b863424edaba6e3821818b7977252edad3481bb4404c184c76d

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe

Filesize
223KB

MD5
68f55ca782ebe9bb2f932e3a3d6ffd8a

SHA1
0f13e8e11ce24123bacf23a8b116bc777a0ac072

SHA256
6e6517ee65b753af161608be59bafc72ba3f670e4c48a8eb7e30170b0f0ef80b

SHA512
f6cc93e8b6f9f9ca72c870f2a1711c41bcba8d7ec7cd5d1003fb96e77f7700b1627738ed83493b863424edaba6e3821818b7977252edad3481bb4404c184c76d

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\msvcp120.dll

Filesize
645KB

MD5
4e38c42ff10a1689cf277eadc895d374

SHA1
6e4934c413ff2943ab535c2f7590fda1f4ecf1c2

SHA256
bdd61f3ec686965716c4c6048aa4ef46088739c63d6f314f37f691ef13fd22c3

SHA512
b7e309e3c69a678793465af1c3041bd66adb88cc8c03362bf4b3941881d9f19905ede7fbb8e2fbc2ce0c05495aeef9af99ae17364f37661d0c635310c1b805bb

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\msvcr120.dll

Filesize
944KB

MD5
e9c471b35f7cb4eeccfd7bea873262ac

SHA1
5cd7885b5e81ac9d2fed4015b1080799ead0d384

SHA256
69968e25a8f5554e7b09423a6da659ad6175a2c62725b0ae42a70c99f424cc69

SHA512
1a7351cf3f205f804eb796b57cbcce49b4bcd8c0edc9c62af130df0d3f8b61d56663b51bf1caccce8ea1862dcc1b61d85dda36ab9fd2b6eb42d7d4d550eca2ca

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\server\jvm.dll

Filesize
8.4MB

MD5
62fffae8a5d1fc7cf105ae5cf0073ca5

SHA1
bf4fcddf4551a36a211670581897beeeda898f9b

SHA256
1689d8a76fd30487f63a1227a2a47d4f017a8eca0045eb4b04d06a876155e4bf

SHA512
737324142c2c0d53bd7ac4f09552241c770f58051189397b59996688a2751396209df9d8c5f442a60858728b7e31a5885c011d74733f86301b3f52573bec0d86

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\sunec.dll

Filesize
139KB

MD5
a0990f0a1d3bd9222f7f97f3d9786efa

SHA1
63bc9c4ed285e977ae80e909a42d243ab873fa5c

SHA256
660d0b884e9daf7ba050caed8e63f076336aafd8799ecfe1fbd9a95ce0df02f6

SHA512
e5311eb8691561d45c4adab1ebcfd71baa66140345a70926709f28cf55d48577aceb37751412b6a29abc417da45f5a86f310e4c0fa6b68a8e0fabd4cc0b62a4d

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\verify.dll

Filesize
54KB

MD5
e550fce5ee668230ae0b71bf702fde82

SHA1
8efbe790a626d70ec59f28ba907eabd9f13e7932

SHA256
96cbf775c060744cf158d811b0f45c4abfa9a89d7ff9920ab1bbe05c283e8224

SHA512
7a5a1270391a096a81c868e8c1cd9fe2cbb0dfea53c388c636c7e5c4012b13ebc7eee1b54b563b6def263874784b57c5b131757b393a1e5831958e3f18313106

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\zip.dll

Filesize
84KB

MD5
14eab665f7878d3de543e381cd6b1c59

SHA1
b8495257225ca855a38edb88111b6a5a6c457e03

SHA256
1ede94dd6c5521fbd22796ce171164c2712604eacaca0179112f5f0b93959c20

SHA512
9058133e890678246bf9249dbfdf7020e3ba069e4c4e0b368e4e2fd06606ce975e6011d3370a95b7ec3527885b53d37fc87b405e7714a77352ea32e6f7a91a2f

Download Submit
memory/1608-116-0x00000000021D0000-0x00000000031D0000-memory.dmp

Filesize
16.0MB

Download
memory/1608-133-0x00000000021D0000-0x00000000031D0000-memory.dmp

Filesize
16.0MB

Download
memory/1608-92-0x000007FEFB9B1000-0x000007FEFB9B3000-memory.dmp

Filesize
8KB

Download
memory/2008-54-0x0000000075A81000-0x0000000075A83000-memory.dmp

Filesize
8KB

Download
memory/2008-83-0x0000000000420000-0x000000000042A000-memory.dmp

Filesize
40KB

Download
memory/2008-56-0x0000000000420000-0x000000000042A000-memory.dmp

Filesize
40KB

Download
memory/2008-58-0x0000000004DC5000-0x0000000004DD6000-memory.dmp

Filesize
68KB

Download
memory/2008-57-0x0000000000420000-0x000000000042A000-memory.dmp

Filesize
40KB

Download
memory/2008-55-0x0000000000C20000-0x0000000000C2E000-memory.dmp

Filesize
56KB

Download
memory/2008-84-0x0000000004DC5000-0x0000000004DD6000-memory.dmp

Filesize
68KB

Download