6e6517ee65b753af161608be59bafc72ba3f670e4c48a8eb7e30170b0f0ef80b

Analysis

max time kernel
149s
max time network
166s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/02/2023, 17:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

javaw.exe
Size

223KB
MD5

68f55ca782ebe9bb2f932e3a3d6ffd8a
SHA1

0f13e8e11ce24123bacf23a8b116bc777a0ac072
SHA256

6e6517ee65b753af161608be59bafc72ba3f670e4c48a8eb7e30170b0f0ef80b
SHA512

f6cc93e8b6f9f9ca72c870f2a1711c41bcba8d7ec7cd5d1003fb96e77f7700b1627738ed83493b863424edaba6e3821818b7977252edad3481bb4404c184c76d
SSDEEP

6144:WogqpfnQKiMHATT2JzOvflsoLsyx9TBM2z67k//4YW:WoPpf1ikDzQFRx9T51H4x

Score

8^/10

evasion

Malware Config

Signatures

Downloads MZ/PE file

Modifies Windows Firewall 1 TTPs 12 IoCs

evasion

Modify Existing Service

T1031

pid	Process
2472	netsh.exe
992	netsh.exe
2520	netsh.exe
2628	netsh.exe
2556	netsh.exe
2760	netsh.exe
2440	netsh.exe
2388	netsh.exe
1088	netsh.exe
2548	netsh.exe
1624	netsh.exe
2332	netsh.exe

Executes dropped EXE 3 IoCs

pid	Process
2952	javaw.exe
884	Process not Found
2364	javaw.exe

Loads dropped DLL 30 IoCs

pid	Process
2256	Salwyrr Launcher Installer.exe
2256	Salwyrr Launcher Installer.exe
2256	Salwyrr Launcher Installer.exe
2256	Salwyrr Launcher Installer.exe
2256	Salwyrr Launcher Installer.exe
2952	javaw.exe
2952	javaw.exe
2952	javaw.exe
2952	javaw.exe
2952	javaw.exe
2952	javaw.exe
2952	javaw.exe
2952	javaw.exe
1244	Process not Found
1244	Process not Found
1244	Process not Found
884	Process not Found
2952	javaw.exe
2952	javaw.exe
2952	javaw.exe
2952	javaw.exe
876	cmd.exe
876	cmd.exe
876	cmd.exe
2364	javaw.exe
2364	javaw.exe
2364	javaw.exe
2364	javaw.exe
2364	javaw.exe
2364	javaw.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1768	chrome.exe
2972	chrome.exe
2228	chrome.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2256	Salwyrr Launcher Installer.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2952	javaw.exe
2952	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2332	2256	Salwyrr Launcher Installer.exe	63
PID 2256 wrote to memory of 2332	2256	Salwyrr Launcher Installer.exe	63
PID 2256 wrote to memory of 2332	2256	Salwyrr Launcher Installer.exe	63
PID 2256 wrote to memory of 2332	2256	Salwyrr Launcher Installer.exe	63
PID 2256 wrote to memory of 2332	2256	Salwyrr Launcher Installer.exe	63
PID 2256 wrote to memory of 2332	2256	Salwyrr Launcher Installer.exe	63
PID 2256 wrote to memory of 2332	2256	Salwyrr Launcher Installer.exe	63
PID 2256 wrote to memory of 2440	2256	Salwyrr Launcher Installer.exe	65
PID 2256 wrote to memory of 2440	2256	Salwyrr Launcher Installer.exe	65
PID 2256 wrote to memory of 2440	2256	Salwyrr Launcher Installer.exe	65
PID 2256 wrote to memory of 2440	2256	Salwyrr Launcher Installer.exe	65
PID 2256 wrote to memory of 2440	2256	Salwyrr Launcher Installer.exe	65
PID 2256 wrote to memory of 2440	2256	Salwyrr Launcher Installer.exe	65
PID 2256 wrote to memory of 2440	2256	Salwyrr Launcher Installer.exe	65
PID 2256 wrote to memory of 2388	2256	Salwyrr Launcher Installer.exe	67
PID 2256 wrote to memory of 2388	2256	Salwyrr Launcher Installer.exe	67
PID 2256 wrote to memory of 2388	2256	Salwyrr Launcher Installer.exe	67
PID 2256 wrote to memory of 2388	2256	Salwyrr Launcher Installer.exe	67
PID 2256 wrote to memory of 2388	2256	Salwyrr Launcher Installer.exe	67
PID 2256 wrote to memory of 2388	2256	Salwyrr Launcher Installer.exe	67
PID 2256 wrote to memory of 2388	2256	Salwyrr Launcher Installer.exe	67
PID 2256 wrote to memory of 2472	2256	Salwyrr Launcher Installer.exe	69
PID 2256 wrote to memory of 2472	2256	Salwyrr Launcher Installer.exe	69
PID 2256 wrote to memory of 2472	2256	Salwyrr Launcher Installer.exe	69
PID 2256 wrote to memory of 2472	2256	Salwyrr Launcher Installer.exe	69
PID 2256 wrote to memory of 2472	2256	Salwyrr Launcher Installer.exe	69
PID 2256 wrote to memory of 2472	2256	Salwyrr Launcher Installer.exe	69
PID 2256 wrote to memory of 2472	2256	Salwyrr Launcher Installer.exe	69
PID 2256 wrote to memory of 1088	2256	Salwyrr Launcher Installer.exe	71
PID 2256 wrote to memory of 1088	2256	Salwyrr Launcher Installer.exe	71
PID 2256 wrote to memory of 1088	2256	Salwyrr Launcher Installer.exe	71
PID 2256 wrote to memory of 1088	2256	Salwyrr Launcher Installer.exe	71
PID 2256 wrote to memory of 1088	2256	Salwyrr Launcher Installer.exe	71
PID 2256 wrote to memory of 1088	2256	Salwyrr Launcher Installer.exe	71
PID 2256 wrote to memory of 1088	2256	Salwyrr Launcher Installer.exe	71
PID 2256 wrote to memory of 992	2256	Salwyrr Launcher Installer.exe	73
PID 2256 wrote to memory of 992	2256	Salwyrr Launcher Installer.exe	73
PID 2256 wrote to memory of 992	2256	Salwyrr Launcher Installer.exe	73
PID 2256 wrote to memory of 992	2256	Salwyrr Launcher Installer.exe	73
PID 2256 wrote to memory of 992	2256	Salwyrr Launcher Installer.exe	73
PID 2256 wrote to memory of 992	2256	Salwyrr Launcher Installer.exe	73
PID 2256 wrote to memory of 992	2256	Salwyrr Launcher Installer.exe	73
PID 2256 wrote to memory of 2520	2256	Salwyrr Launcher Installer.exe	75
PID 2256 wrote to memory of 2520	2256	Salwyrr Launcher Installer.exe	75
PID 2256 wrote to memory of 2520	2256	Salwyrr Launcher Installer.exe	75
PID 2256 wrote to memory of 2520	2256	Salwyrr Launcher Installer.exe	75
PID 2256 wrote to memory of 2520	2256	Salwyrr Launcher Installer.exe	75
PID 2256 wrote to memory of 2520	2256	Salwyrr Launcher Installer.exe	75
PID 2256 wrote to memory of 2520	2256	Salwyrr Launcher Installer.exe	75
PID 2256 wrote to memory of 2628	2256	Salwyrr Launcher Installer.exe	77
PID 2256 wrote to memory of 2628	2256	Salwyrr Launcher Installer.exe	77
PID 2256 wrote to memory of 2628	2256	Salwyrr Launcher Installer.exe	77
PID 2256 wrote to memory of 2628	2256	Salwyrr Launcher Installer.exe	77
PID 2256 wrote to memory of 2628	2256	Salwyrr Launcher Installer.exe	77
PID 2256 wrote to memory of 2628	2256	Salwyrr Launcher Installer.exe	77
PID 2256 wrote to memory of 2628	2256	Salwyrr Launcher Installer.exe	77
PID 2256 wrote to memory of 2556	2256	Salwyrr Launcher Installer.exe	79
PID 2256 wrote to memory of 2556	2256	Salwyrr Launcher Installer.exe	79
PID 2256 wrote to memory of 2556	2256	Salwyrr Launcher Installer.exe	79
PID 2256 wrote to memory of 2556	2256	Salwyrr Launcher Installer.exe	79
PID 2256 wrote to memory of 2556	2256	Salwyrr Launcher Installer.exe	79
PID 2256 wrote to memory of 2556	2256	Salwyrr Launcher Installer.exe	79
PID 2256 wrote to memory of 2556	2256	Salwyrr Launcher Installer.exe	79
PID 2256 wrote to memory of 2548	2256	Salwyrr Launcher Installer.exe	81

C:\Users\Admin\AppData\Local\Temp\javaw.exe
"C:\Users\Admin\AppData\Local\Temp\javaw.exe"
1⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72c4f50,0x7fef72c4f60,0x7fef72c4f70
1⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1244 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1052 /prefetch:2
1⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1832 /prefetch:8
1⤵
PID:904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
1⤵
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
1⤵
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
1⤵
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3288 /prefetch:2
1⤵
PID:1920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
1⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3528 /prefetch:8
1⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3560 /prefetch:8
1⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3848 /prefetch:8
1⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3880 /prefetch:8
1⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3892 /prefetch:8
1⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3904 /prefetch:8
1⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4128 /prefetch:8
1⤵
PID:2304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3912 /prefetch:8
1⤵
PID:2312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3916 /prefetch:8
1⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3948 /prefetch:8
1⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4004 /prefetch:8
1⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
1⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
1⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
1⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
1⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
1⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
1⤵
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4384 /prefetch:8
1⤵
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4444 /prefetch:8
1⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4604 /prefetch:8
1⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4592 /prefetch:8
1⤵
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=108 /prefetch:8
1⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3676 /prefetch:8
1⤵
PID:2216

C:\Users\Admin\Downloads\Salwyrr Launcher Installer.exe
"C:\Users\Admin\Downloads\Salwyrr Launcher Installer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 1a"
  2⤵
  - Modifies Windows Firewall
  PID:2332
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 1a" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe"
  2⤵
  - Modifies Windows Firewall
  PID:2440
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 2a"
  2⤵
  - Modifies Windows Firewall
  PID:2388
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 2a" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\jre\bin\javaw.exe"
  2⤵
  - Modifies Windows Firewall
  PID:2472
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 3a"
  2⤵
  - Modifies Windows Firewall
  PID:1088
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 3a" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\java-runtime-alpha\bin\javaw.exe"
  2⤵
  - Modifies Windows Firewall
  PID:992
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 1b"
  2⤵
  - Modifies Windows Firewall
  PID:2520
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 1b" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.exe"
  2⤵
  - Modifies Windows Firewall
  PID:2628
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 2b"
  2⤵
  - Modifies Windows Firewall
  PID:2556
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 2b" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\jre\bin\java.exe"
  2⤵
  - Modifies Windows Firewall
  PID:2548
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall show rule name="Salwyrr Client Java 3b"
  2⤵
  - Modifies Windows Firewall
  PID:1624
- C:\Windows\SysWOW64\netsh.exe
  "netsh" advfirewall firewall add rule name="Salwyrr Client Java 3b" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\java-runtime-alpha\bin\java.exe"
  2⤵
  - Modifies Windows Firewall
  PID:2760
- C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe
  "C:\Users\Admin\AppData\Roaming\.Salwyrr/launcher/bootstrap/jre/bin/javaw.exe" -Xmx1G -jar "launcher/bootstrap/updater.jar"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2952
- - C:\Windows\system32\cmd.exe
    cmd.exe /c ""C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw" -Xmx512m -cp "C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\launcher.jar" fr.salwyrr.launcher.frames.Main --salwyrr salwyrr "
    3⤵
    - Loads dropped DLL
    PID:876
  - - C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe
      "C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw" -Xmx512m -cp "C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\launcher.jar" fr.salwyrr.launcher.frames.Main --salwyrr salwyrr
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1016,9498339605048148560,15528983353084962305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2228

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe

Filesize
223KB

MD5
68f55ca782ebe9bb2f932e3a3d6ffd8a

SHA1
0f13e8e11ce24123bacf23a8b116bc777a0ac072

SHA256
6e6517ee65b753af161608be59bafc72ba3f670e4c48a8eb7e30170b0f0ef80b

SHA512
f6cc93e8b6f9f9ca72c870f2a1711c41bcba8d7ec7cd5d1003fb96e77f7700b1627738ed83493b863424edaba6e3821818b7977252edad3481bb4404c184c76d

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\msvcp120.dll

Filesize
645KB

MD5
4e38c42ff10a1689cf277eadc895d374

SHA1
6e4934c413ff2943ab535c2f7590fda1f4ecf1c2

SHA256
bdd61f3ec686965716c4c6048aa4ef46088739c63d6f314f37f691ef13fd22c3

SHA512
b7e309e3c69a678793465af1c3041bd66adb88cc8c03362bf4b3941881d9f19905ede7fbb8e2fbc2ce0c05495aeef9af99ae17364f37661d0c635310c1b805bb

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\msvcr120.dll

Filesize
944KB

MD5
e9c471b35f7cb4eeccfd7bea873262ac

SHA1
5cd7885b5e81ac9d2fed4015b1080799ead0d384

SHA256
69968e25a8f5554e7b09423a6da659ad6175a2c62725b0ae42a70c99f424cc69

SHA512
1a7351cf3f205f804eb796b57cbcce49b4bcd8c0edc9c62af130df0d3f8b61d56663b51bf1caccce8ea1862dcc1b61d85dda36ab9fd2b6eb42d7d4d550eca2ca

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\server\jvm.dll

Filesize
8.4MB

MD5
62fffae8a5d1fc7cf105ae5cf0073ca5

SHA1
bf4fcddf4551a36a211670581897beeeda898f9b

SHA256
1689d8a76fd30487f63a1227a2a47d4f017a8eca0045eb4b04d06a876155e4bf

SHA512
737324142c2c0d53bd7ac4f09552241c770f58051189397b59996688a2751396209df9d8c5f442a60858728b7e31a5885c011d74733f86301b3f52573bec0d86

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\sunec.dll

Filesize
139KB

MD5
a0990f0a1d3bd9222f7f97f3d9786efa

SHA1
63bc9c4ed285e977ae80e909a42d243ab873fa5c

SHA256
660d0b884e9daf7ba050caed8e63f076336aafd8799ecfe1fbd9a95ce0df02f6

SHA512
e5311eb8691561d45c4adab1ebcfd71baa66140345a70926709f28cf55d48577aceb37751412b6a29abc417da45f5a86f310e4c0fa6b68a8e0fabd4cc0b62a4d

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\verify.dll

Filesize
54KB

MD5
e550fce5ee668230ae0b71bf702fde82

SHA1
8efbe790a626d70ec59f28ba907eabd9f13e7932

SHA256
96cbf775c060744cf158d811b0f45c4abfa9a89d7ff9920ab1bbe05c283e8224

SHA512
7a5a1270391a096a81c868e8c1cd9fe2cbb0dfea53c388c636c7e5c4012b13ebc7eee1b54b563b6def263874784b57c5b131757b393a1e5831958e3f18313106

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\zip.dll

Filesize
84KB

MD5
14eab665f7878d3de543e381cd6b1c59

SHA1
b8495257225ca855a38edb88111b6a5a6c457e03

SHA256
1ede94dd6c5521fbd22796ce171164c2712604eacaca0179112f5f0b93959c20

SHA512
9058133e890678246bf9249dbfdf7020e3ba069e4c4e0b368e4e2fd06606ce975e6011d3370a95b7ec3527885b53d37fc87b405e7714a77352ea32e6f7a91a2f

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\amd64\jvm.cfg

Filesize
1KB

MD5
c60e77ff5f3887c743971e73e6f0e0b1

SHA1
9b0cfd38ec5b7bd5bd1c364dee2e1b452a063c02

SHA256
23f728cc2bf14e62d454190ea0139f159031b5bd9c3f141ca9237c4c5c96ec1d

SHA512
07aca3de1a03a3b64b691fd41e35e6596760baf24c4f24e86fca87d2acf3a4814b17cd9751adc2dcd0689848f3d582fb3ee01d413e3a61d1d98397d72fe545e9

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\ext\jfxrt.jar

Filesize
9.7MB

MD5
8cc3d2ae8bd584aa50b3c2cb31d41296

SHA1
60a52c79669b6190fb64d303f43ecdee2febddfd

SHA256
7901fdc730540b39636317efeeb3f73a632b068077ac43100c928a288719e349

SHA512
18473bd6e365aca2390d68e8127ecc756b69f09d68e760e627e56f9037568b61fbd5dad81b6a12b48f1cd2fefac555d11cbf23a4fd22445f3aa74cf22be8d21f

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\ext\meta-index

Filesize
729B

MD5
c13d39595f3ab17500d6963b323558a5

SHA1
65e8806bdc09e1433e0c9c4ccbce759a3db0df98

SHA256
f3c5b6ec18f23aabcb3c33ae6972c5f65fc3220196e4a3081e25341ce530cf64

SHA512
9e5821660a85337ad94a7d8dd488ca400e58046af7ab0785080b257c35d22462304b59d157579c3d79315a9d51bad3970988a8e45f34d8d741265f6e3ff202d1

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\ext\sunec.jar

Filesize
37KB

MD5
d18aeb8c2924ecf099a595784335a2d8

SHA1
b85c9bb17fc2c04e33e627f3c7ad7de0f6d2f093

SHA256
9d40bd263a740d757848caa677014b26feca781c06c037abedd05bb84e6671b6

SHA512
e71dc069b3e7c07ab65231eaed76efb70cd4fae71958de3a81ac54dba2399118842501ee414dd4e24a0e9fba536574f044d8a71e44e4344e44533d6a08d7e5be

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\ext\sunjce_provider.jar

Filesize
269KB

MD5
796ebd3d14059d7c8522516a11fe2bfd

SHA1
9e4f18fdfcca7c15cf0b003e2bdfb66849b8eeb8

SHA256
0d37bffbe2995cc5810a10e87244137d2f9c3cdf4577203d194be56507a48213

SHA512
be0e9022ba85b93c17041067e7fe80399af62bfa7f443117100033dba1fdecb26ce023a7034a51b26dd5f58f01c79dde604c301fc93b19b30bbb137dfb23a141

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\jce.jar

Filesize
94KB

MD5
370320b75a692da11c577049511d72f7

SHA1
c82d11222c0d90da62471f2bd5035190a66af591

SHA256
b0c1d61a8cc03193020349653216a482b5924fb0dc3310a0fdb8f00261d3a194

SHA512
fbcd5428a90cb809b80f7b53c94a960948799559ef5ca42812742460204bed87aee1fa03a124686085d9c3bb4e3ef767eb52aa3be883b0b51137edf3a18d725a

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\jfr.jar

Filesize
868KB

MD5
a5baca209f6b3e144e44029aee4ab71b

SHA1
419586d970faed52472dae63065c3d7ccc4d27c0

SHA256
58b290db3417a178c4e1d33bbfdd05f89981e328e70a83d98cc1fc91f8e7d911

SHA512
c855fdd1a1836913a07c9d1353a62d00d6e5d88f4701fdf303877a7faa59074c525e8da59a9af0072455657069bda9e51f452d6b56c34faec1c22a35aabffa5a

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\jsse.jar

Filesize
1.8MB

MD5
07bb3c71f1c17925da6309f088cdd3a3

SHA1
7e248490e7913bdfe5a8adca0f63cf2e8bb7f690

SHA256
01ce4ad1ca12b28b6d8f415444dbe63637ca6c4ee6370ec4cd563c50aac8b2c4

SHA512
667553e4fb35a1ffd40a94ea56e6c2fdd652e85c588a51d67e22c25964e6ba690b8fc5194b0ebfd774f5cb6f551551d01119cb5c6b8ade6017441b02acf882b4

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\meta-index

Filesize
1KB

MD5
83964354d8e8e69dfc1001f01682bd70

SHA1
1f2012a464683ccc1c284d51b20778811641b2ee

SHA256
dff270e76bd7d851cbcf79702aebd71122c3a9e93836ae4e9f650234a754b5c3

SHA512
4be6e0c8ed2bd2f59286bbfa5041676f352e32731e070d7c26511e1e570bd8d6940ff2cc59b0e1656c9c8b3f86186a34709dbf19c303d80840307dacc39d9956

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\rt.jar

Filesize
60.2MB

MD5
0070af149ddf6e36268ae49ccbbb9a65

SHA1
64dd548ece5f88717b96a2bdc63d1d40cf6192ce

SHA256
5233b5c2ab1da4cba5bf180b38bfc07f086fd0228621e71f73d6e0b5fa8db85e

SHA512
1c2918114d9ae3c5ce3117168c16c85b2a877f7bf5cf734806246c254dae21f00cdf179181c7290b79be71113d5415d2b37d39ff0db195e951d3282c34e68134

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\security\java.security

Filesize
53KB

MD5
f493af6814af8e96ca9837ce371cc23d

SHA1
8e5e6a29534ee0f6d7722ad902906b8cb2371788

SHA256
16193caa769dec20886a57b3863a431a17de7374a8a13c4a342207be191ab40a

SHA512
fc8ab5b239e565840ad56fbfddb355153b2b4b41891b85c7be6cbc1f59a8d630be042e21f96434d630cb57e439c95bd057efe721fc2c469ddc1f06781ec9e9fe

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\security\policy\unlimited\US_export_policy.jar

Filesize
619B

MD5
4cdb7e49d67539088cbf4b32693d67c3

SHA1
dcc2adf5dcb0ff71af1c3b84e5669c5552d1d47e

SHA256
04f4fc5ce823280af75a28bcf9b6fb8c2993dc84a533b45e4b9ee18d1093eee1

SHA512
6923b8a46f3e9d25019c42a1ba4c2a762018669763fa519b91a2400f27d82ab60dbb9ab8d646da27e960ed5da6094b722b22be5c799159fa3416400229f3f92c

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\lib\security\policy\unlimited\local_policy.jar

Filesize
637B

MD5
f806291db11e776452ccecf758baa9a9

SHA1
fe361d784a529ff865a82f4a25a2b73f67781937

SHA256
e854c3f944227acd80ec4753b845cf633cf94e59c936fbe949f4602255933286

SHA512
9ea508ee6cc335982b70333c86aa3c1099c957cf613987680b1cfcf9c8a2350b7c77983b98d86b2e78ed94d0421bb901c3a6cd06f406e16bfbe249cb08b4213c

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\updater.jar

Filesize
807KB

MD5
a616e898ea735980492f41da00f88f39

SHA1
6de46eb8ddc768bb6652d45fe59904371e153c5d

SHA256
f018c09f5f093f5aa02fe54efb36d2c79382da298bdd16731f22a51ad69bf240

SHA512
130337c5738e9cee84dff629c5d4a34f9b2bbf587e7b0eaa518075a76a8086854e7604c9ae23455eca239fbbf36c3c1472b477d306a347a1dba9b1c63c61ee3d

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.dll

Filesize
160KB

MD5
0c4673c6d3fbb7b62b9d83b41893ee23

SHA1
516a489686d0fab9f3223414969b347df79b3b64

SHA256
8163acdbca856f15f8cb3d532cf79d906d94b4d58250911b0600fbed8b17fefa

SHA512
0278fe0487a04d12f2c3745305506812e4d8e28c3a2d90f060e417a43129437a28809a081e371978a01499cd932497ef7e1f0c6c9675acb541ea2c5225fe32ba

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe

Filesize
223KB

MD5
68f55ca782ebe9bb2f932e3a3d6ffd8a

SHA1
0f13e8e11ce24123bacf23a8b116bc777a0ac072

SHA256
6e6517ee65b753af161608be59bafc72ba3f670e4c48a8eb7e30170b0f0ef80b

SHA512
f6cc93e8b6f9f9ca72c870f2a1711c41bcba8d7ec7cd5d1003fb96e77f7700b1627738ed83493b863424edaba6e3821818b7977252edad3481bb4404c184c76d

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe

Filesize
223KB

MD5
68f55ca782ebe9bb2f932e3a3d6ffd8a

SHA1
0f13e8e11ce24123bacf23a8b116bc777a0ac072

SHA256
6e6517ee65b753af161608be59bafc72ba3f670e4c48a8eb7e30170b0f0ef80b

SHA512
f6cc93e8b6f9f9ca72c870f2a1711c41bcba8d7ec7cd5d1003fb96e77f7700b1627738ed83493b863424edaba6e3821818b7977252edad3481bb4404c184c76d

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe

Filesize
223KB

MD5
68f55ca782ebe9bb2f932e3a3d6ffd8a

SHA1
0f13e8e11ce24123bacf23a8b116bc777a0ac072

SHA256
6e6517ee65b753af161608be59bafc72ba3f670e4c48a8eb7e30170b0f0ef80b

SHA512
f6cc93e8b6f9f9ca72c870f2a1711c41bcba8d7ec7cd5d1003fb96e77f7700b1627738ed83493b863424edaba6e3821818b7977252edad3481bb4404c184c76d

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\msvcp120.dll

Filesize
645KB

MD5
4e38c42ff10a1689cf277eadc895d374

SHA1
6e4934c413ff2943ab535c2f7590fda1f4ecf1c2

SHA256
bdd61f3ec686965716c4c6048aa4ef46088739c63d6f314f37f691ef13fd22c3

SHA512
b7e309e3c69a678793465af1c3041bd66adb88cc8c03362bf4b3941881d9f19905ede7fbb8e2fbc2ce0c05495aeef9af99ae17364f37661d0c635310c1b805bb

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\msvcr120.dll

Filesize
944KB

MD5
e9c471b35f7cb4eeccfd7bea873262ac

SHA1
5cd7885b5e81ac9d2fed4015b1080799ead0d384

SHA256
69968e25a8f5554e7b09423a6da659ad6175a2c62725b0ae42a70c99f424cc69

SHA512
1a7351cf3f205f804eb796b57cbcce49b4bcd8c0edc9c62af130df0d3f8b61d56663b51bf1caccce8ea1862dcc1b61d85dda36ab9fd2b6eb42d7d4d550eca2ca

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\server\jvm.dll

Filesize
8.4MB

MD5
62fffae8a5d1fc7cf105ae5cf0073ca5

SHA1
bf4fcddf4551a36a211670581897beeeda898f9b

SHA256
1689d8a76fd30487f63a1227a2a47d4f017a8eca0045eb4b04d06a876155e4bf

SHA512
737324142c2c0d53bd7ac4f09552241c770f58051189397b59996688a2751396209df9d8c5f442a60858728b7e31a5885c011d74733f86301b3f52573bec0d86

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\sunec.dll

Filesize
139KB

MD5
a0990f0a1d3bd9222f7f97f3d9786efa

SHA1
63bc9c4ed285e977ae80e909a42d243ab873fa5c

SHA256
660d0b884e9daf7ba050caed8e63f076336aafd8799ecfe1fbd9a95ce0df02f6

SHA512
e5311eb8691561d45c4adab1ebcfd71baa66140345a70926709f28cf55d48577aceb37751412b6a29abc417da45f5a86f310e4c0fa6b68a8e0fabd4cc0b62a4d

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\verify.dll

Filesize
54KB

MD5
e550fce5ee668230ae0b71bf702fde82

SHA1
8efbe790a626d70ec59f28ba907eabd9f13e7932

SHA256
96cbf775c060744cf158d811b0f45c4abfa9a89d7ff9920ab1bbe05c283e8224

SHA512
7a5a1270391a096a81c868e8c1cd9fe2cbb0dfea53c388c636c7e5c4012b13ebc7eee1b54b563b6def263874784b57c5b131757b393a1e5831958e3f18313106

Download Submit
\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\zip.dll

Filesize
84KB

MD5
14eab665f7878d3de543e381cd6b1c59

SHA1
b8495257225ca855a38edb88111b6a5a6c457e03

SHA256
1ede94dd6c5521fbd22796ce171164c2712604eacaca0179112f5f0b93959c20

SHA512
9058133e890678246bf9249dbfdf7020e3ba069e4c4e0b368e4e2fd06606ce975e6011d3370a95b7ec3527885b53d37fc87b405e7714a77352ea32e6f7a91a2f

Download Submit
memory/2020-54-0x000007FEFC621000-0x000007FEFC623000-memory.dmp

Filesize
8KB

Download
memory/2256-56-0x0000000076181000-0x0000000076183000-memory.dmp

Filesize
8KB

Download
memory/2256-59-0x0000000002585000-0x0000000002596000-memory.dmp

Filesize
68KB

Download
memory/2256-100-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/2256-101-0x0000000002585000-0x0000000002596000-memory.dmp

Filesize
68KB

Download
memory/2256-57-0x00000000001C0000-0x00000000001CE000-memory.dmp

Filesize
56KB

Download
memory/2256-58-0x0000000000220000-0x000000000022A000-memory.dmp

Filesize
40KB

Download
memory/2364-141-0x0000000002160000-0x0000000003160000-memory.dmp

Filesize
16.0MB

Download
memory/2952-134-0x0000000011AA0000-0x0000000011AAA000-memory.dmp

Filesize
40KB

Download
memory/2952-133-0x0000000011AA0000-0x0000000011AAA000-memory.dmp

Filesize
40KB

Download
memory/2952-132-0x0000000002160000-0x0000000003160000-memory.dmp

Filesize
16.0MB

Download
memory/2952-112-0x0000000002160000-0x0000000003160000-memory.dmp

Filesize
16.0MB

Download