hxxps://google[.]com

max time kernel
180s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
12/03/2023, 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

8^/10

evasion

Malware Config

Signatures

Downloads MZ/PE file

Modifies Windows Firewall 1 TTPs 18 IoCs

evasion

Modify Existing Service

T1031

pid	Process
4676	netsh.exe
4816	netsh.exe
3776	netsh.exe
5084	netsh.exe
4328	netsh.exe
1500	netsh.exe
3484	netsh.exe
4964	netsh.exe
4732	netsh.exe
1872	netsh.exe
3972	netsh.exe
3384	netsh.exe
5080	netsh.exe
3620	netsh.exe
3612	netsh.exe
1384	netsh.exe
1196	netsh.exe
432	netsh.exe

Executes dropped EXE 2 IoCs

pid	Process
4296	Salwyrr Launcher Installer.exe
1232	Salwyrr Launcher Installer (1).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4796	4296	WerFault.exe	128
4260	1232	WerFault.exe	165

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133230998837933941"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1288	chrome.exe
1288	chrome.exe
3876	chrome.exe
3876	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe
Token: SeShutdownPrivilege	1288	chrome.exe
Token: SeCreatePagefilePrivilege	1288	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe
1288	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 3524	1288	chrome.exe	86
PID 1288 wrote to memory of 3524	1288	chrome.exe	86
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4092	1288	chrome.exe	87
PID 1288 wrote to memory of 4100	1288	chrome.exe	88
PID 1288 wrote to memory of 4100	1288	chrome.exe	88
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89
PID 1288 wrote to memory of 5116	1288	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b0929758,0x7ff8b0929768,0x7ff8b0929778
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:2
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2544 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4648 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3816 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4624 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5316 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5088 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3840 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5732 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5720 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:556
- C:\Users\Admin\Downloads\Salwyrr Launcher Installer.exe
  "C:\Users\Admin\Downloads\Salwyrr Launcher Installer.exe"
  2⤵
  - Executes dropped EXE
  PID:4296
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 1a"
    3⤵
    - Modifies Windows Firewall
    PID:3972
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall add rule name="Salwyrr Client Java 1a" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\javaw.exe"
    3⤵
    - Modifies Windows Firewall
    PID:3384
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 2a"
    3⤵
    - Modifies Windows Firewall
    PID:1196
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall add rule name="Salwyrr Client Java 2a" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\jre\bin\javaw.exe"
    3⤵
    - Modifies Windows Firewall
    PID:1500
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 3a"
    3⤵
    - Modifies Windows Firewall
    PID:3484
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall add rule name="Salwyrr Client Java 3a" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\java-runtime-alpha\bin\javaw.exe"
    3⤵
    - Modifies Windows Firewall
    PID:432
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 1b"
    3⤵
    - Modifies Windows Firewall
    PID:5084
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall add rule name="Salwyrr Client Java 1b" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\jre\bin\java.exe"
    3⤵
    - Modifies Windows Firewall
    PID:4676
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 2b"
    3⤵
    - Modifies Windows Firewall
    PID:4328
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall add rule name="Salwyrr Client Java 2b" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\jre\bin\java.exe"
    3⤵
    - Modifies Windows Firewall
    PID:5080
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 3b"
    3⤵
    - Modifies Windows Firewall
    PID:4816
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall add rule name="Salwyrr Client Java 3b" dir=in action=allow protocol=any localip=any remoteip=any program="C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\java-runtime-alpha\bin\java.exe"
    3⤵
    - Modifies Windows Firewall
    PID:4964
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 3084
    3⤵
    - Program crash
    PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4576 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5048 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2640 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6012 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5800 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4588 --field-trial-handle=1796,i,15114850624827435268,5018195319673376900,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Users\Admin\Downloads\Salwyrr Launcher Installer (1).exe
  "C:\Users\Admin\Downloads\Salwyrr Launcher Installer (1).exe"
  2⤵
  - Executes dropped EXE
  PID:1232
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 1a"
    3⤵
    - Modifies Windows Firewall
    PID:3620
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 2a"
    3⤵
    - Modifies Windows Firewall
    PID:4732
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 3a"
    3⤵
    - Modifies Windows Firewall
    PID:3612
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 1b"
    3⤵
    - Modifies Windows Firewall
    PID:1872
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 2b"
    3⤵
    - Modifies Windows Firewall
    PID:1384
- - C:\Windows\SysWOW64\netsh.exe
    "netsh" advfirewall firewall show rule name="Salwyrr Client Java 3b"
    3⤵
    - Modifies Windows Firewall
    PID:3776
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 2996
    3⤵
    - Program crash
    PID:4260

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5096

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4296 -ip 4296
1⤵
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1232 -ip 1232
1⤵
PID:3564

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
280KB

MD5
25bd41089923285e9604d1f419254177

SHA1
a9ec971c8a99324e3c4aeecf23dfd806aff53793

SHA256
55024ba2cf12b91554dbe8e2b0e3f23f56859716addf7e9289f82ff087470662

SHA512
6a0e0abf20d7038cf309b95e206394ef0c1e696ccc06402523df34a347a4d0e8e1c66ef4c1ca263b79a6bc8eb7866e72c4835b1ceaf4ac22fd3f582287fe03d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
63KB

MD5
8033fed1f312bbb913b8cf605b68a0b8

SHA1
bd19063c08b669a51b8a3b2c9601cdad9545d911

SHA256
9802c3206b624d67ebc8e6cc7ead579588fae49f9366453d5358c0903dd7589a

SHA512
629fbfce802cc13faceb5b1703142f072c6162137f32e02d514a4270589f6f74b23eb014790229c15dadbf4f7796da1ac8cc04eeea12eac203c3d10848e99984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
67KB

MD5
3269130a723b49529814d997ef3468c4

SHA1
003e21aa361e918c92fc24020a402369a351d5e6

SHA256
a311724f47fb5774908a1b522934801985c075dc8f4f19065ec702c2f499a6f6

SHA512
c0276d8638520c883a42e9885a3d10530a2b5630fc5637baf0c5bfd2137e7099d33708254c6b7db46cc2296b3c22cc250621c3d854db171487340333562bd856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
61KB

MD5
d715a1fbdc52b9bc57b9baa095752eec

SHA1
dab6c49f966379b2caf73feb5e2cfe6d272e7cf7

SHA256
0ef72909d991ad4c7c54b6c65c58363a444ce301eaeec0c10a9d5ac6829f00c3

SHA512
a74116f0972697c8b9e9f3755aa3971292894451113dbb8cbe217cea998cbd5cb78fcba1622469e3ffb5838a9d10fce55f7b75568ff4c59f1af9c4c4fc98c0e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
51KB

MD5
17c34b6704e677f6397913d0083f7ec9

SHA1
8bcff109248015c91e0d24aa9504f6be2e8aad4c

SHA256
787c465de39564767de8b1fc1c304376d80fe5b5efe2ee49244c2d648d1f65d2

SHA512
2a337c0c6c8ed028c4b06686dca6586734175d2105b148929f935b12555539cff216ca57a6fba7dde04fcb3b84505e2404ade1b1d89d407f728ca9b37aeed7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
107KB

MD5
12daede73dbe5160df585b647d8becbf

SHA1
a9e0cfbd153cee8d9a0690871ad9cbaadc3367a0

SHA256
3dbce01674c2185b1a63bac0a9d0bb20fe68ecaf864fe19a76bb4c130c59f1ea

SHA512
109a7e9b427492f379e379f2cfa45fccf61afa879a02d481ad8f6cf374eefba1abce5009f6710a138938a85135d8afbbfd94905bce3ec78551f2ed409d1abb1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
607KB

MD5
5740803e82c43fb79a5ab81b161d9964

SHA1
88e9aa05f0b8e16c905b1c54b416f9cffafa52af

SHA256
47adcbbde66cecfee3bc88b5ec25cd1cb45a3b35ef84a6b86a5824783234ddde

SHA512
beb27f100689fbd59edd4f5cbda14fc8b2b2e281336a67872f4b6e8232b747298aace580000bf9f45a8e0b0909ae28c290f7abfb69b521b6235c45bf2663bf41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
35KB

MD5
e61990a1765f288ccedeff877782381d

SHA1
570e65523583a567e681fbb190067a1a6eecb52e

SHA256
eaf48a6a29227118d7b80c4e806602c8c9488f691242fea96af0bc0ab956e3cc

SHA512
cb3a006884408f16361a6816e90f54a7704c129633ef8657885ddfe9869903abdb95b2da640b41a313fbaa9a138811adc2dee1e9ef6c95db897c52641b216627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
664cdd87ffb48b83378a728ed658fe15

SHA1
0c36e9d2619cb1646efb3aa631dea0b3e75bfff6

SHA256
103d28342e2fca8a0b470ca6d1a200ae697bf993ee26c4e24e4877d36f64f5fa

SHA512
7f081349ff927b22d2d372862015832dd748457902e41458c1b4b8db02c56b6caa987299ec4ba76cd5666838dad588ecda4b423e7f652d7399be1c7b6386e23d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
e97dc460a2c84afe655e1892f8398063

SHA1
5fdfdd8654ab6559ec600fdfbc7ff48c794449f0

SHA256
66abc611e7c592a613462259c43bae3115bbec0ceb21850e8e6f2e95a2d329d1

SHA512
412845ad6fb606d0c67fed11e1164a9ff6cff85eec590adbbc9cd87b97592e92e5048fe1cb57152a5725b2eb32ec47431d0e5d29d96e13a0dcae4ff2b5da494c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d4a827363d1b29f7a88bc07a46d11608

SHA1
be3d7dfb998deead02299a81c18f6a4b08a4265d

SHA256
488154c526996dbc30ef5589319eadcf4068ed1bc473297aec0500aa838b2caf

SHA512
f45b6f32c0c0d8fc93acf1ba96101fba3a990d76df095c8a9df2b5ff077e467ea8081b1ef2a94cd9c8bbd2723ba07e9d6f32aa26484126e974158595efb103b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8dae37b59d5a21055b603e16a9294ad4

SHA1
1903186baca12b4870abc3697fe55a8716496f67

SHA256
77f982d14f123d674bbbe4bdce197edb70aaddafdb2ac2e05168e3f0411a7cfe

SHA512
609205688eac14f65de13b998b5d46d59e2bfb353cd40942269749f282dac7c838d804b2e170bfb8140d2628f0ef7fe1607bd69c6f26b9cbcffbb728c7e9a4a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
ed351b911c2e39709738f80e1cee41aa

SHA1
caa25d162bf393305cd718b1827729d9ae26ca68

SHA256
64f7a2b7bb51c935f977f8289ccd603fb15f451b674153e8d596538dfedbb42d

SHA512
7f1567d1d9be9c722b33d73aa3fbbf5f3523b46596d42ca40953816299800e2fe101c189b179c4024b5205bf9d1dbba3cfa5d43d84cbae0dda23c4a0762e1fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
2d293992880091ba3ecf36f0980d12b4

SHA1
272d66a2b2bd756b6776d504226e65d36be936f6

SHA256
8c2f13e3e8f9790fda35c48ae892d8154be56ed95ff879519423e6e7a67f1992

SHA512
570a972557429d73cf1131837ea35a5b8b6daee5489fe1ff3a0ae7e9923063a9cc43c67b934ee126b29e883b3689e16e06e41dbf07c1224666952154646c4b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
06068d837287e5f219365e7a86c30004

SHA1
f21f2096564d6faf205584e686723d7d49d090f4

SHA256
f2b3932821bed6ef38fcd5bfdcfcc70fc2cfe79c614f61bce1e71edeed3ef9e6

SHA512
7bb2e8f12174aeb5c2f85052385c932bc67a99a04ffd8d9ccb29393c82c5d0722d06fe9b9d4c60a95269560892c53b0b513e954f7055e61493a63e76ee778d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9b93b8fa4b0091725f3c6fb8e92328e

SHA1
c2de44ef5547c5a629d76ec74c8ce326ac6f4399

SHA256
d5bfaa9d645d8c040160be1787b4b74b93f40dc8fdf43b04c92e815469cb5b23

SHA512
f64c788d7d65d8e41133b3d6a68b5749318feb2f3c84415a7a4bc2665fe55730c5ce83972bec1efce1f867605f1d4b32470b036c0990692909329c084306ddf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
797f96566075e90dd458c90ca18b7346

SHA1
21efd74ec17c7b96799164fba951c7ca4b462703

SHA256
c19b22b6b1130507c89bb04b19f5fed2876a0f4591c3eb6a063f39debea5fa63

SHA512
76571ae3d0830ca50e603d4d2c3a1d7201fc8c18eb099b0b5d3cd8fc1519f8a88f6f48e4e8d8822fae8de18e03d13776e3120ad112398613b98a638687c68ca5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3eb30575b932d245097ab4cb8e159c41

SHA1
00c817a51a3c4d05bbb3c8a5a00a42646be223fe

SHA256
9e838d4ff17380155eb977c598218d7a717842067fdbe3a3e02d43d22d62fef9

SHA512
f6576663eded6eca34a564a63631237e0a43d8ea9f6a6fcbd40c74fb071039ec041a212ff3eaafbedbc6e49fec04ae559e4b6767fa093bd9be94630e5edc6f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
83e2fc24d580c1b5acc8843e68e87934

SHA1
2441a16783d17f6b05a8f24d46cdc4d1ad4f060c

SHA256
da00cd6528e82dbd175496b48da9bdb218a332fe3afc0ccaadf2c00bd68ce488

SHA512
5cb44050017e87b52db588f6909caa16a5ee11096954cad7dc2dfb09a350aad81832a10af96643b0f27f50b42ca8c6c41d9672baa7636bc572207cf1bc1f73ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1148556703300bf7f58ad92a92748e53

SHA1
80832f60edf66935b57c4e5d305f9e15578dab37

SHA256
373c55e606fc62f020f31c9f84a3e2024d80d8cf0d56aab5d2f2977c05c5834c

SHA512
c60bdd70c749d31ff8a41ae8fa1bb7e32584a23f33d5df3fe6d675220df21ac851f5f195f673b4d17dda8a27e17d25c76d15fd492cb5cc1f77a8aa8be51f24bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
10ecc81a9dddfb9097a0ca6623b2e34a

SHA1
404d0bb731ef75f014b5f9ec3707856c7dc8a87d

SHA256
9f6105394d53ac693e711c60fa6ad26fd67f9c94c2d7510f338f08930b0d638b

SHA512
66fee6d67f26afe03a0a95855fe2865629176269cbab63b47162fde3c3187c5afc3029bbd7ceceb2c6dd6c2d85711ff387b7e5441ef958bf1c57ffedd26a2ead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f3145bd2bbf8ec35a05adb4fd14286b4

SHA1
1e3b183757e1965c38e44938f7fb128b967c8672

SHA256
405fc12d9f507b153d749d5e1d3d1c2544293e2aa4a680662a0eba442e022a9a

SHA512
89c0efc12db4110fca2ddf35654f64b27d596b734cae23da5e502e8ba05504b6611e254e7f05811df3f0aa5a19f25bab8510ec9cc633a600ac664eff06c22a51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f53f9778633c07a1b52de252a067243b

SHA1
411826146e1573a54e3136c0ecb332592cbf3239

SHA256
37f711b24967f47953e4e212e36505bfdbcd234741ae52eb3888d05e7f521e80

SHA512
e062bd81226ea4081aed6e278ce5f84af8d2b195071921ae1a7919da0615ad2b6224803dd5c5d3cf3d780ccb5f276ac11b82d7879e7e482dc352b1aa1a3372f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
649ba866ae993f7f4a8663aadcfd1360

SHA1
b7ff99c8954ee5d7b87924fa1250b926433da1c6

SHA256
4cd7d9118a9fe0d5e15dddd6c0774610cd43c0c20ebffa2eebaf7df44dcb4171

SHA512
ce5d6ecc19739ed043d022fa54a13eddd77e29ab08189d831ea4e5ad702b746bd3be8a3f2798f0f3b39b2357c125ab969878a482895509fcc6170fbb6b2d1ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
3c47aaf005da6d727b32292d81b5ee35

SHA1
30668d815ff5730eb338e858ee3de137e7c10f5f

SHA256
da0544e571e48fc30be5149a823fea81b0b03bb3f79bbb7961775500e63e69df

SHA512
3d1a6483dd6c71e59a1b1512edc290e7f199542f5524d5d3f0f924a77137cb733760fd80304105eedc936b922d620da2760e9a31e51c705ef9296e0323cd3b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
79402b0de1c0024c50b586480cfb4aa8

SHA1
449f8ff44149cf0ade4b1788c3c05ee243b04b9c

SHA256
a909632af2592591ca12152b807c2b7bf9711db5f46805f52b32474f7f97583c

SHA512
8b1c5f8b0afe8610d785224fdd82ef4d0911048a89809d5a8b7b42011f1c74299317813671919ca9e54d50f90477cbe8864b74677e44846964128ce44d2bf686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57971f.TMP

Filesize
120B

MD5
bbb229113271dc1eeb8d4e6bfef69181

SHA1
92111c55f16f04a27c87213f494b586154c7f27a

SHA256
e4fc2168af0cf21dc81fdfabfcf4db29b44afabe8238e57bcf1bd651dfabd8fd

SHA512
67831cb00d6e02b94f0e7a9283630a5ae0931f04ba601f9d0d89c3957ec4e70052ca7e5c9a3812c33206483f390481f240340c677ad972cfc7cf7c652269c48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
1f691ab028bc31f5d7094551cfa3dde2

SHA1
cb8fe4c308ae5c2656108235b135e6c01dced765

SHA256
b59374f60929fa72ec8b9ab0a8bd8c22f5c6914f1dbeff69aeaeb8d02b6e7746

SHA512
bc3605ccf52c01af9b3fddc3de4526c996b2dbebc446f25029b9720f974c8b7b48ac177f748995ae2e449af802e65dcbb499f2b4cd96fc37894abed19ee71ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
c6a5996ffde1fa1d27237ffcd5161348

SHA1
7b1edb1548d8a3002729d4b26790becdec9861e7

SHA256
8e300aeb5d071670fd827579bc77b8f5c213671fd449da50dbf6ac256f5d529a

SHA512
6e654e7723679772c836ded528c0f295976b506498768e11d634a09396fff5336be1a1d911e51b73148789180067f35691808cabd71c952f1d2e8f67832b69b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
2036f18896e6fb82c119a8986412dcc2

SHA1
081c01742b6fcb43c8d823748410c3c28a96d333

SHA256
4014b62506b8d56043ffb134eae47881a9d2cc660c34350337af41dbc0835f19

SHA512
7e8d91e446bb19214c50d60dc20e8a103e0e27e851ffebab94449d164b97235efe34805091be47c0d572e9115dcc8bac7c4c5cd537a8c4a72f509ea524dd3e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
115895cebab986e2c9d0e54216f9f265

SHA1
ea06da6731a1c272f0045d0c9be0bdf3a7c9968d

SHA256
f522cfbfcbbb40de7648e8b9f8fe0df4175b36e5da6f88230424e1993f6b5b26

SHA512
a638c07f8aed233efe3e650beb2794c634121c7e22d80af9bf01901acbcdb77682c4662fc2beaf517b4ff84b5150036e5dc1e541bf8910f5b2c8d8e82cec4ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
8303b18e8d91884259a46389e9239de4

SHA1
a028c1743c4fa59147c5b9e887c24b693f1320c4

SHA256
741a3bee2437846cce8fe1b6d5b0fb78a98506a192603d2f70b79dadd8458c0d

SHA512
c65cda2fa8f4ccd692b52292fcc768cd71224c32394791dd30c7041bb46212f9f1f2beb4a7c6dff64e84b023211221542315f4bbba2397a25032640b8f996ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
115KB

MD5
26b176482f7826cf463a4aecfd888e4c

SHA1
204e8ececc28df0a05ea367e2f48d0251f2fddb0

SHA256
6f90c7d66a76870b4bd4b863f65e093e8c5d8d79e34a8419b20e64a1ef830ac4

SHA512
02d7b1ebc3c991a72aa08d46a698310780f9447ee488a126a560a4a2cf522593d4e955d379a2a2db84f38c640b796bd51e8440c2394b318f8240a63c506cd0ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
708bd0a2986ff393950cbf3325617215

SHA1
4872533c650897c5b9400607100dd7b5a5a1d224

SHA256
7f0d59d9aaf4cf77387e87a9ab20cf5f71d88b6a694ecf0038ff24167639e024

SHA512
9a7b9d8d3d4182e376ca700d0004b5b17eab05814d282821f9173c5d3bb2acfe0a1d4cef77e0c31682767b67f7fd48a2dbb853d635a6b4930187555e41c08725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57b304.TMP

Filesize
99KB

MD5
02c5d0377943fd5759a4cd2a9f440767

SHA1
d73a4468c6cfee1885572940a8ccb97b85703552

SHA256
4aaf04d3e038e4a23b05828c43d92e2b350cb72c548b654b7731ecd9f74f4e89

SHA512
2c435fb16847583fad6e2d713ccc9ac06cf7b48ea6510308947b158f09e3292c25c61cf3a8f8474fa7809443455564e54d15147d80d26ec9d853f85fdd52de51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\openlogic-openjdk-jre-8u332-b09-windows-64\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\salwyrr.ico

Filesize
16KB

MD5
16c42a4d0a4c826dd74a3232f6e980c1

SHA1
82e9c8e479c95802465c0845bfa613dcb092b189

SHA256
c7bcd8291312e4ae4cebc7ae163bd21bd2238901b249ce3d342da3e319563f38

SHA512
d7e115a38762bfeb75c891e942289c4a0dfee92c7fabca7ab607fc9247ce55cd77c580f0c05801e58fb7e289887326990fb0c4d88dc76a27f4bd555719efe3bc

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\temp\openlogic-openjdk-jre-8u332-b09-windows-x64.zip

Filesize
46.2MB

MD5
fa5b7b30ad21afa5969076d4618dfba2

SHA1
d794051acdc09e737d36669ccdc5e415af9e4068

SHA256
87219d942da401e74e9113b1778b89862d0b994a6aa24d59c392dfb6f758dc7d

SHA512
da0b9012ee014d646f117263b39517fbd83d06e88c2b04fae16a6d901f15fed4345f8d5919c8138eff6d3171bfe47f53d157b7e16e35e35d3d4e7003109fca37

Download Submit
C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\bootstrap\updater.jar

Filesize
807KB

MD5
a616e898ea735980492f41da00f88f39

SHA1
6de46eb8ddc768bb6652d45fe59904371e153c5d

SHA256
f018c09f5f093f5aa02fe54efb36d2c79382da298bdd16731f22a51ad69bf240

SHA512
130337c5738e9cee84dff629c5d4a34f9b2bbf587e7b0eaa518075a76a8086854e7604c9ae23455eca239fbbf36c3c1472b477d306a347a1dba9b1c63c61ee3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Salwyrr Launcher.lnk

Filesize
2KB

MD5
ffee9b5ec944d24ea9fdb1b3b8c64e25

SHA1
fb12dfe315516f681338f6f275846ff48cf4da19

SHA256
86f309a6d0b2a0f8df454d0a3a3814f3a455c834ae9c63fffafd44538a30faaf

SHA512
c46a2dd11f319f9c44d2beb45281b188bbfbad899e21e80213bafcc973b9589be471ec225f3fdc1cceab31b15037b676ea852c1bbc4f783c205fec9d44d9333c

Download Submit
C:\Users\Admin\Desktop\Salwyrr Launcher.lnk

Filesize
2KB

MD5
b691fbe31d637d005bab56bd4a5edf6b

SHA1
4af14c93ae67e80d9f4a0a78fadc1b2ebe39662f

SHA256
d3b5eedcd45b3ba4cd0251d8ab83430284e84b494d057aa73b8ce6febc71885e

SHA512
6398b796131739f315d7e226506d8fbb30d6b814581d5c8046f345403cc3de3af3f8e96eee43592f4102c8e8db674785b7605c38fed70269f9beead1fbcee5ce

Download Submit
C:\Users\Admin\Downloads\Salwyrr Launcher Installer (1).exe

Filesize
46KB

MD5
38633bfef3c1fe505a39a688b5c31828

SHA1
4e053e5ca9e8bfcf372b4331b18c36d637332bbc

SHA256
413a460fae724b972ab9c52aeab029552245555c7df5b79eb2a6529e1dd7a090

SHA512
812ebfa26ff63ade8ab4851230fe47c0ffb797b5a8c48d6ab7ad3293a4995c088bedb8ca7ad6c48a63b3c7f60cdf5b2b318b39dc232ef2096721aba7734ea8f7

Download Submit
C:\Users\Admin\Downloads\Salwyrr Launcher Installer (1).exe

Filesize
46KB

MD5
38633bfef3c1fe505a39a688b5c31828

SHA1
4e053e5ca9e8bfcf372b4331b18c36d637332bbc

SHA256
413a460fae724b972ab9c52aeab029552245555c7df5b79eb2a6529e1dd7a090

SHA512
812ebfa26ff63ade8ab4851230fe47c0ffb797b5a8c48d6ab7ad3293a4995c088bedb8ca7ad6c48a63b3c7f60cdf5b2b318b39dc232ef2096721aba7734ea8f7

Download Submit
C:\Users\Admin\Downloads\Salwyrr Launcher Installer.exe

Filesize
46KB

MD5
38633bfef3c1fe505a39a688b5c31828

SHA1
4e053e5ca9e8bfcf372b4331b18c36d637332bbc

SHA256
413a460fae724b972ab9c52aeab029552245555c7df5b79eb2a6529e1dd7a090

SHA512
812ebfa26ff63ade8ab4851230fe47c0ffb797b5a8c48d6ab7ad3293a4995c088bedb8ca7ad6c48a63b3c7f60cdf5b2b318b39dc232ef2096721aba7734ea8f7

Download Submit
C:\Users\Admin\Downloads\Salwyrr Launcher Installer.exe

Filesize
46KB

MD5
38633bfef3c1fe505a39a688b5c31828

SHA1
4e053e5ca9e8bfcf372b4331b18c36d637332bbc

SHA256
413a460fae724b972ab9c52aeab029552245555c7df5b79eb2a6529e1dd7a090

SHA512
812ebfa26ff63ade8ab4851230fe47c0ffb797b5a8c48d6ab7ad3293a4995c088bedb8ca7ad6c48a63b3c7f60cdf5b2b318b39dc232ef2096721aba7734ea8f7

Download Submit
C:\Users\Admin\Downloads\Salwyrr Launcher Installer.exe

Filesize
46KB

MD5
38633bfef3c1fe505a39a688b5c31828

SHA1
4e053e5ca9e8bfcf372b4331b18c36d637332bbc

SHA256
413a460fae724b972ab9c52aeab029552245555c7df5b79eb2a6529e1dd7a090

SHA512
812ebfa26ff63ade8ab4851230fe47c0ffb797b5a8c48d6ab7ad3293a4995c088bedb8ca7ad6c48a63b3c7f60cdf5b2b318b39dc232ef2096721aba7734ea8f7

Download Submit
memory/1232-1115-0x0000000004B50000-0x0000000004B60000-memory.dmp

Filesize
64KB

Download
memory/1232-1111-0x0000000004B50000-0x0000000004B60000-memory.dmp

Filesize
64KB

Download
memory/4296-646-0x0000000005020000-0x0000000005030000-memory.dmp

Filesize
64KB

Download
memory/4296-1061-0x0000000006370000-0x000000000638E000-memory.dmp

Filesize
120KB

Download
memory/4296-1060-0x000000000BAE0000-0x000000000BB56000-memory.dmp

Filesize
472KB

Download
memory/4296-696-0x00000000062F0000-0x0000000006302000-memory.dmp

Filesize
72KB

Download
memory/4296-695-0x000000000BBF0000-0x000000000BCF2000-memory.dmp

Filesize
1.0MB

Download
memory/4296-694-0x00000000062C0000-0x00000000062CA000-memory.dmp

Filesize
40KB

Download
memory/4296-682-0x0000000005020000-0x0000000005030000-memory.dmp

Filesize
64KB

Download
memory/4296-683-0x0000000005020000-0x0000000005030000-memory.dmp

Filesize
64KB

Download
memory/4296-650-0x000000000A1E0000-0x000000000A1EE000-memory.dmp

Filesize
56KB

Download
memory/4296-649-0x000000000A220000-0x000000000A258000-memory.dmp

Filesize
224KB

Download
memory/4296-648-0x000000000A050000-0x000000000A070000-memory.dmp

Filesize
128KB

Download
memory/4296-647-0x0000000005020000-0x0000000005030000-memory.dmp

Filesize
64KB

Download
memory/4296-645-0x00000000005B0000-0x00000000005BE000-memory.dmp

Filesize
56KB

Download