Overview
overview
7Static
static
3b8fbc5e6eb...fe.exe
windows7-x64
7b8fbc5e6eb...fe.exe
windows10-2004-x64
7$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3LICENSES.c...m.html
windows7-x64
1LICENSES.c...m.html
windows10-2004-x64
1Salwyrr Launcher.exe
windows7-x64
7Salwyrr Launcher.exe
windows10-2004-x64
7d3dcompiler_47.dll
windows7-x64
1d3dcompiler_47.dll
windows10-2004-x64
1ffmpeg.dll
windows7-x64
1ffmpeg.dll
windows10-2004-x64
1libEGL.dll
windows7-x64
1libEGL.dll
windows10-2004-x64
1libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1locales/fa.ps1
windows7-x64
1locales/fa.ps1
windows10-2004-x64
1locales/hi.ps1
windows7-x64
1locales/hi.ps1
windows10-2004-x64
1owutility.dll
windows7-x64
1owutility.dll
windows10-2004-x64
1resources/elevate.exe
windows7-x64
1resources/elevate.exe
windows10-2004-x64
1resources/...ct.jar
windows7-x64
1resources/...ct.jar
windows10-2004-x64
7Analysis
-
max time kernel
27s -
max time network
173s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24-01-2024 03:38
Static task
static1
Behavioral task
behavioral1
Sample
b8fbc5e6eb7e86a28cc277f068c2eafe.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b8fbc5e6eb7e86a28cc277f068c2eafe.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
LICENSES.chromium.html
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
LICENSES.chromium.html
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
Salwyrr Launcher.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
Salwyrr Launcher.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
d3dcompiler_47.dll
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
d3dcompiler_47.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral17
Sample
ffmpeg.dll
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
ffmpeg.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral19
Sample
libEGL.dll
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
libEGL.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
libGLESv2.dll
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
libGLESv2.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
locales/fa.ps1
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
locales/fa.ps1
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
locales/hi.ps1
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
locales/hi.ps1
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
owutility.dll
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
owutility.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral29
Sample
resources/elevate.exe
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
resources/elevate.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral31
Sample
resources/libraries/java/PackXZExtract.jar
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
resources/libraries/java/PackXZExtract.jar
Resource
win10v2004-20231215-en
General
-
Target
Salwyrr Launcher.exe
-
Size
150.5MB
-
MD5
358fcbfda7fdc5e8966be81cd82e3fc9
-
SHA1
1ca3c9cd0e791c82f139c543449630653447c33a
-
SHA256
bcc98408be7d77e03ca6fd8f1e7e01d30f3b55e3bb236735d514037f6b2da53f
-
SHA512
bc26f6e9395386791a7438e2e2f25644029584e6c318775b20cf8f13d268397b6a0e2f6ad8b2ccf726dc8a1102c6b08cef9a00fbd83855b65b0626deba009956
-
SSDEEP
1572864:ZGdFYlhnXsryUGmVlsdBbd51I8udcDs/VgC5daNcBgBTIWfbgrLvNc3xhRsOmpe:nlhnXr7er5c+rp
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 5 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\International\Geo\Nation Salwyrr Launcher.exe Key value queried \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\International\Geo\Nation Salwyrr Launcher.exe Key value queried \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\International\Geo\Nation Salwyrr Launcher.exe Key value queried \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\International\Geo\Nation Salwyrr Launcher.exe Key value queried \REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\International\Geo\Nation Salwyrr Launcher.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 Salwyrr Launcher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 Salwyrr Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 Salwyrr Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 Salwyrr Launcher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 Salwyrr Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd Salwyrr Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd Salwyrr Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 Salwyrr Launcher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 Salwyrr Launcher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Salwyrr Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 Salwyrr Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd Salwyrr Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 Salwyrr Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 Salwyrr Launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde Salwyrr Launcher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A Salwyrr Launcher.exe -
Suspicious use of AdjustPrivilegeToken 40 IoCs
description pid Process Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe Token: SeShutdownPrivilege 2548 Salwyrr Launcher.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2548 wrote to memory of 2272 2548 Salwyrr Launcher.exe 27 PID 2548 wrote to memory of 2272 2548 Salwyrr Launcher.exe 27 PID 2548 wrote to memory of 2272 2548 Salwyrr Launcher.exe 27 PID 2272 wrote to memory of 2572 2272 cmd.exe 29 PID 2272 wrote to memory of 2572 2272 cmd.exe 29 PID 2272 wrote to memory of 2572 2272 cmd.exe 29 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2584 2548 Salwyrr Launcher.exe 31 PID 2548 wrote to memory of 2584 2548 Salwyrr Launcher.exe 31 PID 2548 wrote to memory of 2584 2548 Salwyrr Launcher.exe 31 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 2728 2548 Salwyrr Launcher.exe 30 PID 2548 wrote to memory of 1812 2548 Salwyrr Launcher.exe 32 PID 2548 wrote to memory of 1812 2548 Salwyrr Launcher.exe 32 PID 2548 wrote to memory of 1812 2548 Salwyrr Launcher.exe 32 PID 2548 wrote to memory of 1140 2548 Salwyrr Launcher.exe 33 PID 2548 wrote to memory of 1140 2548 Salwyrr Launcher.exe 33 PID 2548 wrote to memory of 1140 2548 Salwyrr Launcher.exe 33 PID 2548 wrote to memory of 1508 2548 Salwyrr Launcher.exe 34 PID 2548 wrote to memory of 1508 2548 Salwyrr Launcher.exe 34 PID 2548 wrote to memory of 1508 2548 Salwyrr Launcher.exe 34 PID 2548 wrote to memory of 1508 2548 Salwyrr Launcher.exe 34 PID 2548 wrote to memory of 1508 2548 Salwyrr Launcher.exe 34 PID 2548 wrote to memory of 1508 2548 Salwyrr Launcher.exe 34 PID 2548 wrote to memory of 1508 2548 Salwyrr Launcher.exe 34 PID 2548 wrote to memory of 1508 2548 Salwyrr Launcher.exe 34 PID 2548 wrote to memory of 1508 2548 Salwyrr Launcher.exe 34
Processes
-
C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"1⤵
- Checks computer location settings
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"2⤵
- Suspicious use of WriteProcessMemory
PID:2272 -
C:\Windows\System32\reg.exeC:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid3⤵PID:2572
-
-
-
C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=996 --field-trial-handle=1156,i,16775209642956922383,7438720203557806258,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:2728
-
-
C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=cs "--cs-app=Salwyrr Launcher"2⤵PID:2584
-
-
C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --mojo-platform-channel-handle=1252 --field-trial-handle=1156,i,16775209642956922383,7438720203557806258,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵PID:1812
-
-
C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1416 --field-trial-handle=1156,i,16775209642956922383,7438720203557806258,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
PID:1140
-
-
C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2004 --field-trial-handle=1156,i,16775209642956922383,7438720203557806258,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵PID:1508
-
-
C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=992 --field-trial-handle=1156,i,16775209642956922383,7438720203557806258,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
PID:2088
-
-
C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2424 --field-trial-handle=1156,i,16775209642956922383,7438720203557806258,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
PID:860
-
-
C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3052 --field-trial-handle=1156,i,16775209642956922383,7438720203557806258,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
- Checks computer location settings
PID:1364
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
Filesize
867B
MD5c5dfb849ca051355ee2dba1ac33eb028
SHA1d69b561148f01c77c54578c10926df5b856976ad
SHA256cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b
SHA51288289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize230B
MD5ff50903777a1cec9547a549ab8ea99a4
SHA1fb2647f3d86bfdfc14a94e9760e77cf8be4c2976
SHA256470f3c32ad15846846b97bf7d46e1d30dba7fa507a1bcc83f6dfde06114efd48
SHA51233662b72c16fb62b15c71b5ae8c9e43cacc46fe9d9858f29ae89b33e2f3e46ad7969a9a70e434667f15c9e0fab62b34c8c1e90754e32ca6dd9d3d3f8eeaabf51
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5174231497dd840dd28cd39bf69d9fd67
SHA1fcc1c006ad57bf9d67bee5f22b9a607de4d8f264
SHA2568b09336dabd845a1b5680dc026654a3f4598f3936c1d84196661705173572e00
SHA5125552550de7169efe5dd032352829fe7cf889f5eb01a49c02c01c51dc060ac40ba9c9a97b9a7068e057b19c81b6181731cb25784292e75c41e5b0071339bf64da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cdcf929bf8f591a7d2b6b085c6c70ad9
SHA149b5ad5200492f2a1cbb218968d094c7fc999c2a
SHA25691653ba973e30e8852c5e29a80dea7834208c40d54b112c4f15afde191161ab8
SHA51275daca4ed25b752c27dd3f09d0369f4268f573ee1949579fa71e801ff4e87055610eeb08aa08fa37a4a056ae2b19077dabc0437d204cc18fef9ca9a835cac372
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50e4ebfb57820f1d7a073dcead67d9aa9
SHA1624a7f8ae0f2443701d817532b82df91eb6b412d
SHA2565e684c3a4ecd0c96ee3e340ea5e2434ff132e99ad55b90c8ce2697abe475d1d4
SHA512f1905b0f7350b8e77272e342b78bc4643ced8196ef43a3cf8d19f6b0fe5ab86df730818059e25d2752964dc2cb2c913bd7c47b90a21ed0d91731578a78d86dda
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57b2780cc24c2df3c8fd62cee622c8667
SHA1975d97e1fba0f56b3cc789610805025f548b7d0c
SHA2562bca5a672fdb9fbdc2caee996963a89d153d1b7686f3fffcdc9bcc860ee9df73
SHA5123a810b7ff6a69d046fe25655d161da97854ae42c78c345d1d6aa94ba5ab96b93a07eed8d8e3e161ad22554d9e8877d6ff503f8dda1a8856e26b0fcc0c6794028
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57eb0d1a61700aa87b812b06270108cb0
SHA1108f079db3f29714e522e75289c6798c4ec1b083
SHA25670bf9e6f89409c8de916ec31c18c45165a30d536521be9ed1ed9fb94dc059999
SHA5125252ba93bb2e833e60c5218d0e9bbffa43d8295b6ad2057df78a89d8f70545db5d1c04dbff4eb3367aad50ed8801cbfbcbebd65e1096854340e2a087be147ad1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51b2ced5bb811595ced11d762cd7b0ae5
SHA16b16735223f8f0706716df29b4d9c3c7b307fdc7
SHA2563c7a4fda44a365e861e575138be66f4b317280dda95021ac08cdf86bb8bb9be9
SHA5123a9a5b86a27f8dfeb7b4ecead9acf8cda1cfa926203f95754a920696ba4bbb6113fa0d8f363beef1a0867b6a6c8c10b3d9e380ba0c445ae44b61e7493669dfa8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cf17dc7abd23cb517c0e419f56a666cc
SHA1d8df903554fcf9be98eafbcee662704584d4ea05
SHA25600c3e124d728dfc84b9460d59c9e05124759a3de726726bc2987ff8bbde25e11
SHA512dd6ae16660ac59d4d44f194c29f8a320b46499fb71297425e9356afa2fad72393b24c5ba72c071f02e43909a3c7015acbc976951868085697641f24eadd5daa4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b5b155b2f2a9cc20adecaa7e976f67fc
SHA10de5378375f8f290f24bcf96a2d929dfedf53178
SHA256c89107c630e89b0d656ab9ccb0c9689985d018aed3820396bb349318e982e86b
SHA512c0535718b65fa29eae5eafc6cf50e3a2d40c7b933507df595a43431b05fa982b5c49394d01e63106d331f0744a5153b4fa0373a4b97789184fbdd040888e38dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5cfe377ce94b3d7db027fdb74d45d7d02
SHA197697b2fb0fe041d69e4ed68cff24f27477d1725
SHA256bc3c1c43709295d461240171ea76911041fc0d96a3dfbdb4bb62dfb48c7c50ff
SHA51255551d751649bd735c9ef42ff30bc55b174cf9b16cac315ba24f98162221384d2352fb6b1f6b5f326115da4711be5cb7f0e8d25cd7c9ee42b46749589fa19bbe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD59c27ae2ef5cabde6ea4009b1771aed38
SHA1c1c13db9caf5cf93a090637fd98b202ea6c30643
SHA2561d2ee6f636fc209f5bcbe3c104317cc4fb0db3396f5b6f98634b528a0f3db60a
SHA51227586666cefe5f50a30b3c9ed682f2727d4cfdbd9b62e6b342f2c9694549acde67479d9dc135ad2e29338e64b840941957565b6cc6bf805892fdb1bbf1cd68d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55faf517885a9b6945d1ef2c8a00bae54
SHA1730fcfd421cabcb7241ab32277b36f199a49543c
SHA2561ddceecbb2837b1db3fa701eee0b710b627fa222f2ce96a7a253bbde9f506f32
SHA5124f76b8ee259a87b8c3cc02da8badf4e5839403abf27bd42940459ed4a110fb3f5d08f300b096b7097e34a19cecf52e91111117280f3fb77ac5efc3d63ad21492
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD52565a68c5880865d69d8f33dade8e887
SHA1e357c4fb8d27732dd1a774c84918779d1edf1ed1
SHA25675871e74edaf3b17248a4291677ed04422364ee5c800e27ad56af6b0e359fcd5
SHA512e9101ed5e09008f50dfaaba61a0a0f6ed42eb2d485226ce8db7e63f70c8f0bec1300c36498e9f965b946f8dc3c5932dea49821d402bd442e6cb7417747a6f0df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD518865ee45cf3edbf2f1d50267de7d69e
SHA1d9af2ea98a0d945dc30d0abf4c210d0e0e70e617
SHA256c8f4d56a582a5e33abb29f8be0a48858a65a7ece8df5b29ac455e46e5eca1ea8
SHA5120a7cb086d069591d1c020f2cdddc1a338d75040b6aa5138e95121775e29052ca78aa7ce7fca3a6178f739dcc28f731a1a7864ac7762b623f9056a01f5528f179
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57421b91de2e557374d3ce81671133c4e
SHA12f22127d9c9dc4311807c02b8314f47ca4dd35c3
SHA2560fc24e7115250b4eff6744851f349a8b3a6b4f2da4ce7a0f1f9b5486abc3a481
SHA51235df3fba2f8ab9bdeaff5a1a57d1591fad56950e07939afa6e8d920a244b12d9ab696d1306d066f1af676260ea82fa521387824e8b8c6616c4aeb9d6844ceade
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5f6f83bef4b2e2717fa7f27eb4148eef2
SHA190c97fb0d6f66c7c8800db0653c614886d6c2f00
SHA25697fa88fb37f6afa48facf99d28defa9a27027d1227350d4f0a989694b87e0258
SHA512674735ba9a2545ee159b146ed94bc2beb8e7bc48da1f0130efc7ad7333818d9b481ddd5c1df74de098a78bd2026b58443a54c2043499103e09710d5f8351f5ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c66464f712ff88c4d3bca3bd2e7c5e8f
SHA1551517f98708e71ffd0963f756723255a09d7134
SHA256d2a949a1c6817ee482b8e27187a824174eb2101beee8c6b3e094e45281ff4427
SHA5122dd4d8322eac487698282853011a3ac5f10cb2f997970d93359fb3ff3ca5c58977aadf527ca9b586250a93444fcf9f97cc81faa1d0815a079c1d626c1c84207f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD57c831b22c35d1d73ef15492c1b778664
SHA154abc20485a9003cc34320983983d728a56cf0d9
SHA256b6c7217b21ea706852a6455e5b62f9a1cd7c4822f5b03d2797b344ebbe8fc405
SHA5127bc8a5624d1a30b31b974d29ac6a17a1344acb85300af776b3f23c471ef37c87262866be9687cb86af921ef10106a248347f29046837e252ea064da85176d727
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c42c6f62125d69c2be5b7d826c6b18b9
SHA129282bf9fafe7a8ea27b9ed05986961d1472a3ce
SHA25638e78e7051ee0a0e16f423ad1c1394076d94dd2b08a20728de9962f70d7ec4a6
SHA512f4076f9071dcd09cc58f80a3361946ea9f82676e4940653d97c29c63fc3caba8cb66e9546c49a38b1ced2237bc508dc8624a1be471e289c33b615452dbc160d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55099173eb256a4dc2177119602183061
SHA1767432f3cbbff88fb6b73492356fc1cbaa8c2be3
SHA2567dd60808efeaabe4d2a253bf246eabb2770fb806a11e521870f8bb79c3f58be7
SHA512897a371a49a7ec81054351d15a02f879c1be3c94f615033e21d72e9f73fc69041971303f7a857dd429105a19535a1d3cb7b0d79ccaed53ed1b727a5ad7361ad2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ed94d3cc3eba1f02bba7a985f06e7685
SHA12069d7c4a5806debb5474fe4eedae0104885107b
SHA25684c03e2fd9f78482496b59738454bbc90d8be47fd684b06c42ed97a690aa6be1
SHA512c82c99d2c2799924478c44ee0f1be171093781b1814d75d6b9f01c02f01a77bddcd618f60f9c03ce573ab6d5d1aa95e6cbb6c6b1446c4c5376f30b577ed438a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5650923b8ec6b93fcf5e85dacc54b20a0
SHA1c561848e8a73f640b825e4134dcc3efaad5ffd08
SHA2562c49de4c45f63b25fec4962707918c9b76e4c3a6f6be2711fdb17eb0aa193127
SHA51226cbe5be90ded52bbcd62252a012ce0547ce17fe223ff4d03233b9ed62c38d57bcdeb9fc7a3aab508d07ac5258da272f6c151f1e1330b960ebe8ae81d2120fbb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5841924a897ac3cea9b0770c22ef3c4d3
SHA1b485b8164f1a89aceaacfa46c2fd4ea39c4fcbad
SHA25692fffde014b1efc0a42d0cffa789b5a880823c19e97641d24bfbf69d14abf6b9
SHA51242444783d1e64792ee7ac2cf68f0b83d35e855cdd3a936a216f1795910638d77d9ebf706a2115c9f818ca6a00678c5ed76e31c9431ef7a94e289f6c52deac2f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD564ff8d6b11fa9cb0bfd167879b8aa00b
SHA16b3a11309695e7ad5de8693a056cf040ce0f029f
SHA256ca9f1f8714ebd444c3a4d6b4dfdc04ff5e66f04a89307282b259b38c53f7b999
SHA5123d8ec02e69d91fca1561804fb0833f722774edd0d40a377080feff2a034597ddbaef328a81948253132bf4545a9269014cb8e0b2774b46435a22980ae6cf20fa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c497b2fa9dfa2fdae24642c43d6567dc
SHA14d969de7803544c2a1a549c8758523559938c2ea
SHA256b2d8aa797eca8661c58f0927afc2d6f8f7755117e33a47baef06ddcb72890212
SHA512e98de89192ab240ff395f42104e8a79ed17ea86ac4ed6484326161d67806fc89c6998749d1887030a4c3c9570f4558923334cf647cac641df993983c736223e1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50b3c7a008c5b500514e43c0255f3bf31
SHA143abed3ef5561f3d22cab6a591d270903f0ad959
SHA25600f526115f7854d24a63200507f01ede10483bc7deefc52707f438fe67d305c7
SHA512aa9e487c799d0a180d8778a91e60af3fc46b547552317fb8007b850f8c99600009e2d610b45e01c89d9be85983929a994d7f4d643abc6b07036470c56409cbeb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD51535805d0f95fc77b4939249ea6db3e5
SHA103e30153e78fb31b859416668a28cba3f76fea5e
SHA2567c695c594e9b962e14073adeeb25d28eb46a5fff8d327a6407933dd240024531
SHA512a44119cd61335300f83cbff25e84b43080e74c51b33e3555bd8d10d3afcc1c9c18d6074696d3740437100bbfaccf26190212b56884523218b9fa40e75f25e7cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5234b16a847ccf0a6b05c1f8319827844
SHA1aab22241cd8abc1d5e12c03e78d9321a51b30b8e
SHA256918e8e60ee7cf66f2acdb562c82155eab35b4e4ced9cb0dc13b185474ef81da1
SHA512f51374a725809b0f210dd5584ad78f244f7416cad6dba071e7c6d68d0f6a4139b9ee10ea77bd4ac5cf94a293e12534fcf9431ea5f550822266acd273231fc102
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD582777964e23006bf07ba7cea0e3d1342
SHA1c94839de948201aef073f8335b5078eabe56c9f0
SHA25617860babf5835a339a4ccdb45d1e54d4784ddf89dd1e8df42be493086dfd0d3c
SHA5126f574769d88e5d7fbbc4e697f50b85aed376d0a14142516f616dee9aed5170e0f099753eccfd11595232b32f645a5e09b576cf2ea045684162c75aeffc3a6de6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5c0cff958aaa80bfb7ce1591e950d79af
SHA1e895c825aceef493c0c8a428265bb7b0aac169d5
SHA2569a2cf9b275bf86de8142e1fd2f4bfab595167b6046000a78b2f0d2b6dc12e900
SHA5124a2a674ac44e656a22325f4651eb17a24b326077feaf5d52b3565d5a44624b0adcdc2927f4d3306f57ac5a6da72746e4deefec3ece6159216b4c0e5749161965
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a667fa7ad23899714aeb7fe3ac59a876
SHA15292fc0b042c5f73b3498aa3739dc23a5b4af843
SHA2560371bcd6e51a82f2a988d3db72e804f5d76a382323c053588581f2bf32c24fd4
SHA51219eee687757feaa780938cd79169226ded7e47013f79957ad191ef67010c38b2ece86bce3924c6d52f7ca9db088008bcc89de743b1f201251d13c34d298cc1f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD531e0b0fa4bb4e2a9fe6c905e22538947
SHA17ab6467fcad8a97e040198d8e16c1a2a5064d030
SHA2568b2e39699fc65f140b0024ed78ecb67c06127a8a5bf91cde7dab01fef8028f3d
SHA512ef4b1796f66d08eee84244aa3b68d09b870897161955c9bf94bbc7bd4996243976326df03572927a6fc42d27f4438c2f636f230e43ead3a98ce90d571652e821
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD534bc98b14539842c9c5e360ad5fb56cd
SHA11da08f1dd32092722b85c19c04ef3d79543bbaca
SHA256be2d67ce0f333cc6f99cc5b77493aaf2e95d722db0fb6065c1299f05b9409eed
SHA512a4243994475979c39ca07514f37f5df74742e80e9a018bf3ea6cb77db6872f11b64ce0adcbf6a57faadaf8275f06eedd96af06ba07bb9fbc26704b5b402f5f0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5b4ac8afafe13e048ce3c0a8d46c4608e
SHA17e1552d236d0f0948d8228c3c0f8a26a3d6b9e53
SHA256b1e0dd6ac95d4c52f4916cc62232f727b1e14d135770f27f69aded4c6aadf0e9
SHA51246fa299a458a251d23a4a0d594f57df50d9320e37e6cd071832f8489eabd3c614bad6aeccccfcbdd2634546effa513852bd9c9169fccfc3be30685ecb153cba7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5987a1a421f8290c35469838d0ed4d66f
SHA1f2409de5ae9ac00f738bf0829f681593f371f8ba
SHA256dfa09c761880d4e6dbf09369175ede299a446cb37901d23413816dc6ff86a4c1
SHA512504e492d259b91a25f86de4584e4a78852ca1de9e6bc9895ea74a49273206a605b4b27fe9aa709a4619c39c636d8356d877b4188a96ad5af35329171dde58e55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5bd1361b8069cdde68232bfac5ee343ad
SHA121bac084e022b1d04266acb27421e3c5fc6a4364
SHA2563cd5ca2f6486564f804e1fbe4939ccf47e8a75498f70a1edf5de2f9c62b7dc04
SHA51217d40699ebea2ced662c566014e4d056453ad731e93ccd8a46a9e8e128def609dff6bc9c19b7e2194bb3e09d65c280c060c6d90d0c45a0ff01994e98f0264bef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a2a29d2e3cf7e2490a61be7546ffe991
SHA1911f08ed6542e8320601a55552b4fe1fb212cd5e
SHA25609dc538f94d750e4229eac6bf0b55594cbad3f11bb1771ef01b90e4ef7a1a113
SHA5124ef95e4239ac151d28149f9857db7ab50a032735c776a339b6c18ded180fab32310b0f0b24d6d1fdb21cd6699692391c70f05f25ea386168a92c05b751dd1580
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD596a6703d511faa8f35c2a8962ef89b52
SHA18ff7babad90d2324c2a0710be6d108bbc4917153
SHA256b682e4734892bad8f2dab194cb6ad8d6987bba1e9b40926e7d5c992378d968b4
SHA512f8533f2a927999ced8efed552bbead9d48c761118ef9a0168e13a9786f9d04707557779327aa0ad95567637c25d5acdf2ab0e45c8f7fbfb0e878e616facac329
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD58ff177cb77ba2c231eade4da950c2160
SHA12b55b3b11dc8089f133a7e37986e5a4029fe9f70
SHA256fb01d0db27a8ffacde1cc88338d5815af22b2179c143fde1246eacbd39bfe047
SHA5120071b285ef3fddbc8af9891193131ab6ebbf1c73052d1cb860626bce17c0c816765a705fab180f211dca4de24db250b89fd255f9c457de4cf7682f4f91bb4256
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD518d7a8bcafc21a3570382796e22174a4
SHA14fb12fb470713671e1471281f31672b48360111a
SHA2560cc9369532c15876b7ca150481dc817850f5859c80954b8aa756096fe6c77e54
SHA51257682c8dff84f0ec5f38ee9308d16a27c1ac3414d0b23b7bc4c73a09673fa4cd7b48a711c81147fff56f397b89845838c9d5e125f1f0e5636b62fd2d5dabeec5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD53deb30afc682f46dd4a0bfddde55ea24
SHA13739d912cf9d1c8fe3360884c93cd53aa1b964b9
SHA25631e7fd555a0896bef34a9570b4bbf38f32699f23020d0ce5b66d3086563e9ff1
SHA51290ea9f28dd45e77dc6d6cd10b806009d17fa840c9dc6a46a546110544e4896a6e8f630f285afca19cd86402a2e33d9694ee2eb9a5f4802ef287a950bd6360ca5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
Filesize242B
MD58f33bb17d8e8e21e0767aaeee7a560f0
SHA147e56b352ce7f37b6ec6a554aa70de09239cde3b
SHA25602f21541431c7c0e5a6c823c4ea823caecd6f6923ad0e393fab75913c04e683b
SHA5129eaf9a95d5f4f32241b373c8eef9f09c0fdb6cd802b80e94a924b1a58901de6c382464f09544ad0357e4c2e14272809fe2501f92fcd21c7b5415ef8334cede6c
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
33KB
MD5e0054e2ac3a292af72ff3003e85654b9
SHA1ca801eaa8f23dd12926597cffd8ab400ba4ee5bb
SHA256348ab3978d57c800329564e3791321b09dac5f3f2ef18487a3983abbe7d557e5
SHA51236ac8161bdf4a5198a24c145f151bb2aedde98893d0f487169062e98a890f5d6af820f910f21a0df40f45475f3fd9152d5198adfa98c1d68ddf83988896d3f63
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
128KB
MD5d83f5de2a44690b838848a23ac690d11
SHA1e6714015b471d187ef9bbaff5e2bcae73279f072
SHA2562daf82f3f9aaf6fe15dd35b7bc4409107b9a6bd6a961574f2e9a65698cbc902b
SHA512d4766862dceb599816754374dbd37584f986d34adaa49cb7fd85907dd9d118a4caff22c4e6300100d86a785f169d03229b7cf013745bbcbcf076f479a33c582b
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
28KB
MD5ccf182eba517015b532f6f9a17958a0b
SHA195b431a3b0831c063651726fa3e11dc94c5e81a9
SHA25650689921dec5daa501017f897a08d1b39a9ca2a95cb8ef53b60fd1ee0bbbb9ed
SHA512581f833282544f223374e7e3929ff9aa301329e9fa4318c627f474d6efa7adbc699c3de5f28b4e7f69a8cf40eb535e310178dab36937fb0e0dcb1ddeb414f9c8
-
Filesize
7KB
MD51ab8283399cba15c5c30501f7f499971
SHA12bf6e46970ca4051b92affdccf3bc98dac6814e8
SHA25648f6c674042fba7e279a55229650de08d6203678a03e5b6a24165feca081da6a
SHA512ed14c06647f0a90da4b6d7bdebd22db4275df79eb9f1790de1595de99c1bc4ef3930a26a2acb5c50dd4a56437bc42e375314d9bbbc2ac2f99f87e6c04efc522c
-
Filesize
2KB
MD5ab67caa6a85970e1a35fe188e352759c
SHA140a519c48a48fd1c7fa39afeb09c9c5c6144944d
SHA256142489f268e0bd0e2b4a9ee4c65a3468d25ae70befa1755241140e1e5816ba59
SHA51236889e628503f691ecbf319bd8bcbd65d49fc7e4d3379b761a1db588acfa1d5c8e08e7430a08d60e4a7415cd343b36a776f19b03ea7ffa73d80b64cb251bcd7a
-
Filesize
2KB
MD5cbdece01ecec2dd4d1fd94e0fd4ba6d1
SHA1fc037e6f82ba245decec59a56accd38598509de2
SHA25677c7b5471eee0c4cb2ba95b2ab26c963cd1fff4318c0d59d766476863164772a
SHA5120cb07070aea6f2a9acb5b7b2296c7b0b213807d92cdb09b99a7bb29c4b6014151be7e7526296ad6c7bb072517d4f2463b68964bbc397bc3c72f45145ec8c0c86
-
Filesize
1KB
MD5ccd991555ca65edf7d26dea931d2b294
SHA1637dbdbd53b24937592da72c84fcb257e9b7c77e
SHA2561096e3e23080c7a95de5c52822117c352e7139e20aa9fba44fe96952d65e050c
SHA512ef128f55ae1efdcd9e3522a208d854708f09a2191cbb1fe63790184b4859f95b90cc85717d3fb95dd7647e1403b30b678703ca462ff3a9e286d74b9d22c35219
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
57B
MD558127c59cb9e1da127904c341d15372b
SHA162445484661d8036ce9788baeaba31d204e9a5fc
SHA256be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA5128d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a
-
Filesize
140B
MD52dee85ac19aebaa50662a4ba424441af
SHA1d0b03e28e9a14d48a1a9b206e92dc1bf1266328e
SHA256dc4d87159e452383f6e39c1b7dd2830c69457a547565c43cfd9e9b86f336f336
SHA512651d95e57716081376c14c26852e01997c77597da0e0350620ad4cadbf14f0a02956d7b3e8cbdf52a777b64f7ef7db63066791e24074d5e5b57a38af2b7c6a6e
-
Filesize
977B
MD553316bc0c42b9d65743709021f1d03c7
SHA144cfe377bf7fedee2ce8f888cfacefd283e924e6
SHA256600d914eb6b9ffb387be5b7300ca138192a4e86c4679c9bff36bcf0364e74b36
SHA5129b390f6d7955413c8d63d02dff6988442cf78bbfb72e12f7deab56b190c1a7f455c5af3344ee5a1f7477d383c24e567af4fb7639ab6d9f014935418bf1cf00f6