Overview

overview

7

Static

static

3

b8fbc5e6eb...fe.exe

windows7-x64

7

b8fbc5e6eb...fe.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

Salwyrr Launcher.exe

windows7-x64

7

Salwyrr Launcher.exe

windows10-2004-x64

7

d3dcompiler_47.dll

windows7-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

locales/fa.ps1

windows7-x64

1

locales/fa.ps1

windows10-2004-x64

1

locales/hi.ps1

windows7-x64

1

locales/hi.ps1

windows10-2004-x64

1

owutility.dll

windows7-x64

1

owutility.dll

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

resources/...ct.jar

windows7-x64

1

resources/...ct.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-01-2024 03:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Salwyrr Launcher.exe

  • Size

    150.5MB

  • MD5

    358fcbfda7fdc5e8966be81cd82e3fc9

  • SHA1

    1ca3c9cd0e791c82f139c543449630653447c33a

  • SHA256

    bcc98408be7d77e03ca6fd8f1e7e01d30f3b55e3bb236735d514037f6b2da53f

  • SHA512

    bc26f6e9395386791a7438e2e2f25644029584e6c318775b20cf8f13d268397b6a0e2f6ad8b2ccf726dc8a1102c6b08cef9a00fbd83855b65b0626deba009956

  • SSDEEP

    1572864:ZGdFYlhnXsryUGmVlsdBbd51I8udcDs/VgC5daNcBgBTIWfbgrLvNc3xhRsOmpe:nlhnXr7er5c+rp

Score
7/10
spywarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Modifies system certificate store 2 TTPs 34 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"
    1⤵
    • Checks computer location settings
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4644
      • C:\Windows\System32\reg.exe
        C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        3⤵
          PID:3956
      • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
        "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1764,i,14182171873372363772,1247881507063017176,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        2⤵
          PID:4804
        • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
          "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2344 --field-trial-handle=1764,i,14182171873372363772,1247881507063017176,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
          2⤵
          • Checks computer location settings
          PID:4260
        • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
          "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=cs "--cs-app=Salwyrr Launcher"
          2⤵
            PID:3424
          • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
            "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --mojo-platform-channel-handle=1836 --field-trial-handle=1764,i,14182171873372363772,1247881507063017176,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
            2⤵
              PID:668
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3740 --field-trial-handle=1764,i,14182171873372363772,1247881507063017176,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:1048
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3776 --field-trial-handle=1764,i,14182171873372363772,1247881507063017176,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:2940
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4240 --field-trial-handle=1764,i,14182171873372363772,1247881507063017176,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:4304
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4260 --field-trial-handle=1764,i,14182171873372363772,1247881507063017176,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:468

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
            Filesize

            330B

            MD5

            4697ea167b742300f53127ea46ff2f79

            SHA1

            767be5732a8c3f6e34a30015c1e48faac5cd242d

            SHA256

            d6f5f7cf2eb27e43fb4fda44383f688632df1f8e0a9cea5fd783de8a8416c2e8

            SHA512

            5f246596c9e0b1a6f658b2b1dd9533a840d37b774052e82522316095cd83f5d7949137e35694b43992b5e8fe12d2a2d9575988b11a3a6e6976f5dbd08d5259cf

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
            Filesize

            2B

            MD5

            f3b25701fe362ec84616a93a45ce9998

            SHA1

            d62636d8caec13f04e28442a0a6fa1afeb024bbb

            SHA256

            b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

            SHA512

            98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000003
            Filesize

            134KB

            MD5

            4a6e842370c80f25a98da2b88dd12154

            SHA1

            6503c438d60115ac4f7916f3263d9bd9f1b8510d

            SHA256

            81a85510b46e0c5cb22b54b008abfd19ca3c030b58cb6da059bc5da26391fa61

            SHA512

            4f12ad69ee857b2564088ddef80695d9885946681d3122780d265f3514888a33008a51b196ae68eedd2433417460654ef54c48ea921f7692e817f51c25f925ec

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000004
            Filesize

            64KB

            MD5

            5cfdd85c58be77f74ce5ab3b299ce8c0

            SHA1

            1291f52dede5569de68bb3ab3472adf3de11f584

            SHA256

            34a6d682a5098f0f415b420f49a440915480ffc65a31e60c8cc550795b1479a1

            SHA512

            302b254822fdf8548d9691d98a23a75a17d0b6b37972f9de7d68c76845afd564a182c776daacaa46d308b857459262e610b407bcd0be9359ae366a8483a93d6d

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000005
            Filesize

            17KB

            MD5

            5bc83cf9db0dcf2947b6f282e8632e71

            SHA1

            c40b251d27ef243a893cb0e2870d0148e3575101

            SHA256

            09070b9fc1590e571e3a1d01a23b3743990c2479719b854662f607cd6e89a726

            SHA512

            744800857adedb03ba629ef65ad57d195a857b4e9b0cfd8f0d63a07c81ded0b2b83349a35bc36630cf21ad8e8aaadc6fdcd9f154ad9d62f3435f0d6c0007acb9

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000006
            Filesize

            238KB

            MD5

            d174a426d49d1f40189e724647d0c564

            SHA1

            99a53f882bd3e2f63ccc7872e6f5d6bb3e7e6eb8

            SHA256

            12fd958d3d47b563283a74c4ede4eb2f6e3f918f6b7c8288066b981498e6ece4

            SHA512

            d17da5ed05db84559e45685d0266857dad38069f34bb0b18cf8982a29fdd5060888629c5034e68e8cabed0da63a373fc2b9691dcbf830581649ef52ba8438c59

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000008
            Filesize

            33KB

            MD5

            e0054e2ac3a292af72ff3003e85654b9

            SHA1

            ca801eaa8f23dd12926597cffd8ab400ba4ee5bb

            SHA256

            348ab3978d57c800329564e3791321b09dac5f3f2ef18487a3983abbe7d557e5

            SHA512

            36ac8161bdf4a5198a24c145f151bb2aedde98893d0f487169062e98a890f5d6af820f910f21a0df40f45475f3fd9152d5198adfa98c1d68ddf83988896d3f63

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00000c
            Filesize

            70KB

            MD5

            93c077f21b5b850d9873165d519cdea1

            SHA1

            160eb7842392924d19abd1cdd56be4b09648370e

            SHA256

            9096625ea3c7c1259d9e845eaab19b4d8d83c2ad2ae6cae06124273aed938bdc

            SHA512

            6bc1693a785ea8f05a18fb8f944b758c9ed8534247db071c471b613f019373a0bd83da5fc92e5800066b46c6332f6a4cdeb5e21ddcb5b0ac9bf1ca1b996841cb

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000010
            Filesize

            27KB

            MD5

            b17d8e456d36586fbe2b6123d15e8f60

            SHA1

            1c6274260ae8b7745d20729057c2d74ecb4e2dea

            SHA256

            12a2697430421343a9c0abc73224670bc4de0b85beb4f43e2b89bcee94c43b7d

            SHA512

            39ef193106db901af5502ed329af92ba3bef82ec3c65a97f4c1f66faf33e9bd5d87ef848eb27ec92ccf0bde024e32c3a31da1e1b354d07761866055bb0bb9e5e

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000012
            Filesize

            16KB

            MD5

            89a574ff00e6b0ec61d995d059ce6e65

            SHA1

            aea09e96808ab77165ffa712eaa58b8f056d0bb6

            SHA256

            e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

            SHA512

            30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000018
            Filesize

            19KB

            MD5

            2a315d77025584b1d21d525946437351

            SHA1

            7651ad2c304a1021c5520a32b0e6bd90dd725872

            SHA256

            11f4cbc8d914ede9477e8e83a95c1a880d7ad867d72351deb778463c49f2ce85

            SHA512

            73174e11f9073ac9f97abad6546171b02fb5246b0c3ddc99279a8374da08fdfebedd9811c8bf9903e658e04eaf5c56e984ef9bb9a126c2a77aef89f8fe8a3831

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000019
            Filesize

            29KB

            MD5

            d453eca18d366c4054d2efd57717cf9d

            SHA1

            c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4

            SHA256

            be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc

            SHA512

            a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00001d
            Filesize

            38KB

            MD5

            2b7ec9fe5044c75348bc52964bf50b78

            SHA1

            039e784c53ba423877c5c845ffb044abbf4c110e

            SHA256

            71c9403962b1f930169325d2c812125a0088d2a695609486bb6f31185e84ff97

            SHA512

            92cb64599e198177093bda32e1c962fdccaa049d9875292b97c6b014d0d0afde750dcef27151751dda3f8639df41bed611bce7816c04d4e581b17b132d169016

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000021
            Filesize

            16KB

            MD5

            9c6b5ce6b3452e98573e6409c34dd73c

            SHA1

            de607fadef62e36945a409a838eb8fc36d819b42

            SHA256

            cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

            SHA512

            4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000024
            Filesize

            28KB

            MD5

            df0a1f063e7b1c981c8a0f752ae8e2a1

            SHA1

            baa217caa8aab5da8d3c23ac8486dd7a4c9367a8

            SHA256

            11db35f7ccafdcbeb1ccb7eadb329192171479feba06cd22879f9754a8ee6727

            SHA512

            0e107aa5119c36041e38cac5211c618666966000cd354184171193bedf4d647df5ba41b56f76bf28844fca0e7fb4f4a18f9b6af6e33217ef86e335648611084c

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000028
            Filesize

            107KB

            MD5

            11b473f6a883a990d30dd0c3144f925c

            SHA1

            96922bda9a9e160bdac24305f11347ee38e38d80

            SHA256

            ecf28274215252f01f5dbd261abf11c100a421458fd862de364740892fd6b7fe

            SHA512

            3cc89239edfac96563fde7aa6179fa8dab0baa4ffdf527908292aaabaa15afb5b448abe67f93f395fdc9ba549640d4694e437344f69bafbdecb1fbb5b094b0a4

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\0a8efef36b8dbe95_0
            Filesize

            276B

            MD5

            63846713a18001ea74fd44d45daa848e

            SHA1

            fa9a52a5748d5ae8e21c426b18b225df0a63ec7b

            SHA256

            cf8534320428d57ce92c4a0f95ad2bdf690de2c9217f584679f847a89f05c9c1

            SHA512

            07d41fa6602a08ae6226a154093e83683aa5455102cac09120c9ed8219b358f960211f5cf99c853c4629d31bd43c1cfc7b9c790468c37853fa22c36fea39bb03

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\1c3acc9ce546625b_0
            Filesize

            257B

            MD5

            01fe9df7c0b3c369e4ae20a943d914bc

            SHA1

            c705b8a2714e7f45fc25fe96e21c05ce6b411b7d

            SHA256

            1853bc8f5dceec248836570fbd7ec92460ee887a175db636806a8b653212a1de

            SHA512

            2940c0c2c1f38b29764dd98796146503f5498d36f40aff04d7a112d191a6f5787a71d20e32c758b6be2f8e67d8f000035a4edb74c684152554f4c519702c8711

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\1f17acb14d350791_0
            Filesize

            40KB

            MD5

            0d41e0c876d487e602d075c857b70624

            SHA1

            8e7a85f478754019cbdc990586da45bd4d3a3229

            SHA256

            94dfef7f1d58887e7fd4198a255924b6851bf8154d89447003c8462edf7e59cb

            SHA512

            ee22e58a52eceb2b6ce7d35d095846e081439fda39821fa327373d581f7e2448e735153d3ed34dcbe7098b4f0aa26018b87cb6ee1dbe74853c9fbc2abbb03550

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\236f2b4e86831be1_0
            Filesize

            374KB

            MD5

            5b67fd2d1b5582a4b87bc3c5c26c5519

            SHA1

            9222c2abe984c8e613e1df54e3136c3841dd8b9c

            SHA256

            6d445c96c9eee1ede267a95a75add055f83ecf5ffc018639a06d936fe0da64d9

            SHA512

            abb9930b77cc9d687acef834d5bdefead3b8534c349ea228f43b378ed7d3ec78dd89a946bf8aa2269b052731eeb9b3093cd929880f3f2de06d4f47abb5ec6a4d

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\4698270287f4a1fb_0
            Filesize

            39KB

            MD5

            88d69a7c1a5a07aa8110c5590eb2d068

            SHA1

            ca1b08bd3f6965c547182ae43a2abd6368632b3d

            SHA256

            d4c9f11b628c654d0ef7bcc37f351057027ffcd939a400a7de446773f045b275

            SHA512

            54d9b3b55c6b6c4e6d44c530530d9e0d621d6afaa7dde33a1dc9ffe15ec718412f1c5160fbf53428568fbf0c7f9494296cd886b147ef320a648e184a485f5b35

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\87ca590fd06c4444_0
            Filesize

            273B

            MD5

            6ba3c6e3d582329accb08180074df363

            SHA1

            64d718b6352efd58e55322de58dfb8bfa87684bf

            SHA256

            1617cb54d70f0c5158afbfdf3f4fdf672a4285dc3fdddd562c68a6f24678edc2

            SHA512

            3e4c6d79c6994eb2a3af9a5ee01b02c2820e7f72fa8d246391b50aae590b99e3a9cec69a9bf74e45a156ba12c5a468a8a08bb4b4944e94d4e0da405b0fd7220a

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\ca49de8fa0fe7124_0
            Filesize

            237B

            MD5

            1b9828ccbd6fc23d06e4904d9cf733c1

            SHA1

            ef1462f5254093d846ea7bbadd7269a7245121e5

            SHA256

            82bbbcfffaaa78bef10926f94498fd531635cf07be961abeef343d205664d5b2

            SHA512

            2f4c6e36ba1d65be1f1a6d63a4f27b4dfe73dc71b3e685ab05f40b9fd9c3f382aed6c2986f02ead1861057ee12f8545d1c07ce5def7fd57cd013e041a2e1b8b9

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\cc819840286d7ef6_0
            Filesize

            737KB

            MD5

            3a5b8ae272835ed6b8253a2c0d72c96e

            SHA1

            28bb9a03ebdc39300747eddba2bbf69505621418

            SHA256

            18bf67a085e149c2c97747ff3fcac72770436ffddb23a0c0196bf05390775185

            SHA512

            bac1a6bfbc225d565bb65082d6e2df50ba47c3f5fbdf776507ae7799d123f8a1e0efbf50149bf5ca37f9a531744b94746939aaa7c9bd5893fbc02d7ddee13f04

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index
            Filesize

            2KB

            MD5

            14b6fc84126e8340ed93e2436529d9ac

            SHA1

            58dd975b6ad6b2c36e3462253fc162d5779160cd

            SHA256

            a8d46041934077dee1b8f078492a0330c776115dadfb008fec75f01706f16e7b

            SHA512

            19bfa144d469c2186e239918af4a4285909874b64ac19c6d5429860c8934111187dbea2de706dbdc8b45cf136bd98b86b720f60761a92094d9f383e8a7999b06

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index
            Filesize

            48B

            MD5

            d7699368c139b7b86eefdd58bca92f0c

            SHA1

            8a81ffd61c4ff456c953a1da73b2215d43a57006

            SHA256

            ed195ce330185a92c77d3d49c5e007c9dc99bdb8b56f6694fe8f505e3c9f51a8

            SHA512

            8c35c69bb658f4ff597a5e405f7fc5ce304ed2a8cc893c0058ceecd51e99df246c65e9a8a4dcc83d95f76b86c68ad9ae6e3e5a213f60930a638100de1ae2d7c2

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index
            Filesize

            2KB

            MD5

            b4f518b353e71dd66a41e33edebf3225

            SHA1

            1246171ef830b7ace70763ab000170eb9a71881f

            SHA256

            15f0fd9f0a99f10a5a4da27fd89b9c7f72e9cc3cc01a0dc66e68e6aaae45983b

            SHA512

            0734c923016250a5579d8fc030da4038e9d93ecfddecc21c0e338411cc849f9c25aeb835d4db5dac566b64f82ead719b6b7f442871ce47ef86674fbbeffc3457

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Cookies
            Filesize

            28KB

            MD5

            06c95a9bf2d565dab8cdb55e39cae504

            SHA1

            ef3f0b67a3a1bb1d4dbea39116f27a728c598e51

            SHA256

            4c3555d6e92ee558d7ba20bdea0da9ebd50730386eb94c435f5a4d8d4c5b9986

            SHA512

            389a4b048b6557173242505b2f721782256df5db738fa78549d6a37d07d14bcdffd8e0acade5f3df8526b19a9467beb2d103f61dc52bb2bcabed8510290e83e3

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State
            Filesize

            15KB

            MD5

            935a88857c7419fe1be27e067b9f1986

            SHA1

            135b8d3afe46a9f23a023b19a7a7fb300dac93d7

            SHA256

            6b29dda82ad85a88b0b4dc7b7113c07a8fdb787a46b52b72ae4fb946b694aa41

            SHA512

            7f6b80dc2639b2fe56fac5f72b34d633a2628417098fd6c37ed06c6edd0ea6ccdd31f3d3802e8facb233a92747707749685e9239768b51308c1a66add4b574f2

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State~RFe587635.TMP
            Filesize

            59B

            MD5

            2800881c775077e1c4b6e06bf4676de4

            SHA1

            2873631068c8b3b9495638c865915be822442c8b

            SHA256

            226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

            SHA512

            e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            4KB

            MD5

            4847a4917792ddc437b7ac812dc34094

            SHA1

            48eab1f2ce1c36087048395fd669e685b066e9b4

            SHA256

            53c63794ead6685ebea3d4807293f3a381341cf2d99a44eb4357a1eeb15531a2

            SHA512

            3cab60511d4d633d119098775038e7d6b8ed6f9bde77398e71aad8072837006b7d549bcab6a1fdecf8ab7f50a41d5007d626e1ab2c82d7ccd658453e8681e19e

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            4KB

            MD5

            70a21789232dbe085b7ff3e704b74db0

            SHA1

            5d188fb2306ea5e6e5979652e48f86276c11a076

            SHA256

            63887c9c5a98000f8cbf2fd2176b8fc56c195d874e4f5484692fa8aed7b1421b

            SHA512

            86fb2def266128ed47f11dea0b5e95699a155510271897205d5577018f9d030f31d97b19cbc413ec46366ab612af7142d443ce5985b19c92325b967371466e4f

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            4KB

            MD5

            804fe26fcd198e83c20a82454c3db845

            SHA1

            427bc1f00d3dbadb53765d92d06a5f703915fc25

            SHA256

            62c45f19c558f2e5b59a1ebd9a39be469e45954135e774ca60db4635032a2c06

            SHA512

            c62cd74c43799cc4f078c7364f65183ad60143e5313241be0af6f540c6edf07712a63ccbfd1de9ff76a361d544b3acb0d775d08046667f86b6faa29a942700ec

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            b6bb2d5909efc07e91a6d045e9866ce4

            SHA1

            052789d73be296b39d6f2294d9fc0e43181e9336

            SHA256

            bcb7d5d056a3a6ee84c603c1dd4f93ac9229a104fbd4c2785a8660aa1b01d144

            SHA512

            35ddfd1ff23a8410de5f8065514275385d37b0d0846ab3ebdf36154030d5969b300db7a9c4fc2f61a736c8fda0e213cb6e4c8910d33f60fe77ba5b32403752db

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            4KB

            MD5

            211741b5614404c658caa511c2940423

            SHA1

            a087254b16c19570c63ebf08e1b024564c0a604e

            SHA256

            04ed7d0b0b3e5dfc4fd3025d765c438348bf952a63a90bb1ab78041a6dbbe0a3

            SHA512

            a12ca57df9a8df2a5aa700253da0e5365f7894f69a0c5e655cc7ece9ba7d1bcb350a62b632339ff73fa2a327bf0124041231d92569b563e73b9dc84e24b94963

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            4KB

            MD5

            1d29244c63ee0ecb1ba48eacfdea89d5

            SHA1

            6bef49ce4ac00288301033b7131e03d428f3442b

            SHA256

            e7253185ecbc30a34e681af7a08ce32c53a304850db4fad75d6ebe9a50c7d27f

            SHA512

            0f7a6e3c8b58378aafb1ce201b2174c50b3ea25455dd9da9bcde15cab6b2d6277ed8a61fd3412ba39999918517d0b877ae1d4bbc29645cf57fbd42541f9205b0

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity~RFe57b65f.TMP
            Filesize

            3KB

            MD5

            6e900d3c969e3f8a96c252d2896eee92

            SHA1

            60bcf7b2794bd10510d5fd620a2cc53d1527eb76

            SHA256

            c465dbe4933532e6e271c8ffa81a7f895432379f8c68804e1c706a1191dfa59a

            SHA512

            cd94906d8bd88c4a710641eb5cfd3b9b1702db60ea1e9a41d402befc2158c4b9684096c7a9ffda128133990ce76a899054e2d38eea6daf436f3a839d60ba88f8

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Preferences
            Filesize

            57B

            MD5

            58127c59cb9e1da127904c341d15372b

            SHA1

            62445484661d8036ce9788baeaba31d204e9a5fc

            SHA256

            be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

            SHA512

            8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Preferences~RFe578e17.TMP
            Filesize

            86B

            MD5

            d11dedf80b85d8d9be3fec6bb292f64b

            SHA1

            aab8783454819cd66ddf7871e887abdba138aef3

            SHA256

            8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

            SHA512

            6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Session Storage\CURRENT
            Filesize

            16B

            MD5

            46295cac801e5d4857d09837238a6394

            SHA1

            44e0fa1b517dbf802b18faf0785eeea6ac51594b

            SHA256

            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

            SHA512

            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

            Download Submit

          • memory/468-825-0x0000010D85BA0000-0x0000010D85BA1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/468-816-0x0000010D85BA0000-0x0000010D85BA1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/468-828-0x0000010D85BA0000-0x0000010D85BA1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/468-826-0x0000010D85BA0000-0x0000010D85BA1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/468-818-0x0000010D85BA0000-0x0000010D85BA1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/468-827-0x0000010D85BA0000-0x0000010D85BA1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/468-824-0x0000010D85BA0000-0x0000010D85BA1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/468-817-0x0000010D85BA0000-0x0000010D85BA1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/468-823-0x0000010D85BA0000-0x0000010D85BA1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/468-822-0x0000010D85BA0000-0x0000010D85BA1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1048-89-0x00007FFB96D00000-0x00007FFB96D01000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1048-403-0x00000156F5B10000-0x00000156F5BAE000-memory.dmp

            Filesize

            632KB

            Download

          • memory/1048-90-0x00007FFB96130000-0x00007FFB96131000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2940-404-0x0000022A83120000-0x0000022A831BE000-memory.dmp

            Filesize

            632KB

            Download

          • memory/4304-116-0x000001F67D7B0000-0x000001F67D84E000-memory.dmp

            Filesize

            632KB

            Download

          • memory/4804-18-0x00007FFB97020000-0x00007FFB97021000-memory.dmp

            Filesize

            4KB

            Download