Overview

overview

7

Static

static

3

setup.exe

windows7-x64

7

setup.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDIR/app-64.7z

windows7-x64

3

$PLUGINSDIR/app-64.7z

windows10-2004-x64

7

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

Salwyrr Launcher.exe

windows7-x64

7

Salwyrr Launcher.exe

windows10-2004-x64

7

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

locales/fa.ps1

windows7-x64

1

locales/fa.ps1

windows10-2004-x64

1

locales/hi.ps1

windows7-x64

1

locales/hi.ps1

windows10-2004-x64

1

owutility.dll

windows7-x64

1

owutility.dll

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

resources/...ct.jar

windows7-x64

1

Analysis

  • max time kernel
    153s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    21/02/2024, 21:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Salwyrr Launcher.exe

  • Size

    150.5MB

  • MD5

    358fcbfda7fdc5e8966be81cd82e3fc9

  • SHA1

    1ca3c9cd0e791c82f139c543449630653447c33a

  • SHA256

    bcc98408be7d77e03ca6fd8f1e7e01d30f3b55e3bb236735d514037f6b2da53f

  • SHA512

    bc26f6e9395386791a7438e2e2f25644029584e6c318775b20cf8f13d268397b6a0e2f6ad8b2ccf726dc8a1102c6b08cef9a00fbd83855b65b0626deba009956

  • SSDEEP

    1572864:ZGdFYlhnXsryUGmVlsdBbd51I8udcDs/VgC5daNcBgBTIWfbgrLvNc3xhRsOmpe:nlhnXr7er5c+rp

Score
7/10
spywarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Modifies system certificate store 2 TTPs 32 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"
    1⤵
    • Checks computer location settings
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1300
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3916
      • C:\Windows\System32\reg.exe
        C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        3⤵
          PID:4548
      • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
        "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1728,i,9555229335655961012,15100542047952777378,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        2⤵
          PID:1188
        • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
          "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --mojo-platform-channel-handle=1844 --field-trial-handle=1728,i,9555229335655961012,15100542047952777378,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
          2⤵
            PID:3364
          • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
            "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2396 --field-trial-handle=1728,i,9555229335655961012,15100542047952777378,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
            2⤵
            • Checks computer location settings
            PID:1088
          • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
            "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=cs "--cs-app=Salwyrr Launcher"
            2⤵
              PID:2744
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3456 --field-trial-handle=1728,i,9555229335655961012,15100542047952777378,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:1612
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3448 --field-trial-handle=1728,i,9555229335655961012,15100542047952777378,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:5072
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --lang=es --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4080 --field-trial-handle=1728,i,9555229335655961012,15100542047952777378,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:3844
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 --field-trial-handle=1728,i,9555229335655961012,15100542047952777378,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:3900

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\45be74db-23ca-4977-9868-0fb112421647.tmp
            Filesize

            57B

            MD5

            217c781be08416f5b6fa33aedf027293

            SHA1

            0e76955a55f31406fc64e3b136f1bb9214bc2d79

            SHA256

            3de8ead96083d18355eed62a5b8089a61f6c7f97ba3dba04cbefae364f0455b0

            SHA512

            964b588d2bb87d3e19924cf8a16f1c35807c45ccb41caa00be9dd4e34b9fdfa0625973828a9df1f5f56354f00bf13939e01798c40a8a7089c9aee4535e45b099

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000004
            Filesize

            28KB

            MD5

            748fd3984bd477af2a7b820cee9e2c83

            SHA1

            38bcbfb5053e939cb99d90e61a48a90ee1e6f8ab

            SHA256

            44246ab1105f9ee2a5e6659bc4ef597559ebe4266a2e05a4e328b7748020ef50

            SHA512

            aedd2b850e6b5466cf1d1482b93dd86ca1faeb9159ebbf39e5d489562e6d10540ee74fcf4b2428db4e5b9abd37eeb2b44bd9518428d560bd9a29af8e2ea4056a

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000005
            Filesize

            134KB

            MD5

            4787dd34ac59f7876fc7a3e8c4d3c01c

            SHA1

            0a2fa42f0b64a361f9404802fc4eea75da616df5

            SHA256

            cebb59025c724f97697d4cfabceb05bb69c991351ef578467104cf1cbb35beee

            SHA512

            fcfe75082898e159cbd1b0a2d449df81c577c04822ba598431c179d40fd9c87e9f01376691993b8c1860c189543c1a16cb8512d60d01270bb411eec229b5caed

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000007
            Filesize

            17KB

            MD5

            09ee37f26527f60653dff52d48c32aa1

            SHA1

            f3aeb1af9ff9e93349b4c6a45712bbaa86cf7735

            SHA256

            2a03d4de04cbb5e016597b66bd95b7b51af9629c1052fc3ceea274bcc2956ba8

            SHA512

            5f722ced340fbacf78ba6958ee2b250280b95b8a59380acccd527b491b3d7c2d8e5e7123fb5d51ff147f1ab4c13cc042d82e9a5211f81e7a88e26885d8b69c4f

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000009
            Filesize

            33KB

            MD5

            4bb09e6829f1d275aa9b3fa0a3445a10

            SHA1

            7f2721a6524d22880a5608ba990aa0403aab7aec

            SHA256

            5a5f4d4253b597832d5ece094636aa045746a60c072a31c18a3ad03793051d39

            SHA512

            84243f001a59612ba8fe94777e15ad9f86f7e662558b03145a3b5c84c1ff47a89571f283553718577203e1cf2badc31624256a7e54f6685ca19fb3183fce91a9

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00000f
            Filesize

            71KB

            MD5

            a87cac24a41dd61c705b8dbfbe802f16

            SHA1

            2e68eb79628e1bbdc3b8a8c3ab0bc8fd4d67ef61

            SHA256

            69e5e41217e42f38af93847f02dcab1684a7617ad956adb6cfa093c3fabe23a3

            SHA512

            8f1de8d6e2c4ed27f066a211357e247faa8d70726190bf5e49c06b36632adf77ab2e3723f5663ebef846c0b5193f95133f0f35e5022b5cf35ad972ccadd079a1

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000014
            Filesize

            25KB

            MD5

            9ce259904849c13e4e082bbb136b9bed

            SHA1

            c5d49bd681e72e46a3f6afc0136e1c2b15a89248

            SHA256

            6283b261e2faca0872cd4200b78788bff996ed8b50e99e5c50b10b07c2277285

            SHA512

            2ed542c651031f4fe90ab86e80aa49132e024648f0885174ca11a64d4e9e4b765d70b55902be0a228a131ed34ea65f858fd342a636e35ac35525cd940e406c94

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000018
            Filesize

            16KB

            MD5

            89a574ff00e6b0ec61d995d059ce6e65

            SHA1

            aea09e96808ab77165ffa712eaa58b8f056d0bb6

            SHA256

            e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

            SHA512

            30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000019
            Filesize

            29KB

            MD5

            d453eca18d366c4054d2efd57717cf9d

            SHA1

            c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4

            SHA256

            be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc

            SHA512

            a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index
            Filesize

            48B

            MD5

            03d668372438b378f6b94da3a80b7715

            SHA1

            e74cbd11d8da26e28ebf9eb5060408ab820f6be1

            SHA256

            a79bbc0bde9c74f4ff407d00f72bd21b138837bc9d7f8469a07ac48701719231

            SHA512

            050d049a6714a8399a41493b8fa3e87e382abb88122a974da19ce5520c5eadd7b6e83b8f806605f6c47f0dc681536793afde27cab1b50a8722d7c92c29e115d6

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index
            Filesize

            1KB

            MD5

            54c9363cd3b8019b02b543e91f974c65

            SHA1

            25f048d737421ca04dd54dad38227fa571ab818c

            SHA256

            88b9bb30ad20cec571d8c688b047cc6ed090054f2a24124d102e2eafde7cd3e1

            SHA512

            7d2a2e0bf1d1feedd7b5da2248ea31df665fdfad8f5001af65c3fd885aad532dba22d54951a05a8ebf46e1f239196881c2a3896f5df6cd3064896b7115a94c52

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Dictionaries\es-ES-3-0.bdic
            Filesize

            766KB

            MD5

            471061756215fd1f387f076ac014303c

            SHA1

            d8397cb5900f52a5cad2416ed8ebf53caa1a3adc

            SHA256

            e6334dcf080aaeca679db70565762a2c296ff5780c1af263530ac7345736bfa9

            SHA512

            ba9d0f2deb2fcd77e75bfe8a9c6241da25c7eb9012d0374ccca8e9cd9cd1c9615efd5f3980166b0b3431c7e3e55ef013cbc37f0d53bd1e2411afb9363ceccb05

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\52c7f0fd-9f59-4f75-9cbd-6b2982652c1e.tmp
            Filesize

            3KB

            MD5

            14e9d939ca5187a8dbdf9aa408d03821

            SHA1

            6ba4f5fd01678e89eefba3f9d5ef5c0cae21748f

            SHA256

            4652f27779c62e125dab702c0387d863fbd1c2e90a29afbbce337391a359b280

            SHA512

            ef92a0b3ddfbad0d39ae03534d660ae784f8768ba41655f62bc48c2883ef44764feb08afb22117fae8e2171528b006a04314e6434b81dfe193384e11ffb2d3b0

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State
            Filesize

            14KB

            MD5

            32df0cfef7a392536e5f7de11a290aa0

            SHA1

            5fd57d61ccf042fac574f3ff0b309f0f600e81c9

            SHA256

            d754d596a3000e5bd266bc1d617c28a78a8698a0887dbb3e7609e4405fe5c197

            SHA512

            0b1409db18812bb79244f46499c0a4cd712b564435ac82c3af64425402fb6b685f076ffd7e6d68220e33b5f1349da53c771c65e49e265758e619c6625a4f03a0

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State~RFe58ec01.TMP
            Filesize

            59B

            MD5

            2800881c775077e1c4b6e06bf4676de4

            SHA1

            2873631068c8b3b9495638c865915be822442c8b

            SHA256

            226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

            SHA512

            e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            46d090439f4b39e0148c0fdc8633f959

            SHA1

            d5353a4897e85ebcfbb13821774a533f8419ab52

            SHA256

            c1a1b63211a57e83859ec3e567cadab5cdb94d187d49deb33ce35baa846647fd

            SHA512

            516fcbe04baea5937e9d40950afa718a6626d655248975c997c590e6b899ca3cf13eae8641600e5dfc46d2ba68899babd470e863773cef7fafbd86f665191286

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            3c4ee633e5d2af0f83621f83762a51a9

            SHA1

            8839bd9ae8de0117ba9588b8f30a2ecd4dbd48b1

            SHA256

            7a38f15a315ff1884a9247a0dbb3963e77a5d112aae9dd03680f259635c5c281

            SHA512

            e927db6626008a8d94d52aabccbf763e88848c7f8d31efa9e1e7a84bd382f94c5b78e9297edc253a5beada25b8eec49e3a6f36974a0a251de20f18220f08000a

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            157d62436a1768504cc0ad4e96f368ac

            SHA1

            50dd280f1fb1bfb289b1fdf2573833e4227161b0

            SHA256

            df9f811c5abb5c70ba79bb11f3a14e13a36c8a2a1acced4f915693c793381782

            SHA512

            d097817b7c434e91767d4a26b6b6f9ef0da22caa6aa8cad8570b4942efbc63a508a7026caa39db000d089eb63841d31908a05c629791188c215ae2f773e59e5b

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            5e311e1a4523ee51cdea18fd167e4784

            SHA1

            c156e4129e2b500a2e0d2b07f750acf516c7f55c

            SHA256

            4847c254753b64ffb6b2cccb140b4f29f0d167b8a477e9203299cd3f613501ba

            SHA512

            6f5169bd8be074bf61d48a65bf8a5c735ff6381d810cdf0762ed7ed45ee08b95429622c61efa9aef04706e8e8115ffd3b7c3a45df8032956be1fb52a45c139e4

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            976832eb7d6ce92644ceef33f17e5cee

            SHA1

            2e872c0bbdf0174f0d571b112d26d3476aad20d6

            SHA256

            bdbfc499bb9553a1e6e8cb74ac84c5f5fa260d977a6dae27ae671f14088663d1

            SHA512

            f56ab830ac033f4f2a4f6e3636318170130c02b4d7880274627a59ccb912f512bd758251a5727e24b04c761ce4b38ae58e764d055a1070b5fa0192ed07db5fc8

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            5a67ff0b0580c82d92fdc19808255fc9

            SHA1

            0eb7ec11764406fc7d0aee1b04c3735e2f0e60e6

            SHA256

            340202ca8fbbeab75b3f1bdc82015c24f4ea716c4e5b019d8a89705f10e94ca3

            SHA512

            58feea0ea2dd25d04400114fe7d4f8ba8ec86d662b42911cce91e64a97b955a05a3c3422c88de207e9f27212d86bb14670d6408d406b30465f86b14a5cd60588

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            35c307ec5cfe782dfc5fffa9a82ddd3c

            SHA1

            7bb53488a811d150b13667fbc6a393ce0ea3fc9d

            SHA256

            b6f86df37637bfaf13837303e38039018adf34ba28ce1d0edfdc762c9088c80e

            SHA512

            1f6327543d71aefefe5c001fdd34486655d2da9f86e7d0f134e12af87fc85ef4cdcefa8a790d9eea9c02a149c298a4a9235393e8d85728d6ccb951a0b3d69484

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity~RFe583081.TMP
            Filesize

            3KB

            MD5

            50cad0f2d694f3c84cfc8930871ef055

            SHA1

            7b762ffb5b9382ffad0c330a77b8ac17e64142e2

            SHA256

            94aa1022ed1b8bb42f013d4bd9cf7d50bb6cf1dcb0748829bc77522ed4fd5eba

            SHA512

            7cab2a3636f035da3af70fa6d9fd0eb4c7f13d021e530e742a153934a331a9eebfce5e2138f837f4560271309aef42dd1bc5b6cfbbfe7070617eacd3e3914828

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\b79f835e-bdef-416c-b6f6-f2c0c1d8e3b6.tmp
            Filesize

            3KB

            MD5

            1d6c95da3991116fabeddf3abe583428

            SHA1

            360f59c663e37b31d1401eb51ca8206ab434ad5a

            SHA256

            46bc8b85700d1d003b76decab09fd5efa837cf8ca236bb394e19d282a152df0d

            SHA512

            6113a78033b1e12f54ddf00b8c0eb901e300b0e67f9c8be349cc511b47f69f9d7964e1cafbc6e5a6009b471701c665f836941971766d8ff7ee5a509a87991881

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Session Storage\CURRENT
            Filesize

            16B

            MD5

            46295cac801e5d4857d09837238a6394

            SHA1

            44e0fa1b517dbf802b18faf0785eeea6ac51594b

            SHA256

            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

            SHA512

            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\config.json
            Filesize

            140B

            MD5

            2dee85ac19aebaa50662a4ba424441af

            SHA1

            d0b03e28e9a14d48a1a9b206e92dc1bf1266328e

            SHA256

            dc4d87159e452383f6e39c1b7dd2830c69457a547565c43cfd9e9b86f336f336

            SHA512

            651d95e57716081376c14c26852e01997c77597da0e0350620ad4cadbf14f0a02956d7b3e8cbdf52a777b64f7ef7db63066791e24074d5e5b57a38af2b7c6a6e

            Download Submit

          • memory/1188-255-0x00000197F16A0000-0x00000197F176D000-memory.dmp

            Filesize

            820KB

            Download

          • memory/1188-3-0x00007FFBB1B60000-0x00007FFBB1B61000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1612-69-0x00007FFBB1A60000-0x00007FFBB1A61000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1612-68-0x00007FFBB2030000-0x00007FFBB2031000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1612-326-0x000001E0695F0000-0x000001E069620000-memory.dmp

            Filesize

            192KB

            Download

          • memory/1612-325-0x000001E069320000-0x000001E0693ED000-memory.dmp

            Filesize

            820KB

            Download

          • memory/3844-88-0x0000027536860000-0x000002753692D000-memory.dmp

            Filesize

            820KB

            Download

          • memory/3844-89-0x0000027536B30000-0x0000027536B60000-memory.dmp

            Filesize

            192KB

            Download

          • memory/5072-328-0x0000022AC4630000-0x0000022AC4660000-memory.dmp

            Filesize

            192KB

            Download

          • memory/5072-327-0x0000022AC42D0000-0x0000022AC439D000-memory.dmp

            Filesize

            820KB

            Download