Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

setup.exe

windows7-x64

7

setup.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

Salwyrr Launcher.exe

windows7-x64

7

Salwyrr Launcher.exe

windows10-2004-x64

7

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

locales/fa.ps1

windows7-x64

1

locales/fa.ps1

windows10-2004-x64

1

locales/hi.ps1

windows7-x64

1

locales/hi.ps1

windows10-2004-x64

1

owutility.dll

windows7-x64

1

owutility.dll

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

resources/...ct.jar

windows7-x64

1

resources/...ct.jar

windows10-2004-x64

7

resources/...er.jar

windows7-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 18:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Salwyrr Launcher.exe

  • Size

    150.5MB

  • MD5

    358fcbfda7fdc5e8966be81cd82e3fc9

  • SHA1

    1ca3c9cd0e791c82f139c543449630653447c33a

  • SHA256

    bcc98408be7d77e03ca6fd8f1e7e01d30f3b55e3bb236735d514037f6b2da53f

  • SHA512

    bc26f6e9395386791a7438e2e2f25644029584e6c318775b20cf8f13d268397b6a0e2f6ad8b2ccf726dc8a1102c6b08cef9a00fbd83855b65b0626deba009956

  • SSDEEP

    1572864:ZGdFYlhnXsryUGmVlsdBbd51I8udcDs/VgC5daNcBgBTIWfbgrLvNc3xhRsOmpe:nlhnXr7er5c+rp

Score
7/10
spywarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Modifies system certificate store 2 TTPs 32 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"
    1⤵
    • Checks computer location settings
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5092
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4964
      • C:\Windows\System32\reg.exe
        C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        3⤵
          PID:4172
      • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
        "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1744,i,12912811900562020373,12027242065142427218,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        2⤵
          PID:1272
        • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
          "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --mojo-platform-channel-handle=1820 --field-trial-handle=1744,i,12912811900562020373,12027242065142427218,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
          2⤵
            PID:1940
          • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
            "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2168 --field-trial-handle=1744,i,12912811900562020373,12027242065142427218,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
            2⤵
            • Checks computer location settings
            PID:4960
          • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
            "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=cs "--cs-app=Salwyrr Launcher"
            2⤵
              PID:4084
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3792 --field-trial-handle=1744,i,12912811900562020373,12027242065142427218,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:4648
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3864 --field-trial-handle=1744,i,12912811900562020373,12027242065142427218,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:3800
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1744,i,12912811900562020373,12027242065142427218,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:4864
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1744,i,12912811900562020373,12027242065142427218,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:5308

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
            Filesize

            2B

            MD5

            f3b25701fe362ec84616a93a45ce9998

            SHA1

            d62636d8caec13f04e28442a0a6fa1afeb024bbb

            SHA256

            b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

            SHA512

            98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000003
            Filesize

            28KB

            MD5

            7515a66b19e84365bc42ed5e57199b0c

            SHA1

            126b2d906c6ae0343b8f48ef0d9ce11243300644

            SHA256

            4de3e4b3f9f7ddf8f82b71469a130fe1ec1f1228c709902a89f282760d8d4cbd

            SHA512

            20f434e0396cb1684aa759278d2797010a4a84395a13edc96679bb1b35283837e894350275b930e2e177b8ce52bbc9cebfd7ab5269dfc233e4d63ab532090334

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000004
            Filesize

            134KB

            MD5

            f73705f1dde46fc0a28d89bfada19560

            SHA1

            1b11f47a604b40716767c12289aa36a1d22b8e8f

            SHA256

            bdf50fece9cf39818d0d7512a6a19b4f317f7e7f76c780ac976a442da86e37c3

            SHA512

            ac1ebc7297d717e5cbd948be58c702efa314ecacf3898ff5249d881d233533089dea49a105a7abb844d93fb1abc6d9ad9b402ece2e63e8573fc5ea9cc1bca247

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000006
            Filesize

            17KB

            MD5

            0eba31011a6008c2f6ffd659a494cc5a

            SHA1

            42476bbe648b9106df029bb3b3cd38594a209567

            SHA256

            a9838d93e40976779e522d12f1df16494d084272f1da17a08dfe4bdc3ba99c9f

            SHA512

            442f42b6795344764b73c4f3c78e8cc411b9e8c221e420d5f874792963aae6b0b53e3aa67135dd3b95d485a108910a4fb833dac94a3b3a6f425d95d52135ac23

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000009
            Filesize

            33KB

            MD5

            a9a27ab142f303d6fcf4608e84baf3bd

            SHA1

            0f4b829736303eeb3456c9bc28b6fec1daaf34cd

            SHA256

            ba3a5cedf210e81ade7c691f77763567bd2c56c59e1853d3888375e19360060d

            SHA512

            4124c2f04c264aecf6f462791156cdac0e480c5ad9fe66017f802e727ceb8a0e9c3eb7ce4041475807aaac60309471202dec75de9be0e1855acd0e72eae15896

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00000d
            Filesize

            73KB

            MD5

            953871def00af599ab90efe9ead569fa

            SHA1

            3a4f674c68ae78efb7fd17889bfc589e57db77f8

            SHA256

            699841339bc7b462eca8052fc49db7b7e19091728fb5802f046d74853a4fbcf8

            SHA512

            a45ac21be3bb4a21667ffd3ef02b935cbb9ef8238acc1b92bd914b2fb30abe75607df38f7daaca2de5aabbeebfdbc9aee742ce6db9388e2385ef44390cc49a53

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000011
            Filesize

            25KB

            MD5

            bd277d6710263cbd9eed572248cb83b2

            SHA1

            2ee01929f87f04b766f04a9dc2e19860139f3a90

            SHA256

            8b96c5f204df1979e7452832ba595b20ee698b5ef9d334cb2342f6ca9a354f04

            SHA512

            cc79e88e39f54f7497600716db9d30e073edd4350fec8e4d58d427f8c194bc9532a108ac27d88e1bebbca0780a3fb02294d35a3b5acc8383344eacbafcaafc3e

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000014
            Filesize

            16KB

            MD5

            89a574ff00e6b0ec61d995d059ce6e65

            SHA1

            aea09e96808ab77165ffa712eaa58b8f056d0bb6

            SHA256

            e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

            SHA512

            30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000019
            Filesize

            19KB

            MD5

            2a315d77025584b1d21d525946437351

            SHA1

            7651ad2c304a1021c5520a32b0e6bd90dd725872

            SHA256

            11f4cbc8d914ede9477e8e83a95c1a880d7ad867d72351deb778463c49f2ce85

            SHA512

            73174e11f9073ac9f97abad6546171b02fb5246b0c3ddc99279a8374da08fdfebedd9811c8bf9903e658e04eaf5c56e984ef9bb9a126c2a77aef89f8fe8a3831

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00001c
            Filesize

            29KB

            MD5

            d453eca18d366c4054d2efd57717cf9d

            SHA1

            c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4

            SHA256

            be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc

            SHA512

            a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00001e
            Filesize

            25KB

            MD5

            9d66068882978e0e14462832f9c9fa81

            SHA1

            dffdf34805c21e944a7d8cc10d5fdb059c22ca83

            SHA256

            9f995b1c42942ededcce16bba381a19d3b30e0e75a36e0ea956f6a54e040dffe

            SHA512

            1807fbcb929589e25107359e7abec56d73ae67f93a9544dc1fc02bb59f8a62486dbb9dffa0e931644f0d8104b541c47536a2bae0f8567b37d69cd93dd234f34d

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index
            Filesize

            48B

            MD5

            81e6b26ac80324c8a22741ac24ed7160

            SHA1

            748d2a8a54e5b5fc5b9f48a456341ba2637815b2

            SHA256

            9232ef3b85278308b6453c81738e01857840509689d2a897c9dfb1d2de22c6df

            SHA512

            af74ab204e80d05fb1f150e9f5855161220ecf16c7dd5405a05c20b8484763b80c5651e888b7d861bdd334dd5aac66f2f84835826cb9a0252ca37113094f4499

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index
            Filesize

            2KB

            MD5

            841684301dcf26577c5408f1ae80f03a

            SHA1

            e8ee4d3937ad39441b369bd84df0e975175e8853

            SHA256

            a95674e0add87c4caa76f6d5709aa1865b2415b91b72bf088dd48e8121dbd0f6

            SHA512

            2f9c9adafa4337bf76d3395462de3d9b0a37821bb24bce2fee859fb0f8d6e10f0083c889465508cf0e0803726dda972e18cec94e97a7576238d2b2a3a8fa19e3

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\5dfefd0e-2922-4553-ac4d-0e732ab96f3a.tmp
            Filesize

            3KB

            MD5

            edf5fead5fae4d26aef543b45895cfd1

            SHA1

            e6ea4ad3f22a433936876b72546b9c199ab51ac4

            SHA256

            0af51eaa99bc8e811aba9cb2c981457f31abeb37b96c4c03ad68bda33fb0f6fa

            SHA512

            0db920bd7a571a3bb500c631239c9d73296a1684470fd30984b3cf70f37100c840c999ac0acc50c3d223be0bf9dcd9c7cdec71e52750a3e12980fadc4316e336

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Cookies
            Filesize

            28KB

            MD5

            ccf182eba517015b532f6f9a17958a0b

            SHA1

            95b431a3b0831c063651726fa3e11dc94c5e81a9

            SHA256

            50689921dec5daa501017f897a08d1b39a9ca2a95cb8ef53b60fd1ee0bbbb9ed

            SHA512

            581f833282544f223374e7e3929ff9aa301329e9fa4318c627f474d6efa7adbc699c3de5f28b4e7f69a8cf40eb535e310178dab36937fb0e0dcb1ddeb414f9c8

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State
            Filesize

            13KB

            MD5

            46248171da76b5633eddea02f9bea7c7

            SHA1

            723d596d8015ab9e957f0ef53a434f39bc3d4c5c

            SHA256

            0d00878955441ef6fa4f67b12eeb8024e77eb09ca3a14238c4017427c040ea00

            SHA512

            ee9141d67a9dcf297487b04f3cda8a98aff091a7ffc535056f3e506b7e9e04d00969787a86622fb3f29ca29eb0fe45b45c6ff8ae7da7d7db812224886e799ee4

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State~RFe5869e0.TMP
            Filesize

            59B

            MD5

            2800881c775077e1c4b6e06bf4676de4

            SHA1

            2873631068c8b3b9495638c865915be822442c8b

            SHA256

            226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

            SHA512

            e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            84a71899bb0b5a948aba8328dca71cd4

            SHA1

            00f20780616fc34812d5838efd246bbf983584de

            SHA256

            2af1714b917ade7f1164f88be8c09ee479897bceb6233dae7fc192db60d1ad59

            SHA512

            72fdb969b2c1cac026d0c13deb44101a25f02d3302d22ac93b915bed56301b4b95ba69c2d5defe6cdd4fba36518742633942e0cc2a0b77b94e04491c2fca26f0

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            3e5ac89a525defe22ca36dbaec3e6f13

            SHA1

            35af68b03a1ce23b1ac5206ce90bb45e89c09a2f

            SHA256

            be84a5976fbc77da2e779189799ccb69456d32f10e07ab9fdae9214f0d2df61c

            SHA512

            60ff640c37125b37481bfe5cecffa021ce69e07848ba4d5b0f1ab15e2759e6c775e48e3fa003841154c3e77c335ecf01760cea41be5cfa983f4c4f50d45c214f

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            f107c28eb25e959d28fad83c9f3d764a

            SHA1

            bd9e127f80fca2e6d1183005786d02e5e87b39f4

            SHA256

            d452de56a90a5aaeeca784d36262a6f5bc784ba950947e337a69e0b0e1b1113a

            SHA512

            67c047158a9929c19d208b84d19d0a024feaf30b078e80f49fd4ef30442975b461dbc87fef39439355b031b0aa50471a5bd8fbaab0777113b9e2899905b058aa

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            13b5070a5f71069e9f7e030e6efabea3

            SHA1

            c10baa892c33cea0d7da9b51f74993e29039e128

            SHA256

            b1705daad569990f1bda8cd83b641230aaf09f06752e713c529a1785a40fe0c5

            SHA512

            c708876d22ab0c3c566874bce75ac199c2707e1b9ce7f6ccbcec5741f85673166db981536e6410ea08c0211dadb6a9fb6ca9fe4b2c3fd45a8a2e11d0594e9be0

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            9d50837a96e824e97e8d84e7a4b905e1

            SHA1

            84b5ded5aa1e0cc1f9936957ee171092e5699d57

            SHA256

            9adf49eeb07e30ac2905a95aca584f929f84ba17364e7d16f5f0ed5d0f93fc0d

            SHA512

            d3941d76104980f17260175a6fdffa26e3c754a65329e92c2d65bea32787dbe6f0dfc7210aa47a3de6d19ab6d1eae5b6f0995b049a6347db5ac2132afe9464e2

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            545e40ffeb63297c54b93f303cadbfe7

            SHA1

            8cddc0eec5e8638a867f980856ddb26b083dfda1

            SHA256

            93a044400367137fe45c1ea9aade9a010fefb6993ec6cf0991669e770eb3123a

            SHA512

            514fdd01d89fa40ec714c7dba0314fa1be31c195c549ac1bce4edf2cacec68e618e3833624ad3dd87bc8b5ebf9453d215f63a97159f19c207a5925b65e644815

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            b57f3f329db926b3dc39d5e17ca6ee75

            SHA1

            ca3f77ba5d5bc8d9e8bbd18f1fe41a58785ede8a

            SHA256

            5ab6aabec755b7c60d66627e062e415e7c814c351bfe0a44f455d8c353600f60

            SHA512

            d4af2688e531c78f312d24ea2f4c27aee4369be675b1f0f67b6d259c118ce0dbc0c870dfb607393c81a17b7ed1e3f71d8781be8268fe2a8212859292679cc199

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
            Filesize

            3KB

            MD5

            aabf82b9ee5c8b19f5301c0947e2b3f1

            SHA1

            7de8e914721182ee01080c01df8249d88f33f726

            SHA256

            564cbf4813242b219c7d80b2a335f6473acd6362d1767360fe8125dd000cefe6

            SHA512

            5d0907216a2b40ac8893965b770d008338f1d79685ca1e18c69563536595b6bc8e1a295281e603b6a098033939affe66a38e2cfa1694b2ceedfb368a4d2675ce

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity~RFe57ae60.TMP
            Filesize

            2KB

            MD5

            36b47b23abe420e6109300f7a68e8b57

            SHA1

            21f3ddeb5167571d9b322f6aff5d050c12e62f31

            SHA256

            4a5510c70e5aa67ba5e5f70e1728c40c015ef1b1c5d8a66279500c22df7108fb

            SHA512

            b4acf1113b932c2ca9b69dcd46f03c5b2f220419a39885888892b256d1957480ecf9bd76658f5929dc268ff0d8bb752a0f0c19ba983914795028f60f78acbd8c

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Preferences
            Filesize

            57B

            MD5

            58127c59cb9e1da127904c341d15372b

            SHA1

            62445484661d8036ce9788baeaba31d204e9a5fc

            SHA256

            be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

            SHA512

            8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Preferences~RFe577fbf.TMP
            Filesize

            86B

            MD5

            d11dedf80b85d8d9be3fec6bb292f64b

            SHA1

            aab8783454819cd66ddf7871e887abdba138aef3

            SHA256

            8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

            SHA512

            6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Session Storage\CURRENT
            Filesize

            16B

            MD5

            46295cac801e5d4857d09837238a6394

            SHA1

            44e0fa1b517dbf802b18faf0785eeea6ac51594b

            SHA256

            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

            SHA512

            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\config.json
            Filesize

            140B

            MD5

            2dee85ac19aebaa50662a4ba424441af

            SHA1

            d0b03e28e9a14d48a1a9b206e92dc1bf1266328e

            SHA256

            dc4d87159e452383f6e39c1b7dd2830c69457a547565c43cfd9e9b86f336f336

            SHA512

            651d95e57716081376c14c26852e01997c77597da0e0350620ad4cadbf14f0a02956d7b3e8cbdf52a777b64f7ef7db63066791e24074d5e5b57a38af2b7c6a6e

            Download Submit

          • memory/1272-7-0x00007FFE29C80000-0x00007FFE29C81000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1272-558-0x00000205E0700000-0x00000205E082A000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/1272-318-0x00000205E0700000-0x00000205E082A000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/3800-322-0x000001F4C9420000-0x000001F4C94CD000-memory.dmp

            Filesize

            692KB

            Download

          • memory/3800-321-0x000001F4C8DB0000-0x000001F4C8EDA000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4648-86-0x00007FFE2B5C0000-0x00007FFE2B5C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4648-87-0x00007FFE2B4B0000-0x00007FFE2B4B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4648-320-0x0000029AFCB40000-0x0000029AFCBED000-memory.dmp

            Filesize

            692KB

            Download

          • memory/4648-319-0x0000029AFC340000-0x0000029AFC46A000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4864-125-0x000001E7AE5B0000-0x000001E7AE6DA000-memory.dmp

            Filesize

            1.2MB

            Download

          • memory/4864-126-0x000001E7AE4E0000-0x000001E7AE58D000-memory.dmp

            Filesize

            692KB

            Download