Overview

overview

7

Static

static

3

setup.exe

windows7-x64

7

setup.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

Salwyrr Launcher.exe

windows7-x64

7

Salwyrr Launcher.exe

windows10-2004-x64

7

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

owutility.dll

windows7-x64

1

owutility.dll

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

resources/...ct.jar

windows7-x64

1

resources/...ct.jar

windows10-2004-x64

7

resources/...er.jar

windows7-x64

1

resources/...er.jar

windows10-2004-x64

7

vk_swiftshader.dll

windows7-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows7-x64

1

Analysis

  • max time kernel
    157s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/04/2024, 02:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Salwyrr Launcher.exe

  • Size

    150.5MB

  • MD5

    358fcbfda7fdc5e8966be81cd82e3fc9

  • SHA1

    1ca3c9cd0e791c82f139c543449630653447c33a

  • SHA256

    bcc98408be7d77e03ca6fd8f1e7e01d30f3b55e3bb236735d514037f6b2da53f

  • SHA512

    bc26f6e9395386791a7438e2e2f25644029584e6c318775b20cf8f13d268397b6a0e2f6ad8b2ccf726dc8a1102c6b08cef9a00fbd83855b65b0626deba009956

  • SSDEEP

    1572864:ZGdFYlhnXsryUGmVlsdBbd51I8udcDs/VgC5daNcBgBTIWfbgrLvNc3xhRsOmpe:nlhnXr7er5c+rp

Score
7/10
spywarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Modifies system certificate store 2 TTPs 41 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"
    1⤵
    • Checks computer location settings
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3912
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4960
      • C:\Windows\System32\reg.exe
        C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
        3⤵
          PID:4880
      • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
        "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1752,i,17831433636751220131,6464145390196438977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        2⤵
          PID:4692
        • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
          "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --mojo-platform-channel-handle=1924 --field-trial-handle=1752,i,17831433636751220131,6464145390196438977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
          2⤵
            PID:4964
          • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
            "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2356 --field-trial-handle=1752,i,17831433636751220131,6464145390196438977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
            2⤵
            • Checks computer location settings
            PID:1196
          • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
            "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=cs "--cs-app=Salwyrr Launcher"
            2⤵
              PID:1816
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3804 --field-trial-handle=1752,i,17831433636751220131,6464145390196438977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:1300
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3824 --field-trial-handle=1752,i,17831433636751220131,6464145390196438977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:3420
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4144 --field-trial-handle=1752,i,17831433636751220131,6464145390196438977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
              2⤵
              • Checks computer location settings
              PID:2360
            • C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
              "C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4132 --field-trial-handle=1752,i,17831433636751220131,6464145390196438977,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4524
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4164 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
            1⤵
              PID:2536

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
              Filesize

              2B

              MD5

              f3b25701fe362ec84616a93a45ce9998

              SHA1

              d62636d8caec13f04e28442a0a6fa1afeb024bbb

              SHA256

              b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

              SHA512

              98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\9c06e0ae-6b59-4898-b14c-6a1c4a581b57.tmp
              Filesize

              57B

              MD5

              58127c59cb9e1da127904c341d15372b

              SHA1

              62445484661d8036ce9788baeaba31d204e9a5fc

              SHA256

              be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

              SHA512

              8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000002
              Filesize

              17KB

              MD5

              aa887e23c9428d0de82953dceca1db41

              SHA1

              2f74f13b33e3ceddf087ea3cdd405df98989f900

              SHA256

              b82aaef585a92b08d708c3c9ebc22aa39dea389b0a820dfbde137598fea4f041

              SHA512

              cf10532c66f1d99c16bc6a0a15f576cc4222f50f5bd08a1cdb05ea2b21290b28455266f74ce386f8391313c22c85f891dcf3dabe5011dbbe5942d02db4489617

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000006
              Filesize

              139KB

              MD5

              e4053bd3cd5199672c64c1a50f20ccf1

              SHA1

              01c1c864630639ca44db5a3df8b0ffcaf4ec9c6e

              SHA256

              f9f64da22f2adadbe49634e563ac7e0433d71416d9a5451a4a0c8a0d6dedc0e8

              SHA512

              cc0bf2f221d774cec30c3e8ce530cbafe650d7df868deb7e77deb0fa7bc4c13830c4097a43fb0a0ce292c42e655360fd6a4258b3e2b2fadc95ac15ea9edf73fd

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000007
              Filesize

              33KB

              MD5

              2946470d3047aced1d10e39b438852d9

              SHA1

              e5ccb9ca3fa1b176444bd88f9c06fa0bfa1d887b

              SHA256

              677106f574e205d52218ae1f0969b6f28c58641761ca0ab4de3dcfadab41b276

              SHA512

              ec5360d9c6e7db8ca9e0df8ef18ec9e03940be4d2f30571967383a939eb0f94be4e003a651c21cc10f37e25f030afd2c53c31a4e41eccd52adda4ab6e9639a33

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00000f
              Filesize

              74KB

              MD5

              f7699600cfc517ad44b1c73cc02b03e4

              SHA1

              097a780ee5fc3d239cbd0a5236f76f170bd7c912

              SHA256

              e15ce63988f53e7985cee9d5ca86e51ae4196a533343dd68e614e90d422fa66d

              SHA512

              be36e3ad497becbf7fe040a70bc53b826d106dcf3146b8bafff3fe27a6e47ba4bd515f66f6dfa4c0405e857fb998dd7b6a9afb6cff1a28d586b631088663ae5e

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00001a
              Filesize

              26KB

              MD5

              d088dfc10ad4c4c9f68dc4ea6df111a0

              SHA1

              7f8741abe22ce46a81d11d1f030d077b1af6eea3

              SHA256

              158e4a3326dcf59d1937894153bebd1698b8cdaffcc047ae6592faaf1b351ad1

              SHA512

              8dbb8ab0645a5056ae9bea681f54f93bc27bc6281156fae53b5ac325b7795a23054cc04670947a476d308b699ee6fb32cd637a654a0433c3f2cb4d6fb26e37f5

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00001b
              Filesize

              16KB

              MD5

              89a574ff00e6b0ec61d995d059ce6e65

              SHA1

              aea09e96808ab77165ffa712eaa58b8f056d0bb6

              SHA256

              e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

              SHA512

              30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00001c
              Filesize

              29KB

              MD5

              d453eca18d366c4054d2efd57717cf9d

              SHA1

              c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4

              SHA256

              be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc

              SHA512

              a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00001d
              Filesize

              19KB

              MD5

              2a315d77025584b1d21d525946437351

              SHA1

              7651ad2c304a1021c5520a32b0e6bd90dd725872

              SHA256

              11f4cbc8d914ede9477e8e83a95c1a880d7ad867d72351deb778463c49f2ce85

              SHA512

              73174e11f9073ac9f97abad6546171b02fb5246b0c3ddc99279a8374da08fdfebedd9811c8bf9903e658e04eaf5c56e984ef9bb9a126c2a77aef89f8fe8a3831

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00001f
              Filesize

              103KB

              MD5

              6ffaf462680d05e87570ea26106f7e1b

              SHA1

              a3c2db3409a92ca502ce51f79dce418192f3967b

              SHA256

              f0909568fc4a37a3fcbb7f4b7de164388b4650d739de9f7ed9bae0b45eb9d94b

              SHA512

              3a39d1f25d998489700042526737f3f6aa351222c290f3876c367c43a5d48aa413b5b75b758d45e71b06397065af0fb034043b71c1b370d41ee27e152a1b4acf

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000025
              Filesize

              16KB

              MD5

              1c0f4165a8e129c44c0e351a39a4283a

              SHA1

              00ada8bc8af7e2fffac1006b7d5d661622c832f9

              SHA256

              f43fdaf41f911aa3d138358f321c823b0d9b310aa65c3794275d5767259c110c

              SHA512

              fe5a1e384320e28632b70b9ee8ae5838138bb7e70b24d30eb24ae6b1bc3cbc1130de99096cf5c9f1fb4c2736802d8ae963d47a698096d03aa61f4686b611fdac

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000026
              Filesize

              243KB

              MD5

              86cdc24ddb1f305ce7469d11e84e43c6

              SHA1

              f6fe67518fbf9abda73cc187f791dbb334fc1c20

              SHA256

              8bfdc30c745db5c75a8c0f56299e36a1d98386118d3149ff6badbb945af18a5f

              SHA512

              de9c3715f35ce3490184e7dfeb5c3b87a286378dcab30f86fd850916fb993a5c8d955df690228bca8518b430098fd805560dd4965cc3b74395ed75ea2fabca2e

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000027
              Filesize

              16KB

              MD5

              49295de6ccd23cf80b6418a2d209868f

              SHA1

              42a955b4560bb22cb9b5b39577f7a691ea345018

              SHA256

              d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa

              SHA512

              2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000028
              Filesize

              23KB

              MD5

              ea4e882277914b1db9a61aa3b4c78f54

              SHA1

              0bdc8dbad9245ba1f8e6a1632f9b08f06c610cba

              SHA256

              334bb7713a4990c0dae300a411c9597391c1c1264b84dad1bea847abe256598d

              SHA512

              e8033d07f3c0c79e2ec9baac6baafe5627609ba02265ff13a21a14085b1baffb3215b1f81e750e8f2cf806a6cf31e78e1b7bad12542bde9042bc40393aa7ef2a

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00002b
              Filesize

              25KB

              MD5

              9d66068882978e0e14462832f9c9fa81

              SHA1

              dffdf34805c21e944a7d8cc10d5fdb059c22ca83

              SHA256

              9f995b1c42942ededcce16bba381a19d3b30e0e75a36e0ea956f6a54e040dffe

              SHA512

              1807fbcb929589e25107359e7abec56d73ae67f93a9544dc1fc02bb59f8a62486dbb9dffa0e931644f0d8104b541c47536a2bae0f8567b37d69cd93dd234f34d

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00002e
              Filesize

              120KB

              MD5

              4ede88e3643e489b32c3a2405ef1767d

              SHA1

              541a91be88d3318199c5f0b655024866522857e1

              SHA256

              bf7edb966f244e7783b88f7c479b2e2e28fe52cf4d4e1f5c24e6f6b7ffccc879

              SHA512

              e075e8270fef68aab28eb81a18f6630d0346d376aaf835f4c39af00cbeee53450d1f730b85d93bcddb90d1f314fee106b947ef4abdee589a29140ca348dff12d

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000039
              Filesize

              29KB

              MD5

              15e0a3c645cf74d75d654c698eb1e0c5

              SHA1

              cf8e7810aa55b722119416f59923baeb40cff7bf

              SHA256

              e6b748adb4abf0c0b87c27e6f2b9c8eafdd5f64a21d260e1960f5a0770ef8d44

              SHA512

              4e9afe81ae0905e77e8a8b1f2e728424d0b8225028979435332c280ead543cd742a0879e49ee52e945b65920ac0597811365a791b0947c813d5bd56928ca8630

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index
              Filesize

              48B

              MD5

              8dbd19950f29e3f74d98db44957972cf

              SHA1

              438f6d657507377bbeb322f5439f5b327f02532e

              SHA256

              030a095e601103c54937ace3f8901a2da4834a9310bccd40b9b8e62faad9e15a

              SHA512

              b79fd95b9a83282b39929fa5f74c5a58dcd6a0bd8d687e96fb28c45629809b7f086aaf2b25a4c516e70f2207c4f8b338ffe35af06f850d88304e8f5bdf6b9787

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index
              Filesize

              2KB

              MD5

              f4b54e75ad05ce8a00a20daf75b965e5

              SHA1

              9056caf64eca898634c2e53d23d95921438c46ca

              SHA256

              0c50d56beda049ca4895c22a23a3af90be5a6d58edb7ce6ef43ec73ba076b9bb

              SHA512

              425a4ec143934983f3b54bb65f4a01454b0911724ddb278964b33e706f5d207871cad3030e28478a21d928b3c154343a0396660e1c30a065cdb5c857fc850fc1

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Cookies
              Filesize

              28KB

              MD5

              ccf182eba517015b532f6f9a17958a0b

              SHA1

              95b431a3b0831c063651726fa3e11dc94c5e81a9

              SHA256

              50689921dec5daa501017f897a08d1b39a9ca2a95cb8ef53b60fd1ee0bbbb9ed

              SHA512

              581f833282544f223374e7e3929ff9aa301329e9fa4318c627f474d6efa7adbc699c3de5f28b4e7f69a8cf40eb535e310178dab36937fb0e0dcb1ddeb414f9c8

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State
              Filesize

              16KB

              MD5

              166153c8f03ab7197247659590c2f557

              SHA1

              8179e897f5662d2420469d006d822dca7f7458c2

              SHA256

              faa3b7250506d3e20245d2b5f627ed081b70c1a034095dff668e6848dfa01851

              SHA512

              1b670d2fd3e9ac3e547d6b53bcd1880c71f37d4aaa39129bf669eda79f9b40f8d94e6eefc6559243cbe49873c180d03cc2241175bdb815f6ce341fdba40ce264

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State
              Filesize

              16KB

              MD5

              b7f94d23702e606279a71c1eca6192dd

              SHA1

              171df96c49a2a6c5e936b2219d4c337ca44b5a6e

              SHA256

              cf1af1f9fc526d70e74adbb0eaf9d19a8b6ee6948f918fe9166d746fa9e06989

              SHA512

              15c57f24313e016a6c89ff2974c86541e0b6ed6c7c9b3f95fc4e320ee97687993283d6917ae17a47578cbde0be35ef86360cdc3115f6b0c7b1cfed12e1729213

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State~RFe595b07.TMP
              Filesize

              59B

              MD5

              2800881c775077e1c4b6e06bf4676de4

              SHA1

              2873631068c8b3b9495638c865915be822442c8b

              SHA256

              226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

              SHA512

              e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
              Filesize

              4KB

              MD5

              a088d7c726cd55765f8f88851dcfd69a

              SHA1

              777a7f49d6a846eda1a1a3aab68e5be597634f9d

              SHA256

              43d93980baca12b026b34ea5b14735b5d7a30e2a7ab92a02940a5b58ef30c609

              SHA512

              0d1b631a075e83c4d889cee70d8cfc5e64f1f2f4ac0e73095eb80113e532c300a72b19dd4e7954bc642d0ab432ea02c51fe000f4c2431ea2994c3f0b2b8f3479

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
              Filesize

              4KB

              MD5

              15d36489531833ec62f7cdb1085d78ac

              SHA1

              9130ca9ab815df129856fe0ff5487fda49e314de

              SHA256

              66c0e58946eff5664a0da002a1bb10e6d3d52719c4b59151addcb71a87113c29

              SHA512

              83ec52375b5f8b3ece54c0421ee8d022ca9440c2a23c8f72a667b6fcc4e2632b01604e65a02c47ea32fe7f8c89533841fa11ef5bd6ddad787165912730aa26be

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
              Filesize

              4KB

              MD5

              e9398572e446213c65e769413f6c182a

              SHA1

              807cb045b4db2896cb653c238812d7ab51c365fe

              SHA256

              5a5f1083c107f9b3e03a790f0c1dd129d9f1ecf7cf1b5eeb1307598d00e01ed8

              SHA512

              3b16b77ad8009a29ed6c1a3da9899f997eb642b652c29681e2bb0634273215966e1a0974b20671fc45d257bf78b733690796ac7ba48141f1244ef83e6f98a459

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
              Filesize

              4KB

              MD5

              d8b125861c265c6365afd3a8d101aab2

              SHA1

              f1c65d4a18601bb72f34305348a38a701d35cf3c

              SHA256

              24e770cfef7a5f33cdb47a38ac9fd219f607089d187f989826719d63e5bc5c81

              SHA512

              e94755d713b99825abfc50702592699a2afa7c647a30b778b12cb2492d2887a5dbfa901b566bc2f5409c8e2c072356388ffd43b4351e615a7c2f01bd3852f434

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
              Filesize

              3KB

              MD5

              4a263ab6a633936d96eacd29568e20af

              SHA1

              a5f924f587ed8f419dc86632047bd07c8a3922fa

              SHA256

              e128b8196c28ebaac5df55ad9ed9c34d343a34d0938bbd7cea9256ecc8217e67

              SHA512

              60473fb454a23f79a8e606a00b286a23a8476b4eddf5f220c93ba8e687752e5e7937510299e09401fa75a9aff901ef407a90b8a82ac6e8efb7b458c87a1a7d7a

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
              Filesize

              4KB

              MD5

              f3a71977831d16dc9285835040c37f8c

              SHA1

              12f829bbded45fc379c774ef14badc298c187d25

              SHA256

              f8e4e7a1627ead076195a4adfa10bfa4caaf0f85ff270a2facaec2ff802c54e0

              SHA512

              439b3fc9b855155a2ebe07ebf409a45dc41cd6abb708910899aac242d8e02e425c7dbbfa89bc4486ea70339d9cf0dca43b75c1c9c86176c5300b4775b998d2e0

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity
              Filesize

              3KB

              MD5

              379eae19c89e7f61b63cb5a2408290a5

              SHA1

              7fa9006d3a1bd0923ef80ecbf6c8d24074625392

              SHA256

              c381c163de4d7ab9ff8226997dd3807711a9ca91e16d272e2fdd681c1f938517

              SHA512

              92282ae31cc83a62c4f58ccb93e84b0849cf3f75607c7c43757561294c569eece0efcd16ea2b02962774b71acae78712b93abe3267a9275674fb3479f5d5189f

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity~RFe589ae3.TMP
              Filesize

              2KB

              MD5

              884600308921502291d9e4bc5ffd34ec

              SHA1

              ff4cc9ee9085e4f34a842432f58596f651381c0a

              SHA256

              187bf65e3334a7dda03e442f6a896a71c0a5eaccca9fb355ac1a64d0b1d8cbfb

              SHA512

              ab2e4b0d54581251e390cb68d2626307345e7a0b25c392b40ebc685e91d768a23c52ae59c49b0c7c19d674afee12584c8099a72cb937108b6a5c9f93f97a47b6

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Session Storage\CURRENT
              Filesize

              16B

              MD5

              46295cac801e5d4857d09837238a6394

              SHA1

              44e0fa1b517dbf802b18faf0785eeea6ac51594b

              SHA256

              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

              SHA512

              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\config.json
              Filesize

              140B

              MD5

              2dee85ac19aebaa50662a4ba424441af

              SHA1

              d0b03e28e9a14d48a1a9b206e92dc1bf1266328e

              SHA256

              dc4d87159e452383f6e39c1b7dd2830c69457a547565c43cfd9e9b86f336f336

              SHA512

              651d95e57716081376c14c26852e01997c77597da0e0350620ad4cadbf14f0a02956d7b3e8cbdf52a777b64f7ef7db63066791e24074d5e5b57a38af2b7c6a6e

              Download Submit

            • memory/1300-393-0x000001AAEEF80000-0x000001AAEF6BF000-memory.dmp

              Filesize

              7.2MB

              Download

            • memory/1300-92-0x00007FFE8CAA0000-0x00007FFE8CAA1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1300-91-0x00007FFE8C890000-0x00007FFE8C891000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2360-116-0x000001EB77170000-0x000001EB778AF000-memory.dmp

              Filesize

              7.2MB

              Download

            • memory/3420-394-0x000001EEAFF90000-0x000001EEB06CF000-memory.dmp

              Filesize

              7.2MB

              Download

            • memory/4524-821-0x00000197B7710000-0x00000197B7711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4524-820-0x00000197B7710000-0x00000197B7711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4524-826-0x00000197B7710000-0x00000197B7711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4524-827-0x00000197B7710000-0x00000197B7711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4524-832-0x00000197B7710000-0x00000197B7711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4524-831-0x00000197B7710000-0x00000197B7711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4524-830-0x00000197B7710000-0x00000197B7711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4524-829-0x00000197B7710000-0x00000197B7711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4524-828-0x00000197B7710000-0x00000197B7711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4524-822-0x00000197B7710000-0x00000197B7711000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4692-3-0x00007FFE8BC50000-0x00007FFE8BC51000-memory.dmp

              Filesize

              4KB

              Download