Malware Analysis Report

2025-01-02 07:42

Sample ID 240510-g7gh7afg6w
Target setup.exe
SHA256 b1865a08154364f00bc4350a99012043bfca5b14734fb8ab505ade40dd6a0cc2
Tags
spyware stealer discovery privateloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b1865a08154364f00bc4350a99012043bfca5b14734fb8ab505ade40dd6a0cc2

Threat Level: Known bad

The file setup.exe was found to be: Known bad.

Malicious Activity Summary

spyware stealer discovery privateloader

Privateloader family

Checks computer location settings

Modifies file permissions

Loads dropped DLL

Executes dropped EXE

Reads user/profile data of web browsers

Checks installed software on the system

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Suspicious use of AdjustPrivilegeToken

Enumerates processes with tasklist

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-10 06:27

Signatures

Privateloader family

privateloader

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240508-en

Max time kernel

37s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A

Reads user/profile data of web browsers

spyware stealer

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e309000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 04000000010000001000000091de0625abdafd32170cbb25172a84670f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee419000000010000001000000063664b080559a094d10f0a3c5f4f629020000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2116 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Windows\system32\cmd.exe
PID 2116 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Windows\system32\cmd.exe
PID 2116 wrote to memory of 2392 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Windows\system32\cmd.exe
PID 2392 wrote to memory of 2652 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\reg.exe
PID 2392 wrote to memory of 2652 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\reg.exe
PID 2392 wrote to memory of 2652 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\reg.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 1224 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 2116 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"

C:\Windows\System32\reg.exe

C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1152,i,1969899398453760658,12199455238013943914,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --mojo-platform-channel-handle=1316 --field-trial-handle=1152,i,1969899398453760658,12199455238013943914,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1588 --field-trial-handle=1152,i,1969899398453760658,12199455238013943914,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=cs "--cs-app=Salwyrr Launcher"

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1268 --field-trial-handle=1152,i,1969899398453760658,12199455238013943914,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1240 --field-trial-handle=1152,i,1969899398453760658,12199455238013943914,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2580 --field-trial-handle=1152,i,1969899398453760658,12199455238013943914,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1200 --field-trial-handle=1152,i,1969899398453760658,12199455238013943914,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:443 redirector.gvt1.com tcp
US 8.8.8.8:53 tracking.overwolf.com udp
US 8.8.8.8:53 features.overwolf.com udp
US 8.8.8.8:53 analyticsnew.overwolf.com udp
US 44.215.217.241:443 tracking.overwolf.com tcp
US 44.215.217.241:443 tracking.overwolf.com tcp
US 44.215.217.241:443 tracking.overwolf.com tcp
GB 108.156.39.44:443 features.overwolf.com tcp
GB 18.245.143.104:80 analyticsnew.overwolf.com tcp
GB 18.245.143.104:80 analyticsnew.overwolf.com tcp
GB 18.245.143.104:80 analyticsnew.overwolf.com tcp
GB 18.245.143.104:80 analyticsnew.overwolf.com tcp
US 8.8.8.8:53 r1---sn-aigl6nsr.gvt1.com udp
GB 74.125.105.134:443 r1---sn-aigl6nsr.gvt1.com udp
GB 74.125.105.134:443 r1---sn-aigl6nsr.gvt1.com tcp
US 8.8.8.8:53 content.overwolf.com udp
GB 18.245.218.13:443 content.overwolf.com tcp
US 8.8.8.8:53 content.overwolf.com udp
GB 18.245.218.13:443 content.overwolf.com tcp
GB 18.245.218.13:443 content.overwolf.com tcp
US 8.8.8.8:53 www.overwolf.com udp
GB 143.204.194.99:443 www.overwolf.com tcp
US 8.8.8.8:53 www.salwyrr.com udp
US 8.8.8.8:53 electron-updates.overwolf.com udp
US 104.21.72.238:443 www.salwyrr.com tcp
US 104.21.72.238:443 www.salwyrr.com tcp
US 54.91.174.86:443 electron-updates.overwolf.com tcp
US 104.21.72.238:443 www.salwyrr.com udp
GB 143.204.194.99:443 www.overwolf.com udp
US 8.8.8.8:53 analyticsnew.overwolf.com udp
GB 18.245.143.30:443 analyticsnew.overwolf.com tcp
GB 18.245.143.30:443 analyticsnew.overwolf.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 8aa5d5c954f6ac8cb7903f669fed4234.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 8aa5d5c954f6ac8cb7903f669fed4234.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 65cdb1562468c75bc876b55f52274705.safeframe.googlesyndication.com udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
GB 142.250.180.1:443 65cdb1562468c75bc876b55f52274705.safeframe.googlesyndication.com tcp
GB 108.156.39.76:443 sb.scorecardresearch.com tcp
US 8.8.4.4:443 dns.google udp
US 96.46.186.186:443 tcp
US 34.120.107.143:443 tcp
US 2.17.251.37:443 tcp
GB 142.250.178.4:443 tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
IE 34.250.10.111:443 tcp
IE 34.250.10.111:443 tcp
GB 18.154.84.76:443 tcp
GB 142.250.178.2:443 tcp
GB 18.244.179.43:443 tcp
US 2.17.251.37:443 udp
GB 13.224.245.9:443 tcp
GB 108.156.39.120:443 tcp
DE 3.71.149.231:443 tcp
DE 162.19.138.119:443 tcp
US 104.22.4.69:443 tcp
GB 54.192.139.162:443 tcp
US 34.120.133.55:443 tcp
GB 18.245.253.51:443 tcp
US 173.0.146.7:443 tcp
US 96.46.186.186:443 tcp
DE 162.19.138.119:443 tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.80:80 apps.identrust.com tcp
GB 108.156.39.27:443 tcp
GB 18.244.138.116:443 tcp
NL 23.218.48.210:443 tcp
US 172.67.36.110:443 tcp
US 172.67.38.106:443 tcp
US 104.22.4.69:443 tcp
DK 37.157.5.132:443 tcp
US 69.166.1.8:443 tcp
DE 3.121.6.51:443 tcp
IE 54.72.171.228:443 tcp
GB 185.64.190.77:443 tcp
NL 185.89.210.20:443 tcp
US 172.64.151.101:443 tcp
DE 18.157.230.4:443 tcp
IE 3.248.7.165:443 tcp
NL 69.173.156.139:443 tcp
US 35.227.252.103:443 tcp
NL 46.228.174.115:443 tcp
US 104.22.5.69:443 tcp
US 34.120.107.143:443 tcp
US 35.244.159.8:443 tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 35.244.159.8:443 tcp
US 173.0.146.7:443 tcp
US 96.46.186.186:443 tcp
GB 18.164.68.6:443 tcp
US 151.101.1.108:443 tcp
US 35.244.159.8:443 tcp
US 13.248.245.213:443 tcp
US 104.18.38.76:443 tcp
US 52.223.40.198:443 tcp
US 23.53.112.234:443 tcp
BE 2.21.18.175:443 tcp
US 54.162.117.59:443 tcp
NL 193.0.160.131:443 tcp
US 216.200.232.249:443 tcp
NL 185.184.8.90:443 tcp
US 151.101.1.108:443 tcp
US 69.166.1.66:443 tcp
NL 69.173.156.148:443 tcp
US 104.18.3.78:443 tcp
US 104.18.3.78:443 udp
US 172.67.41.60:443 tcp
US 35.244.144.25:443 tcp
US 35.244.144.25:443 tcp
US 130.211.23.194:443 tcp
US 172.67.69.19:443 tcp
US 172.67.69.19:443 tcp
US 172.67.193.156:443 tcp
US 172.67.193.156:443 tcp
US 173.0.146.7:443 tcp
GB 185.64.190.77:443 tcp
US 35.227.252.103:443 tcp
US 35.227.252.103:443 tcp
NL 185.89.210.20:443 tcp
DE 3.121.6.51:443 tcp
US 69.166.1.8:443 tcp
US 172.64.151.101:443 udp
NL 69.173.156.139:443 tcp
US 34.120.63.153:443 tcp
IE 34.249.101.124:443 tcp
NL 178.250.1.8:443 tcp
NL 69.173.156.150:443 tcp
US 35.244.144.25:443 udp
US 151.101.1.108:443 tcp
US 23.53.112.216:443 tcp
US 151.101.1.108:443 tcp
US 35.244.144.25:443 udp
US 96.46.186.186:443 tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 52.223.40.198:443 tcp
US 151.101.1.108:443 tcp
US 35.244.159.8:443 tcp
US 52.223.40.198:443 tcp
US 54.162.117.59:443 tcp
US 34.36.216.150:443 tcp
IE 52.51.26.185:443 tcp
NL 35.214.149.91:443 tcp
US 52.223.40.198:443 tcp
NL 35.214.149.91:443 tcp
US 54.162.117.59:443 tcp
US 54.162.117.59:443 tcp
US 54.162.117.59:443 tcp
BE 2.21.16.25:443 tcp
US 13.107.42.14:443 tcp
IE 52.17.1.20:443 tcp
US 69.166.1.66:443 tcp
NL 35.214.149.91:443 tcp
US 52.223.40.198:443 tcp
NL 82.145.213.8:443 tcp
US 8.2.110.134:443 tcp
NL 154.59.122.79:443 tcp
US 69.173.146.5:443 tcp
US 3.213.20.25:443 tcp
US 34.98.64.218:443 tcp
NL 208.93.169.131:443 tcp
FR 5.135.209.100:443 tcp
DE 91.228.74.166:443 tcp
NL 185.184.8.90:443 tcp
US 34.36.216.150:443 tcp
NL 35.204.158.49:443 tcp
IE 67.220.228.200:443 tcp
GB 172.217.169.38:443 tcp
GB 108.156.39.10:443 tcp
NL 46.228.174.117:443 tcp
IE 52.209.243.124:443 tcp
NL 69.173.156.149:443 tcp
NL 46.228.164.11:443 tcp
NL 46.228.174.117:443 tcp
US 173.0.146.7:443 tcp
US 96.46.186.186:443 tcp
NL 178.250.1.8:443 tcp
NL 185.89.210.20:443 tcp
US 172.64.151.101:443 udp
US 35.227.252.103:443 tcp
US 35.227.252.103:443 tcp
GB 185.64.190.77:443 tcp
DE 3.121.6.51:443 tcp
NL 69.173.156.150:443 tcp
US 69.166.1.8:443 tcp
US 34.120.63.153:443 udp
NL 69.173.156.139:443 tcp
US 35.244.144.25:443 udp
US 173.0.146.7:443 tcp
US 96.46.186.186:443 tcp
US 173.0.146.7:443 tcp
GB 185.64.190.77:443 tcp
US 35.227.252.103:443 tcp
US 35.227.252.103:443 tcp
NL 178.250.1.8:443 tcp
US 34.120.63.153:443 udp
US 69.166.1.8:443 tcp
NL 69.173.156.150:443 tcp
US 8.8.8.8:53 dns.google udp
NL 69.173.156.139:443 tcp
US 8.8.4.4:443 dns.google udp
US 35.244.144.25:443 udp
US 172.64.151.101:443 udp
DE 3.124.64.248:443 tcp
US 35.244.144.25:443 tcp
NL 185.89.211.84:443 tcp
DE 3.121.52.114:443 tcp
IE 99.81.155.142:443 tcp
GB 18.245.189.34:443 tcp
US 35.244.144.25:443 udp
US 96.46.186.186:443 tcp
GB 18.154.84.17:443 tcp
GB 18.245.218.113:443 content.overwolf.com tcp
US 44.215.217.241:443 electron-updates.overwolf.com tcp
US 96.46.186.186:443 tcp
US 173.0.146.7:443 tcp
US 96.46.186.186:443 tcp
US 173.0.146.7:443 tcp
NL 69.173.156.150:443 tcp
NL 69.173.156.139:443 tcp
IE 99.81.155.142:443 tcp
NL 185.89.211.84:443 tcp
NL 178.250.1.8:443 tcp
GB 185.64.190.77:443 tcp
DE 3.121.52.114:443 tcp
DE 3.124.64.248:443 tcp
US 172.64.151.101:443 udp
US 35.227.252.103:443 tcp
US 35.227.252.103:443 tcp
US 34.120.63.153:443 udp
US 35.244.144.25:443 udp
US 69.166.1.8:443 tcp
GB 18.245.189.34:443 tcp
US 35.244.144.25:443 udp
US 35.244.144.25:443 tcp
US 96.46.186.186:443 tcp
US 173.0.146.7:443 tcp
US 173.0.146.7:443 tcp
US 96.46.186.186:443 tcp
US 173.0.146.7:443 tcp
US 96.46.186.186:443 tcp
NL 185.89.211.84:443 tcp
NL 178.250.1.8:443 tcp
US 34.120.63.153:443 udp
US 8.8.4.4:443 dns.google udp
US 34.120.63.153:443 tcp
IE 54.228.103.145:443 tcp
DE 18.157.230.4:443 tcp
NL 69.173.156.150:443 tcp
US 35.227.252.103:443 tcp
US 35.227.252.103:443 tcp
US 69.166.1.8:443 tcp
DE 3.68.142.144:443 tcp
GB 185.64.190.77:443 tcp
NL 69.173.156.139:443 tcp
US 172.64.151.101:443 udp
US 35.244.144.25:443 udp
GB 18.244.138.116:443 tcp
US 35.244.144.25:443 udp

Files

memory/2756-2-0x0000000000060000-0x0000000000061000-memory.dmp

memory/2756-32-0x00000000777E0000-0x00000000777E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Local Storage\leveldb\CURRENT~RFf7645b7.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Cookies

MD5 ccf182eba517015b532f6f9a17958a0b
SHA1 95b431a3b0831c063651726fa3e11dc94c5e81a9
SHA256 50689921dec5daa501017f897a08d1b39a9ca2a95cb8ef53b60fd1ee0bbbb9ed
SHA512 581f833282544f223374e7e3929ff9aa301329e9fa4318c627f474d6efa7adbc699c3de5f28b4e7f69a8cf40eb535e310178dab36937fb0e0dcb1ddeb414f9c8

C:\Users\Admin\AppData\Local\Temp\Cab48E4.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar4945.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db279f967f4a0346f94b21400a3a4d6c
SHA1 4f95143b62ca496029f34ff9159849ee7ab10421
SHA256 2ea5995eea2c3a0963f72e2af5b2861ddc561225ffd260607b978ba8d7606d39
SHA512 e54168d4388f70d88db5e5a33171414456e98c40ed2c10e723b749995927da05204a75e1a85b438dea0138a5867e306cf97fbf7de6a32f874e383894a8bbf3b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b410361d06a6003feef89e409096044
SHA1 3707e9e6fddedeee510d0e97d24a3b6cc42dbd09
SHA256 d9758b7bb05fb42317f2fddf7da8c170a36dcb484d1aa6e9e2049bd6d38878e2
SHA512 36d71d300e7300f4219a5035e3299203a644490a6579bf559d982e9370df23d4d04611e0d072d21006a5d157d4e4698bd1b0feadaa436790fae34ef02182e078

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 84f374e44920a504b72428e7d801d85e
SHA1 a229462c77981148e6a91cd979d4602446b75829
SHA256 1d8ee05f831e54787058ee9c28df6b8d6a5241fdcb58b883f388f9f599c19f35
SHA512 baac4a770bb67fd55ca4a777c1f474fbdd0a95dd1dee78c4962179dba58ec7c70eebe2f34d22d18345461ed3fb0a819b54edff15fab7a4ba81840d51007d677a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1c87624028e655cdf3971f0e7b0e5e5
SHA1 43de20b7d3414c852ba3bbc4cb898fa7bb1564ac
SHA256 8b9f970c3e88dad36b349037b01d02b3770fd034ae609308835ea5c3fa50a559
SHA512 078dfd8586f671fa335c956289599968dc47afe058932ddc68894b19775dcdbbd7218e09401aaaa172dd77f8f4f8f6b97ea28b47bfceaf63b79ce80db51bb337

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3306a0d6c82ca2507c01d73cb5949960
SHA1 a7cac2768ecbe1acb732463ff9ae457646b83ece
SHA256 1e6469afe973295afcd5d54f5cb246f8920e5191c02f49b4458a5bb1d6bf8ec9
SHA512 8329f9a45328385aba8e2dd2bcf72b08c7c919ea2892ede0386806af4bf1b3e689f2c7a43c3837baa1832b7956cbb885e3fd8d144423bebdf6712d6e3b13ae6e

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Session Storage\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\config.json

MD5 2dee85ac19aebaa50662a4ba424441af
SHA1 d0b03e28e9a14d48a1a9b206e92dc1bf1266328e
SHA256 dc4d87159e452383f6e39c1b7dd2830c69457a547565c43cfd9e9b86f336f336
SHA512 651d95e57716081376c14c26852e01997c77597da0e0350620ad4cadbf14f0a02956d7b3e8cbdf52a777b64f7ef7db63066791e24074d5e5b57a38af2b7c6a6e

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Dictionaries\en-US-10-1.bdic

MD5 4604e676a0a7d18770853919e24ec465
SHA1 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f
SHA256 a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100
SHA512 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05de98230ceae6e027b7a34f3ed8be99
SHA1 b70aa69d3f6b7216a42d8b4c2c1870eb4f714ea4
SHA256 5c662cbbd1df59eab06ee6dc911dc5188faf92691cc06ae33c1eb6336576b8d9
SHA512 0de76f8298b4b1958d9d7fa9735d1e2cbbebe51f393cd6a18b2d0d8eae9d82bbac11669f55aa1c1a0871e6244f62e2458f68ea72a7518c0e2214a0b1d98b3105

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000003

MD5 dfbdefafc05bf6321890baf2d8864bb9
SHA1 757b8c5f8cec1b296b850131b5f3a052244c2bf3
SHA256 6b89165586c5c45e33b1c2f108fe5739e00ceec8717069a27ab1db57668a6586
SHA512 3294d62443c3efef7bf7008eeeefcca4050cf034da6e269587bfe60c1b8a6238eda8df103445ef4ab1bd24e3183dc384f6a1fd4e4dbfcde2205dec79b82704d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06bcc2465b705f9d50a425f39fb2246b
SHA1 bd28c7009690205c686f14a97547450139f24bfe
SHA256 410041e26b0183c6b5766662fe0cd8ff6571b41c1fd59d436efc4d12dc950ff8
SHA512 7a52e5688f12c8a9359d2e74eb97f7255d6f7b0df18024165d5502bd2feef851c95dffd99cb88ed5228ecfac411bd739c548fcbcdba1835900a9bb6173533e16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 114e34a6156ed1b3214764a16649752d
SHA1 95b38efa244539a518417d22a174e74c8320ee03
SHA256 32b7230326ed47dcf5c6679008986c8b99a593e11c3ed7d44fe4d10124f1179b
SHA512 661d252845fccbe6b52e9639a6281e8e9f76c27e5c9f563c02f268f62424d64e6a5e18de5fa215f636a262f27873e2f098c2f37c23e307bc94f677cd7bf5a917

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000008

MD5 852af0156e076682b1f407b40de89102
SHA1 86a88696b206d3ccc0284dc45f09d107a1922d6e
SHA256 72debd003600affaaaab7ded14246426c8d7efb3c8457650dbcfdd8a4182df46
SHA512 cf13e137b2d3a7af182f33991b437382677b8629814665686a5cc213580b7e44542db69718b0b1c511752ed6bb18e01460df44ec7af512c1a6b9bd076f6c50a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c681c9156dd58ddc466c4665cbf4d75d
SHA1 7ecd4ab55f16fb7e567da1e7566579d006431de5
SHA256 7a9846cda99abc34a79ec296ef6928653f213201243d1fabceaefc3b193751f2
SHA512 e8cc9003e95e95d3db353d4c4577b6c4a1b1d80231891517a4d60031198989195a98b3dd7ae3e63b963ee071883aa7345c51a77dc7e34af50eb7a4eff07f39f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eee51d4a3894891201dbb099cb159e3d
SHA1 0fde1d4581d1c9ffb41d38d23c05525eed537108
SHA256 f5c4c360f940057badc55141ab96c6baafe4a1f835aa09cdbd4d2d22004be025
SHA512 39f8841f52b424d129dec9ead7267e25710fbb1cf0072d6947c11db230fa7f6049f869437825b2888afc52d6740541adcd8a34e8c406bc4acd4fe851b2a4e700

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e1718ec26105d31f1baa52b24834557
SHA1 63ade6ca47a55fe608a72f37a105adc5eefaba5b
SHA256 f08b8bc6e77fd58d9b7d388fd2d7678d2e5d4d40a4e4c503b0d6610746c452e2
SHA512 bb09ca4db89328862057c81a1874436d1542118ed94b61bd654884c1965739cacc362e409adfea4cd670ed52ffe8980cb6f78c0dc022da0ea498be4cab66ce56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4e1f1aa73ec49d782e6b456ad0fc30c
SHA1 1d4db3dfd7eb452dd47fbff669b47b31efe9a067
SHA256 0338951996cee97f5e1e15358ffd32f5ec8d0e7e4f3d577c379cec69d32785b5
SHA512 8fdcdbc5c6e103e2acb9279e4393a9b659188ef0a1fefbde41d3d56aeb4907012b34fda12357811c3f109ed418f0dd0dac2e1ad515d9e221f072e80c074a0be1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a20477e83537d71861a5e7d0952f3b4
SHA1 9317cdcd75622ee3965452d5509508ddd9e33756
SHA256 2eb75495f7c466fd6f7effb62f06fc3bd22b17e87a3a24070b484541f9171c86
SHA512 634e5a1dc962979819e5616d45a5d5ef1e3f8a174076ca14589eef0f7873d2ff0249fba00c4eb9ae05f2a4851af133a5360b51c536b63d2e006227f0b9843559

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ceb06bc742ee9fcc8508d53a1154a77
SHA1 cab1cf3469bb0ce9dcbdc9824a7dd3576decaf75
SHA256 c2f827db4540e8c969949f246fba591eb7e03dd7c3a96fe4a787fd6e43a0818f
SHA512 488e49344bb6956fd8f9cd365ceea9abdf74f2691082796541aec32984c49e03e11b8ba4ade7c0b96723a67d4fe1910a8f9d90f48270f208b258d32e1a05b882

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 f07d35ed0fc071dce030beefaae8bb49
SHA1 980a0c5f3d63aa812e8878160e765b2724300570
SHA256 f108963dd17d95d2df31d9bcdf9b02ed0a7e6619af6ec7e3dc5a414a92f29c85
SHA512 9afdd20089181eebda385625d261bc57744c03987c0aaecc6eb47655f9ee58e0078e8aa41443fed380b9b23109ba403400d4f522d08ae89545e13d2dcd0aa76b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f2052877d18915972e646bd16539a75
SHA1 06e3a579082abdb527dfc6bc5ecca12db80f3445
SHA256 90de5225fa111fd4cae2ed070502583672276f6ea3b402b7c60ff670ff696fa8
SHA512 eef100e49913248e2e209a8db4c12629d8adc072b7cbc07aeba026b52771421299ed6ef2007e277e2432e59b2b2bef9d2e5c2cf47dfadf4e4b9b407ed9bd77c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63032f7f2175013203e03838730cb03c
SHA1 8688421f779eef1386446b57b1a308d3e1942945
SHA256 58e13464505f935dee950b5a06e4da51058d4a018c9f3b20eb75dd4c93e74689
SHA512 113dde9f729808943135ecd6e0db516de2d1cdb20ce64589e6f9403aeeb5d884c8c5cb2007caff02d5381e3f97cdef446c6b205d18a470a9b2918a6ac886f045

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 802016540518ee6b802a04107088ac73
SHA1 6b8ed5595379e157cde26acf830ca92246fcbce8
SHA256 da70a884e3ba3cd9b664025550acdd380a35dbd64e616187d95ee31a2981226b
SHA512 6fe9ada9273c9d069f526913378beb95f7a398f2f9e6e851c5231ff0346721fa983645e29566bd0b528e4decedabaa284f3728861b5e93fd3ec2da76ba91b108

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1a326776c2fd53693f54b0aff19d242
SHA1 a6380b3c691d78990992317299ded0dee9f6aadb
SHA256 70f325cad93947fc7385aba75e70c2936fbda0205555ac941eda3345b4b6672f
SHA512 0ee93ef37c7a4a2322a95d194a3ee49c580a127a298176d9b2435163588786a11e7c31b0fe4c741c6a5f2be0f4fb650d3cd10163a81c67f195f7c532f25f6a3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f25d114917070f8af7b89e34f88f4551
SHA1 ddaad6059a346dea11a7c377bc037218933a7a5d
SHA256 116330f88840594029a054a48999bf9c0b52a53e5886db520f84fd48240ce0bf
SHA512 9a2f78d4720842e82d58b3087f89a788927a41aa6290a7fdec49e2632fb247abfcf52813ccb2e91e8eb4563e8bb42360077f44b36cf70c08ddfdbd6073b2229b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb67e5304798f9a484724e773c4da1d1
SHA1 c3a49fc4fc84fdd93e04d09c54491c2a3a86686a
SHA256 f04c541321e72b05f5d5c014ec791b6aaedea5d6c0ad241238348230aff68778
SHA512 70232c028a74c55a55d1b28365907dd39bbbe17308e4b0cb52ec40981e7ed5bb3cb9145f9080216005ee1173e7ed78dfd09361e37a5a0c595ab0947160fa1ee5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70727b6259ffe086096892efbd8269ca
SHA1 31d0b2328ddc170e47e8f8cdef7f1338ab51fd7e
SHA256 196a1fef9c3722c11cd7a6369f2ac1c510ee624bcf3003d10155e69377d393b7
SHA512 33dd934f1a9c38ddb10f49e38a7333b18faaa15d433577ff13a56c17e59209e5bedc8e7512351ff7cd04083b3c4b3b0e5d2942a5664fd0528a21b04061e28bce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5ce756d6def6168e0b988a915eb8199
SHA1 bdfac039a8b83714c73d3531a83020b5f520dc6e
SHA256 4afd36f7e38eb2bed2a6e0279eb896ec06ecaa08986d7b94fc6044b3ee4099fb
SHA512 dcbbc8e092ca9b95a1ee5ac2aa69ed535d702f468675460a50399b33008c2f6f3649c1f0938af93e91566565fd7dfc08110735b3a1d47959d81b569e0a8470ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84e840a4cd0435f3fdd6a81425d0e403
SHA1 67707bfadf1931b961173a86e0b1ad69b3e29aa0
SHA256 caf58f188d76a340934b12e2dfec12b34dead27a6b8f9bdfd404ad8e4ce0570f
SHA512 80154579d2a5ecfc67426ec0261893f99736f14f6f9bb40998a8b682b130e9f56960158d345554405ae11922970083e37586f8e7e2826d986fe74db7c6ce5bac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42efb3335b73c43e8d76dbfdd7a18633
SHA1 459105e122564ce47abcc96d0f50a380321457b1
SHA256 97b9a6a64afa062aab05109b7d5a0dc15060c4d71512be37e302a6cb131afb6d
SHA512 4d9a2095bf787ee8dda246de9b9113dee2d982d36986f96288cb3737d94a72c7f2addad59ddd9e7b50a4183fd0bd631f6f6983febbd991886c3849e5862eb9ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73bf25da41f928b639eb40f2857bfa8c
SHA1 451d0537e2de11436d1433f7e28a57b9c85888a1
SHA256 046110c338502bfb2e6e87c9756aab87717f3335cd65aab5f95230c7b406466f
SHA512 3d03cd32ee23309f36825d29afe0c12c435421e4434fcfdbc23805705353392af8d8bbf7062b36ab5dfe7d66c606295d80903cf3fb21d047a7655039a91fecd9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fc0b1e1d8e5b3337dded584dfc03165
SHA1 47a1cf218df05a724c748d334c89d6b534d24b94
SHA256 4ed2b48e4d9badc08483a237ca65474f1e6411088f37b51c5b546851a0fc7308
SHA512 ad6e1cd394b935614f97bec91e5af89329960816c48210009a639b723974d1d9faf0438ba6b19326877d5921f6c10be78c2043ae602f59918550c41e9e75f6d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ea8844054b12c527a759c44ab850d50
SHA1 80c37cd1ba9dc5fd0c6cdc0cbd970d354cbfaa00
SHA256 9f67359a387b78b6077969bdd90cf84945dfd1b0ab522c0b333e6d8577add161
SHA512 9c3e710b85d481d92844b3ee9cfd79ce927b93b1ec6148f595287250e323ff6ebe550903054024b7ae1ab8d625df988298e30396f00f9d6edfafbc091e352ceb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14953735f6a9e8541df66d78ca4b9e94
SHA1 f8a9d1850809de5757c32c9c8b2536d0cfc632fe
SHA256 a5484b4aee7b08973396af37762b9b7d8f77528d63ea639d289782aac9208397
SHA512 2f31abc591efb43a9ffc2a93e23097e7d9dca6572e6021f495ab28f4f44556ff332a1602816d1e37a3fe103858750d2c5dccb5df2fb89d8f49990e773e0e32fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fa8810e08f2d909264fe53a748ad416
SHA1 ae64c1fa17d56cde63a9e9625512191e7ef3d94f
SHA256 168888083ed2e8f61d9fb61237b01c5bb89e1c97872a80e9352ea98f5c59affc
SHA512 3f8ff7ccb8be59fe628a59d583ba9d63bad682a6ecbb9043b10d9d2d381a58213aebf5122541c09f66e8fc1f4a73966230dd8446f0dacbc483a690b2f6658e51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb739ce13139a23995c5490359786a06
SHA1 8e23454de95e1a9e0b9625897903f9c6c1fde006
SHA256 562f032ca4a93a2d42608fab5505e254058fd9e7eb6e21c6079a6ccc53681b15
SHA512 d1a267812723b8ced7b84d5c6635467fafd4345981da468b3ab97d242ad41f2ad9ba369133cae6364f7f1a0dee720c6b5848a3366edfe60e12fc8d61500762d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 617e0bce318e42ab38652bfe2f0b83b0
SHA1 bc6aaa459bb05992282a9aabdc3b7e9ae9eeef24
SHA256 36327365012df27b368ee2a596db8e90eebdb1d867fb62ad17de51550a056e63
SHA512 530efe10dfa6cc0ead0fdef20c006fe64965f260c3c68dba829a4e2006f0c8dfcb38a896f112d03f82cf90cdbf8c5cd5154f473e4050da32fccdc89349d4adb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7885be85243923679eef199f03209426
SHA1 f342666de78d0a2cd16c25b334b5f3b4d0cdea27
SHA256 f039a6e81855836bdf724e0d527a9292b586e82ca911e3a72727801782be0ecd
SHA512 07ec1b26221ba982861754a0c2c315f2f9bc9ec9d1cc4f7991ffd7f2d12e5a5115b54c19e5f2bbc463c8bacafbf81d3e2a2afbcd6dd6fc5d642a95d7b01ddf1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daa03e2479cda04bc1d77e198d591ed7
SHA1 6e055b0bc00d694ccb1707d72d5ddb240687db37
SHA256 a66567e9e39b27736a8ead0f223ad986277aefa558ce3478d69bed8e1bf158e6
SHA512 91340f4898552b7b7b5dc45ab668a8322550d40f28cc5ec274c7b585c38d656c22c7441fd9432144f85797792840b400735eecf59a99d35ba9aaaa5bccb1f844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 704f11a49c25e6234064cdd1ce8d2af3
SHA1 6ad4dbb873360dfd034140a89a82ee59ca8e5613
SHA256 848e0becd2324fad7f241f56de66a6482d924da0332ceb1d10f0cbce732dae35
SHA512 10a08ec00ea92670d9209d379b5fe832bb6623e44cd071bf5198f67444b9a8c4e12cf666284da00d1ac05415d8a0ab8ff5bc360a34e638f408a17153c1ccd24c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05722c2d3d0a052985f335b1557d2ff1
SHA1 70b75edfb5236d783072378cd6eff19fa05855b0
SHA256 e0c0a1e42f3a6462d343ee37281f1cee4ad15563582793589deda84e804ea6c6
SHA512 df429e6be42b9210499568ded91b9397450b7f616b8ab3ef98c653e60a65c5d5e3742a1462fd423ffb2df585736acd39e9ec2b7600adf3ff9b64035baf0a0633

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40d5f997863660dbcb4cf106257b89cc
SHA1 51b9e062dfe8e659f3d602ffeda19493eeddeb9e
SHA256 ef3718d6d8686d8f163d08d4e91e9c5ed95fd67e9e75d1ced0d9435b53d08298
SHA512 c19a0ca7aced3c90334db7d0063c51e64a2fb7af16b23cf0370a0c275c61d4e2933fb37463822d1596123443a74ed499ecbeaa8d8cbc35164f93930e2a72171e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e990eab4e82e7c01eef6b564baf699c
SHA1 7d03f3b0b62c2133c882d91980d17a5ba7a422a3
SHA256 2df16aa9c105091c2504b1891f72c3540211ef9f079cef5f8063e9ff3d51c39a
SHA512 9f6f8968c042fa3ece00c9496adc576314e75d76bb066738d1f1da7bcf550137b86138f6c0bd9954a6a38d4839d4bd9a25aa2e1fe2a2af21bb3b9139c51c5fe8

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\4519ff0f-f97c-46c8-b3d8-140af20015ae.tmp

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c58baaca977235c1f76d3803820a747
SHA1 c09069f14cc523369e06aeec680af6e8a7fdaa62
SHA256 578988a1a89dca05696bc614735905af51c689712318a7b6509384d65a1e082e
SHA512 646f51821d2b7464d360eeaf26ed110d47f8c18aca24fdcdc2cad9a5a3a74f683d68dd400ddd144aa4cdad397a7413684f6be46c030e1bec8843d013484346a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b5899c49b221e760ad671c342e8893f
SHA1 4160cadefa5d83e66bdabe270860b06680bfdafa
SHA256 09bacd02036b6899f725fb2e18e8aff1e234a14993a50ca64fe6f2464ee70efc
SHA512 c01fc64a7d9512e5ecf04cbe5d9055660aa6422c1c832cf5643c82a361063f1979068378fe373797631252aebe0ddcc24f50aa31a240c0a489246f5c46fa177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5360e386556e490f2ae28c00c86be9ab
SHA1 013afdefaab24a7bfca4ba587271c4f68e761bdc
SHA256 dc8d6e8756784f4da68fffd78d3fe6c4d17d86b4b58cbc5bf08829402b9691c4
SHA512 e60aa7ece3ed334009f7a66e0c3cc96dd58bc1c1112cb93134d4c31e43b84a272a3596b0429c71b12281703c23160898f16f7a081669a088f75cc3b1077e8acd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f085b041235e42fa056eff3f7575d02
SHA1 8fd3575a1db5f808b380f7f4eba83e71528e2a54
SHA256 e5d52be38bcf5bf2fc408c49abf552dab34ea39b04d93539747f0f4becaac36a
SHA512 cb49f39ba713ad204bd72182f60f1e7fcfbbf73542bc41ce90395f13c200f68a8823bd913fefae58c87e197bcc1681fd8aa7a0f0f339756afcff92dc68a8c717

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d78ebd0843196a9816a332b4013c0cae
SHA1 3f3a1598fea3b8ff4834ba4c4ad684ac9ebf98ee
SHA256 c31be50ede943f1786700eb345303ce3f9f59329e729dacb00db9092bae924e8
SHA512 53311801844794098399279ee3215ed873cf1adaa0dce45b917ad2b6d24615c80fa560fe900eae502fd74a08fb94813698b10c6adb967f535e88de710bbb8e24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74625a5bd5988d235c5822efcb919ffa
SHA1 65a8648b9d5a68ebb388f4d07313603ad7ee6b83
SHA256 40accd24aca343a429578c4c9fe9b943f6d85e6ea9ecc1b15150f228706fbc96
SHA512 702cf7a181fc524bc5d7f879932b9af573341261abeae67c27f1dfc031c070abcef7cb1a474d15f81f7fc992e048992dd33ee6fbce3ee9a0670239411c4b042e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 335afd2492598e2b4f9c5a55008183c3
SHA1 a0a87cb1208ea19b8c0b1696aa6d569e940baf4a
SHA256 0dd9b7c7e85d1b1582004785b2c1311ba3503409434a1520b8e5440f1973afe7
SHA512 38b297032f6885295ed31b040a49c5ddab7f502636b698425bc49e6f8563ce17d2633c78de5459cb9a4e1ce5bdc8471212cd910c77051d8d443f93c36ea8f55f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8919733330461a2668c3840fd84fff7
SHA1 6967d11d930027442ff03133844dd290023043df
SHA256 9704bf7a7b95859f5e52ed8c901e55190868b15dd37bad77978f88855f7c47bc
SHA512 48c9e1528e8a6213d421e628ae6bc38ddd29524f16e6c33aa7d42004295e128ec05efae7a59aea416678e704ce7778902e234bb347bab60bfda9d56678724955

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63df5e04dfc2f2a8d4a5379c32d9c43d
SHA1 ef185f3080175c8012b4243cb1de434278c41c9a
SHA256 b0b99d385f48d7fbdb8f0442047587a067e8da883fd1acf9ae1165cf94d8e335
SHA512 04053fc39a7a31da522f5a31af337f4251f536dffe90980332be1eeb83ecd709e7acac2381ceffa2c6796dc39b0a94f91a864bdec746860324f7d0722ebe45f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50bf99093be83f9d5822ce4b7e6ff589
SHA1 eaacdfc5a01e6af52af4c500792bff65d96a09a7
SHA256 4cc6d4b3fd832f96b6b09f095149a5a3298a4379d6b866d7a5bcab6c103550ea
SHA512 8d2c65dd4d8c33125b31e9e65714c5330e199f5b5907ecc75906df80cba05488923389002ec4cf5f78251543fd021094c31b0660a89ca39e26ed1052e3403e14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 703eb1a2698a464573ed50860cdc2730
SHA1 e1abbf26633d9d1def0b7abc5382e776abfe162a
SHA256 99e69c044b47053f800a66d39ae10ee4d2dd143cbf8522d2165899120dd67b23
SHA512 dcd67c642b4ead309d28e983853ce1db8b297273fbe5287a544162322cb820659cf4e67f5722b9dd4f7639c474945f96c3e6f1e737925be558dc5b7a92c2fe8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb0946356fc00307064ecc7f28d54f32
SHA1 8f97a11204e78f79ca8cd7247cc06d8876849a12
SHA256 2dc0a54066434c9d8de044e664e1b914affcd30338bc7d28242f584942bb4653
SHA512 7d20e085b1c5ed7d7466805c2b78ad7be9098a270a80d002a69c3355423ff478accb8e5a11c9ec413073a5bde61438e635f8c2f83586d82cc725648a2edb050b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bff1114919442621e3b2c3d0d279c607
SHA1 8bb6b6172641127032c165ade5ec745ea538c513
SHA256 bbfdca7ddb6e83759dacb668b5543616c14e07259331477927d6322fa3a01f40
SHA512 d7963932bd6a20e6683a9ff2c85d23dd38c4fdb28203683cc076857777f8d8cea896c5abc8864249e781322d6ad567dab5785687d011491055fb242098be76cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f22762b007b73505248a72df00fc7151
SHA1 07ae0c25e1ec3260855ad1424a8017ae7494f430
SHA256 36da27669be765c266aa51b34949f622e8082857470b2ad300df2270b3794a64
SHA512 95941771e917e137f4dd050a203673150a8c8b897aecc9214011406f79725111cf0c1e2d78a92b9c2c7f5be4f5af566e7538eca8a172e243abfce28679b20471

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d89420ce4a8fffe6b56141c60e2f197
SHA1 11db89193725a570f4300508a950d1f48dd8f5bf
SHA256 0a15ebea2898e886f6a6ab04c19bb6c1a59dca5670841a607cd89249d400cd81
SHA512 fdc1336e60641aceda56be1b2edff0d0c5ac59b7ed56bfbf777b0219a33e382c19f0a64463c81d48643e3a2ef7efad858e7ca929e899c2eb8e844e6f50539ff1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79c5fade88f87ac4f48525b368b61b1b
SHA1 a8abc05fc26f33086a20203cc3e281f24f601821
SHA256 4d36cda9d6da0bf4b9e8a1bd29927569767d39362b130f3fe4e07b36ec03310c
SHA512 bfb8762aa6303226eb0f445ce8f7a8afc5c662c3ace7942c4f357cb18fd5978e07b631867e138719bd216e5469cf003f1e3698a618e1fa80c384bbf1efa223fa

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 a367179eb8bdf7b23fdea2c4ef17a4a3
SHA1 0081d9462158f14ef906a2809c09a8951bc3bfe4
SHA256 ebe5caf5b98f02a8892f1457fb9fff2e259b83af9974d638a2c5d5c0dd9b856d
SHA512 c3aa205ea09ae45c2bcd77f1a73c3b0c84bd1902ee3e8c409ea81e7f2d6dbfc6cdbf9195788acc147f84502b037e11011851e3e8edd45669f2e9654e5a82e8f7

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 5874a2ef98efb738efa5407af925a8aa
SHA1 71a98b91c1a2ebe1e36b3d03fbe2f0d2280d1e84
SHA256 4fd3586b07b78738af50be9cc635869ca6547578dfc87e974d206e20cf6a335e
SHA512 542eb9c914a5f684342f984e33c0e16a46a82939313a8de672943e097d78bc9db17e608ba3e83246f320f91da58a1e36aed3c2f2dbd0d9e7dd168f4a08345ed1

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 2282dc3ab5112ff530344e9059ed2852
SHA1 c95e1a33b7a861e2bb003082019139c90eaee887
SHA256 061614da640989efee764182f331b78aad3aaf0c38f3222fd8e5c3924d285152
SHA512 0eaea4bc08eb767e3ee7881e4b25e14fdc5053ebb7febc1b478c2f7865e782788a49b9867a463eb616616f99af43da35be52a5a77f86643c14a48356b760e45a

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index

MD5 fc1e08ed2965ecf2e79e9cb17bb2555d
SHA1 6349a833bb80068c27b6110d2599e7d1d481d602
SHA256 dca3b0caf26fa50940a06bcb899b66f23faae85caf228437fbfac1b044e5b954
SHA512 ddbe7dd1e23e4baee42f0c1c512813b2126ddce40decb1194b6698b06c47a5a90fc66a456351b5d04b2e7d0eb0255e1af902bbea3f4a8b6f5f9cd24c4fb5b9fa

Analysis: behavioral19

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240508-en

Max time kernel

118s

Max time network

157s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.234:443 www.bing.com tcp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240508-en

Max time kernel

90s

Max time network

155s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\resources\libraries\java\PackXZExtract.jar

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4536 wrote to memory of 2180 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\system32\icacls.exe
PID 4536 wrote to memory of 2180 N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe C:\Windows\system32\icacls.exe

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\resources\libraries\java\PackXZExtract.jar

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

memory/4536-2-0x0000022E4C500000-0x0000022E4C770000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 c6e8942c3dc4b91878305a2c49fc74fe
SHA1 615550b92f511d4bcf711dfd1d0cff56fe2ce430
SHA256 ca5e736e3772687181aa93388efdbf5e724b1aa7f0a6d1f676bc2a13e4ffeb44
SHA512 5cf492cb6876c394b1ab2ebc6250bdddb89be7e53bbfdb498b46ec50bc3ce8789871128ac390f650ebb9eada6c0ae2a6d5d87f646596bef9c84a7f5fa5eadc43

memory/4536-13-0x0000022E4ACA0000-0x0000022E4ACA1000-memory.dmp

memory/4536-14-0x0000022E4C500000-0x0000022E4C770000-memory.dmp

Analysis: behavioral29

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240508-en

Max time kernel

90s

Max time network

155s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\resources\libraries\java\launcher.jar

Signatures

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe N/A

Processes

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\resources\libraries\java\launcher.jar

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

C:\Windows\SYSTEM32\cmd.exe

cmd.exe /c ""C:\Program Files\Java\jre-1.8\bin\javaw" -Xmx512m -cp "C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\launcher.jar" fr.salwyrr.launcher.frames.Main --salwyrr salwyrr "

C:\Program Files\Java\jre-1.8\bin\javaw.exe

"C:\Program Files\Java\jre-1.8\bin\javaw" -Xmx512m -cp "C:\Users\Admin\AppData\Roaming\.Salwyrr\launcher\launcher.jar" fr.salwyrr.launcher.frames.Main --salwyrr salwyrr

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 52.111.229.43:443 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

memory/2472-2-0x000001C135EB0000-0x000001C136120000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 3b65912f4b672de67c91193bf90a7296
SHA1 efe3ce8d28a865c92f4c8ac6e830ca47c36ac483
SHA256 ab81d3c56e3ceb77a1f7e6fb4dbd156cfd8f9cfec93b4b73f775a610e7d7133b
SHA512 5feef1edc18ab2322b10c249054d300ee7b19e8ca359781920f59864eb51385669c7d8f4588a7fec3d66e922fc88872e7eefd1f3afb2a38f4f234fb338e3f021

memory/4984-18-0x0000029581450000-0x00000295816C0000-memory.dmp

memory/2472-21-0x000001C135E90000-0x000001C135E91000-memory.dmp

memory/2472-22-0x000001C135EB0000-0x000001C136120000-memory.dmp

memory/4984-29-0x0000029581430000-0x0000029581431000-memory.dmp

memory/4984-30-0x0000029581450000-0x00000295816C0000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240221-en

Max time kernel

58s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A

Reads user/profile data of web browsers

spyware stealer

Checks installed software on the system

discovery

Enumerates physical storage devices

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc250f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a80300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703082000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c9090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc250f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e309000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\setup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1260 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Windows\SysWOW64\cmd.exe
PID 1260 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Windows\SysWOW64\cmd.exe
PID 1260 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Windows\SysWOW64\cmd.exe
PID 1260 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\setup.exe C:\Windows\SysWOW64\cmd.exe
PID 2656 wrote to memory of 2664 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2656 wrote to memory of 2664 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2656 wrote to memory of 2664 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2656 wrote to memory of 2664 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\tasklist.exe
PID 2656 wrote to memory of 2668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2656 wrote to memory of 2668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2656 wrote to memory of 2668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 2656 wrote to memory of 2668 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\find.exe
PID 1960 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Windows\system32\cmd.exe
PID 1960 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Windows\system32\cmd.exe
PID 1960 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Windows\system32\cmd.exe
PID 2824 wrote to memory of 988 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\reg.exe
PID 2824 wrote to memory of 988 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\reg.exe
PID 2824 wrote to memory of 988 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\reg.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2932 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2368 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe
PID 1960 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe

Processes

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Salwyrr Launcher.exe" | %SYSTEMROOT%\System32\find.exe "Salwyrr Launcher.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Salwyrr Launcher.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Salwyrr Launcher.exe"

C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"

C:\Windows\System32\reg.exe

C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid

C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1100,i,13860498679608521034,1182944131609187537,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --mojo-platform-channel-handle=1316 --field-trial-handle=1100,i,13860498679608521034,1182944131609187537,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1552 --field-trial-handle=1100,i,13860498679608521034,1182944131609187537,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe" --type=cs "--cs-app=Salwyrr Launcher"

C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1824 --field-trial-handle=1100,i,13860498679608521034,1182944131609187537,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1680 --field-trial-handle=1100,i,13860498679608521034,1182944131609187537,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1668 --field-trial-handle=1100,i,13860498679608521034,1182944131609187537,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Programs\Salwyrr Launcher\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3000 --field-trial-handle=1100,i,13860498679608521034,1182944131609187537,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef58d9758,0x7fef58d9768,0x7fef58d9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2916 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3208 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fd67688,0x13fd67698,0x13fd676a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2592 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3620 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3676 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2604 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3724 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3716 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4020 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4172 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4116 --field-trial-handle=1400,i,17153876718180517100,17597699589234075183,131072 /prefetch:8

C:\Users\Admin\Downloads\JavaSetup8u411.exe

"C:\Users\Admin\Downloads\JavaSetup8u411.exe"

C:\Users\Admin\AppData\Local\Temp\jds259523809.tmp\JavaSetup8u411.exe

"C:\Users\Admin\AppData\Local\Temp\jds259523809.tmp\JavaSetup8u411.exe"

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE

"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\au.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\msi.tmp"

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE

"C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE" d "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\jre1.8.0_411.msi" "C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\msi.tmp"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 91F3D9F4E920ADC4271BB27174D7A4B7

Network

Country Destination Domain Proto
US 8.8.8.8:53 tracking.overwolf.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 features.overwolf.com udp
US 8.8.8.8:53 analyticsnew.overwolf.com udp
US 8.8.8.8:53 content.overwolf.com udp
US 54.91.174.86:443 tracking.overwolf.com tcp
US 54.91.174.86:443 tracking.overwolf.com tcp
US 54.91.174.86:443 tracking.overwolf.com tcp
US 54.91.174.86:443 tracking.overwolf.com tcp
US 54.91.174.86:443 tracking.overwolf.com tcp
GB 108.156.39.44:443 features.overwolf.com tcp
GB 142.250.187.206:443 redirector.gvt1.com tcp
GB 18.245.218.99:443 content.overwolf.com tcp
GB 18.245.143.30:80 analyticsnew.overwolf.com tcp
GB 18.245.143.30:80 analyticsnew.overwolf.com tcp
GB 18.245.143.30:80 analyticsnew.overwolf.com tcp
GB 18.245.143.30:80 analyticsnew.overwolf.com tcp
US 8.8.8.8:53 r1---sn-aigl6nsr.gvt1.com udp
GB 74.125.105.134:443 r1---sn-aigl6nsr.gvt1.com udp
GB 74.125.105.134:443 r1---sn-aigl6nsr.gvt1.com tcp
US 8.8.8.8:53 www.salwyrr.com udp
US 104.21.72.238:443 www.salwyrr.com tcp
US 104.21.72.238:443 www.salwyrr.com tcp
US 104.21.72.238:443 www.salwyrr.com udp
US 8.8.8.8:53 www.overwolf.com udp
US 8.8.8.8:53 content.overwolf.com udp
US 8.8.8.8:53 electron-updates.overwolf.com udp
GB 143.204.194.70:443 www.overwolf.com tcp
GB 18.245.218.13:443 content.overwolf.com tcp
US 54.91.174.86:443 electron-updates.overwolf.com tcp
GB 18.245.218.99:443 content.overwolf.com tcp
GB 18.245.218.99:443 content.overwolf.com tcp
GB 143.204.194.70:443 www.overwolf.com udp
GB 18.245.143.30:443 analyticsnew.overwolf.com tcp
GB 18.245.143.30:443 analyticsnew.overwolf.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
GB 18.245.143.83:443 tcp
US 34.96.70.87:443 tcp
US 34.102.146.192:443 tcp
US 104.18.35.167:443 tcp
NL 178.250.1.3:443 tcp
GB 142.250.180.1:443 tcp
GB 142.250.180.1:443 tcp
GB 142.250.200.33:443 tcp
GB 18.154.84.16:443 tcp
IE 52.17.115.26:443 tcp
IE 52.17.115.26:443 tcp
US 34.120.135.53:443 tcp
GB 142.250.200.33:443 udp
GB 142.250.178.4:443 tcp
US 2.17.251.11:443 tcp
US 96.46.186.186:443 tcp
GB 18.154.84.59:443 tcp
GB 142.250.178.2:443 tcp
US 2.17.251.11:443 udp
GB 18.244.179.114:443 tcp
DE 141.95.98.65:443 tcp
GB 108.156.39.120:443 tcp
US 104.22.4.69:443 tcp
US 34.120.133.55:443 tcp
DE 3.71.149.231:443 tcp
US 173.0.146.7:443 tcp
GB 54.192.139.162:443 tcp
US 96.46.186.186:443 tcp
GB 13.224.245.90:443 tcp
DE 162.19.138.119:443 tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.190.80:80 apps.identrust.com tcp
GB 18.245.253.51:443 tcp
GB 108.156.39.27:443 tcp
GB 18.244.138.116:443 tcp
NL 23.218.48.210:443 tcp
US 172.67.36.110:443 tcp
US 172.67.38.106:443 tcp
US 52.33.252.174:443 tcp
DE 3.121.6.51:443 tcp
IE 52.18.39.255:443 tcp
NL 46.228.174.115:443 tcp
US 172.64.151.101:443 tcp
DE 3.124.64.248:443 tcp
NL 185.89.210.20:443 tcp
US 35.186.253.211:443 tcp
NL 185.64.189.112:443 tcp
DK 37.157.6.237:443 tcp
US 104.22.4.69:443 tcp
US 69.166.1.8:443 tcp
IE 54.72.171.228:443 tcp
NL 69.173.156.139:443 tcp
US 104.22.4.69:443 tcp
US 34.120.135.53:443 tcp
US 35.244.159.8:443 tcp
US 35.244.159.8:443 tcp
US 104.18.35.167:443 tcp
US 96.46.186.186:443 tcp
NL 178.250.1.3:443 tcp
US 173.0.146.7:443 tcp
GB 18.164.68.6:443 tcp
US 35.244.159.8:443 tcp
US 104.18.38.76:443 tcp
NL 208.93.169.131:443 tcp
US 151.101.1.108:443 tcp
BE 2.21.18.175:443 tcp
US 13.248.245.213:443 tcp
US 23.53.112.234:443 tcp
IE 52.95.122.74:443 tcp
US 104.18.41.104:443 tcp
NL 46.228.164.13:443 tcp
GB 172.217.169.34:443 tcp
US 104.18.3.78:443 tcp
US 104.18.3.78:443 udp
US 172.67.41.60:443 tcp
US 35.244.144.25:443 tcp
US 35.244.144.25:443 tcp
US 130.211.23.194:443 tcp
US 104.26.3.70:443 tcp
US 104.26.3.70:443 tcp
US 172.67.193.156:443 tcp
US 172.67.193.156:443 tcp
US 96.46.186.186:443 tcp
US 173.0.146.7:443 tcp
NL 185.64.189.112:443 tcp
DE 3.124.64.248:443 tcp
US 35.186.253.211:443 tcp
US 35.186.253.211:443 tcp
NL 185.89.210.20:443 tcp
DE 3.121.6.51:443 tcp
US 172.64.151.101:443 udp
IE 99.81.155.142:443 tcp
NL 69.173.156.139:443 tcp
US 69.166.1.8:443 tcp
NL 178.250.1.8:443 tcp
US 34.120.63.153:443 tcp
NL 69.173.156.150:443 tcp
US 35.244.144.25:443 udp
NL 178.250.1.3:443 tcp
US 96.46.186.186:443 tcp
US 52.223.40.198:443 tcp
BE 2.21.18.175:443 tcp
US 151.101.1.108:443 tcp
US 35.244.159.8:443 tcp
US 52.223.40.198:443 tcp
US 34.36.216.150:443 tcp
US 54.226.99.138:443 tcp
NL 193.0.160.131:443 tcp
BE 2.21.16.25:443 tcp
US 52.223.40.198:443 tcp
NL 35.214.149.91:443 tcp
NL 35.214.149.91:443 tcp
US 54.226.99.138:443 tcp
US 54.226.99.138:443 tcp
US 54.226.99.138:443 tcp
US 13.107.42.14:443 tcp
IE 52.17.1.20:443 tcp
IE 34.248.195.5:443 tcp
GB 172.217.169.34:443 udp
IE 52.95.122.74:443 tcp
NL 35.214.149.91:443 tcp
US 69.166.1.66:443 tcp
NL 69.173.156.148:443 tcp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 cs.krushmedia.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 8.8.8.8:53 pixel-us-east.rubiconproject.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 aorta.clickagy.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.2.110.134:443 cs.krushmedia.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 69.173.156.148:443 pixel-eu.rubiconproject.com tcp
US 69.166.1.66:443 tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
US 34.98.64.218:443 us-u.openx.net tcp
US 44.213.203.144:443 aorta.clickagy.com tcp
US 69.173.146.5:443 pixel-us-east.rubiconproject.com tcp
GB 108.156.39.69:443 s.ad.smaato.net tcp
NL 81.17.55.171:443 ssbsync.smartadserver.com tcp
US 8.2.110.134:443 cs.krushmedia.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 69.166.1.66:443 tcp
NL 208.93.169.131:443 tcp
IE 52.209.243.124:443 tcp
GB 172.217.169.38:443 tcp
NL 35.204.158.49:443 tcp
US 34.36.216.150:443 tcp
NL 46.228.164.11:443 tcp
NL 82.145.213.8:443 tcp
DE 91.228.74.244:443 tcp
US 52.223.40.198:443 tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 173.0.146.7:443 tcp
US 96.46.186.186:443 tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.201.110:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.4:443 www.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 www.java.com udp
NL 23.62.61.137:443 www.java.com tcp
NL 23.62.61.137:443 www.java.com tcp
US 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
NL 88.221.71.149:443 static.ocecdn.oraclecloud.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
BE 2.21.16.148:443 s.go-mpulse.net tcp
US 8.8.8.8:53 www.oracle.com udp
BE 2.21.17.88:443 www.oracle.com tcp
BE 2.21.17.88:443 www.oracle.com tcp
US 8.8.8.8:53 c.oracleinfinity.io udp
NL 23.62.61.146:443 c.oracleinfinity.io tcp
NL 23.62.61.146:443 c.oracleinfinity.io tcp
BE 2.21.17.88:443 www.oracle.com tcp
US 8.8.8.8:53 dc.oracleinfinity.io udp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
US 8.8.8.8:53 consent.trustarc.com udp
GB 216.137.44.97:443 consent.trustarc.com tcp
GB 216.137.44.97:443 consent.trustarc.com tcp
US 8.8.8.8:53 consent-pref.trustarc.com udp
GB 18.245.162.75:443 consent-pref.trustarc.com tcp
US 8.8.8.8:53 oracle.112.2o7.net udp
IE 66.235.152.156:443 oracle.112.2o7.net tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 18.245.162.75:443 consent-pref.trustarc.com tcp
GB 216.137.44.97:443 consent.trustarc.com tcp
US 8.8.8.8:53 c.go-mpulse.net udp
BE 2.21.16.148:443 c.go-mpulse.net tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
US 8.8.8.8:53 consent-st.trustarc.com udp
GB 143.204.194.55:443 consent-st.trustarc.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
IE 66.235.152.156:443 oracle.112.2o7.net tcp
US 8.8.8.8:53 684dd32a.akstat.io udp
BE 2.21.16.148:443 684dd32a.akstat.io tcp
US 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
US 2.18.190.75:443 trial-eum-clientnsv4-s.akamaihd.net tcp
US 2.18.190.68:443 trial-eum-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 191-101-209-39_s-2-18-190-68_ts-1715322655-clienttons-s.akamaihd.net udp
US 8.8.8.8:53 x5s5cjycck7ewzr5x4pq-p7iobd-354f74efd-clientnsv4-s.akamaihd.net udp
US 2.18.190.82:443 x5s5cjycck7ewzr5x4pq-p7iobd-354f74efd-clientnsv4-s.akamaihd.net tcp
US 2.18.190.79:443 191-101-209-39_s-2-18-190-68_ts-1715322655-clienttons-s.akamaihd.net tcp
IE 66.235.152.156:443 oracle.112.2o7.net tcp
US 8.8.8.8:53 javadl.oracle.com udp
NL 92.123.165.224:443 javadl.oracle.com tcp
NL 92.123.165.224:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 92.123.165.224:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 javadl.oracle.com udp
NL 92.123.165.224:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
US 23.220.112.104:443 sdlc-esd.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
NL 92.123.165.224:443 rps-svcs.oracle.com tcp

Files

\Users\Admin\AppData\Local\Temp\nsi3341.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

\Users\Admin\AppData\Local\Temp\nsi3341.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

\Users\Admin\AppData\Local\Temp\nsi3341.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

\Users\Admin\AppData\Local\Temp\nsi3341.tmp\nsDialogs.dll

MD5 466179e1c8ee8a1ff5e4427dbb6c4a01
SHA1 eb607467009074278e4bd50c7eab400e95ae48f7
SHA256 1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
SHA512 7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

\Users\Admin\AppData\Local\Temp\nsi3341.tmp\nsExec.dll

MD5 ec0504e6b8a11d5aad43b296beeb84b2
SHA1 91b5ce085130c8c7194d66b2439ec9e1c206497c
SHA256 5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962
SHA512 3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

\Users\Admin\AppData\Local\Temp\nsi3341.tmp\nsis7z.dll

MD5 80e44ce4895304c6a3a831310fbf8cd0
SHA1 36bd49ae21c460be5753a904b4501f1abca53508
SHA256 b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592
SHA512 c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\chrome_100_percent.pak

MD5 d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1 c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA256 9f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512 aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\chrome_200_percent.pak

MD5 5604b67e3f03ab2741f910a250c91137
SHA1 a4bb15ac7914c22575f1051a29c448f215fe027f
SHA256 1408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA512 5e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\d3dcompiler_47.dll

MD5 cb9807f6cf55ad799e920b7e0f97df99
SHA1 bb76012ded5acd103adad49436612d073d159b29
SHA256 5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a
SHA512 f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\ffmpeg.dll

MD5 49c57860c47863a502fb24f4b926fb5b
SHA1 2ac52b15c915666ddcbcbc724753341fce7e8e8a
SHA256 106b9ef910cb037e0f19d55c7526124fa3b39c5e849c3d5d6c3a116b34121ea1
SHA512 9e4c5ed13890df070e16772769376fbc7cfd967b5bfe243a74d52b30607bc7618a4a8fa6a77f580e7ad9e704f0a248620c9b3e8fe10a0871723b8e5053b0b4fe

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\icudtl.dat

MD5 76bef9b8bb32e1e54fe1054c97b84a10
SHA1 05dfea2a3afeda799ab01bb7fbce628cacd596f4
SHA256 97b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
SHA512 7330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\libGLESv2.dll

MD5 7780d8c6e51d729c3e248fefa462a1cf
SHA1 361f9a5d1370730d543ce40c5fd091f57dc432ff
SHA256 ab282c140b24eacf351fedd21a1ddf4ab9f7f2bb8283fa4726c2be814a1eb31f
SHA512 5ab8bd42c646f7f9ef075f5cd60c3fac307ff1b7bb17d2c41ddcd0ba6c6ce70c89509ea4c8a84028fa9f9bb1b30c1e5c04d3c716489634ac19a402be2a1ec338

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\LICENSE.electron.txt

MD5 4d42118d35941e0f664dddbd83f633c5
SHA1 2b21ec5f20fe961d15f2b58efb1368e66d202e5c
SHA256 5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d
SHA512 3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\owutility.dll

MD5 0b72a72b76b71076c78773802495d377
SHA1 921101f1342c180677c4bfc7006baf3292a77f9a
SHA256 c127bd152b674d35a7c5a65cc933c385d64622ae2ea09b7194c1de7bdda1c690
SHA512 28afe1b4982e31784393182a06925b6758a19436eba28f89dedc2a380845939d31e947ef676fe8e34f382c7ae28fa88078380df9e83ba9ce7d7c1e9df96a952c

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\LICENSES.chromium.html

MD5 60afa16cbc3798cb1352314311e93a07
SHA1 0a9daab3a20586ab2a07cd2857a2f2cd65c25d32
SHA256 ec105b4cf1588e28ebd596b2c354e44b4fe2cce5e6d5abbc7174ec7be3df6a09
SHA512 839905cb7d697ae77beba74a3c82e65d1d6328c62fea6933fd8d490231d1a6bffd692fdbaffee86483ae967e86fd0772fb2bb327b054d08fc0c9177f3c9c26fa

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\libEGL.dll

MD5 6d74b74470bdcfe55d5ea6c672c1c856
SHA1 e0ef3f552db4c0d386bd001bbf545cb92674d68c
SHA256 8e69fdb7575a626b6111986275b139d15fb56e60156ceb5315c5e503a0fda357
SHA512 58a78d316023223dafa96aaa1f1111a139f1b3ca6aa4cd3dbb2ebf1abce44ad08ce8f2e1e69c6109ea62c36f298a05a93b2e71634e972711555127ee8889864e

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\resources.pak

MD5 e5ed3ea494b9ddec4b6aedc45ef172ba
SHA1 bd7ff0e1c817f4eeeae0421b6e9d107584d35c30
SHA256 3dfde11380615c1204b026f94e39ac503f1785d4b967e40d5384bd092c4f0c74
SHA512 2da9c70fa89a91525661d346cdc67d51772b3be38dee15727fea77f83cc545a621dc43c6dd01e8425072335cc11591daeb92a0acba134918094676cf6b00cb82

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\v8_context_snapshot.bin

MD5 031ea03da08fe1247280cfe781658791
SHA1 e91db50ad16b5a5fbbaf4118672d60b347ea6161
SHA256 c16dcec41919a6d2850214f2275824be8a97d8c5e694e2ec8dd7d16ab2d5015c
SHA512 b3d6f282761f8ab8760728ecb108f64741f6f3cd2a143813042ff63a3b6604fcfe7c1feabafb65f9f67906217edb5851f44605a34f7a50ed2058c25ce5efb30a

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\vulkan-1.dll

MD5 b139ce07e2d87e65cb101f3ca90f5511
SHA1 51516e2fc7aa3532a76795cbfc318da19e3e2d54
SHA256 c94823faa547813d388b41f72a791fcd2f36665c444ca88475d69ab7f1e9c3cb
SHA512 8eba17cd8e70377083509a4c5316b6b784c613e4248001a6c61f2d26acccb5fac1ab45b491c84a05f93a772576e203b514109e8f17cfc593d08104f1746b3a1d

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\vk_swiftshader_icd.json

MD5 8642dd3a87e2de6e991fae08458e302b
SHA1 9c06735c31cec00600fd763a92f8112d085bd12a
SHA256 32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9
SHA512 f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\vk_swiftshader.dll

MD5 054c57ca1e444b9ba8262835e0cc947a
SHA1 c20b1ae7ec7315187051e7a46e14359f9d12b709
SHA256 011fc0f126868903dac9fecaa948eeffbc43aea2244cda071f69da08dc2f110e
SHA512 9d7854a681c4abffb95f17b0ec81ee21dc36c482fdd6dfdc8cc7296ca19e7193e7e2ef4ad71d28304cfbb94d96065ba53139d4042c31edf64897e9105ca5e360

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\snapshot_blob.bin

MD5 b82ff216a0babf602940759b9a3af870
SHA1 07e8a22dcf8d7be04a6ddbcab3098e040494bb0e
SHA256 943b27009d41801c5a649caf680e32d4dd25de002787a4ccd86b0925b3aac3a5
SHA512 da157570afbab7be135f7749df7f4518df1452ea24f98d8f5189430e732ad06ed438afc701cb70451bbc7137b5f35a0c5957df92ecb40d47d54c1071ea79fba1

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\bn.pak

MD5 fac2c752c57175a4b1f4630e3667123e
SHA1 a2dbcf1dd7b3cac499b9f782c7393ab438039584
SHA256 71f99a67bb310fab8068eeed7ce24ea7624a66051ba4e719d051cc7e67e78001
SHA512 4820704bd92dfb60736da5b84c8bc9135fca484c678585ec9d26dcb90632e382f354d03b539599f4816feb027dd285ff06ed8a520bede56d7a1c590d942e4250

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\el.pak

MD5 8025eb8756d4bf3126d83c9078935520
SHA1 78895218a90680fe223af0b003c195da84902e1f
SHA256 e42aeaea80dabe82657983a462e4cd3ec74f71d4f08a689f5825f55fc02f3141
SHA512 f99f47e54583b60857a31648b985216713725496d8653ca04eb1d6634f2b7f7a1f9f70b8a7938529bfc6c8665360da5e6bfb6b68c314c011fef4a9817010c42b

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\fa.pak

MD5 99de8cfda36ab9ab3342889fb6da393d
SHA1 6bdd3d627d4b6702f43725039089562af58898c0
SHA256 b93145f30e25122015373a248d6ea22a539c7d0d58c8aa853ac35cc80dc06bfe
SHA512 aa20793f9ece5823cb9e74a4a3ff97d7a1860a593f427fb5eacb0390569a48122589610fe5a02577577f3a30f981c5e3da97cf73bdfe158a6bb845586c5b19d6

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\hi.pak

MD5 9b5d94450fb03c34759653deb0551441
SHA1 b9134fbc75304ca73b156e77425505ed6dc6d629
SHA256 5e8f2593dbea5a57c3a974558a3fc91b6087329a1e7b11622a6eac120a973718
SHA512 caed9535d487833bdde51e82b76d3b8d2e6ea18ec0b4b7a98552be9266ff0728bb1133d8f9cbd169345aa08b0073f04d649baa71bb487483951cfa1a92080d63

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\ml.pak

MD5 00292b0801e0dd0a74091bf53f1574c9
SHA1 63a002e7a8796bc4b4459a19c95ce426fbd1ec7f
SHA256 61a372f170de0a22712be980c3c78b22035ebf40ce79332fab75cdcc4208c9e6
SHA512 e2e15f66851aa435e3bf4de6672f4aa8b01204d8efe11ec6ee9a51d9877ec4f2e71d7e9547d6eab9bfa04af1bea71fa72aa4963fa08b48717bf1c3fd21c00cd5

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\sl.pak

MD5 6a2efcb886dd33a5d05a112c141c520d
SHA1 ba89d9ef7ce1862d1e9933e910529ec5a3e2a933
SHA256 4fa004d80c7e89e38cdfed3a652003787fa810256d294c16aab0bca815eb7c02
SHA512 0475df28a602ec90c4331da4e7d742eded2cb3264b41924628bfc45e2662f2ceb7b9518ac88a231da1c3caf18d176ff3a4931c2b1751f3b74bce3af73d0088cc

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\resources\app-update.yml

MD5 172ba00d700bac5ac3bd88062e52a9c3
SHA1 92a83cfcacb5bd11924a0413546a60e531424f36
SHA256 38c8aad86e8a999394fbc565c58a53204971766c6e85550e2268063f9c662bdf
SHA512 be7b82158e2feeecdf1e85060c2b315bfccdd1ce1e2ed1e97930aa563d013c52a81663939277f4d5cffd1d39498d3392f87de88f8064607bfc7197c00304225a

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\resources\libraries\java\PackXZExtract.jar

MD5 cf8aa6c50804b3d2448b316b1cd24b17
SHA1 a69190724b20156dd17504162fbe771309415b73
SHA256 a847432bdf7da12571bbd5bda3b11ca3664675d1ff9baad5abd59b2d0689fa93
SHA512 d897b843cf6d138885ffbcddcd53c84819bca0a1ac9de46334601d67fa9ba05d6b857b396a67b6f92e9f7745fce3f1a0402b76e4b31bd56d3cd36c339ac1e07c

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\resources\libraries\java\launcher.jar

MD5 6e95940ae024d3df5650fb4b41700f98
SHA1 aac608966eb28d03a7293c70d69a43d964d3dab3
SHA256 61ab765fa1f743d34d84e0415144cbff5604ecb7a91370f1ee658f964602afc9
SHA512 260b5b6a50ee5df6db1dbfcb38f2dcaf177bd4198271d7eff67b8b6ea178b362d486334a09d82fddee0e41bebb28cba57280a6fe8da615bf57fd0fc3a5fa5e3d

\Users\Admin\AppData\Local\Temp\nsi3341.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\resources\elevate.exe

MD5 792b92c8ad13c46f27c7ced0810694df
SHA1 d8d449b92de20a57df722df46435ba4553ecc802
SHA256 9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
SHA512 6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\resources\app.asar

MD5 25dc0ea351ada1e0186890cd633a77e1
SHA1 cf065376ac4e0207acbb3df87c36a8fce6b59c0b
SHA256 e86e6fc78ecb001a6bbd0e86c203f254f89743f8397a2c37796a9a7b1bb44f6f
SHA512 df832e11a91d0400c778d103b8a9749cb7d091d0ceaa0323a93e663c039507d3dfab28e01ddf670d3352e420bcef5123979a56b62183ab4391d03b482acc1c96

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\zh-TW.pak

MD5 032c4f24764d531d0de876f1e9d51dc9
SHA1 6662a5e3466c1ca415e219634cd67863ff830b32
SHA256 a0a715a3ef1ead036f0f03d02a8252fbdbd52ce6f8cc5b9298fc1c4494d4e508
SHA512 3cf212a638cfe9d08e625f7f70d453263e44721be9550c2aebfb67462666a8d67b87cd2ed613cc12c7d1fc7d1c1368c7d198a6669fa3a10c2c2bf61966c46aff

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\zh-CN.pak

MD5 37b051269289e0eaafd411d374663135
SHA1 fa94bc7fe89475f1d5e1c9a2d88161cc992a638b
SHA256 4ff334da089d2ffb9c6173de7c918b74c9326ed7bd76317b2696d57861871488
SHA512 357350ec552765df460cd66ae59ebcc771df72431baa380247750627ee974f1859bfa423461a2197d4e608063d021faa7fc94bd30c6fe2b1a0cf9b9f7e64ea73

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\vi.pak

MD5 5b8fc875f0b57ac7793e19e0ac6f4899
SHA1 b8ec064365fc29a70bc3a8d3df0ef222ed244fa8
SHA256 ff3cdd834569cf9f957a444ab8a51ebe673bd26d7c907a907aedfeed248d4890
SHA512 f3a9ad912823aaae0d089cf53151cfba0b6fbc2cebf826b1b7c70fec03bf3f967e440558fef94c990c87349b82c36379bf645b828ab6b69eb9f396165dd6178d

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\ur.pak

MD5 6733dba4f3f0afeffc40bd87300b9d6e
SHA1 610aab026d25f2cec6c636fbaee922c099d26ef2
SHA256 d0c8ae8f4f60f04d4eee8cc639ee3b52ad073f5c9ee6fb84c774eb855fd51e9c
SHA512 40c1cb7be3709bb6ef01a4e66bfd85e20641020a800292a2a14f4cf188242aa0b8d42cabd0f323acd3d2f257243c7dc04b346a39475343c761af7a1833c3366a

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\uk.pak

MD5 0d9b7f3ce815f7bcfd63ee3492350d52
SHA1 6138b5dc296cf406b2314b8b797f9f96de2b40fb
SHA256 b86358579a9cec015c996c6ae862ddcb8cb558f30eedd0d0b9ef3cb18c3cc130
SHA512 17d874849e5eb17bff2ac98c8191f9f38a07a66eccc502122c0ed2bdd6af94eb17db1b0a2477a75c1fd4f3ed00c76b1818eac5bc4093d92eca0d0a5323718cc0

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\tr.pak

MD5 0662e2b67524444e843d0104adab0b7e
SHA1 ec39112f57e28010295398c24c6a17e60a88fd47
SHA256 e8f86dc87dbf11935863efb3a5af8213a97123889019e98a7ef313b488088790
SHA512 6529083d04e777be3cdaa14f06bb6b3a3d26006ed9d067f7a1bdfcf669856cc6340bf0caf90bbceb75666062fac1bc02ca2d2cff94c6ca5627ccaece6f973a65

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\th.pak

MD5 d34a2993eaf0ee6bf65c3729baee426d
SHA1 d796911e57c89b11a603c645dd0e32aad7819d75
SHA256 7870b92c64f7776c469b4d19be8881ce30a5263cc8287c3d7de573aed43c7dba
SHA512 eb2f4b3cb7741c996acbd121d0c69eda6cfac6bdbd7b8036dc6394ed7e49c9a45641c7983431b5f8c5db685fc7ce958e7c9f5e79837b381caeecf009f79ca4c2

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\te.pak

MD5 28f500e12a7b91d91d8f99395fce8332
SHA1 885fd6c78259ae38f7dba3887f7fee783c1766bc
SHA256 06dd7ae122d6f1f394aeb85089a9c837ec05dad627b0bcc92863ab2830e971c9
SHA512 6f0fe4a527e9c53a41d20f95cafda7a2488bab310eecf68c98271a2db6f3efe5d2180e158b5018a9c56a0580b0735146f0ae07d884f564de1e8780956a10d190

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\ta.pak

MD5 714ef30e819d791b41ab093d515e1704
SHA1 5410b58dcaa0bc82146655ed56493581d18d5c04
SHA256 9be97a18356b05ac4c3aa2b7e719eb29b47d8ad406aa50cf0f24bdde1d613083
SHA512 a35074a54dc12a68301553345c69f02ad31bc010690d5f4c4fad5d65b3fd9c3f7c3ec7e3637673d250cb33496b93a9582e28b5210d11137bc0bd5b2e219c0aab

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\sw.pak

MD5 9632dd7d883fa4deb3963ea663e0ffd4
SHA1 0db135be4b3a7c54c39e9df5034d5576b68ea92e
SHA256 690027c4a31c4aea00b7d1b32ec6cd3fa50b1eac412ae273ab15e72eb485dd6e
SHA512 3aac1857784dfecd2ae5f7c4056f58e27a966a6cb949e02eaba56fc1fc283243ed6213f17628d62d435e33fa4771eb43623f25da6510aa4ce6f2149f72ab0d37

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\sv.pak

MD5 14ecf7684d7987950a9655258d3a72be
SHA1 b1506b3b4be332081dde72bf54a197b1ee0bde66
SHA256 690a83bbefe1e97de5d2c1c0791707e8ddc3414a12cf30b79329fa5d21840d6e
SHA512 fd9d36c63b00bb1caf6a25f2c797f3a844395f16016a9010819462d647e8e759fd8887e5eae3ef300871f4abef05f4ceca9edb5b30ffdd56efeede9c75f56e30

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\sr.pak

MD5 fca817ed4b839b976ebcbf59cac66d68
SHA1 413efa65470319999032b6a25b3b2ee33b8cd047
SHA256 524acc64e70918a77cda43fd9b27a727645b28ad2d4cce16b327105101c8bbeb
SHA512 cb246d5c5cea30d6e7514841ab93803984cda37461a09b6c340ca64f7cbce4e1212951a4de421d928d433a619dac18454fb403b42581757b76c7eb124ce70cf2

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\sk.pak

MD5 72946b939f7bcaa98ab314cfba634e0b
SHA1 71c79a61712c8c5d3dac07a65d4c727e3b80ab17
SHA256 75f179897cad221ca6e36b47f53cead7f3fb4159ee196f1d10a5181b84e1b5b7
SHA512 2a8fa7108c58f4cb263900a555714d5638d961d14d9f4ddf8a9ab5b880afdbc5d2325fed1e158dbaf42a9cd20e8e372e6a8f52fce842a6940ea52e43e4a1f1e5

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\ru.pak

MD5 aa75c21bfe54bb70e7abd9fce1347a8f
SHA1 3492307cec15b367274c948beb76598f72347846
SHA256 bd981aa65536b544228ed1d60a552ff4c7800b46f815177b33b3e628b97d77e4
SHA512 0e77f1c7e4b5410e9eaed875f5dae6485d8de5b650ec44133b1634645cc3055fa7bea316e843b491f29d9c137b20623b120e014b1c74bbf4e8d1f08dbeaf5bb2

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\ro.pak

MD5 9b9c22a12ddce43a4a3c0c047a16a5c3
SHA1 901e072d644a79e0b18be2f4a81e6842b070485d
SHA256 3e89d43b86b2582fd7db236659af47ff459a44c5b5ebcbb0bcc9eda244c8e501
SHA512 196a5bb1b0b5093d4a18279037ef7993525c36c136d4560b7e902c815687f7992ecd2b64d96422911a3468cf3f1478b21df6465d3b31486466cbb5573ff0e7e0

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\pt-PT.pak

MD5 9b04c89c2d17c7c00a6a4342f0771fec
SHA1 a0886040fd5f870023cc3038f5722f4ba6d7c8b6
SHA256 abb012215610178b7f8203f61f41103546d3949ac3df4acb3a622b01663f39cc
SHA512 7c4cf5e7bfad4709db49779c1e3e762b8d0bac6cd736c511711ddca7682e08bc6b3274c9872d88db78bc36b0456b29680d3c4e518d4a401830cfb37b48567bb8

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\pt-BR.pak

MD5 c68170e4948cf3ae6910364c1e68ce90
SHA1 420f3a392db28b6fd6be44fd702b455518b67bbd
SHA256 b26499a256d66feed42b372ea2eaceb75c279694b40a7b5d0f8c1a5c24cf381c
SHA512 29482ced2091873a8c6242a608ed641b3a4d72fb93ccc2eb58d2769c446195f717b438d5633522f457234f3d209029936e9ea4ccd65d45ba8ae0c2df71043797

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\pl.pak

MD5 c9da926441d438b952149650c86a033e
SHA1 74ee60342bda33048570dd3c03f897668cdfc971
SHA256 ce96fd415ffcda01345146faac716e2d45e2c556e5c6c38e9a1ea5ac19dafe84
SHA512 3e718e8df695cbd80146c3e911de9b235ccc06f574739e5720d47952f69eab089b56451cdc321174da9b239c0a71a720baf9d68b46046efa0edcb2a3f1804ea0

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\nl.pak

MD5 9fdf47fef5b549497005ef8efd2a2c59
SHA1 3449de72bfc2be537f4b007c81e5bc5de6ff3d0a
SHA256 65a9c1efcdd451504e2e9b44b0c8fafd2c3c1445d760fd6c435305e2f8534f59
SHA512 3e77178dcd9e8894847039a997c87d5d04eef8a1ace1846132fde229285da08ffc8d3ba697226130bd07ab122a868cc53693981a21f8211c839ccdaba77207cd

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\nb.pak

MD5 bbae0915edec081b04bb903b689bc40b
SHA1 6a0fc635ce1c431e512b8b3b8448176aa4025556
SHA256 d565c6c95dad89d3f2b7210de4ec3fc437633de4dcfc994fde0704b92bb53ff8
SHA512 573a9fe43213829a6a4b39e67be25bc330b417750ea6d66e26163de7a80c29f6f5deeb841d9ff8303595943a81fc01ab668aab02a5cac4eda078ed06120138b4

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\ms.pak

MD5 6de7b004a86967a3433545b3b38bf89d
SHA1 113bd5b28dda669b27c798e0b46fd680f3a04956
SHA256 ead5a37549b98d55839ffcf0dc8f8201d37d71968ec9138fdea79d7c9b79549d
SHA512 239c4acd2c0b6c08fb92fd95b89a302ddefc01ea843950a0247b7310c2b024383ae98286c2d4b83b99833452c41b386e047b2ef33610ef122fcf2f439ef43726

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\mr.pak

MD5 b9a2aa88c69c42ebcc41fef00c980a38
SHA1 9e373dfa11f95c31ffdca70bd83d2f66e1ddcef8
SHA256 481faf7dd66cf10a476d8b156fb4ea452f920322d8007f7e25d41b2837bdbc09
SHA512 5f4582723429a44dd517322babae4466efb4e8723c0247754e2a9a2929133d6fee5c3533c4cf567954e2a5aab47940a136a178405de36e38b50e8d4a6d5c504f

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\lv.pak

MD5 cccbd7f8a0c34c7094ce4d7b8e7e0588
SHA1 1a08401e2dc8c59200c4ecaa1886b43b6faa6979
SHA256 7467360f9addd4d8694e1508a6ab3a3e00dce57e5897d5376ad27d8e651b23d4
SHA512 2cc43437f1cd8d5fda0e95e7dd117c9b82e90cfed58ad8f492f46b4634aa01cd1b0ebe39377231a0828fc1ccd39641e4efc2f1210d629f9aba12ea9048accd95

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\lt.pak

MD5 7b6bf901352885c0699db71239b7cf24
SHA1 9e3ec5f327c0d0e54a449332061e60a8c79243cf
SHA256 9200a9509bd77834d9912f4ba8f4219d2b9bd2cdad49a11873db30e99b9d1350
SHA512 79ebef723fb4c17581eb869b4b4e1a364a3d28df0e168e7e1a3583e0c1ec5b9716dd270925c0545b8247421a64b03705f10910fe3416900de9258840c470d580

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\ko.pak

MD5 ce19dea7b7d0b9472f99427de2b307f0
SHA1 9c84dbff9927c052dcb9818ed73bb272abf9054a
SHA256 586f34de2c7bb0e92fc376f3ad962bf9bae1a768398459d39f8ed06b59d8ccbb
SHA512 9a6c84ef9bb03be9ce96948bea94ec0ba83ecbd06ed648acab9d6fd27c1ab85f011a5670591da6256781dc147fc234d627cfc4bf5eb29bc2c8bfc84aaf89085f

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\kn.pak

MD5 01e8dc084d07743fbda50d54d86ee3bd
SHA1 e0709217e1a6785706b7d14037b1478ee2a3a59d
SHA256 ae4e003458f1a8bd3652e61241e11ff91bd887f6b95c1fe2700e76a117ba2119
SHA512 7d8db84f975d778bde21253f43d174921c2c71111644a953ad8671754e5d656f72bcabf62f4b960cbf4ca0ccc5f67d1558ed250b568c1f2308a31970e380654d

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\ja.pak

MD5 c294012268f9e611fdc2904be57e45d8
SHA1 9ba4bd190ced7ffe053fa74071fc5836bdebea53
SHA256 21cd7ae581f6d0c19e90ac7df03d7dd5305b882776a1f091573f824bd28514da
SHA512 d16653f30617e52a040c5e033896a71055fee9992e54ffca5029601bb62a41b9685a68655b9c8bf7a7ba54a914836a0f7a49cccacae0eda180a6b68c0471a268

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\it.pak

MD5 6629c344b6e5ee8fb476522627b34221
SHA1 28335e3c96a68a560c68756860394a0a86c21870
SHA256 e76c3f15529fa7cc088dc32903c6885f4cfa170a1e0144710b05965f3210c31c
SHA512 78ca2ebf40d6cc3eb7035cca78364be63b8eb69e27caf2cae57e3489b39a9e443409e800fd95e1b646d37655c37ee8a9ae1ab344b506cf65f8603a6a3ad892ed

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\id.pak

MD5 881ff04e220aa8c6ed9d0d76bfa07cb8
SHA1 cacf3620d1bf85648329902216e6cdc6f588a5ba
SHA256 9210c4c4c33e7ceb5f70005a92a4fd36ca4facdd41701fdc1d2ce638db8adf22
SHA512 9134102928aa80c49bbf2b862e8079b2ee23636ce63412a4c3813f234d623ff563f5ca1ac407ddb77cecf1224896ed59ae979dcf63435d35a4f13de9c22755d5

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\hu.pak

MD5 d6904e7d1b6750d43a6478877c42618d
SHA1 919f090a6a3aa1112916f5bb0d5b73a62be43c1e
SHA256 3ec43893c6de5ec0f9433841afd5fa9feaaf59ddcef05f7e1cab14dba799887f
SHA512 d600fedb5ef1b2eb49a0122536c642b350ce67bb7a9da205890d9d13a195ac17c14607b4489715fd34506ec0ea4c80f245e09cf048aef52dcc8094f3138b2fad

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\hr.pak

MD5 7dbd4a9de6e30de028c97a7d39f8038a
SHA1 18d68f37b3c5eea3a2fe42c4ab1694a439a189c0
SHA256 e1c793e08e062043cc65271718d9b21d5742729dfa2e076ab012e8a008d06c04
SHA512 a18c43257d26380ec14ae0259cf192257fee0c6895b82240c3b41c5d6e8bd6f8023cb39dc2da0701bbcf05e8eb2cd13c84af971c28c94099a6d0ea02ce745ddd

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\he.pak

MD5 6376d0a5f4273b76b1f4aabade194e0c
SHA1 337ba39f09454c0779ab64872b9fa11f866d6adc
SHA256 875712bb852c698f677c0c74e088f62d31adb2bce65648fc390607aad8705c45
SHA512 00347f16b5abbaf47fb08663d5efde26ab7de0c7a2fa42e6b5f03c41a83cecbd8e78cc3aef41d5f08658cf346e0ade732774485e8a10008a43fa41ffaf73b2be

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\gu.pak

MD5 3268b8d9b4d4db87ec627b09f1c55a6d
SHA1 683ba367e40abb2fefd4548805e845fc1b452855
SHA256 dee5ef4f4b36fc5fe0f3b5e10c7cc3a7edc14bf948317b31a3287a95bfe0afa4
SHA512 59cff62843d35f790092f42b611e9bcd80d948c0ef27a770b2d7af859997f40c320d67df3c5a9420d28d5c8f1678df4677e01cb99b729664d198b3b95b5fbd20

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\fr.pak

MD5 a7c88eda9e12b6dbd432c544767acbe2
SHA1 81f1abe537870f7888431e820b636b17b5213835
SHA256 a4d0e5a39241a6326143afa4c8ec881d6edb0382c66425411881946f98e053e0
SHA512 88ca203256aaaaa26afd4a0aacb6fba2eb41618d09df6fc6aaa80ab8d699b30e73c373fa75098b1ec4912c042341dd1c79ee3d04f98b4bd59a44481d350a7988

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\fil.pak

MD5 0b7d25d70a2d94a032b7ff7faea45a75
SHA1 d9d473b2ea936ffea4f751d8716cb03407a95785
SHA256 a737a14f84b10b2e3c9ad4d147b430fd30c5ac0e125d5aaaf1ea19b0507de5af
SHA512 e4dbef6fae4cb56c3cd7bd5dbb239b5136eb2534a17cacbf628f5e5d77bfca924580ad4e4d0ec580ffaf94d6e1fafad58e9c5f472c3a3ff782702ea5eae2aea3

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\fi.pak

MD5 fa7dbd2ee35587ff31fde3c7107e4603
SHA1 baaa093dcb7eccf77ce599c8ff09df203e434b60
SHA256 5339b8ca52500bd0082e0ba5a5f440c5f04733803da47963280479760c7fff2c
SHA512 587f6d0e216d1688227345a8a75b94848ee710ec633fe6805db66bb0e8cad1b8d24a1e6a7e234061516770d881571166c78d8fa1c40e6335f3dcb1339fbffc14

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\et.pak

MD5 74eda453b23793ced4480ea7a595fe44
SHA1 76964af9c8024bd84fa1d89f60784e7ee6569350
SHA256 e2d38131a5ef4b0e8438f45e8c74c56bcf666760d4682120c8071c9220230555
SHA512 e9928cfac01f10b040c74e63242ffa1f7f616d8598f49f0aa7ddad063e18666cf5649cc65d00b3526526af8a7b46ee3b3655da22adf46aa44c0c6a1c2ac4dc7b

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\es.pak

MD5 4ca91891b2d4670d02931f0ca84e4744
SHA1 85f6559b09c80af2575e3b7626842c10081e188e
SHA256 85fff1ca6bd2527073de03fa77dd013db2557a57cce1fd370caa2b185abb9336
SHA512 83eae7ab2f03598c657786bff6171803b6bbe2128d1a5b8a01d9a13337113632279712dd8ffcd3b707fa6052a936d92a57cb67d848c77ee291e75700e29f2bf8

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\es-419.pak

MD5 02452424bb0cf6ab832808d04883f147
SHA1 a8e97ee52f3d97c1a4c678f7578808416e9fac65
SHA256 1b23cda69927c77764bda121ee398ffefcf5edcb5866432aa3526c378553c9b5
SHA512 9e750b26ab40b5f1c075acbdeb15a57cda9e6bd8049488cfaf368b5cbe8cd9b6e5dc96130e4137370c90bb0777b97515ea2be0787e255cff750fb7e188e22ab2

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\en-US.pak

MD5 3f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1 b021cca30e774e0b91ee21b5beb030fea646098f
SHA256 bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512 bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\en-GB.pak

MD5 502260e74b65b96cd93f5e7bf0391157
SHA1 b66d72b02ff46b89ee8245c4dd9c5b319fc2abf7
SHA256 463af7da8418d7fb374ebf690e2aa79ee7cb2acc11c28a67f3ba837cf7a0937b
SHA512 0f0f9aac8e6b28c1e116377ab8ee0ffadbf0802a4026e57aedb42d21c38fbf70159be9e0314799c1de1f7638fbbd25d289dff7cd2c9eb7c82e1b62b6c4e87690

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\de.pak

MD5 8569900305a5661573f7766b93909f16
SHA1 3529376f54e32c17447b065d08c77314c4db2ec8
SHA256 068ba3e34e7f253fad7dc526b1078aaa969bea044d48171925534598aa8becb3
SHA512 d544febbe20a9bc5cf31f79f7ef74c1a742cccc99136e9828187c9a643bd0317c7cc48706346ee1a3c9eda8984be9c8606e9dfa7a6ce2cff49db2d785c2aa1c3

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\da.pak

MD5 4bccba46add5ebaf6efd4ade3c42aed9
SHA1 e48dcc2de930bbf0ea8ee7b735ead321dadb5be8
SHA256 2497368658a988e4eb3f64cd17423ea04e7555b104d43c8996c0ecbbfed5f74d
SHA512 e2059e2a7f80353981eef6982a7da006fa3753aeba9aca5279eef71aa2fa4b7adbf9cbb17c85b8060359f9e871b1a5c665226f8d3b8a6fe49f908fd44e1b46bd

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\cs.pak

MD5 ff919631102a3a9ec635b3080b63e305
SHA1 e43b117ad5b2d5b373321ab0ae63dd4bc1352a89
SHA256 1b8c3add009028eb567b0094759daff29b7861e11d5a9d864071012200e9735a
SHA512 21833774413cc71ba9c0c592504ae6288e3c8ac4e5d1d62768f4b3eca09e90009abec5e8fadcb4e7d63b99a522ae48fd608aad432eb4165ec7021c8888ad7df1

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\ca.pak

MD5 0312c87b6436e733a037bfb3084f7550
SHA1 e3f30b8f3bfc8ddbf4b8f85f845733ed5ac8c632
SHA256 b6c895fbca90c36ae2cfefefda989922162a2cc259603fbca066f0cfbf43c4ff
SHA512 24b7780211b9dcaf7cbe3915851c7b873562e0cff022c29ca1b4e159b9da152b517305f81dd33712a0224fc3b77e594405e432fe5eecf29b7a4f83f441d6905e

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\bg.pak

MD5 9dc95c3b9b47cc9fe5a34b2aab2d4d01
SHA1 bc19494d160e4af6abd0a10c5adbc8114d50a714
SHA256 fc4a59ea60d04b224765be4916090e97ed8ddda6b136a92a3827ed0fcc64bb0e
SHA512 a05a506a13ac4566ecbfe7961ace091295967ea4e72a2865e647b5fa9adac9f7cf5e80b53fae0e3917dfb0b9a3f469189cd595cc4ae9239d3a849f5cedd60e46

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\ar.pak

MD5 b2a23f285858db5e3e53d6a5d5291623
SHA1 674adfeb57075f86f40ff4b14916c3af29695813
SHA256 7ab39416b60ee342ff2874aaa7b9b95b290828807b1395192cdbd29ee1be15e8
SHA512 92c9b31f82f62b15eed3edaf437412cb630e8deb2226ad162d7cb4c252d8cb7f0453b3121a846ffcb1547570e2eadb04cfd3877ab120496a7fefb47a6d96cba0

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\am.pak

MD5 a2a17bdd83467a027505bc817d1ac028
SHA1 cc1266a22606a1055db9653b82e90c9d1f551d44
SHA256 f92b0299185d963337e96df1016e1cf5ca335e22ff86568c1a6507c3fea29094
SHA512 193c5db0a30a3c8ef5e8c821cafb9d0b5671b7e7821748c7b432e927bd4638ecf5bfc1d99721ce89fb3df4f6f23b5e55d753430e8ef2bedd1e1633e613321028

C:\Users\Admin\AppData\Local\Temp\nsi3341.tmp\7z-out\locales\af.pak

MD5 198092a7a82efced4d59715bd3e41703
SHA1 ac3cdfba133330fce825816b2f9579ac240dc176
SHA256 d63222c4a20fa9741f5262634cf9751f22fbb4fcd9d3138d7c8d49e0efb57fba
SHA512 590dcc02bc3411fa585321a09f2033ca1839dd67b083622be412d60683c2c086aac81a27bc56029101f6158515cc6ae4def39d3f246b7499b30d02690904af0d

memory/1260-606-0x0000000002CB0000-0x0000000002CB2000-memory.dmp

memory/2932-651-0x00000000777B0000-0x00000000777B1000-memory.dmp

memory/2932-620-0x0000000000060000-0x0000000000061000-memory.dmp

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Local Storage\leveldb\CURRENT~RFf76b1a3.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Cookies

MD5 ccf182eba517015b532f6f9a17958a0b
SHA1 95b431a3b0831c063651726fa3e11dc94c5e81a9
SHA256 50689921dec5daa501017f897a08d1b39a9ca2a95cb8ef53b60fd1ee0bbbb9ed
SHA512 581f833282544f223374e7e3929ff9aa301329e9fa4318c627f474d6efa7adbc699c3de5f28b4e7f69a8cf40eb535e310178dab36937fb0e0dcb1ddeb414f9c8

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\config.json

MD5 2dee85ac19aebaa50662a4ba424441af
SHA1 d0b03e28e9a14d48a1a9b206e92dc1bf1266328e
SHA256 dc4d87159e452383f6e39c1b7dd2830c69457a547565c43cfd9e9b86f336f336
SHA512 651d95e57716081376c14c26852e01997c77597da0e0350620ad4cadbf14f0a02956d7b3e8cbdf52a777b64f7ef7db63066791e24074d5e5b57a38af2b7c6a6e

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Temp\CabB972.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarB9A4.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\TarBA94.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4954c8def48900fc3d7c21fd5aa315b4
SHA1 4cd13ca69af5b763f44aa2c7a1ec861de61984a1
SHA256 0614617a84638b1327e832eef47348a2310827e672d0e1aa2a389b4c141ded8f
SHA512 8ccac19368f030b221136dae91db7c0f2b6a605b359c00b9411cb79abc347a96423b3c284cacdbd3422de22d598c389e9be599391ca13c6c4be7afb303c70fd7

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Dictionaries\en-US-10-1.bdic

MD5 4604e676a0a7d18770853919e24ec465
SHA1 415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f
SHA256 a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100
SHA512 3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 ed9fa01597f3094a706fad9c25c04bc4
SHA1 d95f5056aeca1b8a7c2dbb4ce9437005d63adc26
SHA256 5c4e2eac09e52f49cf21cce983b8dcbba40020a670fd2cb56d234842242aa27d
SHA512 2c4a0794e58c494f223e0a1116a3db1dec7a663568fd8838bb15f02c6f1b7f515992cc38026fb27fafa322003e487f8b6f61017dde01deb34fa503a630ea6248

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36ff9dab3ee935b00beaaf0f521288b7
SHA1 a3fc512855e85929012b34959ed063b82bace3da
SHA256 491c8b8a2abd8e09700e03f4219845cd1198780391d24a59d3a9cfd2c0a46aab
SHA512 f5ae39e84c84f43660d27223f0f15d4d45310dbd21a57db94f97ddf2868381c6a0e4341933f309fdebc7ad5156b030d971db6a1af1eee8359d9176a07f13e666

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a03777346b880d1538109275fee9a6ce
SHA1 2e1b979f74d00afef70519c83f8dca51e7f23c6f
SHA256 49c6438ba3a34a72a02c05fb0be58f0a31f8b31ea3299e6a0d6284a2ecaf325f
SHA512 473f583b2d5361b3a790719bec47748b6c9355eae1ae7a3d87f2ce42a3cd0bac81b43e25165f1745f2d1790204ab4ce2fee4070551d7689465bbb03e310f2538

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efce0f2de8d8abe83455c112c934928f
SHA1 6d2ccd9330d7948a906f8c70d073331818cbfcd2
SHA256 9f01ef780dc685904e4ecece5e4309191aeb55a1488b17ea4c2a7ccf7d3db2a6
SHA512 f66f3eff5940d25b3a552d3e97c3b6733cc82b014bc7297f2383653ba4b7672d49c33502212909eb580b63d668ef035ed5906c9550afd0c6379d8d6898404bd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b01076694f01514b2d1f7b20fa555112
SHA1 726d07d7e7fba15530cbeec77506980527669015
SHA256 18de4f9ddf8076345d7d6cb425247218abdb1e0b11b540cddce77c9d1b60db5b
SHA512 0149a357dcf6a81d81579bdf231fd1e64c43112020f517dde188d5aa92f2b1f549daa962c732c6cc9a6d7fd2a87cefd47051a194bf1e7e9d6d56a386d489bdac

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Session Storage\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec8715692371e611678bc591ffd62e57
SHA1 18a5d6e6b79e9613127519eeba9e779ce6b7ea45
SHA256 4b0c1737a3632480e81311112de13c3669d14c2041e6cf0a1a7ad683490be252
SHA512 5f0954c6c77376b0f8c4306be58d8becf5674970e9215b232812d3b7c084ecdea9211603055253a2d405af7daf1e43900ac8d1707d6548d451cf162221f8d2c6

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000002

MD5 09ee37f26527f60653dff52d48c32aa1
SHA1 f3aeb1af9ff9e93349b4c6a45712bbaa86cf7735
SHA256 2a03d4de04cbb5e016597b66bd95b7b51af9629c1052fc3ceea274bcc2956ba8
SHA512 5f722ced340fbacf78ba6958ee2b250280b95b8a59380acccd527b491b3d7c2d8e5e7123fb5d51ff147f1ab4c13cc042d82e9a5211f81e7a88e26885d8b69c4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bb1533e6e49a45186816d77d9ea9338
SHA1 2123f141acedd7850e7e0b105182d804fee9ec20
SHA256 ab47a0c18a9a1859f6af687c60ad139e7afb9169534a177e5c3eef19da40f2f4
SHA512 6efde1719eb8380b9703487d58e7abffef4a50985b35af8890e16da71f5284b5f63f47ff601971baba25c43f5208d522cc44e487c01d4c408a08fc1fe8bac52b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1267d3c1de8a8d0507521a6056cc6e94
SHA1 fab3017c023edcd86ca42b178396663a3de4a9e8
SHA256 693dc1c78e131a9736ce1778fb665230b25a7daa0530ac67f61e3eab140e29a8
SHA512 5570efff75df1fa40204619c3903b91dd0399a66dccba47df45648a7cdb6dbceedab81a61f4fe36882cf404b4938a76537212ceb73c7054700db7ac0c97e526b

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000007

MD5 852af0156e076682b1f407b40de89102
SHA1 86a88696b206d3ccc0284dc45f09d107a1922d6e
SHA256 72debd003600affaaaab7ded14246426c8d7efb3c8457650dbcfdd8a4182df46
SHA512 cf13e137b2d3a7af182f33991b437382677b8629814665686a5cc213580b7e44542db69718b0b1c511752ed6bb18e01460df44ec7af512c1a6b9bd076f6c50a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d97e075858c1485517701914f981dcc0
SHA1 d0987462ea48b64050ae8283b15ab813060914af
SHA256 129073ddc8f4a1945cf536c251a41b072e7e2a677fc2136d0efb0a98e3bc14b8
SHA512 380cbedac9df679c946dab305a5aafa6dce5d2c74d21d25d2620e421e15cddf4c083d0a73210bc492760a5390b966373b153bb462ecf5ab99f3f0af820f1d1c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb6a6191dfe6bb43d67933e891fd4052
SHA1 bf74d9f50d7e112dba503a8f0139689fcfc8a05f
SHA256 fd0d0ce97d242d971ef8f947eddbb05f688b8d1f10c07dbda1a50371592ca291
SHA512 8bfeec1e930c9651097f4384abfe392be148edd3885d87b11ab850e982be623a74d46d39be2ef0ec860494ea5e533c96484d30b75a2c6049301b2eb029fc9eea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f1ace80c313b57717a828b0b843101d
SHA1 90bc203fd166be35e5c49b4fe213a510879f0723
SHA256 76cfdc35d3fde3d9ec4c0916d6804e6470e4d3354d7c25e4e9ea8dce0520c366
SHA512 f54a3908033db8f6caa44926438f64e3b125517691fe7ca5a0b468727ec57b6177304ac471900a9cdee2b851f5d438a04f6ee38767247d44b2a25d70d1f85e56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06e5a107b0cd76d23b5c0d712222daaa
SHA1 e793385ad2577a6c41d18a76989bc9f4da4b4616
SHA256 1693c64e975fc9e37093ab573ed65beb87a4942239a7719ab9ce48e58087778f
SHA512 db06143a3e08a83f3b45eaa0a352ac579f29857a1d59e434a1a72f6349af2d60a5dddb711ff8ebdb4f13bb57426b368decd27a8b0c609f64b2690ae4c0b91774

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6496894ec8511a3f65519f1572268d97
SHA1 bc0073906798d634402ea7845664a1065cde336c
SHA256 8153b578523218b1df604580b356fdeeeafff1bbec837f1a01467a59defdc6a4
SHA512 c58c9ef2d6ca2c23f97f73d3a52850dedf793d9675c9afe1e929c200427612c66ad5c1140214de9273538d4ed535cfba4f5c511696a26add635bf0bae23badb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 c3aa4d8574bab93b450a2291968d21bc
SHA1 265d6aefe4279549d284f2ccee8da40e47d45da4
SHA256 5c71816a874a773a9306b8d68a7a47431f04c1f4e12cc97976817d670010af6a
SHA512 e4d52d5924a459d948dec39066590fc7a6bf3c066cc7d97fc2876b676f15fe680e93d29659933e7183fc7d53b9c3a3e909689c09489fca46169a2a7573ff192b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

MD5 d4ae187b4574036c2d76b6df8a8c1a30
SHA1 b06f409fa14bab33cbaf4a37811b8740b624d9e5
SHA256 a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7
SHA512 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97cecd480078892b17c35ff62818c139
SHA1 61b9d22d1cf9b96ec0dd6b6ee0d84a69f38ba5f0
SHA256 5bc5f275a5a5c0199a752a59445b5919be9fc90c675a7d3d911f049c47097c75
SHA512 5a0003dda36eff7308c5a71e697eaa1b53acbfbbcd618a1ad37a678bf1cf970eb230225d6f296c1dae45efb5c6162dcc3d1fc4a88476e80d92fe78414ba10ab9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb3e8e13e2f10e16e251c3f2433c3ae2
SHA1 72151e0371175c01f2890251f4ea1013eb4e7f6c
SHA256 fd5da990701970e192369a856e70f284726281ba9b41eeaf10172285a48a0dde
SHA512 58b9dbb9efc1fab9c7afb455fe23ac14271b9795b89e29d3453bb887ca2d35fbe3d8257972b7a4e888d5d2bb1d2255293c2c74da730869e5872f8a438dc156b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e31ea6e4938e1e8b75763d7c04e11c3
SHA1 00736ba4ff8bfa9a3e62fcbfed4e3c2273474849
SHA256 66a599ed052bcaa01bc7e0230d53496bce311fec63955d2aed5de0c6d08b20a0
SHA512 b40e9b04119fd41ee348099d8122f1a3db89f52e3e3405146ef4e2b49c5ad6d991964a8909209926b9f0b066fc943dfd6aa36acee62ec276a98ac6c1d55f219d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9a7cecab80c921733593f700db4aef3
SHA1 0d0bbecf19f3be1f66da7b7d052d4e1c14787666
SHA256 a3a314546812f8b01d144c116eaf1a2ad344fb6a920d54d93b3043476a5ebc4c
SHA512 25af0f4cffd2bfbdd85f643c154f066332eadc348746bcba8543a14fa831756211854f6a4050e448baba686aa7a877d8be1c3b4a7d58ab12b0594f50224e8b11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 631659f150775d428d0c87d08c8a3e58
SHA1 a351253f84d7f4cec9d6b7dc047f9559d193ab51
SHA256 b267f57c955edb63d07c47d1d824f530a80759831a5194ab2af614274e3ea8ae
SHA512 87a057bf5d2a793ab4a4af6edafe86bfa12dd9850318409f30c1d343ca79cb9964943d46a16ec7570f7b1563fb73116d6d692a85c7cf5d535e4273be61e4f1a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f2011a65e642fa5ad8445d1f2b8e491
SHA1 1c8a9847dc2ca2d13ee4865e4306184e9abc73c2
SHA256 f450d257e130a5d61e288ff86888b6c3388df413ec5ef5b1326b53877177274b
SHA512 11555efaa5cc5384f8fca5a7d2de7383c2d5d32b548969ab7bc2bc463a5d1fa15d4f71f9afb016f9deaffb1aa74f97b2ab2a97d76050ca17d7c76cda9614e8eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de45fea9f348cc3843ec5e7b3a944328
SHA1 6bf5011a51c59b7e17c07cf2585a4f765a880056
SHA256 e900d443aef38acaa53fa73698dfa1222f90cebb38cc78396d1eefc112a169de
SHA512 9be42c85363e7c2a6f63f782c1b08b88a6ab81f7f8997290a14cb5a613e927f230583fa42aef7f1e8a6e3bed61918774d8d38aab1c0718ffdcf6fbb67ebfd590

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e89fb42c9f3c3b864862e5dc6810597
SHA1 9f05dc05c9badffaf9f9c605848227348b4b59e0
SHA256 dd53906989059bf4ba94690c2d153a485f93bc455bf13693eb5588151c5d3dc5
SHA512 18010ed14d75c65711382125538a4dd746c3fd13db37965c17c9ba7c6167a37a19325ca215cab5068c0ad32130ff0c67e0fb5edd069f2bad7b1368340b30319a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0a385ece79d2b7ee231feb2211c86d9
SHA1 894ddc5ba23bdeb13655a0339368ad764efd3553
SHA256 38c3e555a5376f0b0adb38af305ba66b4b91c67cda63c355efd353a15b6825fb
SHA512 e9efb11d2f7f6bfcfac9b1794be3648b572e096c7146b45b3eaf105d686c5e6ccf13dec0fb16962f9ceb81eac5a7ed92ac97d3c19e9017119090ccd90b6dfa27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ae1e8c74f8ca4b774af31793953a588
SHA1 925c3884a4a0b8ef678cf9cecb4107e207d9d67b
SHA256 3cdeba86263dcb8a9159798391437592824262cb332095c4e6a170a2bd4bc61a
SHA512 038efc84b7f441b3e95007b16565ed436626ffa81abab7f75b968fddb1b02a24908773f3079e2f61332aa28693bc89596819ab15d0148546fab8f029f0906e6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7079f888e08c0d57c0d841471623967
SHA1 bc7c2885c2b4aee967107c2ace1173470344c6c4
SHA256 40c101e8a1245cbe8540f90d8dcb19d60d1dd715f0591cba19ce60b32d39ca7f
SHA512 185cac0cdcb3b5c7f67613344d133569a9a6f08ebc46ceaa60e486759afbe25915880ee2c33438193e661d3b371da9b0dea57be6695696c093a972f384617363

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c084e034af31b941123aa815e49539c
SHA1 155924e4189ad01ac92cd8283729e2bebfe673e9
SHA256 4d6f1c18c5b95ac89cb03c6ddadaeefaa9c26f0f21b133770bede73e7551d19d
SHA512 3849b6b2018b8d1c800141a9afc344e42d859a256fdb0e745c89f6fdbfe1a66a02f39571bcda78e886dd00c3a6822fa4e6f35bcaf7c7209126b601c9fe16ee0a

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\55b8fc3a-7aed-4f93-98fb-096140323be5.tmp

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fcfc06b0abce2c7fb8edf0f88dba12fb
SHA1 a9c13013a8f3b352288f1873fa5c313fa367ec30
SHA256 325418fe1f4ba9c00837ed8eb37eab727ba5b2ebb67051da62e9cd31649f51d8
SHA512 7adb567e0cb74b0b1fb517d7aa82c017b13fac7b918d1b4699a520c0db04a15ddc6cd9d823c151b52be57d37e44d0319d126de8fb3aa2a6b01cdb781881d7cd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b874712c97e85a672d5a1ba7e472edc9
SHA1 60bb5c4a362e2eb00a8670134b8cbc916275f4fb
SHA256 161cd3da0d3ef350da01a082ecfbce15721ccbe54df8832b13d23d36985a5128
SHA512 b471df6c6a1c3527a93b1c3aceaf04d2205004cd3dbc94c2e4e3a1eac6d0c88047ab6918d85e4fb06060ce99162f7e7d202eeafce0e30c37ed1fb5c8f5a42ef8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3365c8fc53fbba14944e6105ecea6f4
SHA1 ee9ad12652fc757efa36218aec0a54179c874039
SHA256 51b603939d7e318f2205bb6246f977af0c19d7bfcd6469ab26fdfbdf39257a6e
SHA512 45baa6bddf5310549fa878b1d3176d4ab45b13c3852fe8e3bc8a4eb9a7d5bf8b1c74ea46b23fa92f791e02a21ab96ae743a5f98636cf6429c3f2048dddcaad1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 115e654711a986b2e3bbd4c32a04b5d9
SHA1 30f9af08b9a07ed03c03e8338b064f7e5ff75c60
SHA256 ea5dd382281a1c2ab81ace1c9892855ef3c2e17baa23dbc858a7135df04166a3
SHA512 6f65fdc7d5e432acc1a359cb53ce5051a630d7b068f8e67f6046908373fa6a5a484b8dbc1ece24aeb0f0bfd203dd82b09063be82e852ad45abeb5345e18d0df6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa7ecde47115d2698d4baaaa76c1b272
SHA1 562d441cdb743d8fd455095b9076c47a4fef02bd
SHA256 7c25efb86adc63ed920bb566537ad30c78c0bafa98350e67078d6c128fc62529
SHA512 bdeae98f47ea9345c56a4a6fcc906b376ec6ca64f8f1f67caaf73b783d715c2d8f754782aacc4ca9118210eabceeba4dfa0ba79d6a31691ff126e61bbc6b1597

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3a11ccb3a2b4b74ffb3888462e66ee4
SHA1 a3149d1f5673e5ee04612889cba6e588da2a62cc
SHA256 a2e816100b3af41b1742a484026e1461bee7af45595dbc41bcb080525cb82cce
SHA512 0b857aab743de3b0c9dc49ec21dc010066c3058901fca9dab69fd77f0a64ef8d5e67f3816f74ba280e0d92ce16e0683356b30bfc93b080dae1042c7e4819de93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 810c5df2aa28b3110960d063f1f7c843
SHA1 71838f0d73b802b39e43e32c5c12d6b1e2ec8530
SHA256 988d39b2fc52afb55760cd1289a70ef27793caa2b88c2c03eb8bf684287ddfa2
SHA512 99fd5b1a4f8cda2b55443574fd1bf21c5bed28567e0aea64a8a406191484451ce6815f36156d4c555720f2be27acd29e511f8f114db0f453b877b0605f2b87b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a417a432b591e171deeb4dda21dbac61
SHA1 ffa7b5465dc46319c836a507c68a74235a518df8
SHA256 11d6c302f5d849bfbe8cf686302723a1ec905d1f0a374bafc4c5f6704057894f
SHA512 fd740efdf74b881c4f33b5c8d78211ca6775a9adda20dee661f527e1eb83989fd055bf1aeeb0f796f068dd6ff4effc8dab90a29a0dccd22dd699558cf365798e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb25a4414988af2de4a66f05dc8fc432
SHA1 47ee13c0d24436f5dbd8e55a3bc940c2f625cd70
SHA256 167aa5a036098d84349aea72e760e901be47b11fd1145786fd08062e1ed6e2c3
SHA512 12c1cb129cee1ed742c5faefa498efd9bdff89cde3bee0ef0f9fec1c62688f1c4477e80a8acd1ee304513e87ce9310e893ea6656ff13959769ab1feb858bf627

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9285de59708ac2f83e5bb066f0a9694
SHA1 6b80e4758b663d480c9d58cd7e4c378ce98ffa06
SHA256 d2e339c932217666a8a1c835b0550c993073f40eb941d612e797542301f8cb54
SHA512 c2abf5755b4815c19ee605ab9a560e67c548ca62dfc8901b94fe2189d82f0c2db566ae096f55765d1bfefd4f205f6dbfa149b5f75af50a6bc78702d0748bb3c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58dfb61b01917e19009eccca771b465c
SHA1 a838faaa7e757a8f74c26b6ce70bfb2e10c2b657
SHA256 eca933de5f49ba7c5edae3cf20d6bc5f94dfa9345c0da9929b35e1944f074332
SHA512 cb4c26e509edb83235271562c40d32a1424b39a594c33b02aeec90bb67112d191f8f6f637c15bebc2fcd2a11a59b7d9c650f2385b0b1e0af5118374a77f7adac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7594ae3c7d2f770668e354a541cc0bc
SHA1 55133cd44ae7e8410be43ab089af77b95a60dcc9
SHA256 ed77f5bc84d29517392e9287cba2c2b6bd177c3a73b6e2b1fa13466de26a9aee
SHA512 2acda3b22703ba24e790f4c313d7a1afab343e1078c86110e2417b94fb5626d0843689c6eb0f580fea1e2e605035db4814d5d8d78420936abcfe36d8eb301b5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f712eddbb1e9ec67f459ee72889bd889
SHA1 b75a1242cb87f1e2f011fd2cd7038d6fa9ca9567
SHA256 66692c8b6848325bf735bf554b177b7ea84c864313b4cad3146b4550b49f9b9e
SHA512 55f06661ff6b0d470e586fa41de4bf1a31937723fb0414358e56a230444051dbe42e24f1ccebdcf87f9fd8a058cf1563c4ec323af3d3ce0d3398d9637b258d2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e373d62d621f13d34263ab409fa6b26
SHA1 8048141a19b299c2674f77c46b09bc07c38a6536
SHA256 b1e50d64ed76ddf875ac63690d156f0547905f7d25f14aeb1dddeb3e787d5e23
SHA512 d2a3d0ea4838cc9e9d283faf2283a26cde031936298e32840c1c39b067e847a6220f90211309bd0922f04abd1c106a9db9839ee88948022e23d1e0c383534dae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0c9a8cba0a28dbb2ddb5b1476c59829
SHA1 425f575723d278fa6017fda509dfa8b8494e2984
SHA256 6018f179726ef945d64069af81d1ee48281b2c3504d242556fba6083a295d05b
SHA512 262aa687ee2fb73988a0ed3feeb4e8a99a5fec47742115f861170417c738dc1afddce163873f9260f95bfe9eee29816ad219ba04e4a8056903adf60d9a97c6ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc8c7c84933427028da8effb4df87cd8
SHA1 5219bbb56805bc9110515e38d1c982fd19593ea5
SHA256 20018ba4ee77af262a5b8a3d8c10f9b89f8dfba70d6dba56ad9d9a596923600c
SHA512 a3f06e550eaa08dc2785409c1f2b0c033385aab91f78e58128bf3e73ca1ff837e7e36b76c910d995e36dedd735c80424f06a3301b26ca5921458c61e485940b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 f11a0cc31861c32020ad525cb1a0334a
SHA1 b7cde8850c6b05a0fb569b90b6b76c42cf034a46
SHA256 9a05a64fcb2443bb13f6dbc150c577662f43a8a4cfd97d5da2a3000c8006cafa
SHA512 e67ff0b9b9e76adee4990f35ff2eb7618be67959f4684b1eae06bb8b740638e82badbdd9b646144ab4ce345bd50b02f2bcf47cfe4fde997acfc047d8f1089943

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63410781e305361ea3ef0126dbda5d94
SHA1 151ba03c9ee7bf1cc2adb8b2a15f01b288bdadb9
SHA256 d8cba6b82a899b3d6fa60eb188fd5d164b21aa3639b69e45058f97050a8d2cfd
SHA512 da89e9a1313b9938d30706b6f2648fbd98fc31f3e21b9157c04e5afa8ef233001b0477606f3b03628574708001177dbed35bd4226d7804b6111a8899ccbe6aa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1efa747f1fa6f93a2ab030d6f73d696c
SHA1 71767bab1703f31eba18f6fc821ecbb4cb2d6332
SHA256 ec5ada9ebba581f73e94b8c94890c821ca5cf758b9bfe02e90380e5f741735ae
SHA512 fa50fe57f8ffb7e445a70d8d8d283031af3981b133fd0f5086a42744a1945acc73db9297a860e747149e156746c2b4f4048d63f8d914ca72a9c18c11d495c580

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b228b13f141ad664c320f61fc5da975
SHA1 082b6c8d7e3f050092f28b9070292a9c1a15a014
SHA256 08dbe6bf1d08bd9f87124634358fc6b3c7db08aed79a7c4c555d2c9f179da09f
SHA512 640034ec25cebcdac631aeed1d05e6445602d2473e6ae975dac39b16e7b986ed726e3dbe48570612bc1c98e5669f6883e59f842e34fd37dd2b463990cc532114

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b1aa7a6167b283e4e1660ca3b0cf1e9
SHA1 bad90f257841a0ad9dcc51bd4ea8ac8b4a3e460c
SHA256 b8454342107ea5c4404d85bfc7e913683223fa3d3e7db851e36c455df62b1c5e
SHA512 cceed1a4067a475e9165c4694ee94d38bc32bd3e4d86fc7972e1797d06d9183d41f44a871358a37f203d958b01a51bad71cd32bf2a0dbf97ce8e06611c7894f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85ead7dbebd6622aaf6646e943e1d1de
SHA1 3203d67e253ee708ce38dd46d80ffb566bfd36b1
SHA256 213542d5d786eea4cc81523f869b7aec220fefdf7a2fb043fc04170f7b5e7a06
SHA512 8051c0a84cf23087ed8cb886df7e886f7b073d270422f21fc305607477520259135133b815feea52fa23dbb9cb62f9b12235cbae087da4cc4c2f6726dccaa2e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 feb82e9213b4b7552b4cebd86bf48f7b
SHA1 3bcf0f368607958b3c5e3d9c15fd7b47054a5697
SHA256 3fac7730ab38d7e13f24d46c7e051d11f8ce2fcfb0911308b999ea89c7f09bfa
SHA512 a5d92c9be3d30670c97863dc997aefd6c7d5e6d96007db65cdbd774dae0e5d7515c00645e7db636ad2ee03f42665864f4075d8f51cb2f7866232792177fd3edc

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 f9af6fb0afc174e9094e317e9684a0ca
SHA1 fe3dbe2c009713ae5cd001633af8d25ee21518c2
SHA256 c7a5f7036e80d1c465e7deb8539a3fa44137c36a3f555c7f5194a4bf8dd3fd78
SHA512 15bfcae270933c4858458d97922688702e6b5290f9a2fc233bf4106690700467979e2ab45ff84f8db0787683e1a42e374855a867381e21cb8924923b737597bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index

MD5 dc142f93d148fd9be529a82da18ea835
SHA1 96decfd33f673b7685ad914f384e9cb7ddd4f9d9
SHA256 f4054322a4247aedeb8b5ddfc536d3ebf3ecf790ec22ff72882bc8501486a0cb
SHA512 952adec73ace4d6b54f6c71cd47056b53ffa30670f18adfa741973108bdcebb8b08f9ac79be5853192ebf255ef27b03ce72d1b77b1f3c393943e6e56cd9911b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 296890a92baeb9759855a467efd13cb9
SHA1 ac2b2e9274de13cd37d88a8098728b523b75dfe1
SHA256 c0c1a5bb5189f41a9a2a3e03dcaffc29c52766f687a2d26fb1b50e4db5fb1783
SHA512 a9a66599bf0d5b362c3bfaf766aff7522d3a779fb4ffe6761180672562f0165c3247238486e66488894d5f0829a28b4ec356aa542fc6799885b4c45c49eeb9ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c9af653505add15b68e96e2f0094b88a
SHA1 b0cac29d6ba60c4ed4738d969d8c3a0643ad7093
SHA256 4d80924b3e75021252f877bcb3c3782e89a818d8ae1fee764619f55b6d3e2ad1
SHA512 f134efed6ae9e81ca7bf346481a1d19b9ac6ff29936e2608a10e4ae2e39b8506b9f3a32083188a9cd64a5805aa2693056b1b90fd99e8d48ee3d62dda6b03407a

C:\Users\Admin\Downloads\Unconfirmed 159011.crdownload

MD5 c8e59f75cb74e2a8d644368d5a06ca68
SHA1 562af1976898764ffc35df1d523e98fa95630e8a
SHA256 6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c58
SHA512 74a6bd15ed411d3ce70ecd40e71f09aec019752cfc004a1adf5e738ef6a448249d47cca82064c80fdc4ab70a6ce5268bdf0957cbbe6901488728427ea3dde127

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 051401935802a116b5c3521db9fae2f0
SHA1 ade8721921d9dcaccb45d9d9bee13325e83ee67f
SHA256 4fecc8d0b6f17ae15be12cb524abdacb369dcc2b7f06869a129dacb283d1845d
SHA512 b2bfafb0a1be6bf4d1ae2184b2c6f5cee001904aedb5d974b39e877ce839e542a5914f6b36f0db8c5795e3630a32dade8d72c56cc3ccb5380353fad6ff7eef1d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c489ca8aab2ffd5e32345396c3988ad1
SHA1 fae65d8730763d5102b8b356d324ceeb322bdc93
SHA256 95b35126deb076a8c4c55952f4d3185071f32ea8482b40e4752e30b1e73fb856
SHA512 68cd25cef0eaac6c1a68f6176d41af17b60c3262f6f649a177bdf64500e2e3ea11f5d2d0dcc59cbb3f08be045b8478e97f55f0253c71fe40991cc4b5b9f94f3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e110fdda537b38a0a4956a9c58777f94
SHA1 e7115652b133ad27755788d38a03139b68387cbd
SHA256 accfa8c02ab8b1a6e2602b9606b7e865d2c1d8cf650a1e412f03be01470e2cdf
SHA512 2a54fa84168eef5e192d5de07026fd9479891cc1eceeeb965b12379a9ccf279704bbc787ec02f24758ba6866f56c10635ad04af233e9726d6c019e994ab83e93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 7095924addb190c161e57d4c80a1ef96
SHA1 26780eef9b8ed953921995b7487e7791ad730161
SHA256 ada0cb5a37238ad73de601be3cc7f1781a346ce86f832f0dedafed478623530a
SHA512 50ce48aa913cffa24491255b1229af7e4752a0d14f2660b11225237952107162ac267acea6665538d87b1f81933e2f0e9da3e9af6eb14630dc3ed3a25b098703

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\LZMA_EXE

MD5 3842c46f2fbc7522ef625f1833530804
SHA1 3615c072ad5bdadba5e5e22e75eefaf7def92312
SHA256 17cb7cf185355b60d6ed5138a86c78b9fd5a7d6d3c0dd90f2224246e823166e7
SHA512 9adbeb491f18c3009c51fbc9c140d4287cafe53b2fe9e8280513a5dc7bb8bbbfb5aeed00b2c0f7901a6f9f4d5a7b1ad3bbd81e87d202c7094036d5f6c4b53c3e

C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_411\au.msi

MD5 647fa109799f37acab9cce273c1d9c56
SHA1 a0eea46f8887798af81bbeea114202fac086018b
SHA256 22a29c36524ad403e0af94b39920ac93b75576bf95fc741f66ea03ce4830612b
SHA512 89cee892d5c6e1d2a9d24f94910de88949c5a886223566b727e30b4668cc59bcca79e7cf77fc6a18065cf5add6b4e04a9543ea0f8f892cd96e54bcfed7c0ce75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\79666246-0843-4245-b57a-7765932496f3.tmp

MD5 25b39c6bbea70f37b32fefd85dbc9560
SHA1 c086aa6c44b4b02af5811d37f670cede23456eaa
SHA256 a945a30a268fe814f2999defbcefaab3206204dd1ae0e0609980558a8beb8f56
SHA512 59461f79e7007728f81fb0a71a52b717f3e00628df27f8dc917e2c969c30a47bd834ea247f0efc06c948893dd989769b6fdab0371b4d8fe079c7e949052bfa08

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 58c548e72a2b42986291caeec4d329b6
SHA1 6a827aed38c3547897d6fd02fac672ca9e96bd22
SHA256 18d925d031fcba52af34e627beb00ee790cfc7144c49a40d52300d93a41ce9ab
SHA512 f429e330d1736fde9923417039ba2792026daccf1f3125c4c8032a2c94ff9d25353b9ac809af3e169ccf961f3fac8a8e46f659dcb082e39e128a8426912e8a42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\44ab36f2-1ad5-4dc8-992d-badeb5614620.tmp

MD5 2e506eef4c230aa25bea7bca9b4fe43d
SHA1 fdc0ccc87389274c29dc6f4cd88bcbecec672523
SHA256 6a3bcdb52091e1c432f637f77fc3de6a91dd5e2103578b9bddbc66abdaef0ffa
SHA512 34f5ab7baa1c45b706b6979bf67e81ded30c0fd268eb5994c12aa05af18031e902888dd384259eeea90857609494c0b19ff3aaeee0d2912d6b3ce245247a9e8f

C:\Windows\Installer\MSI6F99.tmp

MD5 b51fc101d2cfd384f0d06622cd88553d
SHA1 8c8682a814c031fe2b461fd1261b880a69c8668c
SHA256 31d5021494e6aa08b186967a8ba872ba020010fca04ce0b84ac7c271cba9c6ef
SHA512 5c73fdd24eec7e419a98308ff02ff4ee327b0bed7c95ae52958a449284cd57a979947529a8aaff4def9e336385823c174bddf00c91d7c5ca4621f6147df31621

Analysis: behavioral5

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240221-en

Max time kernel

119s

Max time network

129s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 224

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

151s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4336 wrote to memory of 4660 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4336 wrote to memory of 4660 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4336 wrote to memory of 4660 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4660 -ip 4660

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 624

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.79.70.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240221-en

Max time kernel

119s

Max time network

128s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libEGL.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240508-en

Max time kernel

90s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\owutility.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\owutility.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
BE 88.221.83.248:443 www.bing.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 248.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240508-en

Max time kernel

91s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

Signatures

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\setup.exe

"C:\Users\Admin\AppData\Local\Temp\setup.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
BE 88.221.83.241:443 www.bing.com tcp
US 8.8.8.8:53 241.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsk52B5.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsk52B5.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nsk52B5.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nsk52B5.tmp\nsDialogs.dll

MD5 466179e1c8ee8a1ff5e4427dbb6c4a01
SHA1 eb607467009074278e4bd50c7eab400e95ae48f7
SHA256 1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
SHA512 7508a29c722d45297bfb090c8eb49bd1560ef7d4b35413f16a8aed62d3b1030a93d001a09de98c2b9fea9acf062dc99a7278786f4ece222e7436b261d14ca817

Analysis: behavioral7

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240419-en

Max time kernel

119s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UAC.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 224

Network

N/A

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240508-en

Max time kernel

144s

Max time network

159s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 169.253.116.51.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240221-en

Max time kernel

118s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240221-en

Max time kernel

118s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\owutility.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2164 wrote to memory of 2732 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2164 wrote to memory of 2732 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2164 wrote to memory of 2732 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\owutility.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2164 -s 140

Network

N/A

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:32

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

176s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5140 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.212.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20231129-en

Max time kernel

119s

Max time network

124s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2004 wrote to memory of 2092 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2004 wrote to memory of 2092 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2004 wrote to memory of 2092 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2004 -s 80

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240221-en

Max time kernel

121s

Max time network

125s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 220

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240426-en

Max time kernel

141s

Max time network

142s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1224 wrote to memory of 3556 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1224 wrote to memory of 3556 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 1224 wrote to memory of 3556 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3556 -ip 3556

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.251:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
BE 88.221.83.251:443 www.bing.com tcp
US 8.8.8.8:53 251.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240508-en

Max time kernel

92s

Max time network

124s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3408 wrote to memory of 4748 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3408 wrote to memory of 4748 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3408 wrote to memory of 4748 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4748 -ip 4748

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 52.111.227.14:443 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

159s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4656 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 4932 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 556 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 3344 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4656 wrote to memory of 1440 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff987c46f8,0x7fff987c4708,0x7fff987c4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10220329042290090551,3911173015076768835,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_4656_WBUQJPTKOXRBLYDT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ccbc2050440bdfd09d16fd067eac84f2
SHA1 b9ce79ddf65fba340b8c0215df552f5c6765f53d
SHA256 b0d4374ab129876c7a9d9b9cdbc3f032e5c97c604956c644d15de89cde51dae1
SHA512 56e29cf93dd2692d84d47af3537d08927ffe076944a43a5548bb0b301027a27a94006273159e30dfaba94d5ae90cc94a2bf82b1afdd650cecfa53e981eec951f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 559bcea2c51befa95e88188bb139b638
SHA1 0620653460cb87a14b3298b11a8c4081d79adbc5
SHA256 e50e31796028aee236d8fabcb57e8e1c3ac3c0341aadb7b49014a80c8ea102da
SHA512 7374e8917eb7c5a45c48c714962fd80845a33cae3ab91a9262e6f9e4fb5a7a6d2390e77602c0b3703719fb07cf3ab49e4d8c7a9b9d827d09dddacc6bf6dfa86c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dcda751f5ed62e66e9557684ebf05ab4
SHA1 d19256de90df374dbc189a2a3e53b0db8e3f62ba
SHA256 b16448c0eccf2fd2529b3586c158af0c1ca9076c77ef07ea812ff2cf3d592719
SHA512 88605620ed620ba3bb2f4d4451ca6b0a7353d4310616876d2b983328ff9cc758ba6da6ce5fc0179bf9245cedecf1ce0b896f06936a6a980ecff3e812b4cf9136

Analysis: behavioral28

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240508-en

Max time kernel

120s

Max time network

125s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\resources\libraries\java\launcher.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\resources\libraries\java\launcher.jar

Network

N/A

Files

memory/1796-2-0x00000000026C0000-0x0000000002930000-memory.dmp

memory/1796-11-0x0000000000150000-0x0000000000151000-memory.dmp

memory/1796-12-0x00000000026C0000-0x0000000002930000-memory.dmp

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240426-en

Max time kernel

140s

Max time network

111s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 212 wrote to memory of 1476 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 212 wrote to memory of 1476 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 212 wrote to memory of 1476 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1476 -ip 1476

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 628

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240508-en

Max time kernel

117s

Max time network

120s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

Signatures

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 220

Network

N/A

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20231129-en

Max time kernel

119s

Max time network

124s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2848 wrote to memory of 2036 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2848 wrote to memory of 2036 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 2848 wrote to memory of 2036 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2848 -s 88

Network

N/A

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240215-en

Max time kernel

122s

Max time network

130s

Command Line

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe

"C:\Users\Admin\AppData\Local\Temp\resources\elevate.exe"

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A

Reads user/profile data of web browsers

spyware stealer

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 0f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 0f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee420000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 5c00000001000000040000000008000019000000010000001000000063664b080559a094d10f0a3c5f4f62900300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e3620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877604000000010000001000000091de0625abdafd32170cbb25172a846720000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 04000000010000001000000091de0625abdafd32170cbb25172a84670f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec53726187760b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070301620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae4140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e31d000000010000001000000099949d2179811f6b30a8c99c4f6b42260300000001000000140000002796bae63f1801e277261ba0d77770028f20eee419000000010000001000000063664b080559a094d10f0a3c5f4f629020000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 5c0000000100000004000000000800001900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d040000000100000010000000410352dc0ff7501b16f0028eba6f45c520000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob = 19000000010000001000000063664b080559a094d10f0a3c5f4f62900300000001000000140000002796bae63f1801e277261ba0d77770028f20eee41d000000010000001000000099949d2179811f6b30a8c99c4f6b4226140000000100000014000000d2c4b0d291d44c1171b361cb3da1fedda86ad4e3620000000100000020000000c3846bf24b9e93ca64274c0ec67c1ecc5e024ffcacd2d74019350e81fe546ae409000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005200000047006f00200044006100640064007900200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000005d82adb90d5dd3c7e3524f56f787ec537261877620000000010000000404000030820400308202e8a003020102020100300d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e3874c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c901e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 5c00000001000000040000000008000019000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3136 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Windows\system32\cmd.exe
PID 3136 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Windows\system32\cmd.exe
PID 4296 wrote to memory of 1776 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\reg.exe
PID 4296 wrote to memory of 1776 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\reg.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3420 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3180 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 3780 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe
PID 3136 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"

C:\Windows\System32\reg.exe

C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1732,i,12292217342268269935,17486015955195044602,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --mojo-platform-channel-handle=1932 --field-trial-handle=1732,i,12292217342268269935,17486015955195044602,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2364 --field-trial-handle=1732,i,12292217342268269935,17486015955195044602,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=cs "--cs-app=Salwyrr Launcher"

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3868 --field-trial-handle=1732,i,12292217342268269935,17486015955195044602,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --enable-blink-features --disable-blink-features --js-flags=--expose_gc --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3988 --field-trial-handle=1732,i,12292217342268269935,17486015955195044602,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4108 --field-trial-handle=1732,i,12292217342268269935,17486015955195044602,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Salwyrr Launcher.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\Salwyrr Launcher" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2348 --field-trial-handle=1732,i,12292217342268269935,17486015955195044602,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
BE 88.221.83.248:443 www.bing.com tcp
US 8.8.8.8:53 248.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 tracking.overwolf.com udp
US 8.8.8.8:53 features.overwolf.com udp
US 8.8.8.8:53 analyticsnew.overwolf.com udp
US 44.215.217.241:443 tracking.overwolf.com tcp
US 44.215.217.241:443 tracking.overwolf.com tcp
US 44.215.217.241:443 tracking.overwolf.com tcp
GB 108.156.39.20:443 features.overwolf.com tcp
GB 18.245.143.30:80 analyticsnew.overwolf.com tcp
GB 18.245.143.30:80 analyticsnew.overwolf.com tcp
GB 18.245.143.30:80 analyticsnew.overwolf.com tcp
GB 18.245.143.30:80 analyticsnew.overwolf.com tcp
US 8.8.8.8:53 content.overwolf.com udp
GB 18.245.218.99:443 content.overwolf.com tcp
US 8.8.8.8:53 content.overwolf.com udp
GB 18.245.218.113:443 content.overwolf.com tcp
GB 18.245.218.113:443 content.overwolf.com tcp
GB 18.245.218.113:443 content.overwolf.com tcp
US 8.8.8.8:53 www.overwolf.com udp
US 8.8.8.8:53 20.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 30.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 241.217.215.44.in-addr.arpa udp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 99.218.245.18.in-addr.arpa udp
US 8.8.8.8:53 113.218.245.18.in-addr.arpa udp
GB 143.204.194.99:443 www.overwolf.com tcp
US 8.8.8.8:53 www.salwyrr.com udp
US 8.8.8.8:53 electron-updates.overwolf.com udp
US 104.21.72.238:443 www.salwyrr.com tcp
US 104.21.72.238:443 www.salwyrr.com tcp
US 44.215.217.241:443 electron-updates.overwolf.com tcp
US 104.21.72.238:443 www.salwyrr.com udp
US 8.8.8.8:53 99.194.204.143.in-addr.arpa udp
US 8.8.8.8:53 238.72.21.104.in-addr.arpa udp
GB 143.204.194.99:443 www.overwolf.com udp
GB 18.245.143.30:443 analyticsnew.overwolf.com tcp
GB 18.245.143.30:443 analyticsnew.overwolf.com tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 static.criteo.net udp
GB 18.245.143.83:443 tags.crwdcntrl.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 8.8.8.8:53 4e80ea2df0554796a727441aa85e818d.safeframe.googlesyndication.com udp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 8.8.8.8:53 e0e983b20da577524be0ee74a0d81277.safeframe.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.180.1:443 e0e983b20da577524be0ee74a0d81277.safeframe.googlesyndication.com tcp
GB 142.250.200.33:443 tpc.googlesyndication.com tcp
GB 142.250.180.1:443 e0e983b20da577524be0ee74a0d81277.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
GB 18.154.84.16:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 83.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 oajs.openx.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 34.120.135.53:443 oajs.openx.net tcp
IE 52.48.17.214:443 bcp.crwdcntrl.net tcp
GB 142.250.200.33:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
IE 52.48.17.214:443 bcp.crwdcntrl.net tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 ats-wrapper.privacymanager.io udp
US 34.120.135.53:443 oajs.openx.net udp
GB 18.154.84.109:443 ats-wrapper.privacymanager.io tcp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 track.aniview.com udp
US 96.46.186.186:443 track.aniview.com tcp
US 2.17.251.11:443 player.aniview.com tcp
US 8.8.8.8:53 geo.privacymanager.io udp
US 8.8.8.8:53 www.googletagservices.com udp
GB 142.250.200.34:443 www.googletagservices.com tcp
GB 18.244.179.43:443 geo.privacymanager.io tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
US 2.17.251.11:443 player.aniview.com udp
US 34.98.64.218:443 google-bidout-d.openx.net udp
US 8.8.8.8:53 wrappers.geoedge.be udp
US 8.8.8.8:53 rumcdn.geoedge.be udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 api.rlcdn.com udp
GB 108.156.39.76:443 rumcdn.geoedge.be tcp
GB 13.224.245.90:443 wrappers.geoedge.be tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
DE 162.19.138.82:443 id5-sync.com tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 34.120.133.55:443 api.rlcdn.com tcp
GB 54.192.139.162:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 track1.aniview.com udp
US 8.8.8.8:53 owserv.aniview.com udp
US 8.8.8.8:53 d3div1mtym39ic.cloudfront.net udp
US 8.8.8.8:53 apps.identrust.com udp
DE 162.19.138.83:443 lb.eu-1-id5-sync.com tcp
US 173.0.146.7:443 owserv.aniview.com tcp
US 2.18.190.80:80 apps.identrust.com tcp
GB 18.245.253.51:443 d3div1mtym39ic.cloudfront.net tcp
US 8.8.8.8:53 16.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 214.17.48.52.in-addr.arpa udp
US 8.8.8.8:53 4.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 109.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 11.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 186.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 43.179.244.18.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 76.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 90.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 162.139.192.54.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
NL 23.218.48.210:443 tcp
GB 108.156.39.61:443 rumcdn.geoedge.be tcp
GB 18.172.154.232:443 tcp
US 104.22.53.173:443 tcp
US 104.22.53.86:443 tcp
NL 46.228.174.115:443 tcp
US 69.166.1.8:443 tcp
NL 185.64.189.112:443 tcp
DE 37.252.171.85:443 tcp
IE 52.50.13.16:443 tcp
DE 18.157.230.4:443 tcp
US 35.186.253.211:443 tcp
US 104.18.36.155:443 tcp
DK 37.157.2.230:443 tcp
IE 3.248.7.165:443 tcp
NL 69.173.156.139:443 tcp
DE 52.57.6.112:443 tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 23.53.112.234:443 tcp
NL 46.228.174.117:443 tcp
NL 81.17.55.171:443 tcp
BE 104.68.78.171:443 tcp
IE 54.220.121.117:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
US 76.223.111.18:443 tcp
DK 37.157.5.84:443 tcp
DE 3.76.227.135:443 tcp
US 104.18.36.155:443 udp
FR 154.54.250.81:443 tcp
US 23.220.113.62:443 tcp
US 35.186.238.232:443 tcp
GB 185.64.190.75:443 tcp
BE 2.21.18.175:443 tcp
US 96.46.186.182:443 tcp
US 96.46.186.182:443 tcp
NL 46.228.174.117:443 tcp
US 52.223.40.198:443 tcp
US 96.46.186.182:443 tcp
US 52.46.143.56:443 tcp
NL 35.204.74.118:443 tcp
US 64.74.236.63:443 tcp
NL 46.228.164.11:443 tcp
GB 142.250.187.194:443 tcp
GB 142.250.187.194:443 tcp
DE 91.228.74.244:443 tcp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 51.253.245.18.in-addr.arpa udp
US 8.8.8.8:53 83.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 7.146.0.173.in-addr.arpa udp
US 8.8.8.8:53 173.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 86.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 115.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 232.154.172.18.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 85.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 210.48.218.23.in-addr.arpa udp
US 8.8.8.8:53 16.13.50.52.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 165.7.248.3.in-addr.arpa udp
US 8.8.8.8:53 230.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 112.6.57.52.in-addr.arpa udp
US 8.8.8.8:53 8.1.166.69.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 171.78.68.104.in-addr.arpa udp
US 8.8.8.8:53 234.112.53.23.in-addr.arpa udp
US 8.8.8.8:53 171.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 117.121.220.54.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 135.227.76.3.in-addr.arpa udp
US 8.8.8.8:53 84.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 75.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 232.238.186.35.in-addr.arpa udp
US 8.8.8.8:53 62.113.220.23.in-addr.arpa udp
US 8.8.8.8:53 175.18.21.2.in-addr.arpa udp
US 8.8.8.8:53 182.186.46.96.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 118.74.204.35.in-addr.arpa udp
US 35.186.253.211:443 udp
US 34.120.63.153:443 tcp
NL 69.173.156.150:443 tcp
NL 69.173.156.150:443 tcp
US 2.17.251.48:443 tcp
GB 18.245.143.37:443 tcp
NL 69.173.156.148:443 tcp
US 35.186.238.232:443 udp
DE 18.196.123.122:443 tcp
DE 3.69.181.164:443 tcp
FR 178.32.210.227:443 tcp
US 2.18.190.71:443 tcp
US 2.18.190.71:443 tcp
US 2.18.190.71:443 tcp
US 151.101.2.217:443 tcp
GB 142.250.187.202:443 tcp
DE 3.69.181.164:443 tcp
GB 142.250.187.194:443 udp
US 8.8.8.8:53 polyfill.io udp
US 104.18.52.27:443 polyfill.io tcp
US 2.18.190.70:443 tcp
US 2.18.190.70:443 tcp
US 2.18.190.70:443 tcp
IE 34.255.72.94:443 tcp
US 104.18.38.76:443 tcp
BE 2.21.16.25:443 tcp
IE 34.242.102.151:443 tcp
US 2.18.190.70:443 tcp
US 2.18.190.70:443 tcp
US 2.18.190.70:443 tcp
US 2.18.190.78:443 tcp
GB 142.250.187.202:443 udp
GB 172.217.169.38:443 tcp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 56.143.46.52.in-addr.arpa udp
US 8.8.8.8:53 63.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 150.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 37.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 122.123.196.18.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 164.181.69.3.in-addr.arpa udp
US 8.8.8.8:53 71.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 227.210.32.178.in-addr.arpa udp
US 8.8.8.8:53 27.52.18.104.in-addr.arpa udp
US 8.8.8.8:53 70.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 94.72.255.34.in-addr.arpa udp
US 8.8.8.8:53 25.16.21.2.in-addr.arpa udp
US 8.8.8.8:53 78.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 38.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 217.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
IE 34.242.102.151:443 tcp
US 34.120.63.153:443 udp
FR 154.54.250.81:443 tcp
NL 89.149.192.70:443 tcp
GB 18.164.68.6:443 tcp
US 2.18.190.78:443 tcp
US 216.239.32.3:443 tcp
US 8.8.8.8:53 151.102.242.34.in-addr.arpa udp
US 8.8.8.8:53 70.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 6.68.164.18.in-addr.arpa udp
US 8.8.8.8:53 3.32.239.216.in-addr.arpa udp
US 216.239.32.3:443 udp
US 151.101.1.108:443 tcp
IE 67.220.226.233:443 tcp
US 8.8.8.8:53 108.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 233.226.220.67.in-addr.arpa udp
US 104.18.3.78:443 tcp
US 104.18.3.78:443 udp
US 104.22.75.216:443 tcp
US 35.244.144.25:443 tcp
US 35.244.144.25:443 tcp
US 130.211.23.194:443 tcp
US 104.26.3.70:443 tcp
US 104.26.3.70:443 tcp
US 172.67.193.156:443 tcp
US 172.67.193.156:443 tcp
US 8.8.8.8:53 78.3.18.104.in-addr.arpa udp
US 8.8.8.8:53 216.75.22.104.in-addr.arpa udp
US 8.8.8.8:53 25.144.244.35.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 156.193.67.172.in-addr.arpa udp
NL 46.228.174.115:443 tcp
DE 52.57.6.112:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
DE 52.57.6.112:443 tcp
NL 46.228.174.115:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
NL 89.149.192.70:443 tcp
DE 52.57.6.112:443 tcp
DE 37.252.171.85:443 tcp
US 69.166.1.8:443 tcp
IE 34.249.101.124:443 tcp
NL 178.250.1.8:443 tcp
US 35.244.144.25:443 udp
NL 178.250.1.6:443 tcp
NL 178.250.1.17:443 tcp
NL 178.250.1.9:443 tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.17.25.14:443 tcp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 124.101.249.34.in-addr.arpa udp
US 8.8.8.8:53 6.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 17.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
NL 178.250.1.15:443 tcp
NL 178.250.1.25:443 tcp
BE 2.21.16.25:443 udp
NL 141.226.228.48:443 tcp
NL 35.214.149.91:443 tcp
FR 185.255.84.152:443 tcp
FR 5.135.209.105:443 tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 34.117.157.22:443 tcp
DE 3.121.120.175:443 tcp
NL 178.250.1.11:443 gum.criteo.com tcp
IE 52.50.53.225:443 tcp
US 64.74.236.223:443 tcp
NL 198.47.127.205:443 tcp
NL 178.250.1.9:443 tcp
NL 69.173.156.149:443 tcp
BE 104.90.25.54:443 tcp
US 3.208.4.131:443 tcp
IE 54.77.200.132:443 tcp
IE 54.171.82.40:443 tcp
DE 3.73.220.73:443 tcp
US 23.53.112.116:443 tcp
US 35.244.144.25:443 udp
NL 46.228.174.115:443 tcp
NL 178.250.1.8:443 tcp
US 8.8.8.8:53 15.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 22.157.117.34.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 105.209.135.5.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 175.120.121.3.in-addr.arpa udp
US 8.8.8.8:53 225.53.50.52.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 223.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 54.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 132.200.77.54.in-addr.arpa udp
US 8.8.8.8:53 40.82.171.54.in-addr.arpa udp
US 8.8.8.8:53 73.220.73.3.in-addr.arpa udp
US 8.8.8.8:53 116.112.53.23.in-addr.arpa udp
US 8.8.8.8:53 131.4.208.3.in-addr.arpa udp
FR 154.54.250.81:443 tcp
US 23.220.112.27:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 27.112.220.23.in-addr.arpa udp
NL 69.173.156.136:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
FR 154.54.250.81:443 tcp
US 8.8.8.8:53 119.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 136.156.173.69.in-addr.arpa udp
US 69.166.1.8:443 tcp
IE 34.248.195.5:443 tcp
US 13.107.42.14:443 tcp
US 54.152.23.150:443 tcp
US 54.152.23.150:443 tcp
US 54.152.23.150:443 tcp
US 54.152.23.150:443 tcp
NL 185.184.8.90:443 tcp
NL 63.215.202.169:443 tcp
US 35.171.209.41:443 tcp
NL 81.17.55.171:443 tcp
NL 46.228.174.117:443 tcp
US 34.36.216.150:443 tcp
GB 108.156.39.117:443 tcp
NL 69.173.156.149:443 tcp
NL 208.93.169.131:443 tcp
US 69.173.146.5:443 tcp
IE 34.242.102.151:443 tcp
US 8.2.110.134:443 tcp
US 34.36.216.150:443 udp
IE 34.242.102.151:443 tcp
US 151.101.2.49:443 tcp
US 54.152.23.150:443 tcp
NL 193.0.160.130:443 tcp
US 34.96.105.8:443 tcp
NL 82.145.213.8:443 tcp
US 8.8.8.8:53 5.195.248.34.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 150.23.152.54.in-addr.arpa udp
US 8.8.8.8:53 169.202.215.63.in-addr.arpa udp
GB 172.217.169.38:443 udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
NL 46.228.164.11:443 tcp
IE 63.34.248.74:443 bcp.crwdcntrl.net tcp
NL 46.228.174.117:443 tcp
US 34.111.113.62:443 tcp
US 34.111.113.62:443 udp
US 8.8.8.8:53 117.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 41.209.171.35.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 5.146.173.69.in-addr.arpa udp
US 8.8.8.8:53 8.105.96.34.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 74.248.34.63.in-addr.arpa udp
US 8.8.8.8:53 134.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 62.113.111.34.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 54.161.23.57:443 tcp
US 35.186.201.99:443 tcp
US 8.8.8.8:53 99.201.186.35.in-addr.arpa udp
US 8.8.8.8:53 57.23.161.54.in-addr.arpa udp
US 130.211.23.194:443 udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
DE 52.57.6.112:443 tcp
DE 37.252.171.85:443 tcp
US 69.166.1.8:443 tcp
NL 69.173.156.150:443 tcp
NL 178.250.1.8:443 tcp
NL 46.228.174.117:443 tcp
NL 69.173.156.148:443 tcp
NL 178.250.1.9:443 tcp
IE 54.77.172.14:443 tcp
IE 34.242.102.151:443 tcp
US 64.74.236.63:443 tcp
NL 69.173.156.149:443 tcp
NL 81.17.55.171:443 tcp
FR 45.137.176.88:443 tcp
NL 46.228.174.117:443 tcp
US 8.8.8.8:53 triplelift-match.dotomi.com udp
US 8.8.8.8:53 ums.acuityplatform.com udp
NL 154.59.122.79:443 ums.acuityplatform.com tcp
NL 178.250.1.9:443 tcp
US 8.8.8.8:53 14.172.77.54.in-addr.arpa udp
US 8.8.8.8:53 88.176.137.45.in-addr.arpa udp
US 8.8.8.8:53 79.122.59.154.in-addr.arpa udp
IE 34.242.102.151:443 tcp
NL 81.17.55.171:443 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
NL 178.250.1.8:443 tcp
DE 52.57.6.112:443 tcp
US 69.166.1.8:443 tcp
US 23.53.112.216:443 tcp
US 23.53.112.216:443 tcp
US 8.8.8.8:53 216.112.53.23.in-addr.arpa udp
GB 18.244.140.88:443 tcp
US 172.67.71.164:443 tcp
US 8.8.8.8:53 88.140.244.18.in-addr.arpa udp
US 8.8.8.8:53 164.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 35.190.80.1:443 tcp
US 35.190.80.1:443 udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
NL 69.173.156.150:443 tcp
NL 69.173.156.139:443 tcp
DE 37.252.171.85:443 tcp
US 69.166.1.8:443 tcp
NL 178.250.1.8:443 tcp
DE 35.157.60.248:443 tcp
US 8.8.8.8:53 248.60.157.35.in-addr.arpa udp
NL 178.250.1.8:443 tcp
DE 35.157.60.248:443 tcp
DE 37.252.171.85:443 tcp
US 69.166.1.8:443 tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
DE 37.252.171.85:443 tcp
DE 35.157.60.248:443 tcp
NL 69.173.156.150:443 tcp
NL 69.173.156.139:443 tcp
NL 178.250.1.8:443 tcp
US 69.166.1.8:443 tcp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
DE 35.157.60.248:443 tcp
NL 178.250.1.8:443 tcp
US 69.166.1.8:443 tcp
DE 37.252.171.85:443 tcp
DE 37.252.171.85:443 tcp
NL 178.250.1.8:443 tcp
US 8.8.8.8:443 dns.google udp
US 69.166.1.8:443 tcp
NL 69.173.156.150:443 tcp
NL 69.173.156.139:443 tcp
DE 18.157.230.4:443 tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 52.58.156.106:443 btlr.sharethrough.com tcp
DE 18.157.230.4:443 tcp
US 69.166.1.8:443 tcp
NL 69.173.156.150:443 tcp
NL 69.173.156.139:443 tcp
DE 3.123.130.174:443 tcp
DE 3.123.130.174:443 tcp
US 8.8.8.8:53 174.130.123.3.in-addr.arpa udp
US 69.166.1.8:443 tcp
DE 3.123.130.174:443 tcp
NL 178.250.1.8:443 tcp
NL 185.89.210.122:443 tcp
US 8.8.8.8:53 122.210.89.185.in-addr.arpa udp

Files

memory/3420-4-0x00007FFC156C0000-0x00007FFC156C1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Cookies

MD5 06c95a9bf2d565dab8cdb55e39cae504
SHA1 ef3f0b67a3a1bb1d4dbea39116f27a728c598e51
SHA256 4c3555d6e92ee558d7ba20bdea0da9ebd50730386eb94c435f5a4d8d4c5b9986
SHA512 389a4b048b6557173242505b2f721782256df5db738fa78549d6a37d07d14bcdffd8e0acade5f3df8526b19a9467beb2d103f61dc52bb2bcabed8510290e83e3

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\config.json

MD5 2dee85ac19aebaa50662a4ba424441af
SHA1 d0b03e28e9a14d48a1a9b206e92dc1bf1266328e
SHA256 dc4d87159e452383f6e39c1b7dd2830c69457a547565c43cfd9e9b86f336f336
SHA512 651d95e57716081376c14c26852e01997c77597da0e0350620ad4cadbf14f0a02956d7b3e8cbdf52a777b64f7ef7db63066791e24074d5e5b57a38af2b7c6a6e

memory/4560-85-0x00007FFC16690000-0x00007FFC16691000-memory.dmp

memory/4560-86-0x00007FFC15980000-0x00007FFC15981000-memory.dmp

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000002

MD5 fc5b3fc32563ee167b9ca09e2c0c144e
SHA1 2f4e8b85bcf4116c2af7cbc36240d432dd5b1e36
SHA256 6a8409825828ca55ae84843a52fc9f7b72d98231e307b4301c8f0d075d85768e
SHA512 becaeb0bebc374a6d505d77deca3469d179df5d47f419dccc2000d7cbaa764b6f808317fde1b3f4b20a0dd9f28c86d07f2badda19e66a515478401d4f0c8bfd2

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000007

MD5 852af0156e076682b1f407b40de89102
SHA1 86a88696b206d3ccc0284dc45f09d107a1922d6e
SHA256 72debd003600affaaaab7ded14246426c8d7efb3c8457650dbcfdd8a4182df46
SHA512 cf13e137b2d3a7af182f33991b437382677b8629814665686a5cc213580b7e44542db69718b0b1c511752ed6bb18e01460df44ec7af512c1a6b9bd076f6c50a0

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000022

MD5 1c0f4165a8e129c44c0e351a39a4283a
SHA1 00ada8bc8af7e2fffac1006b7d5d661622c832f9
SHA256 f43fdaf41f911aa3d138358f321c823b0d9b310aa65c3794275d5767259c110c
SHA512 fe5a1e384320e28632b70b9ee8ae5838138bb7e70b24d30eb24ae6b1bc3cbc1130de99096cf5c9f1fb4c2736802d8ae963d47a698096d03aa61f4686b611fdac

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000020

MD5 29b1adf527657e404731bcb7271b79f8
SHA1 50aae42abf35013822edd2004b109c1dca12e96b
SHA256 4fbab2df29d82f1d5d1ab88a4cd42dfbfd777934ed5b177324542239df37bcc8
SHA512 17d123f7b9e62a158ab2589750da30e0d8290f910052d0d464a7f5a40d4e5011c8c33ee4804000fbc52f1c4e27b8d04cf7fd1bf13a9a9b07ac2376fad1e6ed56

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00000f

MD5 350a114fe0ca526a9b74298ba975f6f4
SHA1 43c286b3fd3ac8685832c364e4fbc4369808b649
SHA256 d273c7294cffa11daafa1f1a8e4443958708589cad8939ba55570a2dafcea8fb
SHA512 d44ae7b74d8b6aa3f73c21aba26af911ef3e0609b0539cb3a8a39dbc34d32a2c718dcd65e60fc9f86314bd8044792f01e91a6dbefde6fe4987a7ff7c26ecc753

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Preferences

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Preferences~RFe5833dc.TMP

MD5 d11dedf80b85d8d9be3fec6bb292f64b
SHA1 aab8783454819cd66ddf7871e887abdba138aef3
SHA256 8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67
SHA512 6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00002a

MD5 9d66068882978e0e14462832f9c9fa81
SHA1 dffdf34805c21e944a7d8cc10d5fdb059c22ca83
SHA256 9f995b1c42942ededcce16bba381a19d3b30e0e75a36e0ea956f6a54e040dffe
SHA512 1807fbcb929589e25107359e7abec56d73ae67f93a9544dc1fc02bb59f8a62486dbb9dffa0e931644f0d8104b541c47536a2bae0f8567b37d69cd93dd234f34d

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_00002f

MD5 de92105e7400f07a3a4c437c336c7f0f
SHA1 3a16ccac7244a76b66233914c49a38f644848691
SHA256 cc969bd107f118a5f02e1afa7388a1e84e5c636366864a640a0732530f368d26
SHA512 fade665daa6f596db72891de5b1eee84585024613c1e67cbc2ea5e802ff86564b3699231350fef13c586082a232e642036e38ed6ff2a34bc6e9911b600d1cc13

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000021

MD5 49295de6ccd23cf80b6418a2d209868f
SHA1 42a955b4560bb22cb9b5b39577f7a691ea345018
SHA256 d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
SHA512 2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000010

MD5 26088c06661d1fb4a002e2609404851b
SHA1 31293824e0579bc790426930cf73e9a0c71c0aa8
SHA256 8e9b4a4680b498db825ef610e4e7c68bf3dbfe95383031c7531f1e6dbad454a8
SHA512 3527d553940a6c91b5cef149df40bd5537e46d16442b5bce1e593e743014d3f25250ca8008d912b87b41745006e03e1c942be94a1590b36c1db72bd8ba23e12c

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000011

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000018

MD5 2a315d77025584b1d21d525946437351
SHA1 7651ad2c304a1021c5520a32b0e6bd90dd725872
SHA256 11f4cbc8d914ede9477e8e83a95c1a880d7ad867d72351deb778463c49f2ce85
SHA512 73174e11f9073ac9f97abad6546171b02fb5246b0c3ddc99279a8374da08fdfebedd9811c8bf9903e658e04eaf5c56e984ef9bb9a126c2a77aef89f8fe8a3831

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000019

MD5 4f73430e6c9185238755926f883a6113
SHA1 f8e26b15dc380a23757e4f96a795b5c272387ba1
SHA256 ce0aeb4eae3779fd677aa0ca4608fdcfe0c6d443756c2c823f0ccaf4e9e11fa1
SHA512 c64169c4df385e89f28215d5c1160711b96c8210c76846125188feaadbfd4d47dd1c7664e0f39d8da6d88297380446b7e8762c825eba7a4e00325aa63be781ed

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 892153fb97de3d661b7f34e39a982ab1
SHA1 ab21cc4b7dcfadb42a11062ad5c1aa33cebcaa48
SHA256 8925cf2d983f6a68be909ce953b61c9733cbfbdbffdb428025f751b429bc7b94
SHA512 67c0b3f48e10bdbc5bb0d0ec76f8deffc21e0f9c0f1bd917810af97d1edde08dcf7666edfbddba343fe9475c8fb7565a68409f9ddbc9f83b579c1b9fd04af28a

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity~RFe585c06.TMP

MD5 9a121ce57e5df7857c2074a2bc1368e8
SHA1 3232c3ca10acac2c9d4dc4f6e2ba01d8ae93e9d7
SHA256 dfdce75eb8aeb7d0442d5b1205e0bf9ad098370c03ee1c0b018179885657dcb9
SHA512 d932f107d7837b4a8a265d327a28720995c8cb6879e3165216c321e0f2ed0cb0ad5ba0664f28932611e8754a12a8514ebf166d556b9341f8a9920a8d423b80a9

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Cache\Cache_Data\f_000024

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 3c57058f30688274010f690a0394e795
SHA1 b92110706bfbff2b0b0f919d2a06057772a2573d
SHA256 f70a30c9d245cabca66723ece15572c85f6875420a448a1af6bf0f9ae74f1c6a
SHA512 0cf446f7a12abbfc03ea34d574ed1a483f8b257676d78296395212e255f2983314b6430e3299e30b52a4c3e2a91fc62bbeab55620381c94a64fef6ad4ca8589e

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 fdfa749ea54d88fcc4db3af59cd8d1fb
SHA1 f6cd354425e3f7382753f356ddd440d2838fbaf7
SHA256 6a075ae02ac5bdd886c0645841a540e2ecb3827e1820e2798bc325a5acd08127
SHA512 ca3dd2a66208764d9185cacde29cf620c52c65fb16ed4f0cd20c79abe68bfe6d05c5515ee24d82a00a478650558df4af958fc22b5c5ce2dab8960077ca752c12

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 0128af1f69ff23bc4987f9baf8c4ce96
SHA1 9b7eb8adb16e328a712a0a584068f861b8fe67df
SHA256 e7126554de5a49d5d3e6a2b0802bf1831bf69d941380d196e5caf160d5256ea2
SHA512 2dfccf0413ecafc92a42826cd7926251a95284f6741c23600808cfa526870a6c199c6e7d9cac47823648c41ca5bf3f8095c01303d8be1008232bc94aee0620f3

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index

MD5 42a9ff265a4dfe88804b84c954f2f7dc
SHA1 5349dfa395c5d36a84b77edfc17daa395aacc701
SHA256 c4ddb31ff6038f54c65aada9bbd3a63485c04899fde7e3321388cb9001bba503
SHA512 4492d516dd64f929beb2b8d73839eff69373b655676d4d3560fb38926a32b766008182b4343d695f3887aa13c57aa1e4461e95c789b186e6b2bb8b34de3cf51a

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Code Cache\js\index-dir\the-real-index

MD5 a5117170493e9d5881025ca25177b135
SHA1 706c6376e6393215b9d0c0535d62319ddf9d9e36
SHA256 3a355365dda605ee98f6299fc95fce5791500b32f374c94f03b734429c148f18
SHA512 6f7ad4867c2ee9d6dfa66b27e99e3518f7d625c6c3344c55b4c0b1e6b2b55247a0cd6b505c1ef09165eb4c5e4c984670877bd9106a4f77207b65c1d371dc2323

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State

MD5 63b593475516cb4323e928f978c92e76
SHA1 a25206b9d80cc7d2c259f7230aa96c0931309c29
SHA256 a2bdbc6192ad3dee6df7d9d1f528b333f54e8280861478ff80fe64ff46f25485
SHA512 97e78ae280e8f27be4d767ee541a609c39c7b6a4ef87de5011fa56ceb58b447ff514ded81fdc5cbff1cb7335faaa4afa363e3db876a16264d2016e4a5fab788b

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State~RFe591b5e.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 b85ae7ba22deaddb3bf04b9a219b5526
SHA1 0d1df22b36260f9ed6d288697197e01387868dc5
SHA256 4935ac7d181ca4b5e993c82a92f9cec3712cef18710e348b3f3e0b42d74fb38a
SHA512 968315d6c3d0170d98e17b83a1eafbf97d27a3e316aab36f3e0c3d34bdf830fc91e63a03664e4eefe65379c463b343d1dea8a4a1dba5e02f952ce57349380dbf

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 62e7a9c6d059740fe0e3eae82b0f4885
SHA1 d458f36f2d62d3cfd10054b38717c12675cc282d
SHA256 2ea1a54914f009734a47861c3d8d26fefdebb11ab669871e5d0e5094d954e22a
SHA512 b7768c632a455dca71fb58656839d0c60ffdc3051c3fec296a885a799e96e4fcdd798dd6b882fff0e69dda39799d630a8ad26ae5004e26fb6a93eef1258a458f

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 73f74a453ac2551a16d4ef917b068dc3
SHA1 cf7bdfc57b8484aae3d5409187f966e46e7a1a17
SHA256 ea208c8db99b5215eea918c8e5402ec01299a195611886672bb6d17e7fdfa254
SHA512 109f5abd20ee9c91070df7b81863a1ce51445dcd8916909e5a151b5ed382772c016899e8353547ec610fe15d081f05ab7a466f2777e7903a99bf84945f47f78e

memory/3976-717-0x0000026E1AF90000-0x0000026E1AF91000-memory.dmp

memory/3976-716-0x0000026E1AF90000-0x0000026E1AF91000-memory.dmp

memory/3976-715-0x0000026E1AF90000-0x0000026E1AF91000-memory.dmp

memory/3976-721-0x0000026E1AF90000-0x0000026E1AF91000-memory.dmp

memory/3976-723-0x0000026E1AF90000-0x0000026E1AF91000-memory.dmp

memory/3976-727-0x0000026E1AF90000-0x0000026E1AF91000-memory.dmp

memory/3976-726-0x0000026E1AF90000-0x0000026E1AF91000-memory.dmp

memory/3976-725-0x0000026E1AF90000-0x0000026E1AF91000-memory.dmp

memory/3976-724-0x0000026E1AF90000-0x0000026E1AF91000-memory.dmp

memory/3976-722-0x0000026E1AF90000-0x0000026E1AF91000-memory.dmp

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 3aab67c90f31bb5dfc29423c44af43bb
SHA1 067fcb2268144f79ed6067219ab6c00bca61b750
SHA256 78d29ee65369106f7150f9660a13322f6919f17766e3bd5add54309e733ce951
SHA512 9d9a3b3a5e0f6a59f7177841d46e24ac6accb47d7fb0413362f4beb5549d382fe0b3221cdf3be6a5b9fb5ec04ed910524df46a205238faab2f801cdd84cbea2d

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\Network Persistent State

MD5 d4eb6ff402fa5a4e917555561b8acd5e
SHA1 3a444bac36df66ce236e380da23732bd5ebec361
SHA256 025d918e2b697511d8b19c8219bb8c79cfcfd32f0f002a41aa2c4a9a114f22eb
SHA512 67f0b340629c4b2080cf764d8cb7c378fd1737fea35a2e6554a07128d9b51bc4df7ccbac773dea255a5fb0d9c817018e8b8408c2980c40563278a821dbca2d61

C:\Users\Admin\AppData\Roaming\Salwyrr Launcher\Network\TransportSecurity

MD5 2beffcaa09b5ae4c847a65268637072b
SHA1 aace19d74cbd003b6b21e05d9074a745038dad02
SHA256 e65286355c9d358282ddde793550cd7081eb2904d8bc0cbe86befb0e23fbd790
SHA512 bb38b4cf8bd2816388f43f9763670b7243d8ac18291a8208dceeea7454ad25337b2b5e558e425525a7cc8699cbba7c95072911ff96b784d368c9ab0b58e496c7

Analysis: behavioral21

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240508-en

Max time kernel

141s

Max time network

161s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\libGLESv2.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
BE 88.221.83.219:443 www.bing.com tcp
US 8.8.8.8:53 219.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:32

Platform

win7-20240221-en

Max time kernel

122s

Max time network

140s

Command Line

java -jar C:\Users\Admin\AppData\Local\Temp\resources\libraries\java\PackXZExtract.jar

Signatures

N/A

Processes

C:\Windows\system32\java.exe

java -jar C:\Users\Admin\AppData\Local\Temp\resources\libraries\java\PackXZExtract.jar

Network

N/A

Files

memory/1880-2-0x0000000002220000-0x0000000002490000-memory.dmp

memory/1880-11-0x0000000000120000-0x0000000000121000-memory.dmp

memory/1880-12-0x0000000002220000-0x0000000002490000-memory.dmp

Analysis: behavioral32

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240508-en

Max time kernel

121s

Max time network

130s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

Signatures

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1948 wrote to memory of 1896 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 1948 wrote to memory of 1896 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe
PID 1948 wrote to memory of 1896 N/A C:\Windows\system32\rundll32.exe C:\Windows\system32\WerFault.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1948 -s 88

Network

N/A

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win7-20240220-en

Max time kernel

120s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{967712E1-0E96-11EF-8F92-565622222C98} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000b2d27b9ba083adf1737a8d60c6e59fc3163f1eafffc7bb5e5af70070c7b61c55000000000e80000000020000200000009c42fee85a942b72a7a2c45be23f797c2f14b78bfe27ef911a28de9aebd6b69a90000000d33e21c7dbd977b1b308e5835a5f7f5f5637a80ef085952b67f9245da07643da127a4ac3538f97740c000240bab7768dec085485ebe9c599ad91394cd098fef6e10c532d5d9cd3c03783c099168de532d1c02c2af22fe73f1147ef1e619aba3af995e5edcef166c2e6703092dc1936f59318d79a023971d2fab0f776073026eba22cdfa702a05e358efd0c203ba4d18840000000928bef2d1716f050d36581db0a2a1d49733a923283ff25192c19bac8aeddef7ef71c38fc1347fba08a0e54475ece5069f091b6d11036656e280367dcfc0c0ab2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000abb8596cc50c0546bfda6658dcffc23300000000020000000000106600000001000020000000cb7ae7664e09081e41ad71d8700b20e2a5457c3d601b052b2bd4ca8c743fb20c000000000e8000000002000020000000298845c0b33704a1ecf5ee3ee3dd3a15c21f5c688b9f1b3648152b2fe919a08c20000000b30b2ee7e36a054754d3f11251a3bef3c1e527c101cc1f999949b9ad4d761ad140000000abcceb895df0130351e0ca89122ff0134fc6f0092ff66f1afe1588c87ef1f2d63d7f2ee2653e2934d736b7fd706797dcfe54263b53ffaf2cd9df5988838f01aa C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "421484408" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30745a6ba3a2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3E79.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar3F5B.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65ad51dfc4a0b0952aa1dcde1beb4fbc
SHA1 d63a5749deec3fc2246aae550636cec5523f1e5e
SHA256 9d54ad93dd941b193d00d35dffd9ff6aac01c0fc3afc47163375e117818379d6
SHA512 fe93674cf4b4ab828a192410c57258fd4a5ca44d233bc7951f89cf2f18a8da4158311c7d1b55ae7961535e37bb49bb5fa603eb1225b3f08f5ce7c6ad58f545cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d6b5063db2c4b82e4951a9b23e3f035
SHA1 981d47c3d25ee634d52fe6480d8b629632514630
SHA256 f296a6482b06add6aee895e9e829cb5cfae51be21f20f083276df73e1f00b141
SHA512 0e1892a332c470e92a5329a4f8a44bdac3c7719226147c57ec68c9b0b19111d65b427aeec7027cdc0158c1ee8e14a444c459c5361373f488fa6a9a64b9e82098

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 980d26697baefe57547035c0eed7e15c
SHA1 6c2a1a6d70275eee5bb82cc401beb8591a53fac5
SHA256 7b1b127881fff39208b8feb1221bccc577a1a0825f75ad00dd6f24906234e6c2
SHA512 b17b484f55ed87401d1ad870370b704a962c5f08d7ae32d248e10b3ad2b5b1914e419c449b773bb8dc6f92b78851392cf2ea46ccf6ec1b3304f89f58eada2796

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ed900e9de86f932d03cc46416f3c33a
SHA1 2ad025c98265022ebc13954f4420d4f42aa35701
SHA256 98ba75adf72b7467e40943680a9dfa231043f374de620a735458b876021805cf
SHA512 a7d4d6c29bce9469073588fd8fc175180ccea965a06c432a206b1d6050fea9c95806ba47a02514f7469b07683fac8b06432e05160dcbfaf83914cfafea72e4f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bdbcf285cea50532073185a3d078791
SHA1 fcd193914f22017c265c2c2cabf73bd3c1d2aa2e
SHA256 931022cea41790ce35e5b89e71cc8b3bcce84036a9787939cf32168989dd8083
SHA512 5633a25f1e0b9a8af7ae6979866b1154951fdae7979c2a774d7a98a84c6f5d4677ae89101ad52a231738e256466b0dcff15ebaa10c35d6e8abd1f95df87c6f32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 619d23e5e72880cf269194b7a7362d6e
SHA1 70c37ffff86fbc170a3649f2a1c9c8bfddffc5f1
SHA256 ca0306dabd46e5f68122f15d12827c06013f50e3a2333f20d876b683d508553b
SHA512 053b818e7d3a55482d46f576f6b833ca43d1fcb3b2ed42b0993fd483f90abb1faaaa70460635a305720522eff0c79efccb4216db18f44c09842fde3957ba7fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70dae8cdd40071f0c4ce8bba2e8cf7dd
SHA1 af3156e5384fda10da2b1ac13bf53bbf88b8b79d
SHA256 1a8f0634d43c30560b89d43501dfbea22d9c8fdfeb708e88eeb90c86174a16ed
SHA512 ec55e364d19ac755ad1e0d3822f39a6bfc716305684ed2350339dead0fc5f326248b69fb20f8b595be79eb63b83a7a8021df8d5003e9066113c32c8e2e50505c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 665bffa421457cd8cb8d983b9c0c3da6
SHA1 386fe8a4e0c987df887d09e64fc8287e51928c5e
SHA256 6ce0bb8d57dec494ce7b5116130444b2bab3de2c338c86591a082c07e7766828
SHA512 31e90f344dce5b1ceb0a3e0aee7d1ddf9aeeade5083c89a2e38c9f9ac583ed35a0fc86a3fa9bf81b62a5001ea8a14e27549d9b7bf836adeaec9baefe47268a3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1b8f5083c5e6b390749dd031b907648
SHA1 cc1ecf10c069cfc5976f16d8b4d7106e7dd6ad15
SHA256 2bfbc37070fc3c6ac810b5cf94d38c7953a98d096e568f0e71476bbb1a78a570
SHA512 7c00f636c86b9cf550d50c0fda9886b5932be215d5d7919f411437c71a5b22ebe1cf7d47659f2b71ab731f902d5e7c12f37ba3aab4ab5f4ba24d712b118c7869

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0d4cd16df4342c9e1863d05eef42a55
SHA1 4c3e798f83ba35e3b8e3766aadf2dfaae866c5e2
SHA256 0628bf6551501cd579949f46d1a56f37b993d47e59bfd9ab6ce0dbf481127645
SHA512 e331a137ab8e746d8fea7e2a789256b1ddb418d25ba2eb9dd42db770a409b47c0b646a629cb86fbe68ab9f609ff5bf75b6bcbc10b38472538ae88d9dc2df9da6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5842185b7a223bbd750416765d6e64b
SHA1 a773fef16c14c635a1a49b9b2085988c618ce37b
SHA256 540b72172fb40682289e61a08e3f1e3da00a9ee87480c4fbf8f1332046a3fad4
SHA512 776c47a361783acb4943ce59c2791cd540da0d434372e10cd422e5cb23c4c224636432d7ea5e5baffbbb4d504632f21965c04bcbc4f0bf95036cb75734fae5f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f6b0f209a6a4ff29ce4f0b14c07b876
SHA1 92a94586d4e72e9309110a366539a6e751724053
SHA256 0ad34beebbbf333571ae3317773fda776936753f658b77d823ecb7aedfb112d5
SHA512 d15cb72d7aef45834f43dd26718c184bf1fc44773a68f99a8e982f4cd3aa12bb42d0bc6bbfe64b8a7c16eea5237428545474cc0b4f6e469fb7a7a4ad7b83cd75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f3a8f612dcba2ef8adce5932ebc969d
SHA1 69a750a4b4f97144b97cbffea0ff99ca083fc064
SHA256 7b88d00829a87d3fa4c8ca569b9404ece679aeb52d7ff51150a678c869b023f2
SHA512 b0be89f331f2b937c358f72705331170e9cf52468b2c599274605ebfc093672408358712be9ee76604e279cf718046a400064e8f52492f0a791ffe516fb25081

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef1bf61e4d95a7b6fe0c8cca5d2e617a
SHA1 0531ec5a4e8d307a587ded32d567ae7f054e6c85
SHA256 a6f33c55072853cb00d3c520ebf6317fd33197bdc4d6d19f9913214cd3ae207d
SHA512 23c5049c7404be459700e7682698160ab05e81b0dbd064d60327612925d10cee001a354cfa4dbda9a19febf1fb952dc230ab15970fa83b8e0eb4a3a47bbc6043

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5b736825665baa51d08ff3dd728acb2
SHA1 bcf4f367431d06a830477a05b16d0860b6ecce85
SHA256 c8cf78391d22abaa05f1cc4d894d9d9474adea153689ea227bda22186a8d0049
SHA512 a28cee7a9f5637cb7c531867309ee73662a579f329d72d7182f90e4db4c0693ccd960ba173daeaca42588792ded09bf214db7509fa351e79c768af7d58e9f241

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0912a5cbbae55d027b270551080dadd4
SHA1 d172fe9e7e7cb90d0872e2359861e7d63b8846b8
SHA256 9cd1b8aa3ec8de73a3504f8d8b51dd6da407cdb7cd5454831f861551ae22c90a
SHA512 2aa6703513e58f6480c0a5869f708a0a4e3a3a476cb4360026769def4434387e8f8f1623ac5e5f5984fb71b839fc54c4cf6f0f1c5b212bde0f774b69003b1ab6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b05246949c67c7a5e3f241db75a6339a
SHA1 4b5a6c9064701bc37927efa08e4edcb209d02d0f
SHA256 a87b88d9b282577c8bb60f5b0e29bf9cca5135c39dbdc22cd829aa05fa4ca4af
SHA512 c9909e51c7f8c77117919a25a2454660a421bc02747ca40a5a3cc4d9ae528dd867d384470312d6b81f9f0e4265b4835f9d9bc1f58622079add4859a96d057801

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0825fd90473f20e60e7c6a83b6edc91e
SHA1 89a768d11ff26e2544486f5facded00d1cf3fb14
SHA256 b11225b90ebc409b1f24e3baf434dd7709f4812018ae2a0b5061ae4eb8c094a8
SHA512 fdc4afc39c8c7901091725ca12747981c2d5ec2289dacc37bb1af9d86a8dad27abd9d37749bf34f256d88362c2eebeccc428db3235e5723b25efbd60ba44ed95

Analysis: behavioral17

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240426-en

Max time kernel

148s

Max time network

157s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\ffmpeg.dll,#1

Network

Country Destination Domain Proto
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
BE 88.221.83.186:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 186.83.221.88.in-addr.arpa udp
BE 88.221.83.186:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2024-05-10 06:26

Reported

2024-05-10 06:31

Platform

win10v2004-20240426-en

Max time kernel

145s

Max time network

155s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.219:443 www.bing.com tcp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 219.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp

Files

N/A