adwind | hxxps://github[.]com/VehanRajintha/Sorillus-Crack

Analysis

max time kernel
518s
max time network
519s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-12-2024 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/VehanRajintha/Sorillus-Crack

Score

10^/10

adwind discovery trojan

Malware Config

Signatures

AdWind
A Java-based RAT family operated as malware-as-a-service.
trojan adwind
Adwind family
adwind

Class file contains resources related to AdWind 3 IoCs

resource	yara_rule
sample	family_adwind4
sample	family_adwind4
sample	family_adwind4

Loads dropped DLL 3 IoCs

pid	Process
4536	java.exe
5668	java.exe
5420	java.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
26	camo.githubusercontent.com
27	camo.githubusercontent.com
2	camo.githubusercontent.com
4	raw.githubusercontent.com
22	camo.githubusercontent.com
23	camo.githubusercontent.com
24	camo.githubusercontent.com
25	camo.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
79	checkip.amazonaws.com
109	checkip.amazonaws.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	java.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "5"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe110000008b11c756af18db013677a419b718db0140e7f8e1d452db0114000000	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	java.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	java.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	java.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	java.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "4"	java.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Sorillus.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1392	msedge.exe
1392	msedge.exe
2380	msedge.exe
2380	msedge.exe
3612	identity_helper.exe
3612	identity_helper.exe
4972	msedge.exe
4972	msedge.exe
776	msedge.exe
776	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4536	java.exe
5668	java.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of SetWindowsHookEx 35 IoCs

pid	Process
4536	java.exe
4536	java.exe
4536	java.exe
904	javaw.exe
3004	javaw.exe
2816	javaw.exe
936	javaw.exe
4536	java.exe
4536	java.exe
2800	javaw.exe
4280	javaw.exe
4536	java.exe
4536	java.exe
4536	java.exe
2520	javaw.exe
4236	javaw.exe
4688	javaw.exe
2844	javaw.exe
900	javaw.exe
1864	javaw.exe
2580	javaw.exe
2768	javaw.exe
232	javaw.exe
5884	javaw.exe
6096	javaw.exe
5312	javaw.exe
5668	java.exe
5668	java.exe
5420	java.exe
6040	javaw.exe
3752	javaw.exe
5760	javaw.exe
6832	javaw.exe
7024	javaw.exe
6196	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 3896	2380	msedge.exe	77
PID 2380 wrote to memory of 3896	2380	msedge.exe	77
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 5036	2380	msedge.exe	78
PID 2380 wrote to memory of 1392	2380	msedge.exe	79
PID 2380 wrote to memory of 1392	2380	msedge.exe	79
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80
PID 2380 wrote to memory of 1752	2380	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/VehanRajintha/Sorillus-Crack
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed5e23cb8,0x7ffed5e23cc8,0x7ffed5e23cd8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1224 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15279926956368057530,5411926038743562788,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Sorillus\Sorillus\Start.bat" "
1⤵
PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/VehanRajintha
  2⤵
  PID:4628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffed5e23cb8,0x7ffed5e23cc8,0x7ffed5e23cd8
    3⤵
    PID:4672
- C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\java.exe
  jre1.8.0_361\bin\java.exe -jar -noverify Sorillas.jar
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4536

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\wim.ihate.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:904

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\wim.ihate.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\wim.ihate.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\wim.ihate.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:936

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_Sorillus.zip\Sorillus\Sorillas.jar"
1⤵
PID:4848

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\winrar.c.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\winrar.c.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4280

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\shhh.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\shhh.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4236

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\shhh.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4688

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\shhh.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\shhh.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:900

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\shhh.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\shhh.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\shhh.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\wim.ihate.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:232

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\wim.ihate.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5884

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\shhh.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:6096

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\wim.ihate.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5312

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Sorillus\Sorillus\Start.bat" "
1⤵
PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/VehanRajintha
  2⤵
  PID:5652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffed5e23cb8,0x7ffed5e23cc8,0x7ffed5e23cd8
    3⤵
    PID:5684
- C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\java.exe
  jre1.8.0_361\bin\java.exe -jar -noverify Sorillas.jar
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5668

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Sorillus\Sorillus\Start.bat" "
1⤵
PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/VehanRajintha
  2⤵
  PID:5340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffed5e23cb8,0x7ffed5e23cc8,0x7ffed5e23cd8
    3⤵
    PID:4372
- C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\java.exe
  jre1.8.0_361\bin\java.exe -jar -noverify Sorillas.jar
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5420

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\shhh.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:6040

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\slom.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3752

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\slom.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5760

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_shhh.zip\slom.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:6832

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_shhh.zip\shhh.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:7024

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_shhh.zip\wim.ihate.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:6196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
3758424d895486dc0b279477c2ec9bc7

SHA1
92983a9a5b8c1132e0869e61123e9f70dbed9093

SHA256
a19ff8e74c2cf8451fa3cd4399b525cb1b8092145caa0f6b12e87cc5ab45e617

SHA512
20cfe19ca14c22d2d1d86b95b387c06c2dd4f93853c9feb42f51cd756b6bc915a17bfda1e852b66da3f82cfaef547cf9233a61f8abd2ee1d395181e80fd4ebae

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
3fdbf4d6586afe2f1cef7e06135e45c5

SHA1
254f206e3488337aba398b8cc98732ad9ec62e52

SHA256
5894fd3028cfd1fabacd6040fe8ae67c474934a96e1ba792e10473cdc7058441

SHA512
9c48b40caa75e4cef7cf45e20474ef48f59e538a54116c63e67a0399850ace62db39be1f25ac880b2429037feb0a3eb62c0ffc47e0059bbdc5b3cdc80529d127

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
140bf385bbc9c46daa0f0c3aea3b6e9f

SHA1
f930795bb3f5a47086cdcdb8a84c5c2cef562c74

SHA256
d0518177fad2c5b90425f42b709639760a5d9a5bae61f96e563bb40f78e34a35

SHA512
9ae74de2240923866bbb7dff943457b256019fa1f0b84ba5f4cc2d6d24d6990944eee76be2ccd0a9fc06a477563beda0ec84710a0c29d2e2e9770385701aed29

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
975a3c0b823b5d58b35e2108cb506dcb

SHA1
01daedf95819ed835c5c06935775b68f6aa11c25

SHA256
543294702e621f502baf6b19b762ff9aa642c4417ef9a8f19788ddbfe2b5d6df

SHA512
3763e4f5e7b725bfe5ab94affa99e320f5a57b1eae4fdadee441ef97181ff252ebfa00ac15704b8bd8dffa539ebd5b93d61703b48352bf3bcee9b645f4007406

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
eaa4b822c0d3b43f27d01a354b8573a1

SHA1
8098d6356f3f10f93d2ab8d750091a3bb4b2875e

SHA256
f97928291cf2f3ec13f292456bf7813718cadbda325df3f8499fc6cf315f44ee

SHA512
49f32521d741714f39b2ea7142ea9e25114e2376cc276276da443e92a508ae6342747221a271da2480c0b6fb2e6672957b15d7c94d8ea747d5c1de761533158a

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\fe747ec778282aa6.timestamp

Filesize
72B

MD5
ad4c01f6c4865bef504a0ca7592415a5

SHA1
51b942c2aa95ab303936fba86815a39d80634a77

SHA256
a3c7556c1c8519e2b63d58cbfb892ed7691ae77bf276189025a77ad367d045bd

SHA512
92e6a0fdf23b8460d15a1cbd6b0bc1ebc1c57322662f28b9c3ec3cf541a2d26cf6cef87be4d20e744b972010fdd7a0581ba7e2684a8be6e6f214a21785b1dc68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
0b17fd0bdcec9ca5b4ed99ccf5747f50

SHA1
003930a2232e9e12d2ca83e83570e0ffd3b7c94e

SHA256
c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d

SHA512
49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
38KB

MD5
53214f37c15ce68a217e2915c835b235

SHA1
912add71f2d55aef34ceed48859cac16207759e3

SHA256
5b50f1bacf12105016c72bb57bdb3a468b274fc21d4485d1922a14e2e127f803

SHA512
7289364baa2d22ebe8754a3b0c0ee75e707d88cb925a7a2e871644899bff3a91afff924eb5f3bb1afac7ec6d5fc571dcefc20c5bbf049a1bdc1e0a8515f6fad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
37KB

MD5
51473104379263af1a2f1113de631fc2

SHA1
85d50f213e1e0f43d1f5628d0b5e523455ffe499

SHA256
0a01c035e5670702757362d871216d4fef2b1d11167e37c695f28b2df8688d2c

SHA512
94ff8524a58b1457d2ba72b64b905018dfd2f0e8ae557f88b164bff5144ed21af4b7909bc9c8ef10de89370cbc886ea65ea7a5a833c2b4677c60aa7b48a9a7fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
18KB

MD5
7d54dd3fa3c51a1609e97e814ed449a0

SHA1
860bdd97dcd771d4ce96662a85c9328f95b17639

SHA256
7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247

SHA512
17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
26KB

MD5
865d6b634000ee4aa0ece7cbb1caadb4

SHA1
2f72dc0500cd7dab061c35be4525ad6b0233bb41

SHA256
a2c873fa058b0f85d45e7c1689496f755c9443df12cf27393d3b3e1e83102d1d

SHA512
8bd88d529f2dcfd458b1029fd3686737b90d58aa077b527c8c9acf49250f0d8efcad8aebf714205df965dc47cfe9905b1483ad64ab73ee648cc889c56e842d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
58KB

MD5
6c1e6f2d0367bebbd99c912e7304cc02

SHA1
698744e064572af2e974709e903c528649bbaf1d

SHA256
d33c23a0e26d8225eeba52a018b584bb7aca1211cdebfffe129e7eb6c0fe81d8

SHA512
ebb493bef015da8da5e533b7847b0a1c5a96aa1aeef6aed3319a5b006ed9f5ef973bea443eaf5364a2aaf1b60611a2427b4f4f1388f8a44fdd7a17338d03d64a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
39KB

MD5
a2a3a58ca076236fbe0493808953292a

SHA1
b77b46e29456d5b2e67687038bd9d15714717cda

SHA256
36302a92ccbf210dcad9031810929399bbbaa9df4a390518892434b1055b5426

SHA512
94d57a208100dd029ea07bea8e1a2a7f1da25b7a6e276f1c7ca9ba3fe034be67fab2f3463d75c8edd319239155349fd65c0e8feb5847b828157c95ce8e63b607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
105KB

MD5
b8b23ac46d525ba307835e6e99e7db78

SHA1
26935a49afb51e235375deb9b20ce2e23ca2134c

SHA256
6934d9e0917335e04ff86155762c27fa4da8cc1f5262cb5087184827004525b6

SHA512
205fb09096bfb0045483f2cbfe2fc367aa0372f9a99c36a7d120676820f9f7a98851ee2d1e50919a042d50982c24b459a9c1b411933bf750a14a480e063cc7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
16KB

MD5
5615a54ce197eef0d5acc920e829f66f

SHA1
7497dded1782987092e50cada10204af8b3b5869

SHA256
b0ba6d78aad79eaf1ae10f20ac61d592ad800095f6472cfac490411d4ab05e26

SHA512
216595fb60cc9cfa6fef6475a415825b24e87854f13f2ee4484b290ac4f3e77628f56f42cb215cd8ea3f70b10eebd9bc50edeb042634777074b49c129146ef6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
69KB

MD5
7709e911992939f58fdd799cf6793162

SHA1
9557370e9ec49cce4f5aefa86d4578fae5287456

SHA256
e912eab369e14942b65c1abb99ee1cd8939965e0c4415a0fe18fce247d47f898

SHA512
e2f585b0815f7e5966ea13acc6125325a1a8c5b1205d6eac899f325d6b73f8d58c43593425f6cb40e100f4a9a2ced78a90adbdbd35ac4a45236a4dbe72d9b043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
18KB

MD5
fe1cc847a80d01cfb502f6a898448f52

SHA1
75578b1052590edf719f76d08d643db033074131

SHA256
84fef60de4bcff76d0e5ffb1a48149d584a90aabbb49cf0997d22d343618d2db

SHA512
4d24f0ecadb4db937727c71ae9020e0ce7bac2a92afd36e9921b13b43dddaa8205acda2030cde817f33a44be7c6992eb77e23efb5ca59eeede52a0783b4bcfc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
56KB

MD5
8d7667d538034f94725f685c86790bca

SHA1
58306165924a58044989f43d74330b0099074ad3

SHA256
c44bb335686a271864d68eb5bbbd5fb02e9a5ec27310d6c980d7b38552269e86

SHA512
69312d1a0d9f90bc0c41583fbfd00148c2d4d63e0229ff5b1c23320843033f8b82313ad1ad5a917d64af15eef1b091f968d7180e14e9b9dafb9ac60b4a5dd282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
71KB

MD5
3cdd654138fa8034b143f0b7f4c9bcb7

SHA1
c122acab0e4ffa86fd4fc262c5f77d99d510e061

SHA256
d922b35c3d7c531d26564357fc4ad810085fced9943b455747afd7b251e74a7e

SHA512
b3e82b5c00c432c781f9b7d0db3815f399ebde31f3815f780e1db81f42d215ee505eb11858d7fa6854c91f30088ba6dcfaa34fb857f3bd35894beb94e3b4b8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
57KB

MD5
dbaeb78542b4795671ec1205748b09e1

SHA1
8decd4a7b818bb21b87479e0c1d6ec6207e9c19a

SHA256
6071a9aa07b50328aa5c3e6f3f861e89b53c5993ee0e8f3fd6e56e8812fde64a

SHA512
b40494660f44cedb2a495c87f19ca27e33e277c6ddf423fd47a8dda47a8e3d0c6d5a64defc90217cca668d9faf558dcc41e3d0fa6d03b56d710e43d2b46f691d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
198KB

MD5
b81120f9b8dbd1626a02d1bd79097e12

SHA1
915b6e04bff5c8b1e1438953cf82f45946d3cdd7

SHA256
c9f3b2dd2f9db849ec0bfa2aa0a99a093adefe81d6f9df8b7702405a28e08076

SHA512
078aaf7a25e104819fbfd1abd96f3e3169c7719722599bf01f3919491fd78f1ddf4d4606f22cf746f436fe5752b2093dbd64317dafe1702f37bfb707c8146fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
e39bcd50f7edc596ca5b9e456762100c

SHA1
4447dadf21f961e2a1eb0782f6776e4640449609

SHA256
265641b444fd25faad9768b590a5103403f2ade8e0dac188fffd5b8a55c0c471

SHA512
28f9ea5cfce32565fc53fa55f15be067d6ae72d617699e54a86753da0fcf36c9eb6b156f5de96b7067508d414800e09e70bd2f755cec6701481584b0dab0e015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d39c5312be8960536be19c2ba25098ba

SHA1
1d8b95388f1e9d34d196c72fa482e01c4cfe8395

SHA256
a4e4a98ebcde0c194e9202d6d1ec7688957a651a1b6aecfda607bd4fe47d42b0

SHA512
f6c1dc1827870d11261bf50f90f6af8c693b08e94072d13d6c37a308f7ebbf057591a9df91bbcb7a0e498353e2cde85bfcddb10436a250ff087f29949000927e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a90fe69293c72de41c1b8e4dbca67cbb

SHA1
bb4e5b4e6dac5984e4253e4b0bb69259d03510f1

SHA256
086f66ca319eb78bc911c8d664209242606840e87902fddd840cc9266e14711c

SHA512
01b0fc768f06fb4cb7cc9fc812ce9766843fb2734ca2a3c6a4cd06c469968a9dd9dcaefdb736cd4735342f1f4d39d0fa4eca5bc6dafd950dba36a55e575e6b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
28a5f07ee28d2351e96a898648319835

SHA1
c3e62d81320d0fcf406c0f7a129d9ba982180515

SHA256
5f4b0dbf95f23162986da77b8423fbfb27160e4e9d0ea02d15473d33826dd50d

SHA512
31df7be308da5fa24e1faaf25842fc47fd9de31474940c642f745ccd865f79b639a1b4ef06dbd2a9426803309e8f8e1839048c2c2e3cdd47972520f22ca9cfbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7f7ecaa92c3c02c8a86705cb4b9b80fe

SHA1
9d1698b5571ebde1d16cb6a18554cf7d19be3e6a

SHA256
461b8177cbcd93efda1b526d6caa00ed5aab79a8e6a3ee3d56f9dcc6d1cd60fd

SHA512
9aafc7cad0d120042d53d17b3b0e3a87ed82427aad5d69860f2f677b3ad7cb0aeb3abd38b293413566fd5905436960dc8a304fb8a990870efcf56354b62a00da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f4ccd131c84958ee0273fa103cf1c0d9

SHA1
5527683f703ae907cd3ecb9330d22843633b8347

SHA256
6b6aacd74ab1b31cacc616ca1f234d2f597b0bb8c75b5e7369e3667841b3275c

SHA512
61f65a1c3a5195d0ae49531aa1af26bc796b1163993cfd72756e8d20b9247d44a02a83f2ec095a21e76148f401e9d2cc6abdab17d04e574878db3334b26058ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8ad8c5c9bd84861116d7ef68c31ec71e

SHA1
6041293d04c15e58ac26969a382a14b77b063cc6

SHA256
863a4d6893d985287a4a2d9119f263967919a705fcc0fb5cdc7cffa8e2640dc2

SHA512
5ef1586476bfb652d3ec474a88e177c695bd4537ec194c285b3a925f87208d5f413725375dee967ba19e943a30ab5e16a56e26d3b4068adfac1ae5e8983d2849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3cb43c53ad1c68c9c397b741e7f3975a

SHA1
a706411b635541749a86832d95572dee5515b077

SHA256
9822c1306b17cb5f1937a19ca0e94525b1c2d32c3d642afada951d9c1d0d2e1b

SHA512
09b2b966ad48fa6586b117b1748d26a487f217bcbb5282c9ec3afa98ec5d576aa3938ddf2634bc951dac152a71c988e0fb2ae9f6f0b33aa4cdfc7bdbed55542a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f52310f38d663ffe3d5d42cbf6ae167a

SHA1
ec21944c8b6591d2db39593eb77626bab9a3b787

SHA256
f8f7df01c7c9ee5401bf33cfa51dc18b85ee0d31f15fd8120f078d2b03a1cace

SHA512
79aeacf09fb743c9bcd7a2cf7941d2c710db17ab23a56c7a09f042c6e9d1cbb65ef9b9f5ac3bcb224f5b98561baf07953867cff44fda94923a04fff50665968d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1da9c21dd376760f2d955850572f3913

SHA1
2e2d776b8a52bd26aff95d8f1c0b89e7d56c3e02

SHA256
c4b1e5dab9e87f360f2347d5fb1962b948e65a7587bf3032d233469075436b4f

SHA512
b77bebae567b11a14edb1fae8627a0e4b8be764c018850ba9d0025510acf76d3ca11ca2a4c77948de12b4bc64e1980da0ff7b3b234d5e3fb6874c234a6102e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
34820b0ed45fd3d82532204ddedc71bb

SHA1
900add0b0fb550621a14409a3da517f4c723b859

SHA256
6e5aeefc7f1d4e4665b95e7664792f97554170740181a76404b4f2b84643510e

SHA512
63082bcddb2fc6f41af1ec4589f9e408a854b2302d54c6311a677175ab43159ff7cab2ef2d34ed58b1987d90bb61b8892143f6df2e4f54a62be8c9aad5b84168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
45707870d27b9f7ac58b9e05fb9533a4

SHA1
76e399d7c9fd0f75f15516fba1e7afd5cc697f3d

SHA256
21ea65eb57f6ba1e13dd0c7febecf05f4400ef7b2154546c36ce7381bf1c9143

SHA512
d63bb8e55b4432692cba7153771251edd6dce9af12926ca5834e36d49dd1c5b67941a16ebb720dcab5645439b7fe5902d1800f11934d0fc27ce878e28913f741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
63843855979c63ff4e1d6594691c730e

SHA1
2846aa8b8d797a0b9eeb2d2467701818cfb095a7

SHA256
ae056b847d0a40943a8bceb0c8c89616f7672b53cca76f6df485789b3f7d4aa7

SHA512
6e25c224fbcb1ad5469de9784f95d0e002641b10868fe87d3729fe2ddd1b8bc4bf9e136ca140b40c167b628197742833ab6aac80c9ae4491ab6089c61a2662fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
731163548c8aee2ca4db5905efb39aae

SHA1
5c5f8cb4b2cd6b6983080e1fca597b570a92de95

SHA256
0bce9a8e12f97614bf25fda4df9c026d33e9b75c5630ca285e3bffc83eb8c220

SHA512
2a1e73a96e5bda11d52bdeca00231fc4d6a01166cd2a61d9ee06a0522d42c8449be9de809a73ab6090a55427bf0b4e6cfa2947574d0ebac66d7d4e5545c390ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
115510fb5db9fac41f083bdb1b1965b0

SHA1
5aec1cb939ece854a1f61195fbc866634ea5e12c

SHA256
117112dd7b55b54c25afb71d39377d1c363b1ab0d010c8979c3dfacd39f323b2

SHA512
7433dbba824385f6894dba2d5fbb378a0e825363c170d20bc425b8560a57532982e80fe09d79d9ae1ca8650aba2c628df172e5f31e7a7c92a4b0fa30624082d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
822b44b094adbd42d3e9c0b516d9526f

SHA1
2255c23171ba4384689f3717cb9c4a4ce327cdba

SHA256
76177a3e4bfdfbb6ab341c573964b7cb2641bffe95d407694517f7b00567637c

SHA512
08a7dd285ed0ea2cef8308de42ccf40575d150f64c734114eaeb706eb885bdcbfc345dcf70d4b21d9c8e1a263e7e4dba11f5e7c9c904548dca009b771249dcd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
708f5853e0f5ad5f911f0bcaa6a6ef63

SHA1
6f2b0395f959d35001984645b3694bf20b09e145

SHA256
71d4e1a5481a3c42900fee314ec451553e1c6e778992673f4f8f67c04b4d7841

SHA512
a56b2305d8537b4ec9328047d910935bd8db7ff1b4c8e13c18287c280132050071b8bc360ebd956bc8bdcb4a8c7d406aebfa9a93756b088b98e974c3f2dca260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
441dffaa7aad258150e9d9776e2b2ccb

SHA1
f0fe7462833d7b31f7e4fe9909f50e211775db4e

SHA256
d63f60f70add8091e23d49530b8f202c619bc036c85471c631230cc3a03b3b24

SHA512
51f00141b290752373642da3bfe01a9c4131d2fa530c2f0f272d226c5cddfcfeb83f4e24516a57989af8af4859053dc8f666c6548c2fbf274c6d3bdc82da38bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd33d4bf77be198f1954b5c70004d1d8

SHA1
2d48b6c7adfd6fb638e4ceabfe5e39f3964133b9

SHA256
818327e5eb8bbde79c10a7461f33f1d26e9dcc3002880b21480591ca02b4bdaf

SHA512
c65934a91dfcc1d02187631ebfef96545b5b0e5e3ec95acb4beec592319b8bcea45e6a6dfa70d36289603d365a756d87afd2372a0c48e679cb759a2fb12a6aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1f6d6748bed885675c671a59384ec8a6

SHA1
a960ff9232b6614e4f5a4db68aec2fde2e12682f

SHA256
2709a07ce8a91fb4e83a2d2595bbff0a3d20194a872e887f7281742b82adac4e

SHA512
d35359e5ec46f1e2720db11fae862e94401874a8ee2e5982a6e16fac84ec645f41eacad7daf94c2c00054a74e921824c1e631df96bfb942a8ab630feadde7f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6acdf20a136df92ba5ddf980523712cc

SHA1
b4c268dbe0c680df81459ca4bb3266e7369e3625

SHA256
9320335de138e599dbeb73822e862dfa321f48203b535de9833a9a6fe4e29511

SHA512
243b3f68cdb5375439518a2b81e8dd05a20364db8485ef851cd2d58434161b545b91e36fbfd839979051b4a502e23aa7c833cf36fbd3584828b1e4e7ac3ea0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3d752c41929e718c52f3666b2505fe6

SHA1
a1b135abbf6b7e16ed65daf1086b1685330220eb

SHA256
2cdc7a7a834e38e9534e880b0f4c4197858b6d27939b305e66b2d5c3126147e4

SHA512
1b6f6dd1ab5d6dd388d340465a990d1073d6b61ccc8a3d5cae086a2716d7fdaf84dbc8d00aeadf1d6be417c003f62c34903c0b464b35d4281b6fabac5483cb19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e62a.TMP

Filesize
1KB

MD5
72ef4b947e3f7ebcbc809d79da1a5631

SHA1
96cdd7bbe48d54c9423c79ba01419ae73f8a30ad

SHA256
5b4da3dd0293ca33688aa9dd6e6090f5be5538daf9653a0af838f2e51065f2c5

SHA512
93d1e6b7c528f70728e0b312388f1973ec82879e5d6d8f00bbd810e622dbc59373209b6dbdefa773b8a0dedbeedf61e0a37b2881a48ef23bfdfbf14596376ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3aa59cc2715cfb512400b74152023ff5

SHA1
e63a19dd9f7f6a51bc9a9ddb55ae53d4900a7f1e

SHA256
6729c61e59257d1d98a4d4bbc247dafdc0d1044f45ac34c488a4c7066a1fafa2

SHA512
43b7abef57710d665121804efd7bc10f251d251a88664cc03735782b2622e8f7f8cf3f24bb877a34e581b53052358500d24815f1ee02974bfe910cfa1a81d6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48e496e95c1acb6126a553b9804693a8

SHA1
f65ff021ac77cc0517628cbf2be17734b2cc2284

SHA256
495d30118b50ce3bdc68c5d25e7bf6105e6f95b3c5fa92346ce87f1096efcba6

SHA512
94d9e92f8994a111dc0c7aee4dbd50e458b212f765012590e55ca9ff88c4613108c58e367c9beb79a85ca5aca12497d2fed2374581b44c9fff89525f16d9a523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b8784c1abc553876b07b5ad9dfd2d488

SHA1
bc10b60caf3567e32a2a230f7acd112c569e0842

SHA256
48f4828d4a03bc42a39165cd562c06480e2f022c60ea4bbade12e77bcc5a1eb9

SHA512
0a1c9b9a818d274e10736008ef65aaef7a89aa58d4b75c9a8cdea0602ab4505f66119dfcf222c6d518e7e3fbc4907145ef8cfc91c766a40821f42159771b1cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c8892c0c775507581e543772c43e8c45

SHA1
7ef84a95d5b1a688b0e9a542f052dcc83c70af6e

SHA256
bfb994b09af6dabc68b480517998e24973f71bc3530b7da6bbbf2d7ac7795ef5

SHA512
b54701e938b94554e847bfbf91f1c5048dd59bb96ac9fbf906f5e4228a0f5401e9e4b260c809f2a23bf36d22cb7dafd989cba6f1f67d937f1aa733b344cb158b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a4ea7fd8c2c8efc126a7ca032be76cad

SHA1
0b498927d7449cfe66272bfc311740ebf4c7141d

SHA256
a484ba747f51bf7497bf65fdf807db3929d9b625002258a68582891fc72f92f1

SHA512
c38a170f6cbc564ec3f7f59e488b4d2a6fbb84170f2da9278e83593436de25d45c724f678d970004cf230e0f37397c9ccf81e424b59286ed7c5a8a56ded761c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b171dc0e704b862e5b13dfda62151d5

SHA1
cdcf6d5b4d8845d3b59de4430f0b3339565a5c19

SHA256
9ee7fe8cc33b2bb9d7eef298983ff1c3a0a763d6fee913b3c54cde42bb03372d

SHA512
7bebebd905c14c48b876bdf5cc716a360853de402dd4b21ad02e8c5c0d124ac969ddce3d417060ab6e3d8ddd84866b5b7f67d37a156581bee575813ab1a0c457

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3870231897-2573482396-1083937135-1000\83aa4cc77f591dfc2374580bbd95f6ba_27b06f29-58d3-4ff3-b1fc-f519e4e4f0ec

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\Desktop\shhh.jar

Filesize
639KB

MD5
d16a971e43890148833136cc02c6d2db

SHA1
6986f637d293fb6904e311c4a4b8ca2deedb8f34

SHA256
4dd575cbd9e27f3fb5898be8e792e854c950a889d6a3559a5f597731770775ee

SHA512
e1fdbca9c8805e5095b0e3becd73f0c24f857fb62518e538ed51ba49d4d50f78de27fbb294112a1d1b4e0219a5bd5ac82fbcddcee28cbe6f7d5ea9e247e97388

Download Submit
C:\Users\Admin\Desktop\wim.ihate.jar

Filesize
639KB

MD5
141833e87cba6b3b986696a442228a9c

SHA1
2d722e170ea76dbf32dc23c63f8d261d34a1df87

SHA256
8b8a44f3e4d3fd95cd0829ed3dd710ba20441972a92acf0426ac8eb86ccefb11

SHA512
a078492733ba382373400c9985ce1db9d06f6340c4d53f73b35acfb82a8618e8ce8ae894888b2c0ea2d3444497edc858ccac5f45762894dd01725b884f5f889f

Download Submit
C:\Users\Admin\Downloads\Sorillus.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\winrar.c.jar

Filesize
639KB

MD5
3211085ee19db642cd3f159df468d06c

SHA1
de1e66d8ad0b2b42bef94fff9034a651fa032983

SHA256
85a91b2858522089047de6e87764a7915533561efa0a75c880778a9c26135c2f

SHA512
ff9ee8bbc9cde5582809a866c2c9b2d98c3beccafec0e2b9da2b819fa35d4971f81127cf3da1f575db91ffbfeb76b5f9c847b3f74f00dbdc73bf48adebcac464

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF2005706972814095125.tmp

Filesize
163KB

MD5
881e150ab929e26d1f812c4342c15a7c

SHA1
18788c5d630fa695f9283f6393bfa541b2031508

SHA256
c576c50642271bcdbfffed04f92dc8d6a981daf300914d0a20c8a5a5a57015c7

SHA512
af18febdf3e0d5fc8111e6335bd8cc4fc8dd944910db8a4f3ebae284e3d1064eb793a25588007e3d1cee24051e11cf3328951a3f708375856d54176a53701b49

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF2675006413763525459.tmp

Filesize
212KB

MD5
629a55a7e793da068dc580d184cc0e31

SHA1
3564ed0b5363df5cf277c16e0c6bedc5a682217f

SHA256
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee

SHA512
6c24c71bee7370939df8085fa70f1298cfa9be6d1b9567e2a12b9bb92872a45547cbabcf14a5d93a6d86cd77165eb262ba8530b988bf2c989fadb255c943df9b

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF5804018236397321336.tmp

Filesize
43KB

MD5
731484623dfcbf11c948feea896b83c8

SHA1
464d1c30e20128907d6f6d667a48a3213ac4df83

SHA256
a4d9acdd8e2bb188c832059a86636b4b26118d5965f0c08debd2b62c0d63c9a5

SHA512
5dacfce6e70eff4141f107cd47c0c50068205485a9977fe60933238e750de8a46acaf99eed8dd08d70de2266360315db6b247e8e943fa276023c5360be81e794

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF7193625569527226367.tmp

Filesize
164KB

MD5
8a36205bd9b83e03af0591a004bc97f4

SHA1
56c5c0d38bde4c1f1549dda43db37b09c608aad3

SHA256
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14

SHA512
e96b43b0ca3fd7775d75a702f44cd1b0dfd325e1db317f7cba84efdf572571fe7594068f9132a937251aab8bd1f68783213677d4953aca197195fbe5db1f90d7

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF8765733594164052697.tmp

Filesize
217KB

MD5
1bf71be111189e76987a4bb9b3115cb7

SHA1
40442c189568184b6e6c27a25d69f14d91b65039

SHA256
cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424

SHA512
cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF915180540917078941.tmp

Filesize
52KB

MD5
de2d73ffb31b036a481049751970e2ca

SHA1
5c26b381aa54a3336729cbaf4281620e03c34873

SHA256
5afafd11dad40cc06023a6a5c1a6793b1cb55720314a18d4352879d6214b014e

SHA512
f19bda9d9f355dab1ae3846c5e3a6535e59c529d0efe6204dd54000f3e088cf94099a1ccab94c0fadf7631385b94ca8c667f76c0556066ea49f06b2ac1479adb

Download Submit
C:\Users\Admin\Sorillus\.tmp\button.css6559047765267557017.tmp

Filesize
758B

MD5
bb7dbd6c54d0fd9ca50ee8de70939b64

SHA1
47e1721d8eac9b6a7217ef344c10cc7881aebfb8

SHA256
912e4053f404a73cb93525235d34612b6d596c20feb5fbb931efa43500354677

SHA512
9f8648024bb4975a5a606f4c9f10ffc4ae03a7abe5439950d6a30a2651b49a4835ea325108187ad4b29d2af939b9934d4e5fc94924fb466ac7d99d6a15d1767a

Download Submit
C:\Users\Admin\Sorillus\.tmp\clients.css3738673226249434207.tmp

Filesize
124B

MD5
73170a0b32597f7f2394efda2fb0052c

SHA1
23b2b34660feedcfae760096debd44515c4fb580

SHA256
8bab80ef1af4a46664abf487b23a3cb3ba2fd083fc06b820089cbd9644a20b78

SHA512
ddc9e89df5a345c5d8d3b392aa9671c86afc2cb8ec0885430eab286ee1420ca11dc565e1afc482957564b2a5456d48a59d6a1a7e6ecff92f56abc8366fbc0719

Download Submit
C:\Users\Admin\Sorillus\.tmp\combo_box.css7024273494827585954.tmp

Filesize
1KB

MD5
498754e23ddb8c5c3e3c9bf609b47577

SHA1
0b8826598e76767a0de26f978b1e6f3b6458e974

SHA256
f326907999d1a0f5676e49194a6f9111ae1212d3f59224c600e9863735369a85

SHA512
917d4579a22f6338a458dec1751a091f38b6dc0e052c5697ea0b2acb4ac84ba014408ca80ffe11de003d7f0641296404b4dcfeef742a910013796cb232bc79e5

Download Submit
C:\Users\Admin\Sorillus\.tmp\context_menu.css2106101239824769745.tmp

Filesize
661B

MD5
9a641e818171bbe24fe925f7af4e81dd

SHA1
7efbc11a1ac887cd5da9d4e8256a54af3bb8ba05

SHA256
92d1fa57a3d1a0d518a57a9e74e0e7d0122866d6ca7681aa630853647ede86c6

SHA512
dbf3aecfefb6b7fbe5f121534a37ddf806edd6c46ac618bdcfeaf0e9649745c1e8a15962d0d83b81fff4f802391d09ba2a01796c1285f375ac1a980c767320ad

Download Submit
C:\Users\Admin\Sorillus\.tmp\dark.css1911218850397059639.tmp

Filesize
3KB

MD5
59ff8dbc93f35f28ab482f133ac28293

SHA1
63e3f7a9ecca25be8564bc055b4a7a156f8430ff

SHA256
16f48ee307c4bf3f7beaea583a5a9adc8e633034b98b704163ea7e76737cabe9

SHA512
b0affc3055aeb16b8230be685f18cb9208df76522bb9fe2525d4abc329fb60c9dbf1f9642462b7495a0e7139a36349e1b2650495b78a6e38b13d70990a4c7fc6

Download Submit
C:\Users\Admin\Sorillus\.tmp\dashboard.css3064003331224054591.tmp

Filesize
190B

MD5
6c80cc46e79e122ffd3548fe8cb29b2c

SHA1
84b5047e39ba1bdbfa6d371baef4ef303a8fc7c3

SHA256
1489a290e7427c90c84ca7b77cd2d80df3dd9d8bcd522696ff94b60e5a03954b

SHA512
cdb642b4368cd300c77bf7ab49474108a0f53abaca1247709ef0b9932b9e79e88c6a3db64bae9183d9af8433dd73e058582729be92358eaa5a9538cf0dbb4404

Download Submit
C:\Users\Admin\Sorillus\.tmp\general.css8159841095675349973.tmp

Filesize
1KB

MD5
2e6f17893706cf54aeed01df5172aa3b

SHA1
e142252ab755e3e7da39b265bbb418bee00dac48

SHA256
b80d51557d8d16bca4302e3f7f0d8e6850e835d4778ee80ecff0e98de049ffb0

SHA512
2795d9e0de7471f2a9402f0b8160830e2903e3899a6ba4f48a0af11f41539903b7cac11d954558406e3386988a05db9a32c11441e0b7495a38cc2c9383b22858

Download Submit
C:\Users\Admin\Sorillus\.tmp\generated_client_17346954079516337251021221187013.tmp

Filesize
637KB

MD5
3038d4a2bcd8adebf5c45cd4f7586eef

SHA1
ed26a78184d7f774a1ab13ec81c990d298475983

SHA256
6d8b00404ac1d070febe68cba005e2cbb4aadc2010ae19a1a5e675e897137d41

SHA512
742eca002880c37cc9526ba68cb1a06cee4f676f68dbfa0628b24c8937f2441db71b05216aa67c513464b13476f5e80a6952f7ea0bc8d7c04091a220b9cbb8f0

Download Submit
C:\Users\Admin\Sorillus\.tmp\info_knob.css3480134850237873199.tmp

Filesize
584B

MD5
79122aabd3cbe4a40d204664b184d2b5

SHA1
3de2e92fea2cd2f710dd242d636498f2e80c371b

SHA256
63eb798090a41d9f58d00d68714a14bc283ae2b6f0aaea40f9f1f212fe56d9ab

SHA512
d24e64770469e3766b9e32f2d1ca35a16ba94a9a68647cdfb41733f6b07cb1fac03d44b3645fff41609543fbc952cdd645e268a04b84dd41a242c3b47bdbbcec

Download Submit
C:\Users\Admin\Sorillus\.tmp\module_item.css7772578849982660163.tmp

Filesize
155B

MD5
6b881a7f9e3dfa945c707f5388a976ab

SHA1
a95220bfabd553eda78e2ccd57f1984084720488

SHA256
f09f35867470f9fb7d3b9c4f98c4b02fe893fb83ce23c4211b0a688efb4137bb

SHA512
60f0de77da07b9c2496e320aa22523a44cf6e4f74b2574c8db7e5b47172b80e054596a405b37db4650e5baebcdb5ad42c4454decdef27315139fce9dcc422eff

Download Submit
C:\Users\Admin\Sorillus\.tmp\modules.css7057231718686870886.tmp

Filesize
583B

MD5
97f37ea9c78c33b054aef67214b2f157

SHA1
54c3955afb12f7df173a2206aa4f483a6e2db742

SHA256
5682f1b4f1f5e439c268fbaf2aa6ec2060e282c43fe97e9a2daebb4ddc56e843

SHA512
69ddceb534346bbecacf9855375f8769bd07ac6f53d0d5902390471e0b264edd129f608e7eb8830beff8baed6a94cf8008931a442e19ddbf9e85c357a5fc3c59

Download Submit
C:\Users\Admin\Sorillus\.tmp\progress_bar.css9127375533885697531.tmp

Filesize
253B

MD5
55063ed0226b8722a56d961c19936680

SHA1
37576cccf4418aa74092bec3bfebd5213aada034

SHA256
3fdffdea523c0d65fd7f261e7e135ad8475b6fb4355e3d007a3088594a154cfd

SHA512
ba3402c7ea2e340870211af824bd2b40cedf64831fa2487f2c76d6bf2347dfdbef03e656399a7b2e34a68828479b9e6a23a456bb3fb101056d0b5277b078a881

Download Submit
C:\Users\Admin\Sorillus\.tmp\resize.css5766403517421855865.tmp

Filesize
565B

MD5
cbd1a58315ffe28f325613b67496f04c

SHA1
404a64a68e24b44074c398478b85bb7b0236e913

SHA256
40918c842e036dc4c02dc143d4cf5090be7c01dd7810b94f21e72a2d58954fb2

SHA512
b0fd85aa76109b50cd1160b29614c0887e7eb30352264366c62fb4026c98b43990e90bb1482f7b970e78bf5911233a52be05eafa5b4fb1a9a7ccab9610f76a26

Download Submit
C:\Users\Admin\Sorillus\.tmp\scroll_pane.css7766918997252872888.tmp

Filesize
1KB

MD5
7a2bf0762025328cf652d44dbff7bcba

SHA1
0f5bf001f4e63ac1abd8a9bd3b89da48d8a915dc

SHA256
f89a8d102323d68933531a1d44c5b2a504498af437b37f8ae510d4de91c786c3

SHA512
caa5fba5d135dd8bdc1b6b883c5a73ec380eb60417196ea773176b063fc1af1f1968712b4e160d2ec654c46f2aa1ec994f1aef69c4185008dd58246dde575c93

Download Submit
C:\Users\Admin\Sorillus\.tmp\settings.css9116526408148603649.tmp

Filesize
460B

MD5
7c842af9762445abec623edecc8af664

SHA1
d633637714f6b053d2d2777d3063b313d0f40e70

SHA256
18c424d92001074e8cfe33eb7b1f9d3f8e2c17c4cb126bb49c113489058e8490

SHA512
2485c6cbf31edfe276198ef4bc871fee440c9e47560ddb8600f3728c1e36b72ae71b0d6f7566ce0bcc08d7a8b426c8d43943d324b24769becac676ab0159626a

Download Submit
C:\Users\Admin\Sorillus\.tmp\side_bar.css1945849073955203296.tmp

Filesize
770B

MD5
27415b7527613fca0681c4b9c43a3cfa

SHA1
a3bd2dd871815e4c5dca8bb96034d3abb58570f3

SHA256
8a33cefb03597bba4e46900861d93a0606e6c83c818f6f3ce5cbf84fbc0a0d4b

SHA512
7c6f4b7ec96968ad5c362475066ba8d6a8da4ee1e5a0c0956e9418714ef15e8058f2432c8bcaa89b48b5dfef04d0550133f4e454d08061cce0f22a87ed30d392

Download Submit
C:\Users\Admin\Sorillus\.tmp\slfxblur5393412910408104257.dll

Filesize
14KB

MD5
7d98ecc5e5bc1b00731df7bd0c851abd

SHA1
15e4408f7d94b65c515b646d2e5953314b0e17c6

SHA256
fd7bf95651d114ff200322162e7b71f5090bb8632b506d45f8ea65bb0854635d

SHA512
d1b071e0a36cb2e94811fe49b7934ad9c66f3b03231c79d78a38bb31d486bbc1bcfee7fbac1ae617705165396bfad93f8d547d96300f1d9cfecbd03cb24bb569

Download Submit
C:\Users\Admin\Sorillus\.tmp\slider.css7334312224504526909.tmp

Filesize
201B

MD5
7adbedfc83159cd9cb13a1d3950742cd

SHA1
bc38ce1bcbc47f5d8aaf53eb98b315cf7f4240a0

SHA256
d1a98a6648f650be0ed95df7118c8ddbcef07b898b3147ce66bd55d159dab8c8

SHA512
3932dcb3853a5fb190a7e1c55f0dab223d52a1d9180691d81a3a72e5948071f4c4684bc4a326b0de5de8388e4a74f59fa49979ceaeab39bc63305c96dfe6fee4

Download Submit
C:\Users\Admin\Sorillus\.tmp\split_pane.css1505642012429120824.tmp

Filesize
222B

MD5
e669c059e8c01018839674f28f184a46

SHA1
9756f5c15867b873ec5b95d2200dd243e65fbd26

SHA256
123d0f52e2fe8c239c63060df6c5a3bf4ea116f1d0a60bbfe8a287774114c40d

SHA512
9b21f3cffd379d9b3fb38f245e7987644086393aa5f4753b516a79c239037f282be79f870bcc8ac982ba6be6f33fbde1be713c5fe60b57f47004757a23441458

Download Submit
C:\Users\Admin\Sorillus\.tmp\table_view.css7366254439550579765.tmp

Filesize
2KB

MD5
84d669ad2d89c6f4843bc3df8f611975

SHA1
1f5e315e70c2e5b28709b14741c2414e8eba7554

SHA256
43ab12f15a8792c28c993b85f5d9cc6e6375df36ee41bdb08161a9d31c5579e5

SHA512
6c9911117b9a39d984fc7b530166a64f65bd6ccd66f888b5b7f43f5316f04aabf5b265bfcf18eb60a67ca00722f0652f37526758ce5729300bb0176dfc455994

Download Submit
C:\Users\Admin\Sorillus\.tmp\text_area.css1307173666299859724.tmp

Filesize
1KB

MD5
4f0dfebf3681ac371c7aff5e7d0e0f91

SHA1
b576e22209e35d2e734452996402fa25da49b3a0

SHA256
3f27f2ac750e68f82402f83b0f9c8a448fcb3676f41832496107c76d83751ced

SHA512
6e992661d1494a503864ad343bca1ab425a1c72ec9e0a5686c86d7cf35e8be9f7352e7653070b24c0fe5460164f3e0d9fcfe4190154b4eb99c2b8258db623a3e

Download Submit
C:\Users\Admin\Sorillus\.tmp\text_field.css1963450512144800800.tmp

Filesize
399B

MD5
17a05544ad9f31393304af623d5ece60

SHA1
f28016a478b2f42a0a4c8e8e21f7fe7965df21b5

SHA256
39143bded6438ce26214b97c56fb648f5dfa71f24b4902281788ca62d4f4c7e6

SHA512
9ec244a5ad7f1ea620b144a18cef70d8fc45463a7bafc7bdff59c29586141f77eb324e13000855af49d629a5492649e9a4377539074e997877d458e67d1ff1ca

Download Submit
C:\Users\Admin\Sorillus\.tmp\tooltip.css8083689789818855347.tmp

Filesize
409B

MD5
1f5ce20df9cb96221ab047d62eec2faf

SHA1
313652f0a06cd0f2d5490a8a58b16fabab5fa8b0

SHA256
e0dbab93951a7529fb7e078f958c854ee5faa9097229aa73762396e9a64faeca

SHA512
2cfe638c93bd7b92072d59405b685831bd21bd7ef30dc04cb1cc5df2f88d62b6e09fa9733ffc50d605411d3b32622f98b3a4f9b1209525357bc7501a4a94a783

Download Submit
C:\Users\Admin\Sorillus\config\builder.config

Filesize
194B

MD5
3721f6096f960ae6a8c2b6d9c2197104

SHA1
c2b14925df2350a1c64e082ccc5b93711fa48115

SHA256
ee912d6d0a5dd084437af8bf60b4f90470426077a89f780fdc283a20e032feaa

SHA512
7ceff676d795cff791437b2a31a6f3ebb35e051f96c64982ec74aeb12792e0c05f3e9d0250b96bd63a558a6b062514e2c19002892156b686b8b7db58fc2f2970

Download Submit
C:\Users\Admin\Sorillus\config\general.config

Filesize
342B

MD5
c71543bfd47f93ca0b33554c5d0307bd

SHA1
dc75d7131de36e6cb8e5ad89b05d54f5d3b9ca7b

SHA256
2098d2de8aeb2f45254f4f852683ce9ffa919c6175681899d2633fe6887aee7f

SHA512
eaeb76c47b1c5a6eace0c35f24cc7284f5161d11c9b7d85b863fee8453fdb76bed3367333157c4239dd31d774f355cb00f5e9572ba30ab84c00efb42e9433ef5

Download Submit
C:\Users\Admin\Sorillus\config\server.config

Filesize
39B

MD5
9a26b792f5dc30cef038ba1b8f9fddaa

SHA1
3824a5ab2491cf936077b777488cb62df1c0613d

SHA256
e3d5cd3f3467d00280c84474845f9cd6feab8e21caf97a3ed27719ae94bccb9d

SHA512
cb8619100c6b63e28563cf4e84731618dd242529a6d86e4aada3941e146864bcdfb003be50930afc2b12dc131e1c2adaf525a9231657fea7d9902d3fb9686b48

Download Submit
memory/4536-985-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-656-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-915-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-978-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-983-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-916-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-999-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-827-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-574-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-495-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-415-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-1004-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-1003-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download
memory/4536-870-0x0000018A2C790000-0x0000018A2C791000-memory.dmp

Filesize
4KB

Download