adwind | hxxps://www[.]mediafire[.]com/file/ej8ic58pr4e1hni/Sorillus[.]zip/file

Analysis

max time kernel
345s
max time network
341s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
05-02-2025 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/ej8ic58pr4e1hni/Sorillus.zip/file

Score

10^/10

adwind discovery trojan

Malware Config

Signatures

AdWind
A Java-based RAT family operated as malware-as-a-service.
trojan adwind
Adwind family
adwind

Class file contains resources related to AdWind 1 IoCs

resource	yara_rule
sample	family_adwind4

Executes dropped EXE 1 IoCs

pid	Process
5092	java.exe

Loads dropped DLL 64 IoCs

pid	Process
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe
5092	java.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
210	camo.githubusercontent.com
211	camo.githubusercontent.com
212	camo.githubusercontent.com
213	camo.githubusercontent.com
214	camo.githubusercontent.com
215	camo.githubusercontent.com
216	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2089655958-977706906-1981639424-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4980	msedge.exe
4980	msedge.exe
5044	identity_helper.exe
5044	identity_helper.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
552	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2540	7zG.exe
Token: 35	2540	7zG.exe
Token: SeSecurityPrivilege	2540	7zG.exe
Token: SeSecurityPrivilege	2540	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5092	java.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 5060	4980	msedge.exe	83
PID 4980 wrote to memory of 5060	4980	msedge.exe	83
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 1784	4980	msedge.exe	84
PID 4980 wrote to memory of 4056	4980	msedge.exe	85
PID 4980 wrote to memory of 4056	4980	msedge.exe	85
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86
PID 4980 wrote to memory of 1668	4980	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/ej8ic58pr4e1hni/Sorillus.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d7eb46f8,0x7ff8d7eb4708,0x7ff8d7eb4718
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17392818341479701805,11449270359959916737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1308

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Sorillus\" -ad -an -ai#7zMap22094:78:7zEvent4716
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2540

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Sorillus\Sorillus\Start.bat" "
1⤵
PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/VehanRajintha
  2⤵
  PID:3672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8d7eb46f8,0x7ff8d7eb4708,0x7ff8d7eb4718
    3⤵
    PID:3784
- C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\java.exe
  jre1.8.0_361\bin\java.exe -jar -noverify Sorillas.jar
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bf0b2725c0cd068b0f67eb62cbc3244f

SHA1
54ee5cd3bd0ae55707020bf40c4342736e310caf

SHA256
5dff0f70a7691805910a88ef91c9ecc338c6a27b818ff6b0c8bc6e0e8e381d36

SHA512
f622f17ddcf1a364bbe926fe427b1544c3bea200b65f24aee14a5eaa7b260e33f396ef07f2a0a53540dc4c0f5beebf431b6d7d0a9032890de13b99a2089b852e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8cb3a8ae72d4143c46a67827ca0b7df

SHA1
171c2c090300f33f67510e38358077155a664f99

SHA256
7bf198a75746d630643056ad1571f0d46f6d069f7813a39888f7519b4b843e9e

SHA512
917d6ac30c1975f5266aa380baf9842575ad565c4399ef7da499e8f78d7300f6b1c4d3c5846d46b5c39fbbcd76097fe356274ce44eb35e8ca5c09522def6758e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
c90967dcc130ac7378f2f421d05b8a74

SHA1
21252a57a72d2acdd1d0ae6a2e002ccfcfb752aa

SHA256
ef2e15f93ee2a69a9e0e197484105566b6098827dbd690ad030610d7b1b2abf8

SHA512
25c29cfc40041d285ddabab93ae07e861ffd4a4c5fdd7d28ecd4dcd323a6cf3a1aed5f7a0ad040db42144535bcf6e9f978d726fcc2c0a5cb7e620278c6e8a63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e25f03dd222418044267bdf6ce489090

SHA1
f25475baef30505936be6621a8130d9a5e39c1ba

SHA256
e2e91f566faa04d0b809098f78b273e3562651ef78c4d6a89728bdb0a36761b9

SHA512
7b81262632cd3bb0a2afea3e5fdc09f3964eacae95a87f6be0c1df5933f2c1db6118502a433a1fd75343ae542fa767048ddb511956bfee9b98c16deb4ce92b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f5813c70740b2e72478e254289720884

SHA1
5d3d613821450b49ba2265d03b8d663cded64725

SHA256
736af36147a9a0c8b103b796944f3aa3e7ee51b5542ee8cdd3821bf57de7d03d

SHA512
2b3e6d360819bb4c39a56645e67f69952d8e5caae9e94a0c902d202b4784e69c328da83583edc616fb9d6c462c3ae323e5c1ae783950bb4bb2e74fbfa34f7ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
052ee4773a32b4e4fdb4f14d0bad37c4

SHA1
076c066ad881a5e51cfe229403e6b30aebc9d572

SHA256
74ea494fa8bee51176d8051a34b1d71f08b3324ccc4bc59682785f84b6144362

SHA512
9487bffd2000e55eba983aa27e5d8055f936e597d4a0fcb0b3a189b5f949a9acac5a4c65e1268b5ff0b18509a8652c7cbcccbc24a47382dacb2be3c169b55f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc6ae604d5bee1935f5416b7125be98a

SHA1
8c2441688492ef6e918fdb06995acc0fc9a8c272

SHA256
367d62ce4be613771115f9e4be1ec2125fc89b96d63061ecbcffa3abc2b4dd66

SHA512
4f053ef0ea76e489dcc730e57741819a6b2af31776aa2d8b7594e3127fb2c6ce26ece18e685156d5e835adb1ebe42d79f88cd4e1f5c422fe095ffdffcf5671fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4f7abcf9e43c51068fe1c3cf4848a547

SHA1
e962be378e33ab8a166ec134e00ea4a4607c5444

SHA256
ee86503b778ca93cd9dca77697b39d0fe662416abd9403c0b0228b672b897f12

SHA512
1e67f2791f3973cf60bf618c36a9c938ff9b2c3215673565f3d3f7ee4ba808f0acf4559f98a4b1ef3083b72f10ccc99d18ae6c3b21ed38b9b0aa12b4434337a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c386febdaf1e4e1711395e6712cdd239

SHA1
5b05f1798e8b5609ce216d401d56eec901d05b82

SHA256
e154c193010e6f00460ff820590b2d5f750e8caca654de59475cf1a28792f48e

SHA512
a071bf3df76de6cfa991aa212facfdb9d7d05214f1c0a778b9e40419153b75ea31d2a82bcf152d9ecbebda070de52b56ad7f5da488da646f4ed8e8bfde6be7a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0e2018fce7bc08b92eb94b11440cdaed

SHA1
85d6f502bb922c75349d5ea11b18843ce501b0f2

SHA256
d54c80098501443ab3bdfc202ea97133e6cf70c27034567934e4093fee5273a4

SHA512
e90d032203efa5bcf81792a9f1b5c4b7a82a1b08b34576801da04d2c8f346dbd5a7948f69eab5a66b7b1fa74cba78b6d7592bc0ab44326445188034a604417ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
30e988c0181e9e3766798a4f39de7d50

SHA1
976e11bbd471f3a4aa8c0984dd920dbaf2bba6ec

SHA256
1642791e80645a96daf6fdff75444038da9363e99d58306287b8b703a9df59c2

SHA512
1f9e399e5d5afc4ebaf3d639f3aab12141be05620e290d4340123897b6e30dfb4c660e9075c40835dd62d114d0bb5e9a2896180bf7cf66f23781d9258d3d9a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fbd5.TMP

Filesize
48B

MD5
bd3c76efe444dbc1cf61e65d021a1af6

SHA1
abbcd88fd4ca0941509256fc3e1ee11319b90949

SHA256
43b78ff4f0707913dc4d36f07e1aee8062a885d00391754f2dfa5846fa7e8c13

SHA512
83196b40d00b066e7deaab8fc621bb304ad5bc4cae83d947a72c6513f882719fc3410144f1f5915fae5f4912ca4ccbd0df83e735c26c2661c1731e7a17fa7b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
266ddec37e3b8e0414001e05b0d32fd2

SHA1
70ecadfba1f90ab18333e1240adea8dc714e3cf7

SHA256
7e8ed554d81fa0bf1760ad144d4cd99e2800792a51310501f1b2eb0a5cdfb373

SHA512
0b809dcca6e5377e067d805cfa4c12d42c846ee679cfd1e3695e8a3382a81236de64bc6417ab45ca5065747eb948cc82d14057b1d6af1ddcb015b8973caa68bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8913e7ac128337fdb08682ec473ef805

SHA1
497317fea5e35343346d83b3e73a953e8d500950

SHA256
11063711bcfee96dd46a4e1224abf3a71777a55882933098c933c07cb8f96d00

SHA512
db260bcc75714ed6dd0cc0c431b8d3fa9840254bcabf7f791425bd712b08423996b6adb0fd9cbfc3e313c46d6ce86f455e3fedf899b339efd0c4fbc7e3d5b3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57df34.TMP

Filesize
1KB

MD5
995975c61f9e348a846096690086e1e8

SHA1
fb36940dd6b3f54d5262b5cee65a59b428521ad3

SHA256
8b559dd78301320383eea2856ac49f8fdce1dee39f55bc756813f96992dddaa4

SHA512
385c1a798f65693bede171e5eddfa9b29c02ae4f5142198053f61fcee337ff5ae8ed6781080eaf731c90c651586bacc26ac43e09481c4f8b50c0e60334781e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
02255c24587e6652ef006e0a26a1e2fb

SHA1
ed358a0a80b90a0293244a70033fbf374283d540

SHA256
7e0581a267e6ec61fd30f7daff5f0bd33226dc80bce5af4c3fe9484d8bb2319b

SHA512
8dcca9bc9db585a9b174e89495a1b9328b5e48af525834465a791df4616acfaf7fe4710570094088fcd7ab57312cbb391e602635371bc235a6450b0aa94fa6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a2ccc459d5b4e84d0afa29ec34defce5

SHA1
28b4716a6f3bfa4ece76232ae1c15b8750688cff

SHA256
31a54587762a496662ee352206f508490f3d25f8682eeea067305db88ef9dd95

SHA512
b55f189519eb90250a7719424baa4ddb0c2508aace0ce4267280e1d72bc4ebc9f13da68ee6d3c2792b6bf03949075416e56e0ced34abf34adda6832c2dcfcf73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9c6430bc152d2b759d05fec2faab6485

SHA1
fe44f9881f1b2760cf3314b5ac943b0831ddabbd

SHA256
a1f57276ebbc3769fb745b82f2786a28744e8d409e907e4ecb02bd9164049c9a

SHA512
317cd2e321f65d591c7c99765b0ce609256d10eff58b18eef7782cfcb1ab747da7f72e05d36b47bc0d8504ee3824dd02a3b372e23afff3ef01aff0246c6253e9

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\Sorillas.jar

Filesize
10.0MB

MD5
7e3c3eadd00b0903f1fcc806536cf406

SHA1
efe17275ac9ffc91fb1ce25f579fbfa1f8dc6095

SHA256
6dfff4c60b32f6e841b1e7cf4ea99831820f4aa2dd81421d7257bdfedcd28365

SHA512
9dcd295c96f6beab8fb5af447fa759bbf7ff1154f345affeff1b06e2f205e561cd6eb31db23f3656e751d0892c4b766112684068b43bb4e70a075c1a909a2abc

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\Start.bat

Filesize
118B

MD5
e6cd414df0de7c99585db0ad8f244cdc

SHA1
2c5427d620cf0688f845f73262dc9284412b82d5

SHA256
76480caf43789d8c3ebe65aac68f4959784641e0bf0b528d1601fb6f06a6dd64

SHA512
4d20fddb50c46112df187b15e4b93a1fa006c346462b0e3250ab7158d6b29e1afc26cbb899f869f80451f711bd611eb486c880307cef5bc64dea0e4ddf1b4255

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\api-ms-win-core-console-l1-1-0.dll

Filesize
11KB

MD5
919e653868a3d9f0c9865941573025df

SHA1
eff2d4ff97e2b8d7ed0e456cb53b74199118a2e2

SHA256
2afbfa1d77969d0f4cee4547870355498d5c1da81d241e09556d0bd1d6230f8c

SHA512
6aec9d7767eb82ebc893ebd97d499debff8da130817b6bb4bcb5eb5de1b074898f87db4f6c48b50052d4f8a027b3a707cad9d7ed5837a6dd9b53642b8a168932

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\api-ms-win-core-console-l1-2-0.dll

Filesize
11KB

MD5
7676560d0e9bc1ee9502d2f920d2892f

SHA1
4a7a7a99900e41ff8a359ca85949acd828ddb068

SHA256
00942431c2d3193061c7f4dc340e8446bfdbf792a7489f60349299dff689c2f9

SHA512
f1e8db9ad44cd1aa991b9ed0e000c58978eb60b3b7d9908b6eb78e8146e9e12590b0014fc4a97bc490ffe378c0bf59a6e02109bfd8a01c3b6d0d653a5b612d15

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\api-ms-win-core-datetime-l1-1-0.dll

Filesize
11KB

MD5
ac51e3459e8fce2a646a6ad4a2e220b9

SHA1
60cf810b7ad8f460d0b8783ce5e5bbcd61c82f1a

SHA256
77577f35d3a61217ea70f21398e178f8749455689db52a2b35a85f9b54c79638

SHA512
6239240d4f4fa64fc771370fb25a16269f91a59a81a99a6a021b8f57ca93d6bb3b3fcecc8dede0ef7914652a2c85d84d774f13a4143536a3f986487a776a2eae

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\api-ms-win-core-debug-l1-1-0.dll

Filesize
11KB

MD5
b0e0678ddc403effc7cdc69ae6d641fb

SHA1
c1a4ce4ded47740d3518cd1ff9e9ce277d959335

SHA256
45e48320abe6e3c6079f3f6b84636920a367989a88f9ba6847f88c210d972cf1

SHA512
2badf761a0614d09a60d0abb6289ebcbfa3bf69425640eb8494571afd569c8695ae20130aac0e1025e8739d76a9bff2efc9b4358b49efe162b2773be9c3e2ad4

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
11KB

MD5
94788729c9e7b9c888f4e323a27ab548

SHA1
b0ba0c4cf1d8b2b94532aa1880310f28e87756ec

SHA256
accdd7455fb6d02fe298b987ad412e00d0b8e6f5fb10b52826367e7358ae1187

SHA512
ab65495b1d0dd261f2669e04dc18a8da8f837b9ac622fc69fde271ff5e6aa958b1544edd8988f017d3dd83454756812c927a7702b1ed71247e506530a11f21c6

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\api-ms-win-core-file-l1-1-0.dll

Filesize
14KB

MD5
580d9ea2308fc2d2d2054a79ea63227c

SHA1
04b3f21cbba6d59a61cd839ae3192ea111856f65

SHA256
7cb0396229c3da434482a5ef929d3a2c392791712242c9693f06baa78948ef66

SHA512
97c1d3f4f9add03f21c6b3517e1d88d1bf9a8733d7bdca1aecba9e238d58ff35780c4d865461cc7cd29e9480b3b3b60864abb664dcdc6f691383d0b281c33369

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\java.dll

Filesize
163KB

MD5
db081a9968bb0c37a57725cdb66a0c7b

SHA1
d5fed172d82111d1f3bcb46ab3bd8b412f3ee003

SHA256
5b9b01f1ec06ad559285201cf0907e1c31473f6fb91aa09813dd8f076f94afe3

SHA512
8a3717be2bdc1d2e628a069a61ac5b504467c52c7b52496c14050cd0fbc3e1023c791ca8b5c3270579e1cc725a8a0cff62c427dc1c25c2ec74725d1dacc621d5

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\java.exe

Filesize
273KB

MD5
47b34557cbf069e0ad9807305cb5c36a

SHA1
58abfbefc486427175b15e69e8e8f4e346318c34

SHA256
cabcfcf1aebf926bbe03b2aded9e7bbb57f4e10600578a6f2acafbf83b7423d4

SHA512
f9354ec19c3bad2a3a9e95211a306e54ebe559127d8ae660ce75c88839afd558821a0a858366db8820517cb12f7fe0056bb5c09199c1fe1a9083e299b02a148d

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\msvcp140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\server\jvm.dll

Filesize
8.2MB

MD5
a5b5e313919826735b73731252a2bc2e

SHA1
090054f0aeeaaac570130ef5a03c26970cdb050c

SHA256
86765f3558ffbb2cf28fb683ee17c288967e636b5cb4fe0422ade39591f6abf4

SHA512
2e0199624f91f9c952ea4fb81a01096febe8dde6fba85f66e7978c98ba749da3cd53cb6d986260e357c19a1d3b5411d6716548ef57e31ec75d55f4d3a3420c3f

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\vcruntime140.dll

Filesize
83KB

MD5
1453290db80241683288f33e6dd5e80e

SHA1
29fb9af50458df43ef40bfc8f0f516d0c0a106fd

SHA256
2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c

SHA512
4ea48a11e29ea7ac3957dcab1a7912f83fd1c922c43d7b7d78523178fe236b4418729455b78ac672bb5632ecd5400746179802c6a9690adb025270b0ade84e91

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\verify.dll

Filesize
54KB

MD5
c15088054d639475e51b88251369c226

SHA1
8849a9ee53e6bc7d1618103b674a6f481b72f3aa

SHA256
a7e7890ec2e238b3108fe2d9b4796898b2fff30ce07957f60689975d7460098c

SHA512
81ae70caf0304c63adadc3437e592ea9540db59ac7bd7417b769b5702a2aa012bec79aab8ce01187ebbd78555b7824fc4434a113dd9be5b667ce693b293122c4

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\bin\zip.dll

Filesize
84KB

MD5
7c7a8adce66eeb67a96ca617c8286d72

SHA1
da1f100637f0b94aaea4e3999ef96a32a63bfc2b

SHA256
d15be64cc05ae14db69b5a3558cd57767eda91e708c74d3dccdc4958c42cb5d9

SHA512
00d3c1145b8c8ea246f456000c2fcfe1e978d148ad69ddabdf9e5f332db4e44025211916c6452b5030f8326d523d6e72de8aebd9e41d83afccb8713e88782f31

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\lib\amd64\jvm.cfg

Filesize
634B

MD5
499f2a4e0a25a41c1ff80df2d073e4fd

SHA1
e2469cbe07e92d817637be4e889ebb74c3c46253

SHA256
80847ed146dbc5a9f604b07ec887737fc266699abba266177b553149487ce9eb

SHA512
7828f7b06d0f4309b9edd3aa71ae0bb7ee92d2f8df5642c13437bba2a3888e457dc9b24c16aa9e0f19231530cb44b8ccd955cbbdf5956ce8622cc208796b357d

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\lib\charsets.jar

Filesize
2.9MB

MD5
82ade56ed7fa67287198802746ee6045

SHA1
2c5ad0a04bd0fae259cf29af346379284c684d42

SHA256
c89895405e63110d69bb37178f0650bf2a4a489ab9e98da613464c61c475b58c

SHA512
cd3c2180e185d1fce354ede366845668ab165ad0ebf7fd9cd9fbb3723ab64c3515c30e772e1577a747468e530d677c7955b41528d39e6d3c8c988b11604e470d

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\lib\ext\jfxrt.jar

Filesize
17.4MB

MD5
671df034c39d335d5e9de4da7cf70e97

SHA1
184aa46308c1af192f119b6cae48c6a567175592

SHA256
0fb07fad0f05706dcdb487ef3fa8adfc97e1a47792ee9cb7af359c77a9393542

SHA512
7512b351ef1429bb722318c415cbcd5459dc86678b11634e3dd8e83394e59a48551a817842d73107546ffdfe05eb06f7ab4ce6a853ce266f3503885d4517a8ed

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\lib\ext\meta-index

Filesize
1KB

MD5
005faac2118450bfcd46ae414da5f0e5

SHA1
9f5c887e0505e1bb06bd1fc7975a3219709d061d

SHA256
f0bce718f8d2b38247ce0ac814a1470c826602f4251d86369c2359ff60676bd8

SHA512
8b618c74b359ab3c9d3c8a4864f8e48fe4054514a396352a829a84c9b843a2028c6c31eb53e857e03c803294e05f69c5bf586e261312264e7607b2efd14f78a9

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\lib\jce.jar

Filesize
119KB

MD5
1f4d4fc6b33c30c5782c66b80d92c4f9

SHA1
194df32fb23b470dae4929605d18abd041c743c6

SHA256
81b8de0e148ed3601cf5f1bdf2787c5b15213d842bc537af9ede9635d692b904

SHA512
dfde7e03fc106b785887f2a409b3528c5862663f188c95f6a95c739bdfcc8c6205c03b739de1b259e9a8a0360aa4e10e8d4bce1a57445797a214160b8d98a085

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\lib\jfr.jar

Filesize
559KB

MD5
18c5aec1e008f781bf74707662920000

SHA1
c29c11cda5b867b68cba1fa7cb331d54a66b3f56

SHA256
e9eab8ec4712142a3ed9ac833d853e144043699c1712986736f3667a9267c11b

SHA512
9988b510d7e036ef41673edd8e38e2f72b695741da3ef63678b808b5e10a76951d016e27cdd23857de0ed0f3b44be8f7fb3a141021b543f104f2a214e53ca74d

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\lib\jsse.jar

Filesize
1.7MB

MD5
f095a5ac04775e1093d54822460cc5a7

SHA1
2e0f0ec528c41b437126c506a91fe1ad5e699865

SHA256
784b8df88387ee27383d6db4e184b169a21cb4b8bcb0d8395a7b1ac2b128108a

SHA512
c0b5ca94ead3dffd33e19a2d757b2b653867b4f539a143ef17baeef1015c3845aba4f0666ef1d0c7ce02d156ce826b9c324c8159983a71d19d60415d60e25d36

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\lib\meta-index

Filesize
2KB

MD5
91aa6ea7320140f30379f758d626e59d

SHA1
3be2febe28723b1033ccdaa110eaf59bbd6d1f96

SHA256
4af21954cdf398d1eae795b6886ca2581dac9f2f1d41c98c6ed9b5dbc3e3c1d4

SHA512
03428803f1d644d89eb4c0dcbdea93acaac366d35fc1356ccabf83473f4fef7924edb771e44c721103cec22d94a179f092d1bfd1c0a62130f076eb82a826d7cb

Download Submit
C:\Users\Admin\Downloads\Sorillus\Sorillus\jre1.8.0_361\lib\resources.jar

Filesize
3.4MB

MD5
0fdcdf2b521c8ffba3fcae32a684358e

SHA1
45a3ae43334b1a0f46d76599d3926c40fa790965

SHA256
2189d10490922562be379da742eedc5e77cac61a6d2a484a3ed4693965dfe290

SHA512
1a1489faa7903bc24d4cc3fbd0ee80e79602a39ea9530f10075a52460e6100c807dbafb17e4b1a7997c23cbe3906808291be7718e6525a79a295e1ddc8ed9eda

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF1263410174739781934.tmp

Filesize
43KB

MD5
731484623dfcbf11c948feea896b83c8

SHA1
464d1c30e20128907d6f6d667a48a3213ac4df83

SHA256
a4d9acdd8e2bb188c832059a86636b4b26118d5965f0c08debd2b62c0d63c9a5

SHA512
5dacfce6e70eff4141f107cd47c0c50068205485a9977fe60933238e750de8a46acaf99eed8dd08d70de2266360315db6b247e8e943fa276023c5360be81e794

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF319653433593795916.tmp

Filesize
164KB

MD5
8a36205bd9b83e03af0591a004bc97f4

SHA1
56c5c0d38bde4c1f1549dda43db37b09c608aad3

SHA256
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14

SHA512
e96b43b0ca3fd7775d75a702f44cd1b0dfd325e1db317f7cba84efdf572571fe7594068f9132a937251aab8bd1f68783213677d4953aca197195fbe5db1f90d7

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF666952443234890240.tmp

Filesize
217KB

MD5
1bf71be111189e76987a4bb9b3115cb7

SHA1
40442c189568184b6e6c27a25d69f14d91b65039

SHA256
cf5f5184c1441a1660aa52526328e9d5c2793e77b6d8d3a3ad654bdb07ab8424

SHA512
cb18b69e98a194af5e3e3d982a75254f3a20bd94c68816a15f38870b9be616cef0c32033f253219cca9146b2b419dd6df28cc4ceeff80d01f400aa0ed101e061

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF8352671976387532790.tmp

Filesize
52KB

MD5
de2d73ffb31b036a481049751970e2ca

SHA1
5c26b381aa54a3336729cbaf4281620e03c34873

SHA256
5afafd11dad40cc06023a6a5c1a6793b1cb55720314a18d4352879d6214b014e

SHA512
f19bda9d9f355dab1ae3846c5e3a6535e59c529d0efe6204dd54000f3e088cf94099a1ccab94c0fadf7631385b94ca8c667f76c0556066ea49f06b2ac1479adb

Download Submit
C:\Users\Admin\Sorillus\.tmp\+JXF8582970151427552075.tmp

Filesize
212KB

MD5
629a55a7e793da068dc580d184cc0e31

SHA1
3564ed0b5363df5cf277c16e0c6bedc5a682217f

SHA256
e64e508b2aa2880f907e470c4550980ec4c0694d103a43f36150ac3f93189bee

SHA512
6c24c71bee7370939df8085fa70f1298cfa9be6d1b9567e2a12b9bb92872a45547cbabcf14a5d93a6d86cd77165eb262ba8530b988bf2c989fadb255c943df9b

Download Submit
C:\Users\Admin\Sorillus\.tmp\button.css3118608284123887575.tmp

Filesize
758B

MD5
bb7dbd6c54d0fd9ca50ee8de70939b64

SHA1
47e1721d8eac9b6a7217ef344c10cc7881aebfb8

SHA256
912e4053f404a73cb93525235d34612b6d596c20feb5fbb931efa43500354677

SHA512
9f8648024bb4975a5a606f4c9f10ffc4ae03a7abe5439950d6a30a2651b49a4835ea325108187ad4b29d2af939b9934d4e5fc94924fb466ac7d99d6a15d1767a

Download Submit
C:\Users\Admin\Sorillus\.tmp\clients.css1070922381914871727.tmp

Filesize
124B

MD5
73170a0b32597f7f2394efda2fb0052c

SHA1
23b2b34660feedcfae760096debd44515c4fb580

SHA256
8bab80ef1af4a46664abf487b23a3cb3ba2fd083fc06b820089cbd9644a20b78

SHA512
ddc9e89df5a345c5d8d3b392aa9671c86afc2cb8ec0885430eab286ee1420ca11dc565e1afc482957564b2a5456d48a59d6a1a7e6ecff92f56abc8366fbc0719

Download Submit
C:\Users\Admin\Sorillus\.tmp\combo_box.css5813422913329934413.tmp

Filesize
1KB

MD5
498754e23ddb8c5c3e3c9bf609b47577

SHA1
0b8826598e76767a0de26f978b1e6f3b6458e974

SHA256
f326907999d1a0f5676e49194a6f9111ae1212d3f59224c600e9863735369a85

SHA512
917d4579a22f6338a458dec1751a091f38b6dc0e052c5697ea0b2acb4ac84ba014408ca80ffe11de003d7f0641296404b4dcfeef742a910013796cb232bc79e5

Download Submit
C:\Users\Admin\Sorillus\.tmp\context_menu.css1052867129569606847.tmp

Filesize
661B

MD5
9a641e818171bbe24fe925f7af4e81dd

SHA1
7efbc11a1ac887cd5da9d4e8256a54af3bb8ba05

SHA256
92d1fa57a3d1a0d518a57a9e74e0e7d0122866d6ca7681aa630853647ede86c6

SHA512
dbf3aecfefb6b7fbe5f121534a37ddf806edd6c46ac618bdcfeaf0e9649745c1e8a15962d0d83b81fff4f802391d09ba2a01796c1285f375ac1a980c767320ad

Download Submit
C:\Users\Admin\Sorillus\.tmp\dark.css101465818056999298.tmp

Filesize
3KB

MD5
59ff8dbc93f35f28ab482f133ac28293

SHA1
63e3f7a9ecca25be8564bc055b4a7a156f8430ff

SHA256
16f48ee307c4bf3f7beaea583a5a9adc8e633034b98b704163ea7e76737cabe9

SHA512
b0affc3055aeb16b8230be685f18cb9208df76522bb9fe2525d4abc329fb60c9dbf1f9642462b7495a0e7139a36349e1b2650495b78a6e38b13d70990a4c7fc6

Download Submit
C:\Users\Admin\Sorillus\.tmp\dashboard.css3770532263650018766.tmp

Filesize
190B

MD5
6c80cc46e79e122ffd3548fe8cb29b2c

SHA1
84b5047e39ba1bdbfa6d371baef4ef303a8fc7c3

SHA256
1489a290e7427c90c84ca7b77cd2d80df3dd9d8bcd522696ff94b60e5a03954b

SHA512
cdb642b4368cd300c77bf7ab49474108a0f53abaca1247709ef0b9932b9e79e88c6a3db64bae9183d9af8433dd73e058582729be92358eaa5a9538cf0dbb4404

Download Submit
C:\Users\Admin\Sorillus\.tmp\general.css2069249370645085203.tmp

Filesize
1KB

MD5
2e6f17893706cf54aeed01df5172aa3b

SHA1
e142252ab755e3e7da39b265bbb418bee00dac48

SHA256
b80d51557d8d16bca4302e3f7f0d8e6850e835d4778ee80ecff0e98de049ffb0

SHA512
2795d9e0de7471f2a9402f0b8160830e2903e3899a6ba4f48a0af11f41539903b7cac11d954558406e3386988a05db9a32c11441e0b7495a38cc2c9383b22858

Download Submit
C:\Users\Admin\Sorillus\.tmp\info_knob.css4291498393367126057.tmp

Filesize
584B

MD5
79122aabd3cbe4a40d204664b184d2b5

SHA1
3de2e92fea2cd2f710dd242d636498f2e80c371b

SHA256
63eb798090a41d9f58d00d68714a14bc283ae2b6f0aaea40f9f1f212fe56d9ab

SHA512
d24e64770469e3766b9e32f2d1ca35a16ba94a9a68647cdfb41733f6b07cb1fac03d44b3645fff41609543fbc952cdd645e268a04b84dd41a242c3b47bdbbcec

Download Submit
C:\Users\Admin\Sorillus\.tmp\module_item.css8821548801147203904.tmp

Filesize
155B

MD5
6b881a7f9e3dfa945c707f5388a976ab

SHA1
a95220bfabd553eda78e2ccd57f1984084720488

SHA256
f09f35867470f9fb7d3b9c4f98c4b02fe893fb83ce23c4211b0a688efb4137bb

SHA512
60f0de77da07b9c2496e320aa22523a44cf6e4f74b2574c8db7e5b47172b80e054596a405b37db4650e5baebcdb5ad42c4454decdef27315139fce9dcc422eff

Download Submit
C:\Users\Admin\Sorillus\.tmp\modules.css2495076696120627387.tmp

Filesize
583B

MD5
97f37ea9c78c33b054aef67214b2f157

SHA1
54c3955afb12f7df173a2206aa4f483a6e2db742

SHA256
5682f1b4f1f5e439c268fbaf2aa6ec2060e282c43fe97e9a2daebb4ddc56e843

SHA512
69ddceb534346bbecacf9855375f8769bd07ac6f53d0d5902390471e0b264edd129f608e7eb8830beff8baed6a94cf8008931a442e19ddbf9e85c357a5fc3c59

Download Submit
C:\Users\Admin\Sorillus\.tmp\progress_bar.css8775096855218010383.tmp

Filesize
253B

MD5
55063ed0226b8722a56d961c19936680

SHA1
37576cccf4418aa74092bec3bfebd5213aada034

SHA256
3fdffdea523c0d65fd7f261e7e135ad8475b6fb4355e3d007a3088594a154cfd

SHA512
ba3402c7ea2e340870211af824bd2b40cedf64831fa2487f2c76d6bf2347dfdbef03e656399a7b2e34a68828479b9e6a23a456bb3fb101056d0b5277b078a881

Download Submit
C:\Users\Admin\Sorillus\.tmp\resize.css7985564608130349168.tmp

Filesize
565B

MD5
cbd1a58315ffe28f325613b67496f04c

SHA1
404a64a68e24b44074c398478b85bb7b0236e913

SHA256
40918c842e036dc4c02dc143d4cf5090be7c01dd7810b94f21e72a2d58954fb2

SHA512
b0fd85aa76109b50cd1160b29614c0887e7eb30352264366c62fb4026c98b43990e90bb1482f7b970e78bf5911233a52be05eafa5b4fb1a9a7ccab9610f76a26

Download Submit
C:\Users\Admin\Sorillus\.tmp\scroll_pane.css7892770917390515859.tmp

Filesize
1KB

MD5
7a2bf0762025328cf652d44dbff7bcba

SHA1
0f5bf001f4e63ac1abd8a9bd3b89da48d8a915dc

SHA256
f89a8d102323d68933531a1d44c5b2a504498af437b37f8ae510d4de91c786c3

SHA512
caa5fba5d135dd8bdc1b6b883c5a73ec380eb60417196ea773176b063fc1af1f1968712b4e160d2ec654c46f2aa1ec994f1aef69c4185008dd58246dde575c93

Download Submit
C:\Users\Admin\Sorillus\.tmp\side_bar.css6536249555101624377.tmp

Filesize
770B

MD5
27415b7527613fca0681c4b9c43a3cfa

SHA1
a3bd2dd871815e4c5dca8bb96034d3abb58570f3

SHA256
8a33cefb03597bba4e46900861d93a0606e6c83c818f6f3ce5cbf84fbc0a0d4b

SHA512
7c6f4b7ec96968ad5c362475066ba8d6a8da4ee1e5a0c0956e9418714ef15e8058f2432c8bcaa89b48b5dfef04d0550133f4e454d08061cce0f22a87ed30d392

Download Submit
C:\Users\Admin\Sorillus\.tmp\slider.css8753038433025236862.tmp

Filesize
201B

MD5
7adbedfc83159cd9cb13a1d3950742cd

SHA1
bc38ce1bcbc47f5d8aaf53eb98b315cf7f4240a0

SHA256
d1a98a6648f650be0ed95df7118c8ddbcef07b898b3147ce66bd55d159dab8c8

SHA512
3932dcb3853a5fb190a7e1c55f0dab223d52a1d9180691d81a3a72e5948071f4c4684bc4a326b0de5de8388e4a74f59fa49979ceaeab39bc63305c96dfe6fee4

Download Submit
C:\Users\Admin\Sorillus\.tmp\split_pane.css5669264793131889728.tmp

Filesize
222B

MD5
e669c059e8c01018839674f28f184a46

SHA1
9756f5c15867b873ec5b95d2200dd243e65fbd26

SHA256
123d0f52e2fe8c239c63060df6c5a3bf4ea116f1d0a60bbfe8a287774114c40d

SHA512
9b21f3cffd379d9b3fb38f245e7987644086393aa5f4753b516a79c239037f282be79f870bcc8ac982ba6be6f33fbde1be713c5fe60b57f47004757a23441458

Download Submit
C:\Users\Admin\Sorillus\.tmp\table_view.css4940230173517950967.tmp

Filesize
2KB

MD5
84d669ad2d89c6f4843bc3df8f611975

SHA1
1f5e315e70c2e5b28709b14741c2414e8eba7554

SHA256
43ab12f15a8792c28c993b85f5d9cc6e6375df36ee41bdb08161a9d31c5579e5

SHA512
6c9911117b9a39d984fc7b530166a64f65bd6ccd66f888b5b7f43f5316f04aabf5b265bfcf18eb60a67ca00722f0652f37526758ce5729300bb0176dfc455994

Download Submit
C:\Users\Admin\Sorillus\.tmp\text_area.css3812187438903753528.tmp

Filesize
1KB

MD5
4f0dfebf3681ac371c7aff5e7d0e0f91

SHA1
b576e22209e35d2e734452996402fa25da49b3a0

SHA256
3f27f2ac750e68f82402f83b0f9c8a448fcb3676f41832496107c76d83751ced

SHA512
6e992661d1494a503864ad343bca1ab425a1c72ec9e0a5686c86d7cf35e8be9f7352e7653070b24c0fe5460164f3e0d9fcfe4190154b4eb99c2b8258db623a3e

Download Submit
C:\Users\Admin\Sorillus\.tmp\text_field.css7097513702632405165.tmp

Filesize
399B

MD5
17a05544ad9f31393304af623d5ece60

SHA1
f28016a478b2f42a0a4c8e8e21f7fe7965df21b5

SHA256
39143bded6438ce26214b97c56fb648f5dfa71f24b4902281788ca62d4f4c7e6

SHA512
9ec244a5ad7f1ea620b144a18cef70d8fc45463a7bafc7bdff59c29586141f77eb324e13000855af49d629a5492649e9a4377539074e997877d458e67d1ff1ca

Download Submit
C:\Users\Admin\Sorillus\.tmp\tooltip.css4349022009996224953.tmp

Filesize
409B

MD5
1f5ce20df9cb96221ab047d62eec2faf

SHA1
313652f0a06cd0f2d5490a8a58b16fabab5fa8b0

SHA256
e0dbab93951a7529fb7e078f958c854ee5faa9097229aa73762396e9a64faeca

SHA512
2cfe638c93bd7b92072d59405b685831bd21bd7ef30dc04cb1cc5df2f88d62b6e09fa9733ffc50d605411d3b32622f98b3a4f9b1209525357bc7501a4a94a783

Download Submit
memory/5092-948-0x000001F57F720000-0x000001F57F721000-memory.dmp

Filesize
4KB

Download
memory/5092-1492-0x000001F501410000-0x000001F502410000-memory.dmp

Filesize
16.0MB

Download
memory/5092-1411-0x000001F57F720000-0x000001F57F721000-memory.dmp

Filesize
4KB

Download
memory/5092-1494-0x000001F57F720000-0x000001F57F721000-memory.dmp

Filesize
4KB

Download
memory/5092-1143-0x000001F57F720000-0x000001F57F721000-memory.dmp

Filesize
4KB

Download
memory/5092-1067-0x000001F57F720000-0x000001F57F721000-memory.dmp

Filesize
4KB

Download
memory/5092-1488-0x000001F501410000-0x000001F502410000-memory.dmp

Filesize
16.0MB

Download
memory/5092-954-0x000001F57F720000-0x000001F57F721000-memory.dmp

Filesize
4KB

Download
memory/5092-1487-0x000001F501410000-0x000001F502410000-memory.dmp

Filesize
16.0MB

Download
memory/5092-1232-0x000001F57F720000-0x000001F57F721000-memory.dmp

Filesize
4KB

Download