Analysis

  • max time kernel
    166s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    23-03-2022 08:40

General

  • Target

    f0c295d05e3abafc2d53f0c748a900a3571e1a17ee1754a6f3177266a743c42e.exe

  • Size

    760KB

  • MD5

    e87a4d9bcbb37442e69780961b8fe70d

  • SHA1

    227e974b4ec3a72120cbf2928a673c7162edf2d8

  • SHA256

    f0c295d05e3abafc2d53f0c748a900a3571e1a17ee1754a6f3177266a743c42e

  • SHA512

    88808e1e47b1c81c2577c2846e28d4afb3e19778fbbb17f6ceec93c83be364e50161857c9156c41beb47ccc5bd24442c564117b409068e6db25837e51813d2e5

Malware Config

Extracted

Family

quasar

Version

2.1.0.0

Botnet

HOST

C2

44334333-37569.portmap.io:37569

Mutex

VNM_MUTEX_r9KEk55BXqBf4yPSnV

Attributes
  • encryption_key

    LLyf89MHSBugWmHubstO

  • install_name

    svchost.exe

  • log_directory

    liblogsconfig

  • reconnect_delay

    3000

  • startup_key

    Java Update

  • subdirectory

    svchost

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Quasar Payload 1 IoCs
  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • VenomRAT

    VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.

  • Executes dropped EXE 2 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0c295d05e3abafc2d53f0c748a900a3571e1a17ee1754a6f3177266a743c42e.exe
    "C:\Users\Admin\AppData\Local\Temp\f0c295d05e3abafc2d53f0c748a900a3571e1a17ee1754a6f3177266a743c42e.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4180
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\ADESD\cmd.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2132
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /v "Java Update" /t REG_SZ /d "C:\Program Files (x86)\Windows\svchost.exe" /f
        3⤵
        • Adds Run key to start application
        PID:3692
      • C:\Windows\SysWOW64\reg.exe
        reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Java Update Reserve" /t REG_SZ /d "C:\Program Files (x86)\Windows\svchost.exe" /f
        3⤵
        • Adds Run key to start application
        PID:1872
      • C:\ADESD\lsexplorer.sfx.part000001.exe
        lsexplorer.sfx.part000001.exe
        3⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Suspicious use of WriteProcessMemory
        PID:1772
        • C:\Win33223\lsexplorer.exe
          "C:\Win33223\lsexplorer.exe"
          4⤵
          • Executes dropped EXE
          PID:1376

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ADESD\cmd.bat

    MD5

    c845f492bc37d51a072d0b008360b543

    SHA1

    b9ffbae3c60559033e06d535eb4b4d1951a89293

    SHA256

    3a9909f74801fe8f6b00b0c5ba27cbe76ed354d58124b67eefe508c8fd518751

    SHA512

    8005e9b9ffd7afe44ad7d8a4f5d857943dde86e7e446a4f3b35e00c88eb91f8e15f083138edc21e89e73efe6fc34116bb4d7855613d4b15a486e5d3a27901d25

  • C:\ADESD\lsexplorer.sfx.part000001.exe

    MD5

    799e52075bd32d3a105fcb6ea143a07b

    SHA1

    30be009def45e647b5681afcf413ce167da5f635

    SHA256

    13ebab8a558edcdc35e8db1000b21e7f01f0986174ee6de7c650c6f63c15952c

    SHA512

    7b195d6799a34d75c9b9fc23bac9c6274aaa5275683a0e6619258b3dff61ac51e7a1c74451b61baaf5010c9c65de9df59cd7c9529d1c76932d5bea87bbf32c71

  • C:\ADESD\lsexplorer.sfx.part000001.exe

    MD5

    799e52075bd32d3a105fcb6ea143a07b

    SHA1

    30be009def45e647b5681afcf413ce167da5f635

    SHA256

    13ebab8a558edcdc35e8db1000b21e7f01f0986174ee6de7c650c6f63c15952c

    SHA512

    7b195d6799a34d75c9b9fc23bac9c6274aaa5275683a0e6619258b3dff61ac51e7a1c74451b61baaf5010c9c65de9df59cd7c9529d1c76932d5bea87bbf32c71

  • C:\ADESD\lsexplorer.sfx.part000002.rar

    MD5

    1e8d5bd15422686ce6adec55760627cf

    SHA1

    0cf462501c7e3718903e3fb559725d31c108dbf5

    SHA256

    52ba95d04258689db1b32d5082b238ba28b49b043f25a167a9d3fa8af95f371b

    SHA512

    495f458c2c647f1a4f2c65af448d563803a0431dfda53cebe816f8d78f21516d67c3efa0b48f14be4d68ddda1af42258d3a311b9c8f04a1e84b63a7e66cc827d

  • C:\ADESD\lsexplorer.sfx.part000003.rar

    MD5

    e8954ee396d6c4470f76feaeebc7614d

    SHA1

    b951c0e183a4bc64cba1cf01399ae630a80291ac

    SHA256

    5a87086951550906fdbb5ecc8ccdec40597e9ca9570165d2e3b61fb86e3f400c

    SHA512

    efecbf35af8b14651b74b1458981e64a9c079d29f3e51fcc06d549302b10bcae3748b3587264d0db09e225c4719e324f84472ce78edc437e7aaa6eacac6951a5

  • C:\ADESD\lsexplorer.sfx.part000004.rar

    MD5

    728bbb89f18c1d5d4da888eef77ff4c6

    SHA1

    d4a9fe871d7faa666051f5af93ec6101b772eaf6

    SHA256

    79fe3bb782e2a9982898423362a188efb58523fa9240b5221a515f962e25870c

    SHA512

    c6e51d7af418d8e25d6f1d893edeee36dd0a89ce603b14b77801e0d7dc1d5a316a22c2f6ddd1e9f2ac47b41d37562d8c61c683ac15fd0d75ba5a305c69d738aa

  • C:\ADESD\lsexplorer.sfx.part000005.rar

    MD5

    29fdf704fa8e39f988681b46eb483702

    SHA1

    ec0b0b7389df1b153dfda7b93d867fe85ea5d55f

    SHA256

    1c9229655fe08ba4c606fdb6154790bf87534e50833486835c7351644d9d7294

    SHA512

    a6737e8d821aa9a8bb8b302bec740eacea97bd39f7a3009b1beb1f69a65d952c303ea10c97f2a0c67c73a016be095310b57440940db2cf97138e124e0345eee3

  • C:\ADESD\lsexplorer.sfx.part000006.rar

    MD5

    1d7244c4bcd3cac0344f4b49ceeb7529

    SHA1

    913affb3d4c8b8b0fa4d2a6818fab51046063379

    SHA256

    0994c538bfb399bb419ca0591fb05ec3e225d4a93a6d00a404938d3a73b991ad

    SHA512

    f329e69b6cf5f4cb4d07e9afaaed8224c62fa6c9ceb414b3bd6e152eb9c57db6555839d6992312592fc4bd26d16cbc87176066961411924441f874521daac06b

  • C:\ADESD\lsexplorer.sfx.part000007.rar

    MD5

    1bc94c445eb409cdd54c66b3c5c479d4

    SHA1

    ad13e5cff846e9f2c88964d0ad9e0efb177b0887

    SHA256

    ca8d5e92331421fa8c861a1403058a1528223fbe3b140acd7a3d6062a050139d

    SHA512

    805c405d5d87ab14587301541d884e5fd46fe232f681d5614a9629c6fb8704a4b2a48e86f431cff3fd84415fde1a64b655546262f4389323a6ab451cae66788b

  • C:\ADESD\lsexplorer.sfx.part000008.rar

    MD5

    7528165e915e04550d0d391571d57ba3

    SHA1

    eef772cfdcb788402efbabace5de05fa0b9ddc6f

    SHA256

    96e84f76fd8278b19fdcf5db3782749eb3b0c8fafeecc7163ded57d93fd25ad7

    SHA512

    7a3d606389b9e6619c4918c8ea2ff16133068f076141746c20a66bb7476559e6dc475bb0fd78ec72a36c00c0e9b99cee71d471c6e603a995560056b2978809ed

  • C:\ADESD\lsexplorer.sfx.part000009.rar

    MD5

    60f254f82923d1f3decab48a6b5fc8b8

    SHA1

    fc4632db17a161a2bcbd7bea55530dfc4425b4dd

    SHA256

    facd48b86c73fc57641d6e381286e1607138111e2865ffa7e4a577a53a112eff

    SHA512

    2e8126a02b8f91933003aeb50a1a65cbf4c10b8be718fb13dc99ddc08bdf44d701901d06c7da2c89ce63e6d52318c736b2578c56b0069dcce63de825a2c7b207

  • C:\ADESD\lsexplorer.sfx.part000010.rar

    MD5

    ad32454cd6c1fde27420f898268a2ac8

    SHA1

    6e61d149d95f27bed8c6409e5089e2d3f38e8cbd

    SHA256

    1ab62e8838c35326583a8acf11c924c4aa635ff2435157d0ff74e7ac7f1fed27

    SHA512

    20d08c0a8d700d2bd6b288c7ff7717c32da0466b479ffbfd5427a3e19b1ea620f5828773c99709eb11567804887cd14a709c021380f427ccd8828adac05de2a7

  • C:\ADESD\lsexplorer.sfx.part000011.rar

    MD5

    23a4711395e0cab2727d40ac80edff67

    SHA1

    9936c6bed4370a6e3f20477725179239d5a3075d

    SHA256

    2e90b1d2ba6ac3adae80e748fd396f9fcabd57c7457e10102fc5702f6689e5b3

    SHA512

    89cc9de9bcfcec6a332d4b9976f430552bdf96abf5702ec8e9c4c337cee0c0e7fc37d3a5a1395999c03e5f59871e6917bbf06705789b281e166e6e0c852ab888

  • C:\ADESD\lsexplorer.sfx.part000012.rar

    MD5

    b7ad804848901d94a174576d8dd0602f

    SHA1

    7a4d7f0faf00727829bf6aa58ca40bc0340be7ba

    SHA256

    81f501126131ab76e929378aaaeefe9d9317ae8d2f928b65994299fde4d0e687

    SHA512

    cc7829e15e73f72b50d939701e2efbd12a717b3cd86cd90a6739724e5257ea8bf827c8ed41c021728c1d80fe6c6993e2711e5bc9310b46a33eed0818d52c3c50

  • C:\ADESD\lsexplorer.sfx.part000013.rar

    MD5

    1420a77461f6e08084bbc979e75eba4b

    SHA1

    51ad44bbd579b85d779e571bc0120b84ddce0ac0

    SHA256

    314b26ddd1ede7f6185ed13cba7ff64fe5caea7472ff98c2ec0b80e5d7e18318

    SHA512

    0b88b87388d38b0fba178f482b62eb047e1f63a20539d5f2cc03ff9dc83a1291550eb731523050f72c33eabe5272ab826df3d7a7f73152bcee966a510b9c1be7

  • C:\ADESD\lsexplorer.sfx.part000014.rar

    MD5

    a90423edac3cc69f2e6a117ae7434691

    SHA1

    567e54e67cbce5ae6ad8ea35619d9c07556d6f08

    SHA256

    d8d4f53d783ac5321d4f6b55360ae6a84b55316d7078476cab96bf6ac3964697

    SHA512

    a744164dcefacd334dc083919e72a1f0ffac0802e1a164a8955af0407f36596605022a1a40925dbb8ac5f6052484e976e1adf160168c143614092f16a356abbc

  • C:\ADESD\lsexplorer.sfx.part000015.rar

    MD5

    e3bed7c534af371c595e65258e60cde3

    SHA1

    0851cb414120ceccca955ba095bd26838fa3d79e

    SHA256

    b5fddf42e2cc25472a7309e80cda8bb742d5b01b4b1426dfc1a09f94d306ae27

    SHA512

    c54cf8aef487419f0a63ec6bc26067a396a29191759a0dada06ccd2ce6bde818c4f5528001eea0d61aab448f20b9be0c071ee574179aece17e402349ef032a15

  • C:\ADESD\lsexplorer.sfx.part000016.rar

    MD5

    91947e5b293e0f58bd1608179db359db

    SHA1

    4b8c539449ce306344b798f8a7cb7bdfaaf2f921

    SHA256

    55f72b7d262813da3300944a5d201e111fefde47b6d0bed7dadbded2e18fad55

    SHA512

    4ef1e95656c5641aa4c10548764b6107b59e447769e0c368d62f53fcc7f06e45eb91b0b152db2f8ad154d53a4c521b7da62ecff13519b734316480fbf8083a89

  • C:\ADESD\lsexplorer.sfx.part000017.rar

    MD5

    7ae13e2e47fcbdb368a898a0385fa862

    SHA1

    c47cab64e9ae32dcccf8fcf924043effed99d3c1

    SHA256

    d2fd71854391d9d4dd7f181c738649fb06f78f8cecc385081b6f1cc51165d22e

    SHA512

    f215fe0edd6c3406a342e7dbdd7de9ffb9b2275fcb1aaa638819a45193321f50b0920568fca9cb52121d8e529af2fee9ff1c38ce2dbac0397f91823c76d38360

  • C:\ADESD\lsexplorer.sfx.part000018.rar

    MD5

    5cd91205af16a9cb11b769d5319edf13

    SHA1

    fa8f8c5d234ac2ec783999cc3bec48d5c7f2dc16

    SHA256

    ca4de1e9f7a05b730685e41cbead54fed82e8c67dbbd7b3a85bedb9345f084d2

    SHA512

    7da9cc82f580c80d060311a067c0c1ea38b9bdffda465dee1eb834354f059c78bbf05ad55d572dad8ae9de1bbf207b56368ef9b849b62b4867ac3193c84c82c1

  • C:\ADESD\lsexplorer.sfx.part000019.rar

    MD5

    ddf1843a8f638bcf2a42779c909dc802

    SHA1

    678a44eecd6d03b5033b6ddb5da51539db8bd3fc

    SHA256

    8c3acc755d93606d3b3e094fcd80734fedd1591e416b7deaeab05f781357820d

    SHA512

    b02c37e48cf04fd6505af33961362f854fbf0e91d6e99c9f5122913b87abf2db3bf8e81ca7a5fde48f5686a80a44591af5da403332ad2059117325c71f9ca4b3

  • C:\ADESD\lsexplorer.sfx.part000020.rar

    MD5

    09e6f252e1c20c1fcd2a9ded220e4881

    SHA1

    01bb162f0901dcbb90bc9e471fbc94aa9d323a19

    SHA256

    3589c9de192368faf14bac88dd8b3ab711463be7d2e17f598583fd37af6d3f4d

    SHA512

    371c9f1387dc82eef8d731aedc6f9d76e38d74beec9befe096171097a7e443602217b2700e1a3899ccaecb3f6a5e9d1a13ecb258b0d53c3d3d29bdd4e1cf141f

  • C:\ADESD\lsexplorer.sfx.part000021.rar

    MD5

    d1eee358b8d0dfdaed026b494ce23ff4

    SHA1

    6cc4065f788533cb528b1f5e6b66250d63f26af0

    SHA256

    0ee2c3ddec11ef04ddb01782f8ad31e91d6d8dfea9a3daa0e6bac1ec8bbc7fca

    SHA512

    65ec40789641aa40451b04af01f2a78e3b235e7f8b668b7a7dab76c309dffd35d1a9927bc93950f13e675364314f9772db4967a93e657e51473c374319835428

  • C:\ADESD\lsexplorer.sfx.part000022.rar

    MD5

    352375989e393da0e4f3970642eecec2

    SHA1

    c70d703c5edc48d6f3b97bd96626c4c440cfbd26

    SHA256

    090a1f9e9c21ab0f59399f0659c76c8e07ed181acdd8281d13c7abdd3e365dff

    SHA512

    eaa13002eadde44570533a7aa41e60c01ec242be7ac48b24fc45f871f4de4e410dd646f484c2f9a94d705d37b9e4f57f1afecddaf204614404604aec7416b195

  • C:\ADESD\lsexplorer.sfx.part000023.rar

    MD5

    f0c71179fbe2d495fdb0fe8d5d2e45e4

    SHA1

    a2e47f272cade7fa58b548c2d8887f90cba87452

    SHA256

    ea8d6f15d0eb1eac8d7342124f7a72505e11e5027547c7574a17277647936ca7

    SHA512

    d3e54809de1bb9d4be212e2014d113dfc12a7eae1d10409206fefb7caad9122ed223785882ba019747b29ee7473d0c67c350a5fe385c05073e45f8566893d405

  • C:\ADESD\lsexplorer.sfx.part000024.rar

    MD5

    b38620290320530795b8146682c6ece8

    SHA1

    e4689800ef2540251bfb1b21aa945eedb548b3d1

    SHA256

    9df51bdff287730c7862efdf07e25d9f6059283b9e651b5b456aeef2067f680f

    SHA512

    e07774f82dbd80342e007d3d28e8ceb7230c9198c5b14da6d2ed4ec6e11397bcf99f7d8e50937373396f0831e7a131a1e00d8c5e4da553c338245e8aadfef70b

  • C:\ADESD\lsexplorer.sfx.part000025.rar

    MD5

    040fa324a326d0c806917c31ad1cfd4b

    SHA1

    70d1a0f776701039760ccd8fd5f828e1c31f29af

    SHA256

    d03548d2dbaaac8db752b2186e991b73c9b9a3f1f3d1fd4f6067fb17a6b5ae5b

    SHA512

    feaa495e3fbd5ad9518001fb70d82643668976982ccca821b90ac5e5630fe4dfaeb9862cd9a48c79d9896da45757c9f1ac131bddc440a5944360fc7290a1dd0d

  • C:\ADESD\lsexplorer.sfx.part000026.rar

    MD5

    1ac12bf74424617622421857cb1c00e5

    SHA1

    55e574c30d610e4ad57b574bf1943e77e8b434c2

    SHA256

    57492ddfdbba7292952e0b5992e856f22185579952cf84ad4bc43e6e0006c070

    SHA512

    b0c3bc3f774c4c06f3ad0d16a1af6d2394c47ef2f753221429ce9c8584ef8c106e87dc5ddfbf7713f966c3847569114d700cf3a4747964688e832218e9ea2606

  • C:\ADESD\lsexplorer.sfx.part000027.rar

    MD5

    f624618e931e0113ba54d8d915dc25ca

    SHA1

    28acc858e48ccbfa397ebc2c7e86e96904f196cc

    SHA256

    263c6dd184290710f0e97ea1a60ed5345b9d2e8fef994422461f840639e4aa1e

    SHA512

    3b3a985188c08513ad0263c6fb73c07300e49541f283e441c730026ff3841bc0bf81ae0aba218afea9c4ee4c986509a8f54834258493f6b5bbb16ea7ffbd4d5d

  • C:\ADESD\lsexplorer.sfx.part000028.rar

    MD5

    62c55ec81429197c8aad752a62f9563c

    SHA1

    f33fdb341a3804c3e4c674356af0d78681d6fbc1

    SHA256

    e5021d127510bd0933168a963fedab1189fc8afff133c7ce8c7cd0a1b799bd20

    SHA512

    2f253e30b8677f03f83c41938b3487e1c461bf504a0e6ed0d9086e37debda8d2bb4810d56cd5e5b2465a37204493d87bda55ae0413495e99bfc1b24b353d3c8e

  • C:\ADESD\lsexplorer.sfx.part000029.rar

    MD5

    7bdbfb23ebb45afb12b5b94666b9cfd5

    SHA1

    915bce5856762d07dad1bfdd832ecab13402e1d3

    SHA256

    e794c11b74e7af34a41601a2519f1931cd1172d12e174fac5702411e7f75e5a4

    SHA512

    714e3abbac8747bcfb1c90f27be0b6394da7503eb0cb4903db0b3bc17baaa939b8e8ea058fe766ce427eff4ccd151f65db8891eb119e8fe52a29f462cc0ffedd

  • C:\ADESD\lsexplorer.sfx.part000030.rar

    MD5

    6531a2e8944dd9604f67b353d627cfc6

    SHA1

    3efb19d270593956779e2f6ac5cf918a33c1bd93

    SHA256

    3a65cb0286cf4bf384d5bdf684eeb11ad8d7279f75ee92597fc3ab40cec0c98d

    SHA512

    40d103b1dbda9a23087b6380c0b66b201d524ba8f38719851f53c517fd890c86454ed07464adc348c9ad266d09cb025a91d6d15e6a7dee490704708b6fc6db5c

  • C:\ADESD\lsexplorer.sfx.part000031.rar

    MD5

    39c1c2128085c36dd34725f831b68de6

    SHA1

    1f153a6657a06a485ebfd660a3a8dc61465a09da

    SHA256

    ff14ae70af8ca584e62728c5d84018675baa63314f4dc67a187f80aca65101f4

    SHA512

    714136df494da8f11c761686edd6ab27c07cf8976cc688410e2a95095aa79d05f9ee94443bc91d2a4b88374e9a24554fd62c2458df5b4bc79042aea993ea0870

  • C:\ADESD\lsexplorer.sfx.part000032.rar

    MD5

    b5435d4f85a2795a7ec6a164d6440f88

    SHA1

    7590f2efe2751cc4655b798503c0b279544056bb

    SHA256

    a716f59a58ee9d478f580d88d74e7947070ed29119d1856180a109d51bd0d95b

    SHA512

    1d5e3c8a314c994104231594ebc8a93d8f76a775116990301bbba0dfc47a378a08e4193278ac73781e680f854738ed575f851a7051bb96a3ebe540708087613d

  • C:\ADESD\lsexplorer.sfx.part000033.rar

    MD5

    492bed94bdc8b1f91be5ad039cea9fae

    SHA1

    f008413009484d72c7da983ded3346899e2b3818

    SHA256

    a0e798282e6ddf0d5c3d973a62cd312bdf7b479ce520c84aef99cc57c99de8b5

    SHA512

    7dca6a27be5a465078b1e2bf291c08587d965327ef6ac6a5a0438135cd82cddc79dd2cae455b42f40a46fecebb53688bee944d5d2bf77336535bf83b7032f0cb

  • C:\ADESD\lsexplorer.sfx.part000034.rar

    MD5

    f655222516b187d69429a3de683393cc

    SHA1

    1985dd907f90b3f9b2e84b063edee417b885659a

    SHA256

    547600a01ded6385b81629a0cdea9002dc962becacd1d625400c70f82f2de9fe

    SHA512

    6cd9dc73b0d210e7c809e2f2e467cfe578a691a94dcd8be53edc447e10ee98b4bfa6c6733454987cb309e55cc34a49e2cdf080a57b778b84a9b68c5c51f3bd29

  • C:\ADESD\lsexplorer.sfx.part000035.rar

    MD5

    5c7eff0d29c2a8c5ccda5edde48aa274

    SHA1

    267fedc0743f0609f7f7f27a295e217b6c3c0295

    SHA256

    9b25367935eca408883684d4bc9ba550ea6ebc2051c1c1fe1e13d888c832910a

    SHA512

    3cc044d30cbaa4f03576e528e32dbfc828e4cd76873b2e0ca971935f18fbd31dcd171e55d41f21edd3265c20535c65662a2702262f2c41bfced0f0c1fb747fff

  • C:\ADESD\lsexplorer.sfx.part000036.rar

    MD5

    35bf9d70be3dcd758d50fd4551118def

    SHA1

    735b2c5b38d334f3fce675903a54d29a8193c0c2

    SHA256

    8c43d65c0696f8002ad414510ed80cc74ea8370ad1304e3ea075cc1c90c81dd3

    SHA512

    1c849192d3c1b0eb48bb4a49c27b090aa5a02ff372fb0c1bc91b3d0480cb962d79a22aa62cb1d282fbd4600587b9a1bc6fec334808f1ec430f678e3fd49cefee

  • C:\ADESD\lsexplorer.sfx.part000037.rar

    MD5

    09fae7d25c5b0611c3d49b7738be96f4

    SHA1

    5449f8714c49b77da4681df23f8d6c6176724e38

    SHA256

    4933f18dabe4d744f37da3da1517197d2e5fd31d5ca35fd968ae1631d1b2e4cc

    SHA512

    8af625aa0427b8c9c6c287ae319f9983a0b6189fd875237f7b10091d5a97efefddb4819bd599db2ec274ff886d0a7b397292f70b4e2beb33dcc3358dcb216e29

  • C:\ADESD\lsexplorer.sfx.part000038.rar

    MD5

    9a1a2299123d85c171247725a2f51135

    SHA1

    4dafc30e9625f62e173e3ea808a9c3abc3b47a86

    SHA256

    77453be737cbad9ce783519396e41ce47d45814366d4eadc5960ae8b3dfc0581

    SHA512

    3cc04d421a1794abb5fb2cec1b53d3bd2d497a276505894ad1a41dd2be86f9436488684edf30e63149bf923f300f6f9d96446481e0d9dbc1fa3aa083ab352a58

  • C:\ADESD\lsexplorer.sfx.part000039.rar

    MD5

    8764a5d699f49558975c925849f4f48f

    SHA1

    86d1369534ad95e35a4727fc6051c53a8ee3c491

    SHA256

    3506cb81542eb9e67acac08b47b4b7c4ec7572fbd1b5eedecae3df68294e2e71

    SHA512

    55fafa37caa261b2c02def25bc576553d66a422b357d23239668c68a626246a37acd8364b016917c55616124079331402d711d8e166a217ecbb1339a9683f3c6

  • C:\ADESD\lsexplorer.sfx.part000040.rar

    MD5

    b7f71634d7024e8b0c48698a92a5d907

    SHA1

    cec286f0f828a6f76bb1747687195ab02e3ab735

    SHA256

    761614c5e6c309ed4cbaf22719f2bd86440f8069220ca40798c517619918dae0

    SHA512

    7eebec08eedc16a644c79ad2c0227acb5b6b2b426ca045fe27c767090e3f74052ef520935c8b765fd716aa1128e3d864316cb7daa91d1dead0d31e059870d093

  • C:\ADESD\lsexplorer.sfx.part000041.rar

    MD5

    5d253989b593d35733adebe4314a2642

    SHA1

    2e6067255db533d50b260a6a47972ab321b9be06

    SHA256

    15a34d7d244888c688a76737b80fba80a69c9ddedd73dde15496f3d3c2cda81d

    SHA512

    5d562661287d3a3f6dbf52f8ff3d5239ac52ab39ff07b098a6553039f9db16b870593b87a2c3496440bb97219b1dcbb38a802710b757916a03c08d3760580232

  • C:\ADESD\lsexplorer.sfx.part000042.rar

    MD5

    c3f11f99d8627efc034000c5d4a357f0

    SHA1

    49ca82f8d8b64219567edc8c4d0e4719ca77dd90

    SHA256

    cb899a108d5d2539d421066ea199fcebfaceb8c333e5ea6a67649af339c11918

    SHA512

    4184b64d69700d59b6124d497473cffdef0a6c2817d71fb8e386c4569e37c924479f2fe6be471092976b4fec36510258a1a447bae883fd210ef9936cd5223ea0

  • C:\ADESD\lsexplorer.sfx.part000043.rar

    MD5

    381a88f96d2ad8b8bcd963c796a44455

    SHA1

    23c516c330e6742fc74f2c82eea6068247b766a6

    SHA256

    09d8aec1cb0f5cbeeab91a39e23e94b7e3e37dfda2ec4b0eb30c13fe7e5b4236

    SHA512

    f6ce9cb5b0676386d33dfd4211a3e8cb6ff4238280c9ea92c79b49e9e041ee0927b26b8cacf16a42226672191333c6b04f0c93d360007c9461165d3bed3e4cb1

  • C:\ADESD\lsexplorer.sfx.part000044.rar

    MD5

    87801088e3b289b66ed8553feb61d936

    SHA1

    3390e8d3f6256492d0417c7d84231005d83fd451

    SHA256

    839453a74ecd8f16eeb879666ade4efc34ed6f3248cd7f1279a4c51f30f8b333

    SHA512

    ad046b97ae2c38c576a0c9fd4bea6095bbc4c66ab3806c4da2e8a2b29864ab458d755ed76c0c1d8dd553ed094c5255a346fde18b1b35d244f7663d5e3410b20b

  • C:\ADESD\lsexplorer.sfx.part000045.rar

    MD5

    25fc06a030cfe6953e8bf9cae41861a6

    SHA1

    587074f0e751fa45390faa64b6b4e5e2117ef805

    SHA256

    ab09a386e3f27190270882df7d40fd32aaaf1d466832c4b8e8b7fdb5a066c874

    SHA512

    cb2fab36bb70ad4e767b4e3e6d447f589c598bac752919526776836d23111bb13a0e162d08b3fbb21a03018b4d930bc3df3c48193bdaa045dc09ece69a8b8ed6

  • C:\ADESD\lsexplorer.sfx.part000046.rar

    MD5

    60e48b804b97f68987dd65297280b101

    SHA1

    adeab85faa89915a206e558298d5a0ab925c4bec

    SHA256

    0634c77997c6a9b0bcca4a3a14459213e3c0e1a64cd328cd03f89ef4e95b4276

    SHA512

    7a0652ed03534f7d8657d3150033df1f4649fdca9eef58037466f2c2f7784fea120d037dd905f6838932d5b2f2c0117d2793fc84fa7da655b1d98d0028ea8946

  • C:\ADESD\lsexplorer.sfx.part000047.rar

    MD5

    f6ddb5c4a386b6c7088832b6b6a40e17

    SHA1

    62f0b178a3c7f7d6a89254414c84a5aebed4e8fb

    SHA256

    c00a255b8073e2afaed987a6daa8e78de4b17e402f43fe6e691fccb6d96812c3

    SHA512

    1e0893fdbe417da47c7b09b4ee970091224948fbbd85773035ac69dccbe6b631c765784a6484cd0bd465bb3451430e94dc21833f2c6c39edf0fc505723346af0

  • C:\ADESD\lsexplorer.sfx.part000048.rar

    MD5

    47d57d9f68e2cf7ee76051677de319a9

    SHA1

    c6e96c535b77de8335a6e36e8a8360b97eb3b913

    SHA256

    7919985f757e68024343d7f8a80620fce69950aacb5f538808b8ca1d39940cf7

    SHA512

    da12a4133b53b0c258c714a2b6c384f2be1c9798c806436ae42d427419458e401f99da208c2ee0b0029ca1d7a418c82e9846fec335d5e8c20f0160b038c9661e

  • C:\ADESD\lsexplorer.sfx.part000049.rar

    MD5

    fc451038c501f426525e9253027660c0

    SHA1

    3ee51567e99b0a207b513d72e7d14ef5e6cb7e06

    SHA256

    96e33cb8fc8056e078396fe31de72cfe5c64fe5edd22135c80626a133ada6cd2

    SHA512

    3fc9e5d04b17191e4cd0640aa8a988d322c0853122f23eaa297209892a56492d7d662968bfaf96b266b33d1e8094abeb8eab2f911256abd7e5d247e272a1de76

  • C:\ADESD\lsexplorer.sfx.part000050.rar

    MD5

    dd0bb9cd65cec42daa2a88ccc7d4593d

    SHA1

    7d2b0f7c05c89c120cb70e35c7ec65ac61134719

    SHA256

    4f69edabaea3e3fb82a1a86c09da2374126ce0d22b9bb5879ced5271fc19987c

    SHA512

    265b943cd14bb786ccb83e19e1f9ec3e157e13fe6f818884859c7c518d620621456f95e78dfadae68a04c531a9b28b9775fa3394aadc13636f6efcf4e2f884b0

  • C:\ADESD\lsexplorer.sfx.part000051.rar

    MD5

    aeba4b0c05182bf3fd7957253a7a4b14

    SHA1

    89c0723b7ebca08ffaf2936476b2e76933d39b9d

    SHA256

    0e62b70379142b37821a5e81bc4bcb65365ec1138b47194a27900cbaf75320f5

    SHA512

    d539203ce03836a3f33f47af3e0dedf1b41520b6e38986ea7d1e5665cad1a377ca565d1f6a7b321d95939e915b9f702f91bf3bfd8a3382b06e3c11dad1918502

  • C:\ADESD\lsexplorer.sfx.part000052.rar

    MD5

    5e589d868d0ba1db19936e182166c179

    SHA1

    04f690708b5894bb775daa88eeb0511c85c0a15e

    SHA256

    7137cae9efb53b7342d05b5de6360860e13b7e3a6a89899fe0e7c04bec5e7115

    SHA512

    264ec1f38fac33525717a8e94c2ef1b81fa1517cea2d8ca2fa9d7b913a6160560c5d2dc1316a3a77e9d2fac2f021b62ade02741daf765458a73a9f248d401469

  • C:\ADESD\lsexplorer.sfx.part000053.rar

    MD5

    686fab9bb968ce6d504e6fc1ad063c6a

    SHA1

    b4a55743ad6ab1874478f6c70c844026dbf973f1

    SHA256

    cdea7bef3f2fe82a248114fc597aad5ba3e993d8ee3da1bfed25a35b8a47255e

    SHA512

    fad5cac2795552356114f47f4cb7aa34bf12bede8150b8647c68c9ef27c2295578270036707e05b87f7d9756070b9dc4175c2cbef1b656b9ef68650b7d36ad86

  • C:\ADESD\lsexplorer.sfx.part000054.rar

    MD5

    76c7301c531c5b956546d25556ed3664

    SHA1

    bba8b18dde8a9a33dd3b9076bfcb84fac8122340

    SHA256

    f0c610b99fefc0c91a2e9fc4ed683be149aacdc68e376b1b79b4c801f2c15eb9

    SHA512

    1b3ab38b1a2bc98325b208b319d9eb9e38307244c721fcd0f5152d8efd6c1263f0369d754a75c82b5ddd8fdae1588ece548548ca7c43f9effb75f4213db81092

  • C:\ADESD\lsexplorer.sfx.part000055.rar

    MD5

    79d173ec3b452613ce9964b55a9f1c92

    SHA1

    a970a55d46e38ebb16b12f32c6320d0c346adb17

    SHA256

    8c1c56a7e279110046d076d8ab9fc76efe8041f051208cc7814607f98c3b10c3

    SHA512

    fcdb898a0ca33061d7451e7c40c50f4d7bfcba72abadf84c5cf2d17b3a598252c6cd5f0edbc0cfda67bac9c02d0296acacf611ba3ad96c611bcbda973c071a64

  • C:\ADESD\lsexplorer.sfx.part000056.rar

    MD5

    c2ec962db4e09803ce97fe21fc633549

    SHA1

    fca7d7a2653314e3a7fb0839bc5a0d509c1a10ec

    SHA256

    917166479280016471a9bfec51710c6ede59d13d44db1dbdd93173dde4730764

    SHA512

    2475acd3b12278b32096618ef10e22a3d4d5452d0b1dbf7318c293b5cc7dd6118560d706ae8b6fab8a64953da7be0379724b3a0c37749d0c9ea0b39be03d1b69

  • C:\ADESD\lsexplorer.sfx.part000057.rar

    MD5

    42fd4e73e2638b7a79646f8cef90c86f

    SHA1

    448285373bfd89753a14936cc7c8f167b4e495ee

    SHA256

    6177719baa6bd01a821f5f47b1f1dfcce474d20f1d0b21a2bb1ea49092e26bc2

    SHA512

    4a8ed130922803f233cc66c4322608817644f66b63ac9398884142de0517263807de25faf0008cd0a43b9c9d3dd876d9a5658e46a1c5239b2bc85798573eb7bc

  • C:\ADESD\lsexplorer.sfx.part000058.rar

    MD5

    a9f204648431ed7ef906a01170768097

    SHA1

    bb4c103afa3422fe4b5b13dc2e342f101fe04961

    SHA256

    e952e6db60da5f3acd8b6c6d9ea900209f8a791e46a0ac922e777de3d2657739

    SHA512

    96f5fcb44446b039cc5d6cfd390dd5173395dc03734124245de74c0f74dfeede65fc47a0f5f05eacdaee68d9ae898597a4386150b97449585c919a3f416e1b6d

  • C:\ADESD\lsexplorer.sfx.part000059.rar

    MD5

    0a380f9767a2d8dc22de2cfaed5cd75d

    SHA1

    67fbf37ba8bffa444b4d3556c4ca2b11907b6af7

    SHA256

    db9e88bf7ea01388a3440f93b8d54b3d27b63c47a2c43d463b3e17f44622f170

    SHA512

    3906069ba6687ab25b2eac70a4a37e033800711b0c613f9c3602a3555b5ab8c33d56034f96dac74b8cdf244d78348e93c741a651c97ed93604a1a28c9fc0774e

  • C:\ADESD\lsexplorer.sfx.part000060.rar

    MD5

    0ceaa08f93771c9ae14ebc68f05d60ac

    SHA1

    b038d520b538b61a7fcccc0736f2a21c6cfd22fa

    SHA256

    47b786d52be2904d5c19542fd42ff4bb12b45d33f14d07733a4e02e4565d606d

    SHA512

    13556f4660044ecdd35943a1e08416aa0852fc01d38e33bb14cd38b2e6d2d5cb6cd43c832500e0e325a17a53dcce5e6f2fe7344fa619a9162267122fc24c9785

  • C:\ADESD\lsexplorer.sfx.part000061.rar

    MD5

    083f0af2b0e766c429ae07b22482eb2d

    SHA1

    e96291c6c683902f371acf76ea75b119c4ca4444

    SHA256

    d37ff1a04b9cea07e2fba6b9125b0631ca2fe7e3c22458baab0618cf6f66ce5b

    SHA512

    cf29a25d3e3080952ba7bc269ceced08c7b1e68691db50ac3fa3755b8eaa80d4bd1e1ca7bc6206acf04859cc309a3e981c40b4b7ff346327ec6a70dc8f753c1a

  • C:\ADESD\lsexplorer.sfx.part000062.rar

    MD5

    e51a49c99f95260217fed37962d70302

    SHA1

    c16c015e5d779cb079f1f531717160f805a2442c

    SHA256

    edd75499907c4a6461d57f2892ffcb4dbc61843d3c689bd5d8e0829cc99fab4c

    SHA512

    ccf5c287aa39546961d79e92dc290ab70dcad97dbd9e6d9596e8cffb3d4363d232416e55accda0cea69ad51895c0d346e8ca66dee62916b1525bebf640886644

  • memory/1376-202-0x0000000000000000-mapping.dmp

  • memory/1376-203-0x0000000000540000-0x00000000005CC000-memory.dmp

    Filesize

    560KB

  • memory/1376-204-0x0000000005530000-0x0000000005AD4000-memory.dmp

    Filesize

    5.6MB

  • memory/1376-205-0x0000000005020000-0x00000000050B2000-memory.dmp

    Filesize

    584KB

  • memory/1376-206-0x0000000005440000-0x00000000054A6000-memory.dmp

    Filesize

    408KB

  • memory/1376-207-0x00000000009B0000-0x00000000009C2000-memory.dmp

    Filesize

    72KB

  • memory/1772-138-0x0000000000000000-mapping.dmp

  • memory/1872-137-0x0000000000000000-mapping.dmp

  • memory/2132-134-0x0000000000000000-mapping.dmp

  • memory/3692-136-0x0000000000000000-mapping.dmp