a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5

Analysis

max time kernel
141s
max time network
155s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe
Size

29.1MB
MD5

087ca4f5efe32a1d61d2d3107f1b4a49
SHA1

2f8e53a2529386ae800f0f5c884b3ab8ff3b83b7
SHA256

a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5
SHA512

bab320b379d3863b2d7a92ec5c84a5172477be7181da03a5ac07c8b3a6e840831aa3c9b1ff7d3b747ae8a52970010a9d5b26678a40ee1b70c4380c44d70d9930
SSDEEP

786432:wXeOvzAqv3OVAL2coJNYcpaGAvDtaCNsBB7bAeE/:uJv9PO6acwYNs76

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Executes dropped EXE 9 IoCs

pid	Process
2044	setup.exe
476	lasaoren.exe
1264	lasaoren.exe
1688	lasaoren.exe
1808	lasaoren.exe
1492	lasaoren.exe
1180	lasaoren.exe
2028	lasaoren.exe
1736	lasaoren.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Lasaoren\\Application\\31.0.1650.23\\delegate_execute.exe"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Lasaoren\\Application\\31.0.1650.23\\delegate_execute.exe\""	setup.exe

Loads dropped DLL 32 IoCs

pid	Process
1180	a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe
2044	setup.exe
2044	setup.exe
2044	setup.exe
2044	setup.exe
2044	setup.exe
476	lasaoren.exe
476	lasaoren.exe
1264	lasaoren.exe
1264	lasaoren.exe
1264	lasaoren.exe
1264	lasaoren.exe
1688	lasaoren.exe
1688	lasaoren.exe
1688	lasaoren.exe
1808	lasaoren.exe
1808	lasaoren.exe
1808	lasaoren.exe
1492	lasaoren.exe
1492	lasaoren.exe
1492	lasaoren.exe
1180	lasaoren.exe
1180	lasaoren.exe
1180	lasaoren.exe
1180	lasaoren.exe
2028	lasaoren.exe
2028	lasaoren.exe
2028	lasaoren.exe
2028	lasaoren.exe
1736	lasaoren.exe
1736	lasaoren.exe
1736	lasaoren.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	lasaoren.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	lasaoren.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	lasaoren.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	lasaoren.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	lasaoren.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	lasaoren.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	lasaoren.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	lasaoren.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	lasaoren.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	lasaoren.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	lasaoren.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	lasaoren.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	lasaoren.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	lasaoren.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	lasaoren.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	lasaoren.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xht	lasaoren.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\shell\ = "open"	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ\shell\open\command	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\shell	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ\shell\open	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Lasaoren\\Application\\lasaoren.exe\" -- \"%1\""	lasaoren.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\ = "CommandExecuteImpl Class"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xht\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http	lasaoren.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Lasaoren\\Application\\lasaoren.exe\" -- \"%1\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.shtml\ = "LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ"	lasaoren.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Lasaoren\\Application\\lasaoren.exe,0"	lasaoren.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Lasaoren\\Application\\lasaoren.exe\" -- \"%1\""	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ\shell\open\command	lasaoren.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Lasaoren\\Application\\lasaoren.exe,0"	lasaoren.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\shell\open\command	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ\DefaultIcon	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.html	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ\URL Protocol	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm\OpenWithProgids	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.html	lasaoren.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ	lasaoren.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ	lasaoren.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.xhtml\ = "LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ"	lasaoren.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ\URL Protocol	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Lasaoren\\Application\\lasaoren.exe,0"	lasaoren.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\shell\open\ddeexec\	lasaoren.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\shell\open\ddeexec	lasaoren.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\shell	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xhtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ\DefaultIcon	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.html\OpenWithProgids	lasaoren.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\URL Protocol	lasaoren.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Lasaoren\\Application\\31.0.1650.23\\delegate_execute.exe"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\shell\open	lasaoren.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\DefaultIcon	lasaoren.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Wow6432Node\CLSID	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgids	lasaoren.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.shtml	lasaoren.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\URL Protocol	lasaoren.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\http\shell	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ\shell	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp	lasaoren.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\.xht	lasaoren.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\ftp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Lasaoren\\Application\\lasaoren.exe\" -- \"%1\""	lasaoren.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xht	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ\ = "Lasaoren HTML Document"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.html\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\https\shell\open\ddeexec\	lasaoren.exe
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000_CLASSES\Wow6432Node\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\LasaorenHTML.FDLAEEQLCWVBJT4FI6E2CDDCCQ	lasaoren.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	lasaoren.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	lasaoren.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	lasaoren.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	lasaoren.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	lasaoren.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	lasaoren.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	lasaoren.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
476	lasaoren.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1180	a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe
Token: SeIncBasePriorityPrivilege	1180	a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
476	lasaoren.exe
476	lasaoren.exe
476	lasaoren.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2044	1180	a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe	28
PID 1180 wrote to memory of 2044	1180	a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe	28
PID 1180 wrote to memory of 2044	1180	a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe	28
PID 1180 wrote to memory of 2044	1180	a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe	28
PID 1180 wrote to memory of 2044	1180	a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe	28
PID 1180 wrote to memory of 2044	1180	a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe	28
PID 1180 wrote to memory of 2044	1180	a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe	28
PID 2044 wrote to memory of 476	2044	setup.exe	30
PID 2044 wrote to memory of 476	2044	setup.exe	30
PID 2044 wrote to memory of 476	2044	setup.exe	30
PID 2044 wrote to memory of 476	2044	setup.exe	30
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1264	476	lasaoren.exe	31
PID 476 wrote to memory of 1688	476	lasaoren.exe	32
PID 476 wrote to memory of 1688	476	lasaoren.exe	32
PID 476 wrote to memory of 1688	476	lasaoren.exe	32
PID 476 wrote to memory of 1688	476	lasaoren.exe	32
PID 476 wrote to memory of 1808	476	lasaoren.exe	33
PID 476 wrote to memory of 1808	476	lasaoren.exe	33
PID 476 wrote to memory of 1808	476	lasaoren.exe	33
PID 476 wrote to memory of 1808	476	lasaoren.exe	33
PID 476 wrote to memory of 1808	476	lasaoren.exe	33

C:\Users\Admin\AppData\Local\Temp\a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe
"C:\Users\Admin\AppData\Local\Temp\a6ff22c22bef36f9a634e9b919ba3ace8d8eb22ddac18cedba968a09b80aafb5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Users\Admin\AppData\Local\Temp\CR_E20A6.tmp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\CR_E20A6.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_E20A6.tmp\CHROME.PACKED.7Z"
  2⤵
  - Executes dropped EXE
  - Registers COM server for autorun
  - Loads dropped DLL
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe
    "C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    - Modifies registry class
    - Modifies system certificate store
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:476
  - - C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe
      "C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe" --type=renderer --lang=en-US --force-fieldtrials=DeferBackgroundExtensionCreation/Deferred/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/group_01/ --extension-process --disable-html-notifications --disable-webgl --disable-pepper-3d --disable-gl-multisampling --disable-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-video-decode --channel="476.0.568225383\110356776" /prefetch:673131151
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:1264
  - - C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe
      "C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe" --type=utility --channel="476.1.1825886140\960750205" --lang=en-US --no-sandbox /prefetch:-645351001
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:1688
  - - C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe
      "C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe" --type=utility --channel="476.2.1891771628\1059983816" --lang=en-US --ignored=" --type=renderer " /prefetch:-645351001
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:1808
  - - C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe
      "C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe" --type=utility --channel="476.3.1402799208\453353078" --lang=en-US --ignored=" --type=renderer " /prefetch:-645351001
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:1492
  - - C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe
      "C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe" --type=renderer --lang=en-US --force-fieldtrials=DeferBackgroundExtensionCreation/Deferred/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/group_01/ --disable-html-notifications --disable-webgl --disable-pepper-3d --disable-gl-multisampling --disable-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-video-decode --channel="476.4.352292948\384563415" /prefetch:673131151
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:1180
  - - C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe
      "C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe" --type=renderer --lang=en-US --force-fieldtrials=DeferBackgroundExtensionCreation/Deferred/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_26/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_02/UMA-Uniformity-Trial-50-Percent/group_01/ --extension-process --disable-html-notifications --disable-webgl --disable-pepper-3d --disable-gl-multisampling --disable-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-video-decode --channel="476.5.1694460212\761336226" /prefetch:673131151
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:2028
  - - C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe
      "C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe" --type=utility --channel="476.6.1131253204\2026851931" --lang=en-US --ignored=" --type=renderer " /prefetch:-645351001
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks processor information in registry
      PID:1736

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\chrome.dll

Filesize
26.7MB

MD5
f0170d28c071f556cd3ece5bb7e8420e

SHA1
c5a462b6f1504cd591d5e0e054b01b366f6e3177

SHA256
b68bd0267ca258781f0ba3b1942c73e4cbd8dff607b79a15ebe13d9b49cd692a

SHA512
49f6edbedb10d1920a17c19019e885ad9a20011d8eab93e268b74db2beb81c970da79625911e8c1186740b812c5ff5a143f8a993a91979b5cfcd876e9b46fc5a

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\chrome_100_percent.pak

Filesize
920KB

MD5
1c2581207360e6e464ad0d9bd8d59a2f

SHA1
7d406e1a5097606626deb198884244eda4ebc5fe

SHA256
139cbc9929343e9231a86224b2f573b15a69db6d655a15523f65de1ebaf0d2f2

SHA512
9cafae17d952fa850c559499021b68688596b149fc78e52698e91ceed1db79b65548eceddca99bb10a75acb77dbdcc2a98a861bd10626754b879238c094be53a

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\chrome_child.dll

Filesize
32.8MB

MD5
e8c22231e1574adb2f9492623abab8f8

SHA1
bc461a20ad48e3fc275b25b00c8102efb772058c

SHA256
01ac53eada556d319c19dc4973d94925c8fd773cea002e1223ef9c78c2c37a01

SHA512
a07b38091fdfe1966503f549af16fae8b0546d76e7655863e8005f17d368aebe317ffbcdc17ff2c6e2f039dd1f32e838a22757af4313a7c7d7221382ee32fcbb

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\extensions\Lasaoren.crx

Filesize
2.7MB

MD5
639fdebc60cd636b4bc8abd82d076f14

SHA1
e106eda23828c66ba05fb30622bc0aafd79377cf

SHA256
2c104d0eacd8630d9e1506fed0a8246eb345aaf54c74068201da674504777a90

SHA512
90e5bbf20daa7634fd942d66453a264910db92d5e3f8716b17875047d289228c609e5664f505aaad06041d8f4f8053f451a301cdd47e3d2f077cf4b501d2a3c7

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\extensions\external_extensions.json

Filesize
132B

MD5
20985c62a2b11a36ba3043832347b071

SHA1
1ace5eaa81d2f0f2495b581fc7c22faaa4d53482

SHA256
4800b4d3b381ae4dbcc6117686d7586fbebd5a2f86c5ebc9e85a4d326ae6ac1d

SHA512
63db830580cdf00e771f1ea3e702db668949bb3dda0a1c8c56cfbe730d6ded945b0b15a1e368864a42a0693539f96b3b872d9fa724be14735be94841c0bbf34b

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ffmpegsumo.dll

Filesize
770KB

MD5
c945483d208ff4801cb8288895c0598b

SHA1
97663ff48b7bb6af63e27525142716ff708cc4d0

SHA256
a31a2ca5bc69618aee383617a1b9c31b2d302dfe42b593bda5c3527a02235432

SHA512
d80ed872fbce7fbc28887e38d4ddf8b5921798b5dd99a0959231aafebeccf0864343bd085db2200f756d77a357b392c715ce3372773586e1e43d982f9f113a0e

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\icudt.dll

Filesize
9.5MB

MD5
5434e18b933e03f274d8da59fda4c676

SHA1
9cf34066a3a28bf0dccff0e4b234a9ac22cffb8d

SHA256
ef080ad7436d544c285d026131ad0faa0b54d7e2f098d5c6c5920bbf88b3f6a7

SHA512
0799b6381eb959faa540be6d6a7a8a3b5b8bf5510adc4da039af844c6685a561e1c205d160dcb964caa2a1bbc4cacab9c70a3974f07417c274a0d6ba0157cce2

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\locales\en-US.pak

Filesize
183KB

MD5
53075ec4b5d60cb4ba9d77424b5aacc4

SHA1
438cb3aab5839a1e0349e2fca4995d6be98d7eef

SHA256
57c49104518e91f325d516d8c6d0f7a7480971e72f569bdf191b3d7f89bd6fe0

SHA512
67c7cf59629107f257461f4a18d3c7ac15db9d0b8d72e8b73e93b465c4931c1748daa9eb0debc2603950f3058ceec2805053e8d22991436c9a4800abbf62849d

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ppGoogleNaClPluginChrome.dll

Filesize
385KB

MD5
ffa32cc38ef09d93d4523292af7bb131

SHA1
cbb6cbc9e49de1b45aeca3bfbd4055843f09a95a

SHA256
34fde39da9d8555b5cdcfaae5b9c6693344eaf1e302854002dadb0bb2bc5a3a8

SHA512
c172814b6ed1c4592530e3e97847cc2c51c6bc5740f9a97fbde44811d60a11a7d2f15a35a22196a0d18c63d880b48abb7de6a170b42a18ac8a176819e8ee2b01

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\resources.pak

Filesize
10.1MB

MD5
c81f5bd3154e85441f52a1dbee22793f

SHA1
341b368309b16437b1c9a6f19c3f0cdcc10b346f

SHA256
a477fb04185b5281d24d028fc7cfe4acb535c547a5e30ac6c36be403a0681b2e

SHA512
df1f947445e020c432367b017d0ec2d0a44be20731660c18f2941020d3629c71c5e7696a693b08239159c85a9702017e1cdd4ac77177e922b000d5caaf462d0d

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
C:\Users\Admin\AppData\Local\Lasaoren\Application\master_preferences

Filesize
726B

MD5
826ab1b8c3a9e0474e0117fe056bc638

SHA1
3881df9e793a1b6b367fee599e8fbe650632ab0b

SHA256
70de9bcc20ff2af2be3866c727ba4d4a3269a9b366357bdf9c7b81aa33c4d837

SHA512
d90a617e5a9d75707ec5ab977fad10388528e158d3258bd21469cf188b638332511e14461510d0f768485d983d054f173d2d3724513d2bfabc1a7141f825b057

Download Submit
C:\Users\Admin\AppData\Local\Temp\CR_E20A6.tmp\CHROME.PACKED.7Z

Filesize
28.8MB

MD5
beda52ff4d0c138b9e78c6a6d343570f

SHA1
d3f3a254e18907410a4917b31808a2421922bdcd

SHA256
8a34b42ba20346b3514bc889b93669725e70f2bfebe810ff7ac53eea8269f3eb

SHA512
c0171cd7517439b9d916fd4a55d8b45fbe150b91b93b83b7f3304b385b099aba71a5f0d61dee11e2ab285734ab5f17954deb4ae5cd49ca4951c0753b6d105db1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CR_E20A6.tmp\setup.exe

Filesize
999KB

MD5
8dda0f4338a8996a8c7786722b2ffce1

SHA1
2d47f74740a0b6ceb5450777913934f30d3cd351

SHA256
8ad66357cd96544c72b013db43657198aff9999e2e1986c820b4416fd57e6a1e

SHA512
6e8c11d6ff324df9e2ee270e5ee10e80c452f58034eb12c301294c6e83d7c4e6de5777fa6767d5b7b31254a049a1983c4754d35b42aab1e807c819d624cb9333

Download Submit
C:\Users\Admin\AppData\Local\Temp\CR_E20A6.tmp\setup.exe

Filesize
999KB

MD5
8dda0f4338a8996a8c7786722b2ffce1

SHA1
2d47f74740a0b6ceb5450777913934f30d3cd351

SHA256
8ad66357cd96544c72b013db43657198aff9999e2e1986c820b4416fd57e6a1e

SHA512
6e8c11d6ff324df9e2ee270e5ee10e80c452f58034eb12c301294c6e83d7c4e6de5777fa6767d5b7b31254a049a1983c4754d35b42aab1e807c819d624cb9333

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lasaoren.lnk

Filesize
2KB

MD5
376b4049778b5cc6040dd42a3b4d874b

SHA1
e3f20bc0aaa40145b1522c78c7c25ae6e01aba91

SHA256
e3c833c82e98936da7a311563084ac65d9e50808550771011186350c6122f1e9

SHA512
61fef1d86cc3fa52d682865a784b90a4f15a1487bf77bc51d0bbf1510b2b273abb516a6b7a21a50ab5c8b555922cd3b7fa83ec5b4f5f718ab248336bf0ffd291

Download Submit
C:\Users\Admin\Desktop\Lasaoren.lnk

Filesize
2KB

MD5
d42dd03046e139e321ea37ad38e2161f

SHA1
dccbe99ccf4ad2dfa7fa3551fc8994eaa5a0b99f

SHA256
79b8bd0a69aa0b26d3c8b6162810b6e45c0bc58edf70db4e224e1c798c7ed98f

SHA512
6af16fcabcf513d0618f09fe37862ece8aa6e709df0b83dbf8f892bc1a4830a9a4dc91fb35b6ebb4d7f24d171d6ab5c24e03147dc860511109c534ce89ac4ffc

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\chrome.dll

Filesize
26.7MB

MD5
f0170d28c071f556cd3ece5bb7e8420e

SHA1
c5a462b6f1504cd591d5e0e054b01b366f6e3177

SHA256
b68bd0267ca258781f0ba3b1942c73e4cbd8dff607b79a15ebe13d9b49cd692a

SHA512
49f6edbedb10d1920a17c19019e885ad9a20011d8eab93e268b74db2beb81c970da79625911e8c1186740b812c5ff5a143f8a993a91979b5cfcd876e9b46fc5a

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\chrome_child.dll

Filesize
32.8MB

MD5
e8c22231e1574adb2f9492623abab8f8

SHA1
bc461a20ad48e3fc275b25b00c8102efb772058c

SHA256
01ac53eada556d319c19dc4973d94925c8fd773cea002e1223ef9c78c2c37a01

SHA512
a07b38091fdfe1966503f549af16fae8b0546d76e7655863e8005f17d368aebe317ffbcdc17ff2c6e2f039dd1f32e838a22757af4313a7c7d7221382ee32fcbb

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\chrome_child.dll

Filesize
32.8MB

MD5
e8c22231e1574adb2f9492623abab8f8

SHA1
bc461a20ad48e3fc275b25b00c8102efb772058c

SHA256
01ac53eada556d319c19dc4973d94925c8fd773cea002e1223ef9c78c2c37a01

SHA512
a07b38091fdfe1966503f549af16fae8b0546d76e7655863e8005f17d368aebe317ffbcdc17ff2c6e2f039dd1f32e838a22757af4313a7c7d7221382ee32fcbb

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\chrome_child.dll

Filesize
32.8MB

MD5
e8c22231e1574adb2f9492623abab8f8

SHA1
bc461a20ad48e3fc275b25b00c8102efb772058c

SHA256
01ac53eada556d319c19dc4973d94925c8fd773cea002e1223ef9c78c2c37a01

SHA512
a07b38091fdfe1966503f549af16fae8b0546d76e7655863e8005f17d368aebe317ffbcdc17ff2c6e2f039dd1f32e838a22757af4313a7c7d7221382ee32fcbb

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\chrome_child.dll

Filesize
32.8MB

MD5
e8c22231e1574adb2f9492623abab8f8

SHA1
bc461a20ad48e3fc275b25b00c8102efb772058c

SHA256
01ac53eada556d319c19dc4973d94925c8fd773cea002e1223ef9c78c2c37a01

SHA512
a07b38091fdfe1966503f549af16fae8b0546d76e7655863e8005f17d368aebe317ffbcdc17ff2c6e2f039dd1f32e838a22757af4313a7c7d7221382ee32fcbb

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\chrome_child.dll

Filesize
32.8MB

MD5
e8c22231e1574adb2f9492623abab8f8

SHA1
bc461a20ad48e3fc275b25b00c8102efb772058c

SHA256
01ac53eada556d319c19dc4973d94925c8fd773cea002e1223ef9c78c2c37a01

SHA512
a07b38091fdfe1966503f549af16fae8b0546d76e7655863e8005f17d368aebe317ffbcdc17ff2c6e2f039dd1f32e838a22757af4313a7c7d7221382ee32fcbb

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\chrome_child.dll

Filesize
32.8MB

MD5
e8c22231e1574adb2f9492623abab8f8

SHA1
bc461a20ad48e3fc275b25b00c8102efb772058c

SHA256
01ac53eada556d319c19dc4973d94925c8fd773cea002e1223ef9c78c2c37a01

SHA512
a07b38091fdfe1966503f549af16fae8b0546d76e7655863e8005f17d368aebe317ffbcdc17ff2c6e2f039dd1f32e838a22757af4313a7c7d7221382ee32fcbb

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\chrome_child.dll

Filesize
32.8MB

MD5
e8c22231e1574adb2f9492623abab8f8

SHA1
bc461a20ad48e3fc275b25b00c8102efb772058c

SHA256
01ac53eada556d319c19dc4973d94925c8fd773cea002e1223ef9c78c2c37a01

SHA512
a07b38091fdfe1966503f549af16fae8b0546d76e7655863e8005f17d368aebe317ffbcdc17ff2c6e2f039dd1f32e838a22757af4313a7c7d7221382ee32fcbb

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ffmpegsumo.dll

Filesize
770KB

MD5
c945483d208ff4801cb8288895c0598b

SHA1
97663ff48b7bb6af63e27525142716ff708cc4d0

SHA256
a31a2ca5bc69618aee383617a1b9c31b2d302dfe42b593bda5c3527a02235432

SHA512
d80ed872fbce7fbc28887e38d4ddf8b5921798b5dd99a0959231aafebeccf0864343bd085db2200f756d77a357b392c715ce3372773586e1e43d982f9f113a0e

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ffmpegsumo.dll

Filesize
770KB

MD5
c945483d208ff4801cb8288895c0598b

SHA1
97663ff48b7bb6af63e27525142716ff708cc4d0

SHA256
a31a2ca5bc69618aee383617a1b9c31b2d302dfe42b593bda5c3527a02235432

SHA512
d80ed872fbce7fbc28887e38d4ddf8b5921798b5dd99a0959231aafebeccf0864343bd085db2200f756d77a357b392c715ce3372773586e1e43d982f9f113a0e

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ffmpegsumo.dll

Filesize
770KB

MD5
c945483d208ff4801cb8288895c0598b

SHA1
97663ff48b7bb6af63e27525142716ff708cc4d0

SHA256
a31a2ca5bc69618aee383617a1b9c31b2d302dfe42b593bda5c3527a02235432

SHA512
d80ed872fbce7fbc28887e38d4ddf8b5921798b5dd99a0959231aafebeccf0864343bd085db2200f756d77a357b392c715ce3372773586e1e43d982f9f113a0e

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ffmpegsumo.dll

Filesize
770KB

MD5
c945483d208ff4801cb8288895c0598b

SHA1
97663ff48b7bb6af63e27525142716ff708cc4d0

SHA256
a31a2ca5bc69618aee383617a1b9c31b2d302dfe42b593bda5c3527a02235432

SHA512
d80ed872fbce7fbc28887e38d4ddf8b5921798b5dd99a0959231aafebeccf0864343bd085db2200f756d77a357b392c715ce3372773586e1e43d982f9f113a0e

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ffmpegsumo.dll

Filesize
770KB

MD5
c945483d208ff4801cb8288895c0598b

SHA1
97663ff48b7bb6af63e27525142716ff708cc4d0

SHA256
a31a2ca5bc69618aee383617a1b9c31b2d302dfe42b593bda5c3527a02235432

SHA512
d80ed872fbce7fbc28887e38d4ddf8b5921798b5dd99a0959231aafebeccf0864343bd085db2200f756d77a357b392c715ce3372773586e1e43d982f9f113a0e

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ffmpegsumo.dll

Filesize
770KB

MD5
c945483d208ff4801cb8288895c0598b

SHA1
97663ff48b7bb6af63e27525142716ff708cc4d0

SHA256
a31a2ca5bc69618aee383617a1b9c31b2d302dfe42b593bda5c3527a02235432

SHA512
d80ed872fbce7fbc28887e38d4ddf8b5921798b5dd99a0959231aafebeccf0864343bd085db2200f756d77a357b392c715ce3372773586e1e43d982f9f113a0e

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ffmpegsumo.dll

Filesize
770KB

MD5
c945483d208ff4801cb8288895c0598b

SHA1
97663ff48b7bb6af63e27525142716ff708cc4d0

SHA256
a31a2ca5bc69618aee383617a1b9c31b2d302dfe42b593bda5c3527a02235432

SHA512
d80ed872fbce7fbc28887e38d4ddf8b5921798b5dd99a0959231aafebeccf0864343bd085db2200f756d77a357b392c715ce3372773586e1e43d982f9f113a0e

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\icudt.dll

Filesize
9.5MB

MD5
5434e18b933e03f274d8da59fda4c676

SHA1
9cf34066a3a28bf0dccff0e4b234a9ac22cffb8d

SHA256
ef080ad7436d544c285d026131ad0faa0b54d7e2f098d5c6c5920bbf88b3f6a7

SHA512
0799b6381eb959faa540be6d6a7a8a3b5b8bf5510adc4da039af844c6685a561e1c205d160dcb964caa2a1bbc4cacab9c70a3974f07417c274a0d6ba0157cce2

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\icudt.dll

Filesize
9.5MB

MD5
5434e18b933e03f274d8da59fda4c676

SHA1
9cf34066a3a28bf0dccff0e4b234a9ac22cffb8d

SHA256
ef080ad7436d544c285d026131ad0faa0b54d7e2f098d5c6c5920bbf88b3f6a7

SHA512
0799b6381eb959faa540be6d6a7a8a3b5b8bf5510adc4da039af844c6685a561e1c205d160dcb964caa2a1bbc4cacab9c70a3974f07417c274a0d6ba0157cce2

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\icudt.dll

Filesize
9.5MB

MD5
5434e18b933e03f274d8da59fda4c676

SHA1
9cf34066a3a28bf0dccff0e4b234a9ac22cffb8d

SHA256
ef080ad7436d544c285d026131ad0faa0b54d7e2f098d5c6c5920bbf88b3f6a7

SHA512
0799b6381eb959faa540be6d6a7a8a3b5b8bf5510adc4da039af844c6685a561e1c205d160dcb964caa2a1bbc4cacab9c70a3974f07417c274a0d6ba0157cce2

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\icudt.dll

Filesize
9.5MB

MD5
5434e18b933e03f274d8da59fda4c676

SHA1
9cf34066a3a28bf0dccff0e4b234a9ac22cffb8d

SHA256
ef080ad7436d544c285d026131ad0faa0b54d7e2f098d5c6c5920bbf88b3f6a7

SHA512
0799b6381eb959faa540be6d6a7a8a3b5b8bf5510adc4da039af844c6685a561e1c205d160dcb964caa2a1bbc4cacab9c70a3974f07417c274a0d6ba0157cce2

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\icudt.dll

Filesize
9.5MB

MD5
5434e18b933e03f274d8da59fda4c676

SHA1
9cf34066a3a28bf0dccff0e4b234a9ac22cffb8d

SHA256
ef080ad7436d544c285d026131ad0faa0b54d7e2f098d5c6c5920bbf88b3f6a7

SHA512
0799b6381eb959faa540be6d6a7a8a3b5b8bf5510adc4da039af844c6685a561e1c205d160dcb964caa2a1bbc4cacab9c70a3974f07417c274a0d6ba0157cce2

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\icudt.dll

Filesize
9.5MB

MD5
5434e18b933e03f274d8da59fda4c676

SHA1
9cf34066a3a28bf0dccff0e4b234a9ac22cffb8d

SHA256
ef080ad7436d544c285d026131ad0faa0b54d7e2f098d5c6c5920bbf88b3f6a7

SHA512
0799b6381eb959faa540be6d6a7a8a3b5b8bf5510adc4da039af844c6685a561e1c205d160dcb964caa2a1bbc4cacab9c70a3974f07417c274a0d6ba0157cce2

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\icudt.dll

Filesize
9.5MB

MD5
5434e18b933e03f274d8da59fda4c676

SHA1
9cf34066a3a28bf0dccff0e4b234a9ac22cffb8d

SHA256
ef080ad7436d544c285d026131ad0faa0b54d7e2f098d5c6c5920bbf88b3f6a7

SHA512
0799b6381eb959faa540be6d6a7a8a3b5b8bf5510adc4da039af844c6685a561e1c205d160dcb964caa2a1bbc4cacab9c70a3974f07417c274a0d6ba0157cce2

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\icudt.dll

Filesize
9.5MB

MD5
5434e18b933e03f274d8da59fda4c676

SHA1
9cf34066a3a28bf0dccff0e4b234a9ac22cffb8d

SHA256
ef080ad7436d544c285d026131ad0faa0b54d7e2f098d5c6c5920bbf88b3f6a7

SHA512
0799b6381eb959faa540be6d6a7a8a3b5b8bf5510adc4da039af844c6685a561e1c205d160dcb964caa2a1bbc4cacab9c70a3974f07417c274a0d6ba0157cce2

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ppgooglenaclpluginchrome.dll

Filesize
385KB

MD5
ffa32cc38ef09d93d4523292af7bb131

SHA1
cbb6cbc9e49de1b45aeca3bfbd4055843f09a95a

SHA256
34fde39da9d8555b5cdcfaae5b9c6693344eaf1e302854002dadb0bb2bc5a3a8

SHA512
c172814b6ed1c4592530e3e97847cc2c51c6bc5740f9a97fbde44811d60a11a7d2f15a35a22196a0d18c63d880b48abb7de6a170b42a18ac8a176819e8ee2b01

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ppgooglenaclpluginchrome.dll

Filesize
385KB

MD5
ffa32cc38ef09d93d4523292af7bb131

SHA1
cbb6cbc9e49de1b45aeca3bfbd4055843f09a95a

SHA256
34fde39da9d8555b5cdcfaae5b9c6693344eaf1e302854002dadb0bb2bc5a3a8

SHA512
c172814b6ed1c4592530e3e97847cc2c51c6bc5740f9a97fbde44811d60a11a7d2f15a35a22196a0d18c63d880b48abb7de6a170b42a18ac8a176819e8ee2b01

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\31.0.1650.23\ppgooglenaclpluginchrome.dll

Filesize
385KB

MD5
ffa32cc38ef09d93d4523292af7bb131

SHA1
cbb6cbc9e49de1b45aeca3bfbd4055843f09a95a

SHA256
34fde39da9d8555b5cdcfaae5b9c6693344eaf1e302854002dadb0bb2bc5a3a8

SHA512
c172814b6ed1c4592530e3e97847cc2c51c6bc5740f9a97fbde44811d60a11a7d2f15a35a22196a0d18c63d880b48abb7de6a170b42a18ac8a176819e8ee2b01

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
\Users\Admin\AppData\Local\Lasaoren\Application\lasaoren.exe

Filesize
727KB

MD5
1cf60a431ca94bb9ce57244e95f39a0f

SHA1
c30b393a761a1c9938b1931a784aa39bd122fcd5

SHA256
4aab3452ca292acffdb602ce5cf6c32282048877afac41aca10f25baa5acb8d9

SHA512
0c8d93b9ae5265ff9fd4a59a7cb9abe422ce9597147ae02843d2cf49a28ce23763eeee961c48701c0bf844d3f448e87c82431b7632954e0e277966e5db628ae5

Download Submit
\Users\Admin\AppData\Local\Temp\CR_E20A6.tmp\setup.exe

Filesize
999KB

MD5
8dda0f4338a8996a8c7786722b2ffce1

SHA1
2d47f74740a0b6ceb5450777913934f30d3cd351

SHA256
8ad66357cd96544c72b013db43657198aff9999e2e1986c820b4416fd57e6a1e

SHA512
6e8c11d6ff324df9e2ee270e5ee10e80c452f58034eb12c301294c6e83d7c4e6de5777fa6767d5b7b31254a049a1983c4754d35b42aab1e807c819d624cb9333

Download Submit
memory/1180-54-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download