File name:

LagoFastInstaller__20240322_180853_channel112.exe

Full analysis: https://app.any.run/tasks/b42da927-e987-443d-92ac-9bc1d16ee92a
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: September 30, 2024, 08:36:12
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
mqtt
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

3CC48E16039FA2C5025E07CBE5CFB1B0

SHA1:

447D5C9ADECA1E9A5307FFD6226CEE39EB5B828B

SHA256:

669D27950B48A05B28047F7AB36DCFDC0340B87CAE36F7A764422E7331B5A602

SSDEEP:

98304:1p6cw5xa6VJxFnaga522ObbTIw5HbpdnNNYqJGksyA/CjQS+E/C:Rj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates a software uninstall entry

      • ChannelIstaller.exe (PID: 2100)
      • LagoFastInstaller__20240322_180853_channel112.exe (PID: 1556)

    • Searches for installed software

      • ChannelIstaller.exe (PID: 2100)
      • LagoFast.exe (PID: 4008)

    • Drops a system driver (possible attempt to evade defenses)

      • ChannelIstaller.exe (PID: 2100)

    • Executable content was dropped or overwritten

      • ChannelIstaller.exe (PID: 2100)
      • LagoFast.exe (PID: 4008)

    • Reads security settings of Internet Explorer

      • LagoFastInstaller__20240322_180853_channel112.exe (PID: 1556)
      • LagoFast.exe (PID: 4008)

    • Uses NETSH.EXE to redirect traffic

      • LagoFast.exe (PID: 4008)

    • Potential Corporate Privacy Violation

      • LagoFast.exe (PID: 4008)

    • The process checks if it is being run in the virtual environment

      • LagoFast.exe (PID: 4008)

    • Connects to unusual port

      • LagoFast.exe (PID: 4008)

  • INFO

    • Create files in a temporary directory

      • LagoFastInstaller__20240322_180853_channel112.exe (PID: 1556)
      • ChannelIstaller.exe (PID: 2100)

    • Checks supported languages

      • LagoFastInstaller__20240322_180853_channel112.exe (PID: 1556)
      • ChannelIstaller.exe (PID: 2100)
      • LagoFast.exe (PID: 4008)

    • Reads the computer name

      • LagoFastInstaller__20240322_180853_channel112.exe (PID: 1556)
      • ChannelIstaller.exe (PID: 2100)
      • LagoFast.exe (PID: 4008)

    • Sends debugging messages

      • ChannelIstaller.exe (PID: 2100)
      • LagoFastInstaller__20240322_180853_channel112.exe (PID: 1556)

    • Creates files in the program directory

      • ChannelIstaller.exe (PID: 2100)
      • LagoFast.exe (PID: 4008)

    • Reads the machine GUID from the registry

      • LagoFast.exe (PID: 4008)

    • Process checks computer location settings

      • LagoFast.exe (PID: 4008)
      • LagoFastInstaller__20240322_180853_channel112.exe (PID: 1556)

    • Creates files or folders in the user directory

      • LagoFast.exe (PID: 4008)
      • ChannelIstaller.exe (PID: 2100)

    • The process uses the downloaded file

      • LagoFast.exe (PID: 4008)
      • LagoFastInstaller__20240322_180853_channel112.exe (PID: 1556)

    • Checks proxy server information

      • LagoFast.exe (PID: 4008)

    • Disables trace logs

      • LagoFast.exe (PID: 4008)
      • netsh.exe (PID: 6772)
      • netsh.exe (PID: 2872)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.dll | Win32 Dynamic Link Library (generic) (4.9)
.exe | Win32 Executable (generic) (3.4)
.exe | Generic Win/DOS Executable (1.5)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:22 10:36:42+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.16
CodeSize: 1321984
InitializedDataSize: 1880576
UninitializedDataSize: -
EntryPoint: 0xd5b12
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 2.1.4.393
ProductVersionNumber: 6.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: LagoFast LLC
FileDescription: LagoFast
FileVersion: 2.1.4.393
InternalName: install.exe
LegalCopyright: (C) LagoFast LLC
OriginalFileName: install.exe
ProductName: LagoFast
ProductVersion: 2.1.4.393
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
137
Monitored processes
8
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start lagofastinstaller__20240322_180853_channel112.exe channelistaller.exe lagofast.exe netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs lagofastinstaller__20240322_180853_channel112.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1556"C:\Users\admin\Desktop\LagoFastInstaller__20240322_180853_channel112.exe" C:\Users\admin\Desktop\LagoFastInstaller__20240322_180853_channel112.exe
explorer.exe
User:
admin
Company:
LagoFast LLC
Integrity Level:
HIGH
Description:
LagoFast
Exit code:
0
Version:
2.1.4.393
Modules
Images
c:\users\admin\desktop\lagofastinstaller__20240322_180853_channel112.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2100 -pipename=\\.\pipe\autoupdate_pipe_lagofast_1556 -silent -auto-start -install-path "C:\Program Files (x86)\LagoFast" C:\Users\admin\AppData\Local\Temp\ChannelIstaller.exe
LagoFastInstaller__20240322_180853_channel112.exe
User:
admin
Company:
LagoFast LLC
Integrity Level:
HIGH
Description:
LagoFast
Exit code:
0
Version:
2.2.2.596
Modules
Images
c:\users\admin\appdata\local\temp\channelistaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2804\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2872"C:\Windows\System32\netsh.exe" interface portproxy delete v4tov4 listenaddress=127.0.0.12 listenport=443C:\Windows\SysWOW64\netsh.exeLagoFast.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4008"C:\Program Files (x86)\LagoFast\LagoFast.exe" C:\Program Files (x86)\LagoFast\LagoFast.exe
LagoFastInstaller__20240322_180853_channel112.exe
User:
admin
Company:
LagoFast LLC
Integrity Level:
HIGH
Description:
LagoFast
Version:
2.2.2.596
Modules
Images
c:\program files (x86)\lagofast\lagofast.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\rpcrt4.dll
5072"C:\Users\admin\Desktop\LagoFastInstaller__20240322_180853_channel112.exe" C:\Users\admin\Desktop\LagoFastInstaller__20240322_180853_channel112.exeexplorer.exe
User:
admin
Company:
LagoFast LLC
Integrity Level:
MEDIUM
Description:
LagoFast
Exit code:
3221226540
Version:
2.1.4.393
Modules
Images
c:\users\admin\desktop\lagofastinstaller__20240322_180853_channel112.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
5280\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6772"C:\Windows\System32\netsh.exe" interface portproxy delete v4tov4 listenaddress=127.0.0.12 listenport=80C:\Windows\SysWOW64\netsh.exeLagoFast.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
3 719
Read events
3 683
Write events
32
Delete events
4

Modification events

(PID) Process:(2100) ChannelIstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LagoFast
Operation:writeName:UninstallString
Value:
(PID) Process:(2100) ChannelIstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LagoFast
Operation:writeName:DisplayName
Value:
LagoFast
(PID) Process:(2100) ChannelIstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LagoFast
Operation:writeName:URLInfoAbout
Value:
https://www.LagoFast.cn
(PID) Process:(2100) ChannelIstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LagoFast
Operation:writeName:Publisher
Value:
LagoFast LLC
(PID) Process:(2100) ChannelIstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LagoFast
Operation:writeName:DisplayVersion
Value:
2.2.2
(PID) Process:(2100) ChannelIstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LagoFast
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\LagoFast\LagoFast.exe
(PID) Process:(2100) ChannelIstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LagoFast
Operation:writeName:UninstallString
Value:
C:\Program Files (x86)\LagoFast\Uninstall.exe
(PID) Process:(2100) ChannelIstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lagofast
Operation:writeName:URL Protocol
Value:
(PID) Process:(2100) ChannelIstaller.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan\Parameters
Operation:writeName:ProhibitIPSec
Value:
1
(PID) Process:(1556) LagoFastInstaller__20240322_180853_channel112.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:LagoFast
Value:
Executable files
78
Suspicious files
14
Text files
40
Unknown types
20

Dropped files

PID
Process
Filename
Type
1556LagoFastInstaller__20240322_180853_channel112.exeC:\Users\admin\AppData\Local\Temp\ChannelIstaller.exe
MD5:
SHA256:
2100ChannelIstaller.exeC:\Users\admin\AppData\Local\Temp\qy.zip
MD5:
SHA256:
2100ChannelIstaller.exeC:\Program Files (x86)\LagoFast\cef\locales\en-US.pakpgc
MD5:424663A523CE37F8A6087681FE3B05F3
SHA256:A9AD65A2BC012CC22EFCEA44FF42DE06503043F7CE76CCAB8EDAA33456D339E7
2100ChannelIstaller.exeC:\Program Files (x86)\LagoFast\cef\cef.pakmmw
MD5:3F25F3CB727EC8A91891F8EC21657212
SHA256:F8A79E0F94E8A6EF849AED1910040C7D8A4C8A61487EB67163509008C9CDB33B
2100ChannelIstaller.exeC:\Program Files (x86)\LagoFast\cef\locales\zh-TW.pakpgc
MD5:4CF02219A3829F1841F430527DA47BA5
SHA256:A08E74C73A327618104FD7BE45BE6359F0EE82A05EA1DCDF23DF3825491D6382
2100ChannelIstaller.exeC:\Program Files (x86)\LagoFast\cef\cef_200_percent.pakpgc
MD5:065140DE55434F35F9C5C10764C29EE4
SHA256:EF2C632CA52B27D464D6D3D8CD1B5B31B62B1102845682C680CD2BB102C5FCA0
2100ChannelIstaller.exeC:\Program Files (x86)\LagoFast\res\icon_refresh.pngimage
MD5:0CDA72A94F52A39E41ADA683D6C2E68C
SHA256:8B193BB500B1FDD7568A7D6EC683472C92BF9F6768F7F82B0A59A652D370C9CB
2100ChannelIstaller.exeC:\Program Files (x86)\LagoFast\cef\cef_100_percent.pakpgc
MD5:CC741473D2D075FDC2BE804EEC407A12
SHA256:6107C1BFDBF2CF351D5281073422B836D7A547E81345BFF502FD31335D7FCBB3
2100ChannelIstaller.exeC:\Program Files (x86)\LagoFast\WindowsPacketFilter3.2.29.1x64.msiexecutable
MD5:D226711B919E33859CC1718822A98E3D
SHA256:DC3E96AB02531304CFFD8D934568894F7413836C792A95E31E6096FD2C4D426E
2100ChannelIstaller.exeC:\Program Files (x86)\LagoFast\cef\locales\en-GB.pakpgc
MD5:2C4FF090C2235DF95B8C1799CFCCEC1D
SHA256:5519ED17B8DEEF30F441C2787A9F52FCB3DB68ACE2D619562E36F628AA2E805C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
67
DNS requests
17
Threats
22

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1768
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
47.88.111.45:443
https://lagofast-online-static.oss-us-west-1.aliyuncs.com/icon/big_game_610_1653618497.png
unknown
GET
47.88.111.45:443
https://lagofast-online-static.oss-us-west-1.aliyuncs.com/icon/big_game_19_1726037304.png
unknown
GET
47.88.111.45:443
https://lagofast-online-static.oss-us-west-1.aliyuncs.com/icon/big_game_13014_1724912446.png
unknown
GET
47.88.111.45:443
https://lagofast-online-static.oss-us-west-1.aliyuncs.com/icon/big_game_613_1698740811.png
unknown
4484
WmiPrvSE.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
GET
200
163.181.92.232:443
https://cbs.lagofast.com/api/common_bll/v1/client/config?client_channel=112&client_type=PC&client_version=2.2.2&crypto_method=AES-ECB&version=2.2.2
unknown
binary
4.95 Kb
unknown
POST
200
20.189.173.12:443
https://browser.pipe.aria.microsoft.com/Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-CJS-1.2.0&x-apikey=33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176
unknown
whitelisted
GET
200
163.181.92.179:443
https://static.lagofast.com/official/pc/client_channel/LGInstaller.exe
unknown
executable
79.7 Mb
unknown
GET
200
163.181.92.232:443
https://cbs.lagofast.com/api/common_bll/v1/game/pc_tag_list?client_type=10&version=2.2.2
unknown
binary
346 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
239.255.255.250:1900
whitelisted
1768
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1768
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1768
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6432
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1556
LagoFastInstaller__20240322_180853_channel112.exe
163.181.92.179:443
static.lagofast.com
Zhejiang Taobao Network Co.,Ltd
DE
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 142.250.185.142
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
static.lagofast.com
  • 163.181.92.179
unknown
browser.pipe.aria.microsoft.com
  • 20.42.73.30
whitelisted
events.appsflyer.com
  • 18.245.60.95
  • 18.245.60.15
  • 18.245.60.53
  • 18.245.60.38
whitelisted
www.baidu.com
  • 103.235.47.188
  • 103.235.46.96
whitelisted
cbs.lagofast.com
  • 163.181.92.228
  • 163.181.92.232
  • 163.181.92.229
  • 163.181.92.231
  • 163.181.92.230
  • 163.181.92.234
  • 163.181.92.233
  • 163.181.92.235
unknown
lagofast-online-static.oss-us-west-1.aliyuncs.com
  • 47.88.111.45
unknown
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
whitelisted

Threats

PID
Process
Class
Message
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
4008
LagoFast.exe
Potential Corporate Privacy Violation
POLICY [ANY.RUN] MQTT protocol has been detected
4008
LagoFast.exe
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
4008
LagoFast.exe
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
2256
svchost.exe
Misc activity
ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com)
4008
LagoFast.exe
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
4008
LagoFast.exe
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
4008
LagoFast.exe
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
4008
LagoFast.exe
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
4008
LagoFast.exe
Misc activity
ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)
Process
Message
LagoFastInstaller__20240322_180853_channel112.exe
__update namepipestr \\.\pipe\autoupdate_pipe_lagofast_1556
ChannelIstaller.exe
\\.\pipe\autoupdate_pipe_lagofast_1556
ChannelIstaller.exe
__install pipename suc \\.\pipe\autoupdate_pipe_lagofast_1556
LagoFastInstaller__20240322_180853_channel112.exe
Client connected suc
LagoFastInstaller__20240322_180853_channel112.exe
__update ReadFile 1
LagoFastInstaller__20240322_180853_channel112.exe
__update ReadFile 2
LagoFastInstaller__20240322_180853_channel112.exe
__update ReadFile 3
LagoFastInstaller__20240322_180853_channel112.exe
__update ReadFile 4
LagoFastInstaller__20240322_180853_channel112.exe
__update ReadFile 5
LagoFastInstaller__20240322_180853_channel112.exe
__update ReadFile 6
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
LagoFastInstaller__20240322_180853_channel112.exe