hxxp://45[.]95[.]169[.]45[:]23205/

Resubmissions

22-11-2022 00:51

221122-a7gqmagg5y 8

21-11-2022 23:09

21-11-2022 21:54

21-11-2022 21:30

21-11-2022 20:42

21-11-2022 19:29

Analysis

max time kernel
299s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2022 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://45.95.169.45:23205/

Score

8^/10

persistence pyinstaller

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

lazagne (1).exelazagne (1).exeServinorte.EXE

pid process

4200 lazagne (1).exe
1356 lazagne (1).exe
3676 Servinorte.EXE

pid	process
4200	lazagne (1).exe
1356	lazagne (1).exe
3676	Servinorte.EXE

Loads dropped DLL 11 IoCs

Processes:

lazagne (1).exe

pid	process
1356	lazagne (1).exe
1356	lazagne (1).exe
1356	lazagne (1).exe
1356	lazagne (1).exe
1356	lazagne (1).exe
1356	lazagne (1).exe
1356	lazagne (1).exe
1356	lazagne (1).exe
1356	lazagne (1).exe
1356	lazagne (1).exe
1356	lazagne (1).exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

svchost.exeexplorer.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{AB1F3E47-AEF1-400E-A108-233A046C3A34} = "C:\\ProgramData\\Oracle\\java.exe"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{AB1F3E47-AEF1-400E-A108-233A046C3A34} = "C:\\ProgramData\\Oracle\\java.exe"	explorer.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

Servinorte.EXE

description	pid	process	target process
PID 3676 set thread context of 2292	3676	Servinorte.EXE	svchost.exe
PID 3676 set thread context of 3536	3676	Servinorte.EXE	explorer.exe

Detects Pyinstaller 3 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\lazagne (1).exe	pyinstaller
C:\Users\Admin\Downloads\lazagne (1).exe	pyinstaller
C:\Users\Admin\Downloads\lazagne (1).exe	pyinstaller

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exeServinorte.EXEsvchost.exeexplorer.exechrome.exe

pid	process
4996	chrome.exe
4996	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
2756	chrome.exe
2756	chrome.exe
2076	chrome.exe
2076	chrome.exe
1856	chrome.exe
1856	chrome.exe
2496	chrome.exe
2496	chrome.exe
3000	chrome.exe
3000	chrome.exe
2288	chrome.exe
2288	chrome.exe
4584	chrome.exe
4584	chrome.exe
4760	chrome.exe
4760	chrome.exe
3744	chrome.exe
3744	chrome.exe
3676	Servinorte.EXE
3676	Servinorte.EXE
3676	Servinorte.EXE
3676	Servinorte.EXE
3676	Servinorte.EXE
3676	Servinorte.EXE
2292	svchost.exe
2292	svchost.exe
2292	svchost.exe
2292	svchost.exe
3536	explorer.exe
3536	explorer.exe
3536	explorer.exe
3536	explorer.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

3664 chrome.exe
3664 chrome.exe
3664 chrome.exe
3664 chrome.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

Servinorte.EXEsvchost.exeexplorer.exe

description pid process

Token: SeDebugPrivilege 3676 Servinorte.EXE
Token: SeDebugPrivilege 2292 svchost.exe
Token: SeDebugPrivilege 3536 explorer.exe

description	pid	process
Token: SeDebugPrivilege	3676	Servinorte.EXE
Token: SeDebugPrivilege	2292	svchost.exe
Token: SeDebugPrivilege	3536	explorer.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

chrome.exe

pid	process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe
3664	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3664 wrote to memory of 4820	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4820	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4276	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4996	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 4996	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe
PID 3664 wrote to memory of 3852	3664	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://45.95.169.45:23205/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe826a4f50,0x7ffe826a4f60,0x7ffe826a4f70
2⤵
PID:4820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1668 /prefetch:2
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2028 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2324 /prefetch:8
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
2⤵
PID:3900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4336 /prefetch:8
2⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4976 /prefetch:8
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4996 /prefetch:8
2⤵
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5108 /prefetch:8
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4984 /prefetch:8
2⤵
PID:1220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 /prefetch:8
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 /prefetch:8
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2748 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=812 /prefetch:8
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5460 /prefetch:8
2⤵
PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4588 /prefetch:8
2⤵
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2764 /prefetch:8
2⤵
PID:516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5560 /prefetch:8
2⤵
PID:1128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4760

C:\Users\Admin\Downloads\lazagne (1).exe
"C:\Users\Admin\Downloads\lazagne (1).exe"
2⤵
- Executes dropped EXE
PID:4200

C:\Users\Admin\Downloads\lazagne (1).exe
"C:\Users\Admin\Downloads\lazagne (1).exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4316 /prefetch:8
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5404 /prefetch:8
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5152 /prefetch:8
2⤵
PID:3580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2820 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2860 /prefetch:8
2⤵
PID:5036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5680 /prefetch:8
2⤵
PID:1220

C:\Users\Admin\Downloads\Servinorte.EXE
"C:\Users\Admin\Downloads\Servinorte.EXE"
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3676

C:\Windows\system32\svchost.exe
"C:\Windows\system32\svchost.exe"
3⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2292

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
3⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5736 /prefetch:8
2⤵
PID:4164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5868 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4428 /prefetch:8
2⤵
PID:3748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 /prefetch:8
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4984 /prefetch:8
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1652,9347807052839500811,8994355149915302041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1232 /prefetch:8
2⤵
PID:2144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\_ctypes.pyd

Filesize
119KB

MD5
77be51b28c575526d749e2a91f3a4a83

SHA1
6a3a1b24696f5e82813eb5ae633fb4a3543d0543

SHA256
6f450435edb2b78504f166044aa45e87cd19670789dfacdb1074db7f934ab2a6

SHA512
2fb131ed48ac08e51c485d8ce5f16c09c7aa7d3ababb02b01198cc5ece15c33f161af25b7ed3130ee63676dedc0ffb06c40eeb2a6c8654d89ba3539a5242cf6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\_elementtree.pyd

Filesize
183KB

MD5
c97bf92a8086849b9ad36dfffe33081e

SHA1
7889a9f095ccd2fc84752479516ed32a5f50838d

SHA256
425341f9b08a8d1683a9d88dcd820acfe9e88612d4666cf9d2421315a592e74e

SHA512
55989fe0c8bf06fb2057754c0939ef22931ceba288c0066b01f307172aaff5a29aa866d20d645585226a9c5f8b1c64aedc76627f7ab700f786cb27ad85d864eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\_hashlib.pyd

Filesize
1.6MB

MD5
ae415df4a7c5e23857092c0c10bd7d8f

SHA1
ee6793e2eebb0e11e520933f4d233d8818d7c066

SHA256
4c5af12ecd203ea45e2aec5ce9b4b862636a3b9a6057ce0d5d8cce0ee37ec3a9

SHA512
6d1666e387eba3a1e12d98d971f58adbd05d8d7fa5b4ed5240fbe0343c342ad36d4547d705b84acbae66d2a6013bb4484fd33bf74567ff81420297cbdc6677ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\_multiprocessing.pyd

Filesize
34KB

MD5
d29f54fe961ff0be2b4d1b75b18ee229

SHA1
eb0e10454ba5ebd35422dcfd15f5e718acb015d3

SHA256
d384e6a309c41031921fac5358b99a37e4768681d882de3e66d20179bde623cf

SHA512
5bfcc3187fa0cf9a997dd35b91a831ab6aefb960564f1a1479ba28252085eaac167e91502b512d7e396630076e666535b593e0ec86efbffe5c0e516aa9283442

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\_socket.pyd

Filesize
49KB

MD5
f9b160a08dacc271b8b7ad1516d88330

SHA1
762698430bbfe5b5d52756b969fe7a757ce07a33

SHA256
7ddf74ac35a6dfa24c4f96acd058829fc934b798af910ed2a58d9b8ef8a26511

SHA512
5f1666a63e1a5a9d788556899d2a1ddeb28a33c4aac9273c706c35fe7ff3feeb0138a2e75e6f9540560f8df5717a9b0e264684f27c13277db632cfccd506aa2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\_sqlite3.pyd

Filesize
62KB

MD5
cee4e6d863e08f9db01735f9fec8e9b1

SHA1
6cc4e503227c6d07749ed2bdf79a5878d3ad2def

SHA256
43092954458ad5d6e6cd2c8fd5d917d09a66e8976b0ba3225cda48d60465e179

SHA512
62e2530e8f42b5512474d95bd40a36e8ccf5f9da7213386bbcefb6096f82cd6940309cde42cf77b0bd371308e797e5b7a4b6e4c7db7e12d9e00277c6f8f0e040

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\_ssl.pyd

Filesize
2.0MB

MD5
16bbb7e72d190e6712d923dbc854a45f

SHA1
2913c4d3b9f0c708845252e863518d9bdaea5aac

SHA256
a9d0fdc952d5bb1ba7f809a6fa7ba9418414d5a10f4a7d429f680eac22d6a322

SHA512
906f16928e322addf52aad4e21265650b82853ae73e39ec60a80effd205d75bf5b4183bac1cd55f853bbcfdc84c4fb2694acff2098c32d93175aeefd3cdff5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\bz2.pyd

Filesize
90KB

MD5
a1950d15ae7fadd5b203639f3965f690

SHA1
dd09dfee5577feca2ce25d9cc5091933ca580adb

SHA256
baa75ad550784c5c5bada51cb565784a04f267fad708e6611b0cc3dc6ae0c1ed

SHA512
b0ca2e27e0fa77a58c7a56d66bf01fca152cb784e11ced7e247b092864f5a81b6cde353adfe58193d660f9be7b37c8076a6ca75390d4b34228b5359a3a884c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\lazagne.exe.manifest

Filesize
1012B

MD5
dbcdc3116767f0b87dfbb68d4ffc4f9c

SHA1
2734ca39f9fd5456eac65457bb24d83b29bdcac0

SHA256
4127ecf092bc603470ef5ad84159c45bc15d341cdfb95ff314b7792bbe471930

SHA512
d47096b3b2d0d5970221a310ce6a3dfeff43e134635362e1d8c662f2eee1de96b7c832a5b701837823649535e7deeea5bcac97e95073920519b3703488d4b1ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\pyexpat.pyd

Filesize
182KB

MD5
a5087ebbe3f55657e588b6c3d33b05b5

SHA1
66cb6592d0c7c33b4089906ca1fd8d1f60b9c9cb

SHA256
a2fd7ffced225de673f815374903500921baa1ff2b13a5de1dc35b53e457b964

SHA512
ff9c394b5516dc828da580f8a5d2cbed77e957cad568628ed801a0e5c5f7b8873fa7a5a3a5234d61c86eea95a87720bfdb17aebab706ce1a76097d2f0330abe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\python27.dll

Filesize
3.3MB

MD5
3ae2bfd1f3810e1f8e63d12b6640d305

SHA1
0eaa9f0c96fa24ab837c736e6540a0be72ed83d2

SHA256
43e8c9b6c1403b4622de9c9bff75542803a674909d44aba26cf11828fd0a5ed0

SHA512
002af9c02f59b1001060c9451e59ff617d6bac002c4e0553d61edbae1c55e59da9d04ed3b0075b93ab7f8c6da43e7ac2b9664464a07d073a5a32c7d601dc16e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\python27.dll

Filesize
3.3MB

MD5
3ae2bfd1f3810e1f8e63d12b6640d305

SHA1
0eaa9f0c96fa24ab837c736e6540a0be72ed83d2

SHA256
43e8c9b6c1403b4622de9c9bff75542803a674909d44aba26cf11828fd0a5ed0

SHA512
002af9c02f59b1001060c9451e59ff617d6bac002c4e0553d61edbae1c55e59da9d04ed3b0075b93ab7f8c6da43e7ac2b9664464a07d073a5a32c7d601dc16e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42002\sqlite3.dll

Filesize
784KB

MD5
6243adf7ebc3e698197c7161c219d172

SHA1
dabf82e0359066bc92bd9dd44800927d21595b85

SHA256
9bdab17d9ee7c7ed2bd7cf06e2342a4661ab1cc43c0d6cdac708c7e13c329561

SHA512
37c0a1b94471aace82973ee9ebff5d371df1e501399c0784194abce48e403107db7738437b9079aacde0241714b24704c274f978cd89b01d61fa343a3410bcc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42~1\_ctypes.pyd

Filesize
119KB

MD5
77be51b28c575526d749e2a91f3a4a83

SHA1
6a3a1b24696f5e82813eb5ae633fb4a3543d0543

SHA256
6f450435edb2b78504f166044aa45e87cd19670789dfacdb1074db7f934ab2a6

SHA512
2fb131ed48ac08e51c485d8ce5f16c09c7aa7d3ababb02b01198cc5ece15c33f161af25b7ed3130ee63676dedc0ffb06c40eeb2a6c8654d89ba3539a5242cf6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42~1\_elementtree.pyd

Filesize
183KB

MD5
c97bf92a8086849b9ad36dfffe33081e

SHA1
7889a9f095ccd2fc84752479516ed32a5f50838d

SHA256
425341f9b08a8d1683a9d88dcd820acfe9e88612d4666cf9d2421315a592e74e

SHA512
55989fe0c8bf06fb2057754c0939ef22931ceba288c0066b01f307172aaff5a29aa866d20d645585226a9c5f8b1c64aedc76627f7ab700f786cb27ad85d864eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42~1\_hashlib.pyd

Filesize
1.6MB

MD5
ae415df4a7c5e23857092c0c10bd7d8f

SHA1
ee6793e2eebb0e11e520933f4d233d8818d7c066

SHA256
4c5af12ecd203ea45e2aec5ce9b4b862636a3b9a6057ce0d5d8cce0ee37ec3a9

SHA512
6d1666e387eba3a1e12d98d971f58adbd05d8d7fa5b4ed5240fbe0343c342ad36d4547d705b84acbae66d2a6013bb4484fd33bf74567ff81420297cbdc6677ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42~1\_multiprocessing.pyd

Filesize
34KB

MD5
d29f54fe961ff0be2b4d1b75b18ee229

SHA1
eb0e10454ba5ebd35422dcfd15f5e718acb015d3

SHA256
d384e6a309c41031921fac5358b99a37e4768681d882de3e66d20179bde623cf

SHA512
5bfcc3187fa0cf9a997dd35b91a831ab6aefb960564f1a1479ba28252085eaac167e91502b512d7e396630076e666535b593e0ec86efbffe5c0e516aa9283442

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42~1\_socket.pyd

Filesize
49KB

MD5
f9b160a08dacc271b8b7ad1516d88330

SHA1
762698430bbfe5b5d52756b969fe7a757ce07a33

SHA256
7ddf74ac35a6dfa24c4f96acd058829fc934b798af910ed2a58d9b8ef8a26511

SHA512
5f1666a63e1a5a9d788556899d2a1ddeb28a33c4aac9273c706c35fe7ff3feeb0138a2e75e6f9540560f8df5717a9b0e264684f27c13277db632cfccd506aa2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42~1\_sqlite3.pyd

Filesize
62KB

MD5
cee4e6d863e08f9db01735f9fec8e9b1

SHA1
6cc4e503227c6d07749ed2bdf79a5878d3ad2def

SHA256
43092954458ad5d6e6cd2c8fd5d917d09a66e8976b0ba3225cda48d60465e179

SHA512
62e2530e8f42b5512474d95bd40a36e8ccf5f9da7213386bbcefb6096f82cd6940309cde42cf77b0bd371308e797e5b7a4b6e4c7db7e12d9e00277c6f8f0e040

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42~1\_ssl.pyd

Filesize
2.0MB

MD5
16bbb7e72d190e6712d923dbc854a45f

SHA1
2913c4d3b9f0c708845252e863518d9bdaea5aac

SHA256
a9d0fdc952d5bb1ba7f809a6fa7ba9418414d5a10f4a7d429f680eac22d6a322

SHA512
906f16928e322addf52aad4e21265650b82853ae73e39ec60a80effd205d75bf5b4183bac1cd55f853bbcfdc84c4fb2694acff2098c32d93175aeefd3cdff5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42~1\bz2.pyd

Filesize
90KB

MD5
a1950d15ae7fadd5b203639f3965f690

SHA1
dd09dfee5577feca2ce25d9cc5091933ca580adb

SHA256
baa75ad550784c5c5bada51cb565784a04f267fad708e6611b0cc3dc6ae0c1ed

SHA512
b0ca2e27e0fa77a58c7a56d66bf01fca152cb784e11ced7e247b092864f5a81b6cde353adfe58193d660f9be7b37c8076a6ca75390d4b34228b5359a3a884c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42~1\pyexpat.pyd

Filesize
182KB

MD5
a5087ebbe3f55657e588b6c3d33b05b5

SHA1
66cb6592d0c7c33b4089906ca1fd8d1f60b9c9cb

SHA256
a2fd7ffced225de673f815374903500921baa1ff2b13a5de1dc35b53e457b964

SHA512
ff9c394b5516dc828da580f8a5d2cbed77e957cad568628ed801a0e5c5f7b8873fa7a5a3a5234d61c86eea95a87720bfdb17aebab706ce1a76097d2f0330abe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI42~1\sqlite3.dll

Filesize
784KB

MD5
6243adf7ebc3e698197c7161c219d172

SHA1
dabf82e0359066bc92bd9dd44800927d21595b85

SHA256
9bdab17d9ee7c7ed2bd7cf06e2342a4661ab1cc43c0d6cdac708c7e13c329561

SHA512
37c0a1b94471aace82973ee9ebff5d371df1e501399c0784194abce48e403107db7738437b9079aacde0241714b24704c274f978cd89b01d61fa343a3410bcc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{F9ED2351-FDBC-4B5B-9D45-23A0CB28B0C0}

Filesize
288KB

MD5
298e3136f5e10d8073e26f20bc2d8b2e

SHA1
e9d323d9a4bd03f52dcfafb84df48c11d12d8ab1

SHA256
70790df1aff523c919f68ff4cc746f6cd993aa275c15578f782705d33de1ed21

SHA512
9bf530356de9f37a1038f5e613e254e0d88a02e4311f841ddc0622546f78615af4cc1281395bb7a55385b73c7f8f3519fb7d17c8d98668c8104da6b1b0085aa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{F9ED2351-FDBC-4B5B-9D45-23A0CB28B0C0}

Filesize
288KB

MD5
298e3136f5e10d8073e26f20bc2d8b2e

SHA1
e9d323d9a4bd03f52dcfafb84df48c11d12d8ab1

SHA256
70790df1aff523c919f68ff4cc746f6cd993aa275c15578f782705d33de1ed21

SHA512
9bf530356de9f37a1038f5e613e254e0d88a02e4311f841ddc0622546f78615af4cc1281395bb7a55385b73c7f8f3519fb7d17c8d98668c8104da6b1b0085aa8

Download Submit
C:\Users\Admin\Downloads\Servinorte.EXE

Filesize
405KB

MD5
d2dba05882a44341a491221eacc3022e

SHA1
ec197b3156d705e05c2c4f11c4346641056d81b3

SHA256
3fc8da6fe67dbeeddf9e618d24f68deab27ec9c501a3b8782b258709f5c3a62c

SHA512
69a9331c42983bbaa2b45adf493b3b6e09be4619ccb8992c307c7da7148f68fecdace3e88b36b2234f2766ed7f80425cd9ef11cc109cc311394358a7caa8a61e

Download Submit
C:\Users\Admin\Downloads\Servinorte.EXE

Filesize
405KB

MD5
d2dba05882a44341a491221eacc3022e

SHA1
ec197b3156d705e05c2c4f11c4346641056d81b3

SHA256
3fc8da6fe67dbeeddf9e618d24f68deab27ec9c501a3b8782b258709f5c3a62c

SHA512
69a9331c42983bbaa2b45adf493b3b6e09be4619ccb8992c307c7da7148f68fecdace3e88b36b2234f2766ed7f80425cd9ef11cc109cc311394358a7caa8a61e

Download Submit
C:\Users\Admin\Downloads\lazagne (1).exe

Filesize
6.3MB

MD5
68d3bf2c363144ec6874ab360fdda00a

SHA1
fa2f281fd4009100b2293e120997bfd7feb10c16

SHA256
ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56

SHA512
a99497da071bce5feed5d319a8b54bcf8cf13d33744765eb9fcd984f196fdb9745a3959fdc50c488fd2556aba35c1c9d984188d1e611e8b1e84961116237737d

Download Submit
C:\Users\Admin\Downloads\lazagne (1).exe

Filesize
6.3MB

MD5
68d3bf2c363144ec6874ab360fdda00a

SHA1
fa2f281fd4009100b2293e120997bfd7feb10c16

SHA256
ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56

SHA512
a99497da071bce5feed5d319a8b54bcf8cf13d33744765eb9fcd984f196fdb9745a3959fdc50c488fd2556aba35c1c9d984188d1e611e8b1e84961116237737d

Download Submit
C:\Users\Admin\Downloads\lazagne (1).exe

Filesize
6.3MB

MD5
68d3bf2c363144ec6874ab360fdda00a

SHA1
fa2f281fd4009100b2293e120997bfd7feb10c16

SHA256
ed2f501408a7a6e1a854c29c4b0bc5648a6aa8612432df829008931b3e34bf56

SHA512
a99497da071bce5feed5d319a8b54bcf8cf13d33744765eb9fcd984f196fdb9745a3959fdc50c488fd2556aba35c1c9d984188d1e611e8b1e84961116237737d

Download Submit
\??\pipe\crashpad_3664_CCRJVVXDQDEBICKB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1356-137-0x0000000000000000-mapping.dmp

Download
memory/2292-165-0x000002070A220000-0x000002070A261000-memory.dmp

Filesize
260KB

Download
memory/2292-166-0x000002070A270000-0x000002070A272000-memory.dmp

Filesize
8KB

Download
memory/2292-168-0x000002070A220000-mapping.dmp

Download
memory/2292-170-0x000002070A3A0000-0x000002070A3F0000-memory.dmp

Filesize
320KB

Download
memory/3536-181-0x0000000001210000-mapping.dmp

Download
memory/3536-183-0x00000000015A0000-0x00000000015F0000-memory.dmp

Filesize
320KB

Download
memory/3676-162-0x0000000000000000-mapping.dmp

Download
memory/4200-134-0x0000000000000000-mapping.dmp

Download