99fab2f387d199832ecdbd0438c529c5969e3271da6a64d213ea20616322f261

Analysis

max time kernel
40s
max time network
43s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 17:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LagoFast_windows_1.exe
Size

79.6MB
MD5

56faed0b7aa95f3da2b4b42cc565bd96
SHA1

6f9f6cc6568c488d12785f2181dd41baf8328276
SHA256

99fab2f387d199832ecdbd0438c529c5969e3271da6a64d213ea20616322f261
SHA512

079b5584ed51f3c3fb5fddcb6098931ba1eb5cc986c2f32e7f6f3ff5d6cb8aa84901931e8e313dad76eb401883f5cc83bf8048f0af00d1c17ad6a0e6b0397bb8
SSDEEP

1572864:WD2LXMgl6jcz/6VOUBjz97XbnfHJZO4J5elpXjcjD:VlrYZXTl5eDTmD

Score

7^/10

bootkit discovery persistence privilege_escalation upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000500000001c807-288.dat	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001c807-288.dat	upx
behavioral1/memory/2460-294-0x0000000067A40000-0x00000000696C8000-memory.dmp	upx
behavioral1/memory/2460-392-0x0000000067A40000-0x00000000696C8000-memory.dmp	upx

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	LagoFast.exe
File opened (read-only)	\??\J:	LagoFast.exe
File opened (read-only)	\??\N:	LagoFast.exe
File opened (read-only)	\??\Q:	LagoFast.exe
File opened (read-only)	\??\R:	LagoFast.exe
File opened (read-only)	\??\T:	LagoFast.exe
File opened (read-only)	\??\W:	LagoFast.exe
File opened (read-only)	\??\E:	LagoFast.exe
File opened (read-only)	\??\H:	LagoFast.exe
File opened (read-only)	\??\I:	LagoFast.exe
File opened (read-only)	\??\K:	LagoFast.exe
File opened (read-only)	\??\L:	LagoFast.exe
File opened (read-only)	\??\M:	LagoFast.exe
File opened (read-only)	\??\U:	LagoFast.exe
File opened (read-only)	\??\V:	LagoFast.exe
File opened (read-only)	\??\B:	LagoFast.exe
File opened (read-only)	\??\Z:	LagoFast.exe
File opened (read-only)	\??\O:	LagoFast.exe
File opened (read-only)	\??\X:	LagoFast.exe
File opened (read-only)	\??\A:	LagoFast.exe
File opened (read-only)	\??\S:	LagoFast.exe
File opened (read-only)	\??\Y:	LagoFast.exe
File opened (read-only)	\??\P:	LagoFast.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	LagoFast.exe
File opened for modification	\??\PhysicalDrive0	LagoFast.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\LagoFast\cert\JUNYUN_CA.crt	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\driver\driver_x64\processFilter8.sys	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\cdnoption.ini	LagoFast.exe
File created	C:\Program Files (x86)\LagoFast\temp\da\dabc662f7b09054a1351ae8f9ca6c3e4	LagoFast.exe
File opened for modification	C:\Program Files (x86)\LagoFast\AutoUpgrader.exe	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\GameRepairTool.exe	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\LogicLib.dll	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\driver\driver_x86\processFilter8.sys	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\lwf\win10\amd64\ndisrd.sys	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\driver_x86\processFilter7.sys	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\driver\lwf\win8\amd64\ndisrd_lwf.inf	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\cef\mrender.exe	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\KeyboardHook.dll	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\msvcr120.dll	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\temp\b3\b3d5d0ecdace6809fed20319517a8c81	LagoFast.exe
File created	C:\Program Files (x86)\LagoFast\zlib1.dll	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\driver\driver_x64\JYWinRing0.sys	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\cef	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\temp\21\2196b40a321a27f2cc82cd84df5ec99d	LagoFast.exe
File created	C:\Program Files (x86)\LagoFast\rlottie.dll	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\lwf\win10\amd64	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\Injectdll.exe	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\cef\d3dcompiler_47.dll	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\cef\swiftshader\libGLESv2.dll	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\nfapi.dll	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\proxy.dll	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\proxy.dll	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\temp\a4\a455f07e23dc1b18d2f640f47f3de3c9	LagoFast.exe
File created	C:\Program Files (x86)\LagoFast\temp\91\91299dbaca5a0daf80b86196b57e0c4b	LagoFast.exe
File opened for modification	C:\Program Files (x86)\LagoFast\lang_files\crashrpt_lang_RU.ini	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\cef\icudtl.dat	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\lwf\vista\i386\ndisrd_lwf.inf	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\lwf\win7\i386\ndisrd_lwf.inf	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\HttpLib.dll	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\processProxy.dll	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\cef\cef_200_percent.pak	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\lang_files\crashrpt_lang_PT.ini	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\driver\lwf\win8\i386\ndisrd.cat	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\cert\Global.cer	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\temp\a8\a8d774b6ce014d0cc426c698ed1e6a1b	LagoFast.exe
File opened for modification	C:\Program Files (x86)\LagoFast\lang_files\crashrpt_lang_CS.ini	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\lwf\win10\amd64\ndisrd_lwf.inf	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\lwf\win10\i386\ndisrd_lwf.inf	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\7z.dll	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\lwf\win10\i386\ndisrd.sys	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\driver_x64\processFilter7.sys	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\temp\57\57db40ad160817da7ebf0df7a1a9c80b	LagoFast.exe
File created	C:\Program Files (x86)\LagoFast\temp\97\97aac3b417adf996d28d61d509f30f12	LagoFast.exe
File created	C:\Program Files (x86)\LagoFast\temp\f8\f8930e6d0a33d21ec1f1394616fbdfc1	LagoFast.exe
File opened for modification	C:\Program Files (x86)\LagoFast\cef\natives_blob.bin	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\driver\lwf\win10\i386\ndisrd_lwf.inf	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\dbghelp.dll	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\temp\70\70b4ffa9e6fd876d1820093c46632cee	LagoFast.exe
File created	C:\Program Files (x86)\LagoFast\cef\locales\en-GB.pak	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\lwf\vista\amd64\ndisrd_lwf.inf	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\GameRepairTool.exe	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\Network.dll	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\driver_x64\processFilter8.sys	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\temp\f1\f1db2e3684bbf8a611c128bdac905c85	LagoFast.exe
File created	C:\Program Files (x86)\LagoFast\temp\a1\a16cf630b79a95d56309a69097788e89	LagoFast.exe
File created	C:\Program Files (x86)\LagoFast\cef\locales\zh-TW.pak	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\lang_files\crashrpt_lang_PL.ini	LagoFast_windows_1.exe
File opened for modification	C:\Program Files (x86)\LagoFast\driver\lwf\win8\amd64\ndisrd_lwf.inf	LagoFast_windows_1.exe
File created	C:\Program Files (x86)\LagoFast\cef\d3dcompiler_43.dll	LagoFast_windows_1.exe

Executes dropped EXE 1 IoCs

pid	Process
2460	LagoFast.exe

Loads dropped DLL 29 IoCs

pid	Process
1824	LagoFast_windows_1.exe
1824	LagoFast_windows_1.exe
1824	LagoFast_windows_1.exe
1824	LagoFast_windows_1.exe
1824	LagoFast_windows_1.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LagoFast_windows_1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LagoFast.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	LagoFast.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\LagoFast.exe = "11000"	LagoFast.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lagofast\shell\open\command\ = "C:\\Program Files (x86)\\LagoFast\\LagoFast.exe \"%1\""	LagoFast_windows_1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lagofast	LagoFast_windows_1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lagofast\URL Protocol	LagoFast_windows_1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lagofast\shell\open\command	LagoFast_windows_1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lagofast\shell	LagoFast_windows_1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lagofast\shell\open	LagoFast_windows_1.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1824	LagoFast_windows_1.exe
2460	LagoFast.exe
2460	LagoFast.exe
2460	LagoFast.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
472	Process not Found

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2460	LagoFast.exe
Token: SeAuditPrivilege	2224	svchost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2460	LagoFast.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2460	LagoFast.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1824 wrote to memory of 2460	1824	LagoFast_windows_1.exe	31
PID 1824 wrote to memory of 2460	1824	LagoFast_windows_1.exe	31
PID 1824 wrote to memory of 2460	1824	LagoFast_windows_1.exe	31
PID 1824 wrote to memory of 2460	1824	LagoFast_windows_1.exe	31
PID 2460 wrote to memory of 2700	2460	LagoFast.exe	32
PID 2460 wrote to memory of 2700	2460	LagoFast.exe	32
PID 2460 wrote to memory of 2700	2460	LagoFast.exe	32
PID 2460 wrote to memory of 2700	2460	LagoFast.exe	32
PID 2460 wrote to memory of 2768	2460	LagoFast.exe	34
PID 2460 wrote to memory of 2768	2460	LagoFast.exe	34
PID 2460 wrote to memory of 2768	2460	LagoFast.exe	34
PID 2460 wrote to memory of 2768	2460	LagoFast.exe	34

C:\Users\Admin\AppData\Local\Temp\LagoFast_windows_1.exe
"C:\Users\Admin\AppData\Local\Temp\LagoFast_windows_1.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Program Files (x86)\LagoFast\LagoFast.exe
  "C:\Program Files (x86)\LagoFast\LagoFast.exe"
  2⤵
  - Enumerates connected drives
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2460
- - C:\Windows\SysWOW64\netsh.exe
    "C:\Windows\System32\netsh.exe" interface portproxy delete v4tov4 listenaddress=127.0.0.12 listenport=80
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:2700
- - C:\Windows\SysWOW64\netsh.exe
    "C:\Windows\System32\netsh.exe" interface portproxy delete v4tov4 listenaddress=127.0.0.12 listenport=443
    3⤵
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:2768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\LagoFast\ChromeBase.dll

Filesize
583KB

MD5
7eb4431ee6b04be06713cb8692259fff

SHA1
a01908281044873302d39763fe0f1247c0a70441

SHA256
596983b5f5a946f38684e7b7caf6087c5b57504d8ec1568d1a0e7fd83dcf6024

SHA512
2981cc7124d34f7b4fc71b08994695fea65ebd9ab9a6ad994335f16c3300fdb78b579d3af4299794fec5fc051e3e50cfffed2a35ae7b4e7f1414e90716c688a3

Download Submit
C:\Program Files (x86)\LagoFast\CrashSender1403.exe

Filesize
1.1MB

MD5
19e98392772daf3c990a096bcdb0f231

SHA1
d1836b3e4ad36c3babff334075b4cb3f7ab3c4a7

SHA256
ef48c359eda091fe943c5e1b565d9284120e6ba799826d87c1f5a83e063e381b

SHA512
6b36df48ef84f5f469c5099236bb81e228b835776ef6ac7285128ea125053e7f11db34dcfefc2ca54f92e7f4478ae0b19e38b58c5c6a49e87953fd3fe4342c09

Download Submit
C:\Program Files (x86)\LagoFast\LogicLib.dll

Filesize
713KB

MD5
9ad3eb525b70f8154b432b23bdf38964

SHA1
ea58f7728f54a0e1f3e8a49dc550f687fd8b8f05

SHA256
d9f86548d97bc9f44e59f8ee3c4a02453169e976b7a8780d4a49edb6d2b8c8c8

SHA512
962fec0d25f5f875b48f58626083b952eeb4d0a846fb73aa45d2449ecf8d346112b90646285863155971a68601e9d4d12819bef53051460f4fc551c0cc828360

Download Submit
C:\Program Files (x86)\LagoFast\MSVCP120.dll

Filesize
455KB

MD5
ef587cfcf19129ce4976bb75c163468e

SHA1
0cc6b4319d074c6a363ad8a9983a620105b1df8b

SHA256
5646e4af3a618b8b97d5dd2fc84a5cb1bb5a018eb19ed610642ea007f93b5ef9

SHA512
d7f03e49afb36b4ebffeaf3603d0a4a5a30f34efb0ded230f6488d2808e3c24d070fb3c086cb221ef652a4749212f283774a32a1cbeabe162dad5b95a54c0c4b

Download Submit
C:\Program Files (x86)\LagoFast\MSVCR120.dll

Filesize
958KB

MD5
e8b4c3f7810b64e289188ce81a3d222c

SHA1
50e27ed9ca66b56bdf6f2b2efb571bcce67ecbb5

SHA256
1e396fa4e922dfc6dad84d9fa69ac5d922224bb7fc02c8ebff5c6a30b441523d

SHA512
b5ea8608402c5b899a57389a9455416997f20c03fd40e5af524862cf75c9306dfc8965eab56834ac6f2e119a823185f3b10b417040ca4fd13997991a77d01f34

Download Submit
C:\Program Files (x86)\LagoFast\Network.dll

Filesize
3.4MB

MD5
d45956a74542ecd8f3495564ba118f30

SHA1
872c369fb287940e381c8bef21bf53c596dbe437

SHA256
c3790987f9399adb3d98480ddd7315f3b29db63819ea0a5ee952f72a1fd619bb

SHA512
c0a575e55344df1a0bd3082ffa12b0b81421cc8b4919ae7e82baf389e6ac3608acf6e13417b646416b7a9a3290d550412dcaaf5e769f871d6bdcf6a7b9279772

Download Submit
C:\Program Files (x86)\LagoFast\cef\cef.pak

Filesize
3.5MB

MD5
3f25f3cb727ec8a91891f8ec21657212

SHA1
09f37afff84b2445f0afa8cbb803d53bada62080

SHA256
f8a79e0f94e8a6ef849aed1910040c7d8a4c8a61487eb67163509008c9cdb33b

SHA512
c931c465c0bf1480978df9ee192bc52be82613707bd9ed813e7857a66c55386498825fa300f028ab59d0a64a1f7b5e3936ed777e97f1aee42f9a2ef8fb68827d

Download Submit
C:\Program Files (x86)\LagoFast\cef\cef_100_percent.pak

Filesize
719KB

MD5
cc741473d2d075fdc2be804eec407a12

SHA1
22a96140286fdb004540a2051b93432aa133843d

SHA256
6107c1bfdbf2cf351d5281073422b836d7a547e81345bff502fd31335d7fcbb3

SHA512
31977768847821379aca3a49a30d6dc25a31621d96b618c4a9fc71bf7eb7f9999db87603190140fbaec8beb103cd8ff793d5144cbc68a7ec7815db64aa530437

Download Submit
C:\Program Files (x86)\LagoFast\cef\cef_200_percent.pak

Filesize
844KB

MD5
065140de55434f35f9c5c10764c29ee4

SHA1
4bb734f61c04bfc68f7e15f128a2853a5f7649ea

SHA256
ef2c632ca52b27d464d6d3d8cd1b5b31b62b1102845682c680cd2bb102c5fca0

SHA512
552e5f79a41e78afd191394cb4cc5a8ab0ead3a0ec1706066e85b4aa3f2a80ff0674dc8f9232a3f123c8c60a9e63d63bc84b79f7c357ff7c7a85b6c98ebe55ee

Download Submit
C:\Program Files (x86)\LagoFast\cef\cef_extensions.pak

Filesize
1.7MB

MD5
7950f40808c588a071b9fe8a398201a6

SHA1
679beb65bc958f53b1f59342ef835d94b510274c

SHA256
8aabc7b9d7f696612ec3df0ee34a9814d0ee8bed2a5cb1fa0dfa2236033b50d7

SHA512
85a63f59656bbf5f3944fde8963134e2d16b53637b1f7ae6dfd11cbf071e38b2cdf6e51c8c847de5b4433132f321091bead7a56261b9e2f96498e8df95dc147d

Download Submit
C:\Program Files (x86)\LagoFast\cef\chrome_elf.dll

Filesize
697KB

MD5
2d88fd7431444d395d87b4e26779970a

SHA1
d61b06723cd58d67f069c21b295bc645d161dbc2

SHA256
2933a0d772b258958300a26f5331ce7d9bea3d0f198a2da6842ac6105707aa66

SHA512
4010f1055f95af8f96516aa0ccf74772634efcb9742de610d570d98e2b674dff6788ffb5033ae90ed75b26e4ed8db0cf39f40d84acad2e22e9bf18c04ff84321

Download Submit
C:\Program Files (x86)\LagoFast\cef\icudtl.dat

Filesize
9.8MB

MD5
65c6337820fbe9bf2498a9395e3b20f2

SHA1
5cc62646e6c73b4be276d08719bc5e257af972bb

SHA256
33da1cdda18eaea52011d40ae9a610cac9f6466156e9803891ee77294607aee4

SHA512
4800f03577a46a98a4bd786dc37a380f4169540e243fdb7835e3146fba0d0e1d07a7e3ec8cd23566feb00d204d582d678698ae61db156339fe56229de0b267c9

Download Submit
C:\Program Files (x86)\LagoFast\cef\locales\en-US.pak

Filesize
177KB

MD5
424663a523ce37f8a6087681fe3b05f3

SHA1
c250b53402e3ca81a5b15b4ae9efbe374d0b40dc

SHA256
a9ad65a2bc012cc22efcea44ff42de06503043f7ce76ccab8edaa33456d339e7

SHA512
566adf1626179bdb07615b63545b12dd304b7cbe43767e924a2806fa7fa8ac3b808a862375dd4723e985f15ba83760319a70c594e97934f91022446590fb10d6

Download Submit
C:\Program Files (x86)\LagoFast\cef\natives_blob.bin

Filesize
81KB

MD5
e350965916554e65a47305a6ab27c2ba

SHA1
9d60e499a907811a3155e9a07f8645d6c83cb909

SHA256
1cae202ada016cf455abf69d583524a1d37a1371ad4efdfac4baed07c6402bdd

SHA512
c6044b769a00f887b573ad35a7f5b71f6134d2d596a54effa50710be2f528acefea53ae4a2847e16c1b4e56962d8b0fe24f1ea4a04bfe167514b0abddb4fb5a8

Download Submit
C:\Program Files (x86)\LagoFast\cef\v8_context_snapshot.bin

Filesize
590KB

MD5
9bf16ed329b8f4a33f4aeed76b517773

SHA1
50a5c092a5e1413806e480f3a423c020eba46a3a

SHA256
22c31f1ad3c9234989e41527dd475e4cc82cec01abd0154620686ea11d650ed9

SHA512
a250cf808e29ef7138ea758187fefb5f34b7581511fa5d38e55e2e374045e5ccea35db53d0f1c3d079322c993a42e27d7eb11e154e5af229d1125f933fa4b279

Download Submit
C:\Program Files (x86)\LagoFast\driver\lwf\win7\amd64\ndisrd_lwf.inf

Filesize
2KB

MD5
594d8fca1306a345056e4ee299d3ca98

SHA1
86332a69361ec9676eb07f33fbf841f9e057a70f

SHA256
9344e5652e449b4e722d8a00f666cda147d5305b913102195bd7255124a413bc

SHA512
ad01e07cb158c16ce88aa8e5636e3056d61dd295dce35db36cfc766b4518fe00a98f10064b99bffb691b701ff522f9bc1571d825fdbb8049cabdbc4ce3f2c64a

Download Submit
C:\Program Files (x86)\LagoFast\http_proxy.dll

Filesize
853KB

MD5
0a208e7b12ba2d75d7bc52f58fab21d9

SHA1
1825a9704703501f71d01267c1867a8af58527be

SHA256
53a39b09cd3f50eb00752274a16111e48e6c026774db2adf3ad332cd76688dfa

SHA512
ea81510298d25c769c3a4911a45f73178df199869111221359bc814d6976887e8a8c18e2a178e2f008a6fa1b0293a38bf17b77958927b3191f3fdb04d0ae0718

Download Submit
C:\Program Files (x86)\LagoFast\mbrowser.dll

Filesize
818KB

MD5
21b01385644c14ee12c71b5819daaaa5

SHA1
2d0a031850229691e0a1e25cce99925c537a6d18

SHA256
b7a735298b6b4875d0e31d6ec4af7684ecf96055c4a49e8d057ff9419c75d8d4

SHA512
079bd001308fa592d9254fa4141671ab5f366f03cd22e36fcf456533fc21e453727dc276947a410a631b4e9744f1b70b41480867e9f8fb4551ead997c8488b8f

Download Submit
C:\Program Files (x86)\LagoFast\nfapi.dll

Filesize
194KB

MD5
95704d5fddb1de05536bf234b361908c

SHA1
a6407108ee82cc84b2849274463704ef8b5852d4

SHA256
82fd5b32c46b1e870adf6c8a9abfa6b7f04cb63a8241952fa5f0d4d23b5340e6

SHA512
2354b958a789325f8ccf38879970bc22a8c43e07b5726782040c4accbf8422bae20b465c1f156c339825ec19e3c41660e5a201608c210abb68fba8d3d48d087f

Download Submit
C:\Program Files (x86)\LagoFast\paho-mqtt3a.dll

Filesize
111KB

MD5
30a5ef54ad1e8ed0b2c36e379f195c79

SHA1
af7d0ebf8fe3754ec94a2e072658fc0bd6613cf9

SHA256
d7a3e22a83b9e6dd5003da678acb9e5786168cf551f3536cd11b077cd6df3932

SHA512
78791343fb50f18c8a4d78aa0e1329b842505408f1eafe19c45848ec1ee4ec363ca292ffdf2330e8a056670dc39284504e3c0acdc5a6d482979a3582564d2c1f

Download Submit
C:\Program Files (x86)\LagoFast\processProxy.dll

Filesize
506KB

MD5
822ece530cb82900fa2b089eea0217fd

SHA1
1d2274fd9d4a4bbee1c243aaeb703c4ddf5c28a8

SHA256
f00143d1fe6a274fd332928058bd464f0bca8aac19cde4561d6824a273a7fd37

SHA512
f848f82fa6d327fef6a1b9427bc9cb93f57c7b67e76ea25e495fb09f33bd0fed72240f74cff23631f307652666e5de93a7620e3136e2ffd24cd10e75e428f03f

Download Submit
C:\Program Files (x86)\LagoFast\proxy-divert.dll

Filesize
8.1MB

MD5
945ebdef92aab1c1e20295c825ee77a5

SHA1
28ec29bb3e93a0f73b261681a3d818f1077f44c2

SHA256
394cf80c0a0eadb9c4025af8835ca685f9dd119b714d3f16b7a0d5ff118e402b

SHA512
2f29d124e1f2568110578499ed6efb3910e9e69657c10a56f57cd43864c03628e293eea3b92edaaffcc82675495d001970f0cb6638a3cfb89e3c8929d9ecc715

Download Submit
C:\Program Files (x86)\LagoFast\proxy.dll

Filesize
11.6MB

MD5
e20bf8cdaec016ef27de88c47a500405

SHA1
2e37765c644a69d037a8af8e1d4aab13616aa4e7

SHA256
e6be0d78941a7554a2fffc23f66a6aaebb6faef0f6a5cb8079f9ac2b841ae518

SHA512
d14783a43dbbd302ca71f2fd2251a1f90db937c23ef5ab05a0cedff2a618f47c45dcb3eb82e534875a226b69e6d4ec99eb227be599574cf5dcbae4eecff2238f

Download Submit
C:\Program Files (x86)\LagoFast\rlottie.dll

Filesize
1.4MB

MD5
ede470eea94b681ddbd0811586eae1f7

SHA1
af3153febc1b65bfaeffe4a2732ffe5bc3d76a25

SHA256
edf0cdd3329d01854ff035ab80cc5969286aaa12c2de68ca2d85f625c0bdae5b

SHA512
3424cf86040fe4c2cc784c2912f4feb3e5ac68ad4a80437f4d12e47fac253499880878515890338864ae4a2125a89eee300c145296270f917f026e2e08b2098a

Download Submit
C:\Program Files (x86)\LagoFast\vpn_client.dll

Filesize
5.1MB

MD5
82235a965dc95e2b8d4c7897bb497158

SHA1
e82815dd1a983a14f0f7147cfbb138108b266b0f

SHA256
1390a31e04d74adbb88a11028a54325af8cc3196194d66c6cecfce6798f9059e

SHA512
df6edd17180af12c4a9e64258f5894fae5a98d40b07b621605da2f50faace5db0ef41f2b5dd7928ca7807ee01972a7f0863ac711280fc6c4e2f0f6a2fa6ff1f5

Download Submit
C:\Program Files (x86)\LagoFast\wiresockapi.dll

Filesize
665KB

MD5
9d7f61a489882cb1a9f2be1e55f25514

SHA1
0064acd64d452c735bc80dfb7f363fbd881a2186

SHA256
f4b6f3eb02ebcfc6e0884b19e9a922de357ac15924db28970bd0f76a84f00af9

SHA512
58f99a735d607cf87ffd29701b9052743267af9e3095e1b5558379dae96425502d1b2f4d8b69c86995e43b508485f7effda1c912c776516e54883e45f50f4cf7

Download Submit
C:\Users\Admin\AppData\Local\LagoFast\user.ini

Filesize
102B

MD5
4ea4528c5059a93079be294a354b07a6

SHA1
09227ce66220ef5b417e0698e9d0a713b8a99cea

SHA256
4e73c4210eec8eedb1bb99b3f85e42935bd8b27f2e275d180d44ca161c59ad8a

SHA512
a061859c2340046e05643f17b573a0f9026996bbc3fc6cfdca322ceb87e27eb1c6f271d8ce847cbc985a8fa16ed613b883925c74cb70db8310ead5503f808ebe

Download Submit
C:\Users\Admin\AppData\Local\LagoFast\user.ini

Filesize
134B

MD5
0ef8181774a489ccf0f64df3c93505f5

SHA1
9f4fbf7f2b867501fe49442ef31771fdc8304ac6

SHA256
e4e56e690fbe63aa9401a0e936d9e533de21bde1b5e014da8fcc38f37f11b082

SHA512
95ebe9e9176b2a4c5a3cc1dafe9c45bbffe25035abf221326ba0b2def29bb987e0d78e5dda04b8d4fb3fbe5174974cf7c8f3abbfdd45b93624151cd684fe00c9

Download Submit
C:\Users\Admin\AppData\Local\LagoFast\user.ini

Filesize
201B

MD5
f7d037a919dc44abeb3cb14e7f0cafcd

SHA1
613a99997407a38fa7f6a43f76c86e14828f682c

SHA256
cdd004fb5efab98292b264f3446bcd30f5bc2beec6b0b3b028bcc85d5645951c

SHA512
d62d111a5a494591affba97785313a6b7b0b72da31d1bf39a1d7acff951f67f3524c3aae74abbd0209ee3c3018b27490a866269a7e5c12834938761cfaf38324

Download Submit
C:\Users\Admin\AppData\Local\LagoFast\user.ini

Filesize
449B

MD5
9765222b2b78921bd410c0c71d3da242

SHA1
55d0f19d03c59b439fcd43bc4aa32bab7d30babd

SHA256
22ce87562360eccefd074ea447e4236c66e77e399910828a4199c885519836ec

SHA512
e19e9e793f008f3862e096b632c1047e5de48fb8d35ce86c32332f53af54ee8bf37aaf0b837b05791f626b1d4be5f73401b6f53e51d4a8eeab54e339ccd8e026

Download Submit
C:\Users\Admin\AppData\Local\LagoFast\user.ini

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\LagoFast\user.ini

Filesize
479B

MD5
45c315296ad2db60b191a9de70ee5db5

SHA1
fe7759b35f11804a6e09022ddb7b70a661f851bc

SHA256
1b4f455ac6cdb7d3ea7487a664bbe82b75bd9c9a64191428f53c9c5c391f7f67

SHA512
439e1d39aed5f05db5360bbc4938c30ed9d7613082c4dc012a86f012f5ae1ddddde393a79f912de8a9178ef9272bec3c8a3005706ca471640d49bee4eb59fca6

Download Submit
\Program Files (x86)\LagoFast\CrashRpt1403.dll

Filesize
155KB

MD5
8c43226a0f3248ee47fe874f3e56750b

SHA1
1e124c159bdac7f8cd27379172f6131ef5abdcc2

SHA256
e98ed773efbc26c7489167a479b89297ab646c978373a04eb1090836ee5087e6

SHA512
638156603fdbdde1967e724c59037c163b22cb5571f1f189880543f1b50000d80496a7d5baf0379dd343dfcdde424c80288007deaf7bd738fa636fa65dfd2545

Download Submit
\Program Files (x86)\LagoFast\DuiLib.dll

Filesize
1.5MB

MD5
378440be3f1c0b0aac14f1185cd48df3

SHA1
48c7d32412772233ad2c1c689b9b934002661126

SHA256
096a13ace3ae29138e2ae8d5e6ed40b37a15ee15d06f213cf0245164ada0c055

SHA512
63c9f9fd05284f704bbf09644b79a4af25caf18c304df31c6bf9a36fe85f9ecc910d4ec01a4fa96219075b80c4bceaa3035a23f4955932b2d70137db78ff2511

Download Submit
\Program Files (x86)\LagoFast\Hardware.dll

Filesize
558KB

MD5
c30cb7b8017f07fea28227562a87f0f8

SHA1
c7f717fcd295ddc06760685fbd7d56c10ee1c91d

SHA256
2ed4e8c3e665a136abefbf8124cfc80db6971cf3c9d37121f587597a44fb91af

SHA512
88f3fc92cbc6fb383190877b155c923fffae43c3792af139c1055cbb255a88a303336893429b7d1a7e89273daa31f32449079f9c6e7d1f25aa0121f1d9d9978f

Download Submit
\Program Files (x86)\LagoFast\HttpLib.dll

Filesize
1.6MB

MD5
faf522ece05075f1066675c14331bf03

SHA1
8cc16e72000d47eda774019cedf8db12d3a48587

SHA256
491dfd64899c35f4ca563bdc8e1172c1bbef78e3e85d928baefd78b1c2710e5b

SHA512
e789c60fe7de0f1a2fb15572589458a052bfc37eabaaed0624123d45c7adcfd1e1450de48066bdeec1bab8f7dbd9c79e5fa45d5c7f678f75228bffaaafbbe9c4

Download Submit
\Program Files (x86)\LagoFast\KeyboardHook.dll

Filesize
18KB

MD5
4e913aef4b1ede6cdb72429c534f6188

SHA1
30548068860b6d265915a8d175d241284154cfd1

SHA256
a5752c195d946ebc9aecdbebe84c2410f04c84e227d688023c22f9076fd9cfab

SHA512
09ab975bb3e4eef0c259aa4e05b427796736e0dea5bb746c061ab102e8635f740e5e4232ce6fed020b4151c39dcae3574dc7e88fb6b305f8afdc7f3d3f37ff5b

Download Submit
\Program Files (x86)\LagoFast\LagoFast.exe

Filesize
20.8MB

MD5
2f516a2702aecc2b5de04ad77d66940d

SHA1
d47d4318fb1cb2412899ff8821a6cc3bbc0794ac

SHA256
7743c7c7970853dccfc7adeb1146246b1940f87a44e128be394d502dacfdebc8

SHA512
ec88fad25ccf8710506e8f408bcf72d676a3c38b1e972f8b163300ef67c9d84e552bedbb7eb5db5735bf502126b61dc44e5d32c67d8992b1fb8a78ec0ea60fbd

Download Submit
\Program Files (x86)\LagoFast\Uninstall.exe

Filesize
3.3MB

MD5
b967a3f04c8fa680afc4da41c0071954

SHA1
b5f069190fb2100520e62adacb0690278cc78b32

SHA256
4a2cbd0b7d900d6ae84279b67b67d51d2a0060582d508a60f63a04abc0dee7ac

SHA512
637d2c0f83faa4bf8336c15923babf7370f947e07b89c48ff390d60e3dc277437c4677a3eb724a6c8415d9aa1ab75bf67a67e16d1fe88c67e61eabbcfd9068b8

Download Submit
\Program Files (x86)\LagoFast\dbghelp.dll

Filesize
1.2MB

MD5
bb3a8505910396ff1f638489f73a9802

SHA1
07876ec7917da70ca7396295e415ddf10fcf30fa

SHA256
b97c240f9b2299f5ab51f05fb97b73f2e6f0d005950a32ac473068531165e917

SHA512
f9e780a54d39636ca3ef95a95c271e339f113f8a7f13af3761e44d4423b45bb5d79b1c1f8de66fe5f828278ad4ddf724174c36cb53d1fe63f34a404c1f9a87aa

Download Submit
\Program Files (x86)\LagoFast\http-filter.dll

Filesize
8.3MB

MD5
1540c159dc1748d5e1b78430523e6f41

SHA1
f488613839908a473e9ecaef3ceb691e8a13001a

SHA256
a09e54facb478466a0fa354b7946c54b5e8197df3821601052c4abf1aa4edfdb

SHA512
87352844761c2481968b9c4c71ffa69c27beda1fa97177644ea0bb204fbdb05179919e0638c0f3e0b6e0827b5e00fa07c369f70bdaae27706a3110b9f04c296a

Download Submit
\Users\Admin\AppData\Local\Temp\7z.dll

Filesize
1.2MB

MD5
4f8997114eb4929daa5eb2bc27765879

SHA1
4d373181aa669f164e2ecbce5166527c2a479fe5

SHA256
c23e78fa31e87b8775dc05421a41c1e11b8cc8d0b973e5f33116e302892666d9

SHA512
3f56248cf6776878575bb60551ff8a1fe6b520e952dfb674b8254a0e00be75df811e88e08d8f2dec00d94f987aa1b9f7e7f7330835eec8c4be2f2a928ad042d5

Download Submit
memory/2460-384-0x000000003BFA0000-0x000000003BFFC000-memory.dmp

Filesize
368KB

Download
memory/2460-351-0x0000000036350000-0x0000000036360000-memory.dmp

Filesize
64KB

Download
memory/2460-343-0x0000000036540000-0x0000000036556000-memory.dmp

Filesize
88KB

Download
memory/2460-359-0x000000003C070000-0x000000003C104000-memory.dmp

Filesize
592KB

Download
memory/2460-333-0x00000000380E0000-0x0000000038150000-memory.dmp

Filesize
448KB

Download
memory/2460-380-0x0000000036E10000-0x0000000036E31000-memory.dmp

Filesize
132KB

Download
memory/2460-383-0x0000000036AB0000-0x0000000036ABA000-memory.dmp

Filesize
40KB

Download
memory/2460-352-0x00000000366B0000-0x00000000366C2000-memory.dmp

Filesize
72KB

Download
memory/2460-336-0x000000003A7F0000-0x000000003B2AA000-memory.dmp

Filesize
10.7MB

Download
memory/2460-337-0x000000003A650000-0x000000003B10A000-memory.dmp

Filesize
10.7MB

Download
memory/2460-388-0x000000003E2E0000-0x000000003E376000-memory.dmp

Filesize
600KB

Download
memory/2460-387-0x0000000036CF0000-0x0000000036CFF000-memory.dmp

Filesize
60KB

Download
memory/2460-389-0x0000000036BD0000-0x0000000036BE8000-memory.dmp

Filesize
96KB

Download
memory/2460-390-0x00000000386E0000-0x00000000386EB000-memory.dmp

Filesize
44KB

Download
memory/2460-391-0x000000003A410000-0x000000003A41A000-memory.dmp

Filesize
40KB

Download
memory/2460-392-0x0000000067A40000-0x00000000696C8000-memory.dmp

Filesize
28.5MB

Download
memory/2460-294-0x0000000067A40000-0x00000000696C8000-memory.dmp

Filesize
28.5MB

Download
memory/2460-350-0x0000000035B50000-0x0000000035B5D000-memory.dmp

Filesize
52KB

Download
memory/2460-386-0x0000000036AC0000-0x0000000036ACE000-memory.dmp

Filesize
56KB

Download