Analysis Overview
SHA256
17d3c427c27e9fe420fba45c21d52c2df2042284751364053bb34d0b48278acc
Threat Level: Known bad
The file LethalCumpany-LethalCumpany-1.1.0.zip was found to be: Known bad.
Malicious Activity Summary
Quasar family
Quasar payload
Quasar RAT
Checks computer location settings
Executes dropped EXE
Enumerates physical storage devices
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Creates scheduled task(s)
Runs ping.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-03 01:12
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-03 01:12
Reported
2023-12-03 01:17
Platform
win7-20231020-en
Max time kernel
294s
Max time network
298s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
Enumerates physical storage devices
Creates scheduled task(s)
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\LethalCumpanyExternalModLoader.exe
"C:\Users\Admin\AppData\Local\Temp\LethalCumpanyExternalModLoader.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fpdVirwRNlci.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\hnhFk7fhdijK.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\gGbvl9BwatK4.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\b5yDMkREBVs9.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KkRU4DBhbqrU.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lq7flRgS1VqX.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\cTX5nFYFgoKn.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\g5NQyBkt9dFs.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\fo9dqIyN08ES.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\E3wFJlgCesAw.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oui5RqI0o0NL.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\oLrBki14JESQ.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\TKho1CjnTeCm.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\aVMRgECE3VaG.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\MrhJYBM8iV41.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\kCCWrPilTFtU.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WKkXLOvmOmCx.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\lzWnr55pgE3b.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\0lemZy83vhVE.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\1ltZSEeu4N1n.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\eqCderUEv21J.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\system32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\WC9nSKs479EF.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
Network
Files
memory/1896-0-0x0000000000A50000-0x0000000000D74000-memory.dmp
memory/1896-1-0x000007FEF5F40000-0x000007FEF692C000-memory.dmp
memory/1896-2-0x000000001AB00000-0x000000001AB80000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2756-7-0x000007FEF5F40000-0x000007FEF692C000-memory.dmp
memory/1896-9-0x000007FEF5F40000-0x000007FEF692C000-memory.dmp
memory/2756-8-0x0000000000DC0000-0x00000000010E4000-memory.dmp
memory/2756-10-0x0000000000A90000-0x0000000000B10000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fpdVirwRNlci.bat
| MD5 | 2b33730e585d1b6f8becd95914c9b44a |
| SHA1 | 7aa0be4544413a7ec2628c4e2f60428b6c8c8f16 |
| SHA256 | cdb98c69b16763f8a5cc0333e52957ca223206520b9592bcdbef57eeece8962a |
| SHA512 | cf3910b7009def86f8a4a90144dae23050e68cbe22659e4a86a7beb626c6ae298595d4846efccaab6fb7d00d2f10f85bc110e1b96afd5f9f54daca3f4195fd67 |
memory/2756-19-0x000007FEF5F40000-0x000007FEF692C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fpdVirwRNlci.bat
| MD5 | 2b33730e585d1b6f8becd95914c9b44a |
| SHA1 | 7aa0be4544413a7ec2628c4e2f60428b6c8c8f16 |
| SHA256 | cdb98c69b16763f8a5cc0333e52957ca223206520b9592bcdbef57eeece8962a |
| SHA512 | cf3910b7009def86f8a4a90144dae23050e68cbe22659e4a86a7beb626c6ae298595d4846efccaab6fb7d00d2f10f85bc110e1b96afd5f9f54daca3f4195fd67 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2620-22-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp
memory/2620-23-0x000000001B040000-0x000000001B0C0000-memory.dmp
\??\PIPE\lsarpc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\hnhFk7fhdijK.bat
| MD5 | 5fd9d51fee296852b013dbe511d0e3e0 |
| SHA1 | 4682de1222188f5aa9bf38c8cafd294ebb290f12 |
| SHA256 | 09c2fe2c8acb09da18e312d909d8399210aa43533269decf93e9b6c46a12c9ef |
| SHA512 | 56e7a7602595f3dc3584d560875489a4ef361840b0f2ee3548b4362cf338c1f6f4f6c8df148d2b78220b37ce84e355a38f51d836a6218709bed3ef0641ee1b8a |
C:\Users\Admin\AppData\Local\Temp\hnhFk7fhdijK.bat
| MD5 | 5fd9d51fee296852b013dbe511d0e3e0 |
| SHA1 | 4682de1222188f5aa9bf38c8cafd294ebb290f12 |
| SHA256 | 09c2fe2c8acb09da18e312d909d8399210aa43533269decf93e9b6c46a12c9ef |
| SHA512 | 56e7a7602595f3dc3584d560875489a4ef361840b0f2ee3548b4362cf338c1f6f4f6c8df148d2b78220b37ce84e355a38f51d836a6218709bed3ef0641ee1b8a |
memory/2620-34-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2824-36-0x000007FEF5F40000-0x000007FEF692C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gGbvl9BwatK4.bat
| MD5 | cdb7cc8cdcdafb4ff436d9159c7055c9 |
| SHA1 | 129643279fc450f81cfda92c8341de6959743c25 |
| SHA256 | b55adebda9fb1595d76d29d895c819d3eaa5942645f774e1ae9ab6acd45a29c6 |
| SHA512 | 5a70e68dd59ac0ce54de38a253157af7796e41c4a068f6a40f04afb16ca068ec9bee866851a308811c9f8472804ad7f14426048543c796db9c5bfa3454c21467 |
C:\Users\Admin\AppData\Local\Temp\gGbvl9BwatK4.bat
| MD5 | cdb7cc8cdcdafb4ff436d9159c7055c9 |
| SHA1 | 129643279fc450f81cfda92c8341de6959743c25 |
| SHA256 | b55adebda9fb1595d76d29d895c819d3eaa5942645f774e1ae9ab6acd45a29c6 |
| SHA512 | 5a70e68dd59ac0ce54de38a253157af7796e41c4a068f6a40f04afb16ca068ec9bee866851a308811c9f8472804ad7f14426048543c796db9c5bfa3454c21467 |
memory/2824-46-0x000007FEF5F40000-0x000007FEF692C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/1128-48-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp
memory/1128-49-0x000000001B280000-0x000000001B300000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\b5yDMkREBVs9.bat
| MD5 | 19083bf4c0d3a8c6a4f5618a02b905ef |
| SHA1 | 569309f9b66e87441947a7110a75a9ba094364e8 |
| SHA256 | 35ca92afbc40ddf1d87f47c4d75f6b686cc712348abd26b80bc81894e5590f55 |
| SHA512 | d299ea0f42528d5b592def07a13f0c10239090e5efdf831a85fc72d9a4f939b5da09695f9294e4787b5551f39e67ba16a01caabc03a63c4d4a6a7f74958380ce |
C:\Users\Admin\AppData\Local\Temp\b5yDMkREBVs9.bat
| MD5 | 19083bf4c0d3a8c6a4f5618a02b905ef |
| SHA1 | 569309f9b66e87441947a7110a75a9ba094364e8 |
| SHA256 | 35ca92afbc40ddf1d87f47c4d75f6b686cc712348abd26b80bc81894e5590f55 |
| SHA512 | d299ea0f42528d5b592def07a13f0c10239090e5efdf831a85fc72d9a4f939b5da09695f9294e4787b5551f39e67ba16a01caabc03a63c4d4a6a7f74958380ce |
memory/1128-59-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2196-61-0x000007FEF5F40000-0x000007FEF692C000-memory.dmp
memory/2196-62-0x000000001B1D0000-0x000000001B250000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KkRU4DBhbqrU.bat
| MD5 | 08bf52d7dadd7eba0a365299b1d554c2 |
| SHA1 | ac7a268623c4094796f03b72b764fe679c1f91ba |
| SHA256 | 62e905d70ac200e17fa7d20f4aee6c3be9e908d15df11e9277c134ba0c8240b9 |
| SHA512 | 7f8f1949ebccf2e04da11a8520cc5ab9daa70c7b264c4a685ee09e67b52429a74ffc2994585d377d1f24993b1b8a4ac978de563aebd044aecb0fb4072ca096e3 |
memory/2196-71-0x000007FEF5F40000-0x000007FEF692C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KkRU4DBhbqrU.bat
| MD5 | 08bf52d7dadd7eba0a365299b1d554c2 |
| SHA1 | ac7a268623c4094796f03b72b764fe679c1f91ba |
| SHA256 | 62e905d70ac200e17fa7d20f4aee6c3be9e908d15df11e9277c134ba0c8240b9 |
| SHA512 | 7f8f1949ebccf2e04da11a8520cc5ab9daa70c7b264c4a685ee09e67b52429a74ffc2994585d377d1f24993b1b8a4ac978de563aebd044aecb0fb4072ca096e3 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/804-74-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp
memory/804-75-0x000000001B320000-0x000000001B3A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lq7flRgS1VqX.bat
| MD5 | d7b20458626f49129fa1425dbb3dbe19 |
| SHA1 | 21731813c64de1f4b92def0a962da4422481089c |
| SHA256 | b02dc651971b8897833b15912281c4b96eb2ca08dde2b6fc72b8e2ee184ba771 |
| SHA512 | ded248b66f6b444e9587f08afecb19435971ba4ab1d56361c65033cdeab45e6ba49aa0116ec501f1047b835553fc0bd6944bc250fb0bad96bac9fec77fb7b140 |
C:\Users\Admin\AppData\Local\Temp\lq7flRgS1VqX.bat
| MD5 | d7b20458626f49129fa1425dbb3dbe19 |
| SHA1 | 21731813c64de1f4b92def0a962da4422481089c |
| SHA256 | b02dc651971b8897833b15912281c4b96eb2ca08dde2b6fc72b8e2ee184ba771 |
| SHA512 | ded248b66f6b444e9587f08afecb19435971ba4ab1d56361c65033cdeab45e6ba49aa0116ec501f1047b835553fc0bd6944bc250fb0bad96bac9fec77fb7b140 |
memory/804-85-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/912-87-0x000007FEF5F40000-0x000007FEF692C000-memory.dmp
memory/912-88-0x000000001B1F0000-0x000000001B270000-memory.dmp
\??\PIPE\lsarpc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\cTX5nFYFgoKn.bat
| MD5 | c1be81d66fb8c97301121f6dbb47b576 |
| SHA1 | 31f04f1fd37324e1ead34ef80bbaf17640958406 |
| SHA256 | 0186b4d2550dad4b6e673756d94758d3cab5b0f43750353b940ddcbcc70f150b |
| SHA512 | 43bbdde127ca01d83353ad9169a7ed954ecc2e26e57c0dbb8774c0eca7c48561433060e4b8addcbd9c75d40d8bed3e1fffed6092cf33d9356a32cd63ea56e6b2 |
memory/912-98-0x000007FEF5F40000-0x000007FEF692C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cTX5nFYFgoKn.bat
| MD5 | c1be81d66fb8c97301121f6dbb47b576 |
| SHA1 | 31f04f1fd37324e1ead34ef80bbaf17640958406 |
| SHA256 | 0186b4d2550dad4b6e673756d94758d3cab5b0f43750353b940ddcbcc70f150b |
| SHA512 | 43bbdde127ca01d83353ad9169a7ed954ecc2e26e57c0dbb8774c0eca7c48561433060e4b8addcbd9c75d40d8bed3e1fffed6092cf33d9356a32cd63ea56e6b2 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2004-101-0x00000000001C0000-0x00000000004E4000-memory.dmp
memory/2004-102-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp
memory/2004-103-0x000000001B300000-0x000000001B380000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\g5NQyBkt9dFs.bat
| MD5 | 572a2a1709cd45567c773ca93a5429e0 |
| SHA1 | 370c08786cb11783b4d2177ec698da86cc538a79 |
| SHA256 | 218bd7fd45312eea0e70c02dfe1fd18b942d78967289ad69d7ae1cbea43ea5a0 |
| SHA512 | 77693f29230ed8416048ff55f00e84569c999325ead895696a4308a2a1f0631c42f33bf3772ba58640bfcc39012cfecdae4080e727594b388773b602a39677f0 |
C:\Users\Admin\AppData\Local\Temp\g5NQyBkt9dFs.bat
| MD5 | 572a2a1709cd45567c773ca93a5429e0 |
| SHA1 | 370c08786cb11783b4d2177ec698da86cc538a79 |
| SHA256 | 218bd7fd45312eea0e70c02dfe1fd18b942d78967289ad69d7ae1cbea43ea5a0 |
| SHA512 | 77693f29230ed8416048ff55f00e84569c999325ead895696a4308a2a1f0631c42f33bf3772ba58640bfcc39012cfecdae4080e727594b388773b602a39677f0 |
memory/2004-113-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/1232-115-0x0000000000F30000-0x0000000001254000-memory.dmp
memory/1232-116-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp
memory/1232-117-0x000000001B380000-0x000000001B400000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fo9dqIyN08ES.bat
| MD5 | 7b35b0998cd20931b04c78f4d76cd652 |
| SHA1 | 2d98cab356c77bde7fee1a2ab7d197628ba4676c |
| SHA256 | a06d2987e008b3e8a5967bc92217f551bd49888689db94e8cc4afbf0cd5fb691 |
| SHA512 | 86fb7a29d5b4e90f2c4eadbbab2c59e71d6530c66efcea2c4bf221ed6013255ea6ece2bb4eef212d7aa08aacdaa7ad2cd5890d08baaf80e1cd647a5992f1b6f7 |
C:\Users\Admin\AppData\Local\Temp\fo9dqIyN08ES.bat
| MD5 | 7b35b0998cd20931b04c78f4d76cd652 |
| SHA1 | 2d98cab356c77bde7fee1a2ab7d197628ba4676c |
| SHA256 | a06d2987e008b3e8a5967bc92217f551bd49888689db94e8cc4afbf0cd5fb691 |
| SHA512 | 86fb7a29d5b4e90f2c4eadbbab2c59e71d6530c66efcea2c4bf221ed6013255ea6ece2bb4eef212d7aa08aacdaa7ad2cd5890d08baaf80e1cd647a5992f1b6f7 |
memory/1232-127-0x000007FEF5D10000-0x000007FEF66FC000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2828-129-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E3wFJlgCesAw.bat
| MD5 | 27ab9e31ed4eab6e5d9c1ca380a40dfb |
| SHA1 | 421bc0dc277d3c4e84ea236ed44b357dcd78963d |
| SHA256 | d1ddab0902ca7a3c3f4b8352ee17c5a58a52e18e84a5c4b82b1b7daae6a9364d |
| SHA512 | f19f6ef87ddb297e991b61a7295eaf1c366dc1335816b945b8b4cb0b9af0ae07a487404fb490da6d9b4195d8d3e639b5b015e3938ebc0e8d07a74190f031701a |
C:\Users\Admin\AppData\Local\Temp\E3wFJlgCesAw.bat
| MD5 | 27ab9e31ed4eab6e5d9c1ca380a40dfb |
| SHA1 | 421bc0dc277d3c4e84ea236ed44b357dcd78963d |
| SHA256 | d1ddab0902ca7a3c3f4b8352ee17c5a58a52e18e84a5c4b82b1b7daae6a9364d |
| SHA512 | f19f6ef87ddb297e991b61a7295eaf1c366dc1335816b945b8b4cb0b9af0ae07a487404fb490da6d9b4195d8d3e639b5b015e3938ebc0e8d07a74190f031701a |
memory/2828-139-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/320-142-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp
memory/320-141-0x00000000003A0000-0x00000000006C4000-memory.dmp
memory/320-143-0x000000001B1B0000-0x000000001B230000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\oui5RqI0o0NL.bat
| MD5 | f54421e54c839e88171ca27fd1be5161 |
| SHA1 | 60197b5ad4f3bed7a3e2044a59c5b6f9c605782e |
| SHA256 | fa8a51b00e88cc8a6f915cb98b107bf92054c76f3cfd951d49797be14bf0b21e |
| SHA512 | c5ea23ba756a6dfb0444676d140997a9674e9081d3a0538d69b4091a37ce247720981aeec14995816a99b33faf9dea4db25035f9ae5275feaef21139cfac6bd6 |
C:\Users\Admin\AppData\Local\Temp\oui5RqI0o0NL.bat
| MD5 | f54421e54c839e88171ca27fd1be5161 |
| SHA1 | 60197b5ad4f3bed7a3e2044a59c5b6f9c605782e |
| SHA256 | fa8a51b00e88cc8a6f915cb98b107bf92054c76f3cfd951d49797be14bf0b21e |
| SHA512 | c5ea23ba756a6dfb0444676d140997a9674e9081d3a0538d69b4091a37ce247720981aeec14995816a99b33faf9dea4db25035f9ae5275feaef21139cfac6bd6 |
memory/320-153-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/1916-156-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
memory/1916-155-0x00000000009A0000-0x0000000000CC4000-memory.dmp
memory/1916-157-0x000000001B440000-0x000000001B4C0000-memory.dmp
\??\PIPE\lsarpc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\oLrBki14JESQ.bat
| MD5 | 6a53a9bd19aec80a0dc8d5edc716e70e |
| SHA1 | 3000abda3262cc499d4841d5fa99fa7b9ec851e9 |
| SHA256 | 1e481a426fce15e68908c4edfd4c9e028415e9ceed768cad0d3fa71d92b3cbc1 |
| SHA512 | 964b95e70de2e2a5fce7e30d1d9c5a83b49d7c1ccd195626ae2ce0b9e590b78d80fd7e455eab3de5deb0b434f19e5ab4022bfabbf5c4b94b261bff7894e31fd0 |
C:\Users\Admin\AppData\Local\Temp\oLrBki14JESQ.bat
| MD5 | 6a53a9bd19aec80a0dc8d5edc716e70e |
| SHA1 | 3000abda3262cc499d4841d5fa99fa7b9ec851e9 |
| SHA256 | 1e481a426fce15e68908c4edfd4c9e028415e9ceed768cad0d3fa71d92b3cbc1 |
| SHA512 | 964b95e70de2e2a5fce7e30d1d9c5a83b49d7c1ccd195626ae2ce0b9e590b78d80fd7e455eab3de5deb0b434f19e5ab4022bfabbf5c4b94b261bff7894e31fd0 |
memory/1916-168-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/1644-170-0x0000000000B70000-0x0000000000E94000-memory.dmp
memory/1644-171-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp
memory/1644-172-0x000000001B110000-0x000000001B190000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TKho1CjnTeCm.bat
| MD5 | a173bddaa9d249d04bf2b1252bbd0637 |
| SHA1 | b505de9e99dc5bdc5057a81676957bd8ee6d225a |
| SHA256 | 44e5b0f245d7790d681b9958edc8b6ec62937318f47b050d8f39ba60bd1a9c53 |
| SHA512 | 174738f37b7df2d34756fedc8cf738698f7981bea4bbcb5023fc374119b59d37ddcdbba7a59f5025d00c78d2cc24a1e3d10989365e4c141958b99459e85dec60 |
memory/1644-181-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TKho1CjnTeCm.bat
| MD5 | a173bddaa9d249d04bf2b1252bbd0637 |
| SHA1 | b505de9e99dc5bdc5057a81676957bd8ee6d225a |
| SHA256 | 44e5b0f245d7790d681b9958edc8b6ec62937318f47b050d8f39ba60bd1a9c53 |
| SHA512 | 174738f37b7df2d34756fedc8cf738698f7981bea4bbcb5023fc374119b59d37ddcdbba7a59f5025d00c78d2cc24a1e3d10989365e4c141958b99459e85dec60 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2508-184-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
memory/2508-185-0x0000000000DB0000-0x00000000010D4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aVMRgECE3VaG.bat
| MD5 | 0b31a42d81e5dec7dc151785fde90ba0 |
| SHA1 | 58ca101d3807216d6f6875b9b0563fad2aeb40eb |
| SHA256 | 8e71620ea4a6798249913a4907d4ec7ee8f904bfabf29eee4d575dca3874c015 |
| SHA512 | b4e1113cc19f5a1c4a1411a5e968295535a74d9c8027ceead622b7ac175ed23c8459e44c51952bea90f782ccef303e2ed3c50e9c7d47bb002aed435aaf1559b6 |
C:\Users\Admin\AppData\Local\Temp\aVMRgECE3VaG.bat
| MD5 | 0b31a42d81e5dec7dc151785fde90ba0 |
| SHA1 | 58ca101d3807216d6f6875b9b0563fad2aeb40eb |
| SHA256 | 8e71620ea4a6798249913a4907d4ec7ee8f904bfabf29eee4d575dca3874c015 |
| SHA512 | b4e1113cc19f5a1c4a1411a5e968295535a74d9c8027ceead622b7ac175ed23c8459e44c51952bea90f782ccef303e2ed3c50e9c7d47bb002aed435aaf1559b6 |
memory/2508-195-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2492-200-0x000007FEF6030000-0x000007FEF60A4000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2856-203-0x0000000000F60000-0x0000000001284000-memory.dmp
memory/2856-202-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
memory/2856-204-0x000000001AE50000-0x000000001AED0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kCCWrPilTFtU.bat
| MD5 | d31ae2394fa707f5465f3c719946d6ea |
| SHA1 | f52f1305bc3c8f2b43936e7d7f3d732baff0d9b6 |
| SHA256 | 3610af47be4198369460f3f1ab4a698522e60cf0d0a9c9ab40dd0f5522f48768 |
| SHA512 | 25975b921c606dce12ce53a6390df42758ab066971105c4c0be18ac4e96650d390f2091b4a4a6fe53327f043a4aa651cd89ea05284f510e07529e3d92f409cb0 |
memory/2856-213-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kCCWrPilTFtU.bat
| MD5 | d31ae2394fa707f5465f3c719946d6ea |
| SHA1 | f52f1305bc3c8f2b43936e7d7f3d732baff0d9b6 |
| SHA256 | 3610af47be4198369460f3f1ab4a698522e60cf0d0a9c9ab40dd0f5522f48768 |
| SHA512 | 25975b921c606dce12ce53a6390df42758ab066971105c4c0be18ac4e96650d390f2091b4a4a6fe53327f043a4aa651cd89ea05284f510e07529e3d92f409cb0 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2656-216-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp
\??\PIPE\lsarpc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\WKkXLOvmOmCx.bat
| MD5 | d7d78693b8e761b911077f5f99c19512 |
| SHA1 | d5a3f1c06f1c29be539c2d967dd0a7396f7fd169 |
| SHA256 | 3d71138a3e07f23a3dcdb02390babbf00a03e4f1d8b0d091fd3cc617725bbd8f |
| SHA512 | dea8b778af419e3fccd8876cc3085e3964146359ace23ac89dd776896a972ae12246d4db760ee3f11a35c188d4785798c65221e7f724132c3348eae4f4d60f07 |
memory/2656-226-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WKkXLOvmOmCx.bat
| MD5 | d7d78693b8e761b911077f5f99c19512 |
| SHA1 | d5a3f1c06f1c29be539c2d967dd0a7396f7fd169 |
| SHA256 | 3d71138a3e07f23a3dcdb02390babbf00a03e4f1d8b0d091fd3cc617725bbd8f |
| SHA512 | dea8b778af419e3fccd8876cc3085e3964146359ace23ac89dd776896a972ae12246d4db760ee3f11a35c188d4785798c65221e7f724132c3348eae4f4d60f07 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/752-229-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
memory/752-230-0x000000001B2F0000-0x000000001B370000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\lzWnr55pgE3b.bat
| MD5 | 273848098d3708e8d0b3332e1663727c |
| SHA1 | 548f9448def08582f686202fb064ddfa36cd727e |
| SHA256 | 954ac2ee075f48b2fd9b46c37cfe8457d706ffdda8ebc33633ed56e9afcc3244 |
| SHA512 | e585a7952b0c84f618b817bd2beb5923d42961f7bc86e0bf53a6f457977a71703c1a3f9b838f050fd0c66be3c5f9ebe50caebeb2bf8abf398905e460d1b68872 |
C:\Users\Admin\AppData\Local\Temp\lzWnr55pgE3b.bat
| MD5 | 273848098d3708e8d0b3332e1663727c |
| SHA1 | 548f9448def08582f686202fb064ddfa36cd727e |
| SHA256 | 954ac2ee075f48b2fd9b46c37cfe8457d706ffdda8ebc33633ed56e9afcc3244 |
| SHA512 | e585a7952b0c84f618b817bd2beb5923d42961f7bc86e0bf53a6f457977a71703c1a3f9b838f050fd0c66be3c5f9ebe50caebeb2bf8abf398905e460d1b68872 |
memory/752-240-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2384-242-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\0lemZy83vhVE.bat
| MD5 | 5552fe1b16e9e9f021b290a29141a00d |
| SHA1 | 421016294f0d0fb3a998c4fd696feff23978ef4b |
| SHA256 | d97d80d9e3584a5bc54bf0c361d53bac4276308ceea8cf1abd1992eee6275f25 |
| SHA512 | f85a372df7855d9f434e5792691a2643152d342dd814f10b06361d779598021f47e0cdfd6bf0a1aea46c7e6d389ad142462c364c5dd6ffb7c911f2cc6d1a3454 |
C:\Users\Admin\AppData\Local\Temp\0lemZy83vhVE.bat
| MD5 | 5552fe1b16e9e9f021b290a29141a00d |
| SHA1 | 421016294f0d0fb3a998c4fd696feff23978ef4b |
| SHA256 | d97d80d9e3584a5bc54bf0c361d53bac4276308ceea8cf1abd1992eee6275f25 |
| SHA512 | f85a372df7855d9f434e5792691a2643152d342dd814f10b06361d779598021f47e0cdfd6bf0a1aea46c7e6d389ad142462c364c5dd6ffb7c911f2cc6d1a3454 |
memory/2384-252-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2060-254-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1ltZSEeu4N1n.bat
| MD5 | 260b658efb0eed5eb9d4ff7e6e2ef587 |
| SHA1 | 6730ca88f3d1a65ba1a0e4feb8706bbfd85ea931 |
| SHA256 | 22955c368ef60de3f86345eeb18cd61b8af3915b358bf3413b282e8e57adb588 |
| SHA512 | 60ab2522d63f12f0158b8a0af840e785fbf4c429a20ae06e3ef13f5c575d8f0f7e575b194c826d604cd5e2692d0ea34de976615240c3c45aa30cd87eeda01737 |
memory/2060-263-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1ltZSEeu4N1n.bat
| MD5 | 260b658efb0eed5eb9d4ff7e6e2ef587 |
| SHA1 | 6730ca88f3d1a65ba1a0e4feb8706bbfd85ea931 |
| SHA256 | 22955c368ef60de3f86345eeb18cd61b8af3915b358bf3413b282e8e57adb588 |
| SHA512 | 60ab2522d63f12f0158b8a0af840e785fbf4c429a20ae06e3ef13f5c575d8f0f7e575b194c826d604cd5e2692d0ea34de976615240c3c45aa30cd87eeda01737 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/648-266-0x000007FEF52A0000-0x000007FEF5C8C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\eqCderUEv21J.bat
| MD5 | a37cfcef40f9d9c993c66113d5a40c57 |
| SHA1 | 23d3c0143c398c9494b4d97b7c9202f034c15d5c |
| SHA256 | 2d21cc2f8351b09b23d7e2da545fe6399f32352c5524bd52d5287e836ea39c7b |
| SHA512 | e2c87767c6106e99362a9e5bb093ed8069172b39c7f73ae7b70724bc7b65d66be84dfdc1b7c3e8261d37214588bbcb50cd1f10f5f0db129fc9d8af5e54d6bd98 |
C:\Users\Admin\AppData\Local\Temp\eqCderUEv21J.bat
| MD5 | a37cfcef40f9d9c993c66113d5a40c57 |
| SHA1 | 23d3c0143c398c9494b4d97b7c9202f034c15d5c |
| SHA256 | 2d21cc2f8351b09b23d7e2da545fe6399f32352c5524bd52d5287e836ea39c7b |
| SHA512 | e2c87767c6106e99362a9e5bb093ed8069172b39c7f73ae7b70724bc7b65d66be84dfdc1b7c3e8261d37214588bbcb50cd1f10f5f0db129fc9d8af5e54d6bd98 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Temp\WC9nSKs479EF.bat
| MD5 | 45140f26943522b7a3cda5b2e7aa4905 |
| SHA1 | 5ffef4ffdfe1dfa21fb4366181ec8aad4f84969c |
| SHA256 | d98a88dfa71e3d9644ea0b84e9bb9519e411b8123f2946e7f9cd0274f6fcb133 |
| SHA512 | 8fc6d4cc354b7bc3526b2a0fb98d06dc78e25160297fb0f2f61949a51da6c824a81c5cd81dcdc4e94a410524e5d52adf59f46c8405f13ae661acc50f6a3de594 |
C:\Users\Admin\AppData\Local\Temp\WC9nSKs479EF.bat
| MD5 | 45140f26943522b7a3cda5b2e7aa4905 |
| SHA1 | 5ffef4ffdfe1dfa21fb4366181ec8aad4f84969c |
| SHA256 | d98a88dfa71e3d9644ea0b84e9bb9519e411b8123f2946e7f9cd0274f6fcb133 |
| SHA512 | 8fc6d4cc354b7bc3526b2a0fb98d06dc78e25160297fb0f2f61949a51da6c824a81c5cd81dcdc4e94a410524e5d52adf59f46c8405f13ae661acc50f6a3de594 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-03 01:12
Reported
2023-12-03 01:17
Platform
win10v2004-20231130-en
Max time kernel
299s
Max time network
51s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
Executes dropped EXE
Enumerates physical storage devices
Creates scheduled task(s)
Runs ping.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\LethalCumpanyExternalModLoader.exe
"C:\Users\Admin\AppData\Local\Temp\LethalCumpanyExternalModLoader.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Il806Jm7yne8.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Re5KMI6wW3h8.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gt7YQNYUqKj1.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DmHPWzle3zC6.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\65O5FiYZXoIl.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\HMMn23ZKrxmI.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\PlWcqpVPQCDF.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\MWbobNUBRGEX.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\T1oKeUmHpzbl.bat" "
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\system32\chcp.com
chcp 65001
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\88RvB909yIp0.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\JLtnMCKBmOHC.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Ac5pdvMfNXKN.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qvKqHfYnVMsM.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\QAEeyDOzdiQa.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\NjnnPdaAB4jU.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\rBZeHovO0fvy.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pHKoLpQaRfvt.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\SN9ZyHo7e5DK.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6YEuayCubRjZ.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gMPKnKDF1n8H.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AFm5FN0mKmKi.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\mQnUjnh5EA9n.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\trlpnNYGYNif.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\qorYvB6TaubC.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7SbHhDIJBMvk.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ss1jEtDo1zsK.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\W7XwxDzxGRH9.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\V7qxQj920Vza.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\l99qMAK6oT89.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xwxt3OyvtdwR.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
Files
memory/2660-0-0x0000000000DC0000-0x00000000010E4000-memory.dmp
memory/2660-1-0x00007FF9AC700000-0x00007FF9AD1C1000-memory.dmp
memory/2660-2-0x00000000019D0000-0x00000000019E0000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/4708-9-0x00007FF9AC700000-0x00007FF9AD1C1000-memory.dmp
memory/2660-8-0x00007FF9AC700000-0x00007FF9AD1C1000-memory.dmp
memory/4708-10-0x000000001C070000-0x000000001C080000-memory.dmp
memory/4708-11-0x000000001BFB0000-0x000000001C000000-memory.dmp
memory/4708-12-0x000000001C640000-0x000000001C6F2000-memory.dmp
memory/4708-17-0x00007FF9AC700000-0x00007FF9AD1C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Il806Jm7yne8.bat
| MD5 | ef9d0499c09f779cb0bf5e7a855cdd84 |
| SHA1 | 1dcab9f5a168cc59897c28e22aafd27dccad9c73 |
| SHA256 | 84969d1773184cafb492a40caa3c7271e4e584ef8586087d5c2790aeab6601d1 |
| SHA512 | e50d085f7d9c53fb46559e4a58a133c70bb8c09d8f33b4a55c7187fa867bee9420b9500b7a218b5fa1e884d4920c313df8a490906136c679f07d1ed2c2bb5220 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LethalCumpany.exe.log
| MD5 | 8f0271a63446aef01cf2bfc7b7c7976b |
| SHA1 | b70dad968e1dda14b55ad361b7fd4ef9ab6c06d7 |
| SHA256 | da740d78ae00b72cb3710d1a1256dc6431550965d20afaa65e5d5860a4748e8c |
| SHA512 | 78a403c69f1284b7dd41527019f3eede3512a5e4d439d846eca83557b741ca37bcf56c412f3e577b9dd4cfa5a6d6210961215f14cb271b143f6eb94f69389cf5 |
memory/2248-21-0x00007FF9AC700000-0x00007FF9AD1C1000-memory.dmp
memory/2248-22-0x000000001B320000-0x000000001B330000-memory.dmp
memory/2248-26-0x00007FF9AC700000-0x00007FF9AD1C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Re5KMI6wW3h8.bat
| MD5 | b824ad13922cfb29488fa17fffb0d7dd |
| SHA1 | 6532fbfc8c945470310b08651fbba1a23819c5a3 |
| SHA256 | dba256a854797133b0c5d4e8692fd1785cdead1fbe723936a63d33d6f30a651c |
| SHA512 | 0bee4751413581c2646f605f1d2026589012338eb2f80cf13c08c225e8d01d29f7a758d7648eda35881f860bd9581445a7a7f028a21254029f683f05f7b62aac |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2796-29-0x00007FF9AC700000-0x00007FF9AD1C1000-memory.dmp
memory/2796-30-0x000000001BB90000-0x000000001BBA0000-memory.dmp
memory/2796-34-0x00007FF9AC700000-0x00007FF9AD1C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gt7YQNYUqKj1.bat
| MD5 | 72d614536fbceab63e7c69430882eeeb |
| SHA1 | 322b8fcbd0291c86bd035523f7d0dfc91b6de428 |
| SHA256 | 67265ae763d936cb658e643721ab16bdbb31659dd8052f8384476ffcdbf22c83 |
| SHA512 | 5ae30e084788c791b5ce1842bd3b2df26b210279044357d69f8be4fc20e5f953f5fca6b9b5489e48dc2a904a77cf345c657928817bb252fa59c2c3e3e7faebe9 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/3708-37-0x00007FF9AC700000-0x00007FF9AD1C1000-memory.dmp
memory/3708-38-0x000000001B5D0000-0x000000001B5E0000-memory.dmp
memory/3708-42-0x00007FF9AC700000-0x00007FF9AD1C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DmHPWzle3zC6.bat
| MD5 | 9cf94316d06b25dfdf60ab239b005a06 |
| SHA1 | 988f251e0cfa431cdbebb204194e43ef958597c4 |
| SHA256 | f9cbd1b396b3c73a9ba30aaba95ef9e752a4e21833373ab3096903e4982a58f3 |
| SHA512 | fa649f519c65a5fa71e725fb565d7402676d66531cc0863fdc24b3a6a45e6b0033783ade4cd924cf17bb52413e4c7855ab993fbbda4a44bf7bde58494a893d4a |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/4568-46-0x00000000035B0000-0x00000000035C0000-memory.dmp
memory/4568-45-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/4568-50-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\65O5FiYZXoIl.bat
| MD5 | 9db710994d2a732ae31f44bb4d087011 |
| SHA1 | d5b13216a789ed90eaccabf19bedac5cceaaa22d |
| SHA256 | 039947847b8fa7f7a13d96e7a01d546f27b7c43f201c039e840bb09cfd09ea4a |
| SHA512 | 47b891117cee758b2b212c8d957db564737ddaff2d6f63f3d495a2255f0f2dd2953cfdf90420c4080d3bdb79421689ee92c03b201464efae40cd9833104b7c0d |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/4608-53-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/4608-54-0x000000001BB10000-0x000000001BB20000-memory.dmp
memory/4608-58-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\HMMn23ZKrxmI.bat
| MD5 | 5ef96d0842c4eb09e71da7fad1a41adc |
| SHA1 | 2519eff0f980ecd5ab505eb936410f5106ad01ec |
| SHA256 | b4c9aa7484bef6a1b65481d242b0d6e2ec18ead2314878afb191bbbcc02c886a |
| SHA512 | a9f7ec094c2edb7b81625ba4f99ab30201219ae01a938b1f8d3af4120bb8db6036ea4d02d40f859fe1869bc1714a99e97ae5607d5c23be8e6ca593533bd96ad8 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/4764-61-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/4764-62-0x000000001B7C0000-0x000000001B7D0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\PlWcqpVPQCDF.bat
| MD5 | bf9af80515e144af3b8b6370789fb2e5 |
| SHA1 | 70df22be484e8300a7a7e199d00693e2ccf11834 |
| SHA256 | dfb8ce335d1d567187a1d7c21c9794e4a8743c5babc6493eb33b3e620812849d |
| SHA512 | 3aa5976325597fdc2aba98ec75c4069a2a46ace0a293160a5d77c529b60f725f4b443bfee17b73a2fc6fa78d2ba75bff6bbccdbe531f903047c70ab2697672ec |
memory/4764-67-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2224-69-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/2224-70-0x0000000002C30000-0x0000000002C40000-memory.dmp
memory/2224-74-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\MWbobNUBRGEX.bat
| MD5 | 735dd7b4521be06ae296f51304498940 |
| SHA1 | e7c7d56f31c0e8971228cda2a95787f7e00aee3c |
| SHA256 | 63340e79059ee12ef5f530e11f97aefc499fbc2616a12acc89369cbaa7863e29 |
| SHA512 | e797c9363945e86f98c1c1c24d82ca3450a821e12822611a30c7fbc78d5114834a9cef829e629536aad5a93bd977b86512f6af2fb344416be45e614a2b550384 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/3600-78-0x00000000032C0000-0x00000000032D0000-memory.dmp
memory/3600-77-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/3600-82-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\T1oKeUmHpzbl.bat
| MD5 | 37cf823113dcdb117c04ebc7ae576666 |
| SHA1 | d2f49543ce6094506064c4b11559abc256395be7 |
| SHA256 | 14ad619b9dbc31726776e4e641b3b21eaa1d5465dc0b41d1a814508d647ff662 |
| SHA512 | 56727934d9c9993b9cf2ba7948d08ec0f859f64400bf002397d1d6539b42c6b803758728b4484cbe52854bf65ec0dbb473c64d72b0cc548c035ca03cb1e18c96 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/1056-85-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/1056-86-0x000000001B320000-0x000000001B330000-memory.dmp
memory/1056-90-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\88RvB909yIp0.bat
| MD5 | 43376ce08de629b7fcd8ae812b9a7a58 |
| SHA1 | 2672cd11710d6c0d593337c61005c47248f1c701 |
| SHA256 | fb1b5b8f21fd0edacb4e366c58efd80a1da6403598c3e151f15a320260efda43 |
| SHA512 | e1eab5d469bb1469cf077875fa073eb676736aa8ad1e06fb6d97a98fa082d76e8df3d1d34a3af064a6f40b77d1869853ba2e195f7e4a97ec34c71a6569bfb3b4 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/3180-93-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/3180-94-0x000000001B8F0000-0x000000001B900000-memory.dmp
memory/3180-98-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\JLtnMCKBmOHC.bat
| MD5 | 3cff770fd222b3c2a347a465c8246646 |
| SHA1 | bccb8a7d0398032a855725b2a5948a3454298909 |
| SHA256 | cbb37aa15d44dbb7192df3aa6624d58415fac404f4b255d4d81a57e7b85b6705 |
| SHA512 | 291a49cc954f9156c39877ab40d3cf95c584d5208efa28df595d28d415ee288d4adaec50c2f54dd8c96ea19a6cb7946a7c4be0ed7e3e945831337ac10cd4945b |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/864-101-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/864-102-0x00000000024F0000-0x0000000002500000-memory.dmp
memory/864-106-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Ac5pdvMfNXKN.bat
| MD5 | ed852138dfba33b874b838f2a8dbd4d9 |
| SHA1 | 0a44f49ceeda7709b5c56211eed38f4fbd8ba7db |
| SHA256 | 8c23ac4cef530b42e90f648acfe5bfcbf7a2ef8344ec91be874a6ce6dfeb3e79 |
| SHA512 | 2be55c79015c248945e6f1b127e27d6dd8b1ba3a8c3245798a57cf10c59ad7f2438260629aae185552386d3a042ff7ba05dc144ed3a6b11140e5935d85f99a0b |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/1176-109-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/1176-110-0x000000001B010000-0x000000001B020000-memory.dmp
memory/1176-114-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\qvKqHfYnVMsM.bat
| MD5 | 3bb400deac565c32832a4616abde7fda |
| SHA1 | 81639a2155831caa3e23c9bac470c9b63f095ada |
| SHA256 | 682c1e73769d7a350202907f3ce47ea652212d7f0b2695f21cbbddba4483eb9b |
| SHA512 | c62e28e47914cbb99d2d802cec4c066d03125983d0c891fb8fd302960276dd1e4beea553bb0fcb6f1e65d1375e9fc3e25860bd33c601425edd8c81a7a12b241e |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/3788-117-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/3788-118-0x000000001B9B0000-0x000000001B9C0000-memory.dmp
memory/3788-122-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\QAEeyDOzdiQa.bat
| MD5 | 664c35ab84ae974ac0e87d7bdbdc3a49 |
| SHA1 | 35c1fa0a1424c5d7cd0a0036165e4f93577cfa63 |
| SHA256 | 9e0bc1847013285779f56574441d037ab3bafc6966e14eedb761c3dd02840034 |
| SHA512 | c70480954f8d84c1afec42ddf09d9fbb00726780050020b73ba43ff1397499e9dd8b1049bc938f2480e77a73d2e62db569042e65fbb48c1486dd44205144d197 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2756-126-0x000000001B4E0000-0x000000001B4F0000-memory.dmp
memory/2756-125-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/2756-130-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\NjnnPdaAB4jU.bat
| MD5 | 7f18659efa3196f593ab32d699f49c08 |
| SHA1 | 0d61161e208e850b5f27172d7d7e4ee498a6f00f |
| SHA256 | 8bacfb8de5fe12e93142f6ed7a4b9729abf5acf0f6e5dee4bb9fc7d6c97e8f50 |
| SHA512 | 93020f02e5059d453a323f1bddee409183b84c33ee48e6c87284910c49b1899d9125f4de94d5efc41f1d238100807afe12f5655194de3af18f16ac6582e1e1b2 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2716-133-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/2716-134-0x000000001B370000-0x000000001B380000-memory.dmp
memory/2716-138-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rBZeHovO0fvy.bat
| MD5 | e95b18c8eee4a742659149886d3fa7dd |
| SHA1 | abf53a0c93abe097a8a34b0aa7030efd027609e1 |
| SHA256 | 7b742b2f380145671707854613b2c1cf67a110c40954bf846f5b6f388a07ca24 |
| SHA512 | 10e5cfd183ba39b4602b1b68ee1a6827823e70402ec8bff2e7763f4d3a8b28f6e56c744461a8ae2f2e2b303be28c5963c63fe418e4b5a5b7af492e235b2fb8ac |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/4172-141-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/4172-142-0x000000001BD60000-0x000000001BD70000-memory.dmp
memory/4172-147-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pHKoLpQaRfvt.bat
| MD5 | 6ce48e623d5aa88856cda3d7ac58f6ee |
| SHA1 | 49fb6322a5645d72c6212621036ae6b6c377b535 |
| SHA256 | 3247e4776b52facc692a0f691aa301f0fc419b288a15bacaebd766fa0b420499 |
| SHA512 | a7bdd60033b36aa017bed9c23e6ad21ad5ca7c1dd5bc07a2badf682798a055316a0dd09379bb4238a8fbbe573b73a9c613cd47a9101ebcbab9966f5547102a48 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2916-149-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/2916-150-0x000000001BCC0000-0x000000001BCD0000-memory.dmp
memory/2916-154-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\SN9ZyHo7e5DK.bat
| MD5 | 46170273d33f2bc6a15600c700be4645 |
| SHA1 | a67824075b0dd2993d9b0fe29819d22291c3413f |
| SHA256 | a36d18d31c1dd98e37752e999e3791fd76630018932cd654d84ededa148acd90 |
| SHA512 | 4c45b405d198d7329cbce8cd3f1dd4a4e07860d37cbb8cf8bd450c99d4d8ee3d4ca6ee4e3cda05fa99e4d9d8ef12668caa532d8e389d569cd859f75b1338b8d7 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/3136-158-0x000000001BAA0000-0x000000001BAB0000-memory.dmp
memory/3136-157-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
memory/3136-162-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\6YEuayCubRjZ.bat
| MD5 | b81d4bb4839ae6fd4fd14826d6512f6b |
| SHA1 | c572850912db9cd08a3ecf7a1dc1d5d1b28f8650 |
| SHA256 | 65dd93bfdf76a9585ab295cc0e10546aa0f8ec2707207afcb2f7a5f26583d9b4 |
| SHA512 | a7be9584a8d812c92af87343142806d6e9bec330c16dda82d173902cefbafa60d677c84f5782cdd0ed6e524862e0892c16aac65b572139a58880396cff0fa8af |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/3988-165-0x00007FF9ACA80000-0x00007FF9AD541000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gMPKnKDF1n8H.bat
| MD5 | a5409aecdcdbe4ecd5c844b115c44738 |
| SHA1 | 8f16c3080472f99ddc34bd5973b4b58f6601621c |
| SHA256 | ce9020c100fd63c48de8ca8a15be1dba4578e1d4b527ae96e6ebcb98ecf6125a |
| SHA512 | 2c0d83dd3a412356e18972f0b04e4931353192e46fd917d1972a1af296e3a9b94d3cf49dea1dd8efa1baf7417cd1d1e9170e56a5b8bf8b5edbb84caa498c74de |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Temp\AFm5FN0mKmKi.bat
| MD5 | f30184bd75fa3182cdcb25c389e413fb |
| SHA1 | 1489225414ddf4de2fb8975edb719a324cb6394f |
| SHA256 | 5d3b59a99046b4257a5fb7d4d950be923fd91e6499841608146092c8606a13d0 |
| SHA512 | 74795cf500f58a2953884dc7db172f13d86f19ed8dac8b8f8d176bda0666927d6d6a765d001f81cf39ce52a5f536da56f19f99ea4d02b8ca59a77d9f595a134c |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Temp\mQnUjnh5EA9n.bat
| MD5 | 60486dfcf6ae5c2b27b65940fd831aa7 |
| SHA1 | 19d811cee59258a1b958ddf2e676975a374f4d8b |
| SHA256 | 0719a55b1b01333c82438460f903b0309e37327a026d4e93c8c90f5546b98607 |
| SHA512 | b106a9a3f1df0606e461e8615322c2d114eaaa8e6f80013c8bc9186e426cdbba043ce6b99f592bf4e48063e2828e9a1635d4f04a66818f72b2557d8d391474ea |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Temp\trlpnNYGYNif.bat
| MD5 | 5044ab4203011d80c186dcccdbb659b8 |
| SHA1 | 0d531907f689e5fd42db60e3452489c257736585 |
| SHA256 | 1fb8f94d5bc3052aa8962a8e306cb6ecb96fa1ae6a8ee0a3902e0cdc30600351 |
| SHA512 | 714f751161f6a593669bbb278bb15d842453efe9775880782916f9c6db6685c582f4a8cb5bd896f88376e9e546729fd30ee03bae0d57f996927c710a02e0bd1b |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Temp\qorYvB6TaubC.bat
| MD5 | a7bf16db87731b2498ba39b31ce162dc |
| SHA1 | 7480311cac452282610e850462839bc8b6468d2a |
| SHA256 | ce7982f48d148150b30d5d9146e415d00e5e4a2d16ae3074a1b3faf05d2a4830 |
| SHA512 | 1a12f4c03d8abc92561a7639b4ec980ab4e4ed49026977cbdcc0c48f0f9fbfd78c727f51bcb71ed1f6b38d531a776b1378df846ab2720092662dd291789b6b5c |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Temp\7SbHhDIJBMvk.bat
| MD5 | 8208b1046db1d6092cc4a584a8a01c6e |
| SHA1 | bdb854622146089316e959b4b0f4e7a285fe089f |
| SHA256 | aa75c87f821fe78b90dc4e177ce1ec8ff543a76cf169c261c75675702bc1b67b |
| SHA512 | 1f97d55c22668d44cccdf640d293f0bbae7085c00f0a965842ec898058104588305b1259f7dab14817af2495728f82d921ca3f2cc40b63e419a83774c6aafbd0 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Temp\ss1jEtDo1zsK.bat
| MD5 | 58a6e4e6e4b18bc481089fb6d1fce063 |
| SHA1 | 33c3dfedbcd6ba3f597f71ccf009a2fa8fd702ff |
| SHA256 | 77e586cb9e945c86afe3bf69c7e73b6109cbce5097c7fc47f31a5bf4e1b4d838 |
| SHA512 | b5e532ff373f3b50df1661103d84ebb73374794735cc9c32f48e199eb05300b4078aed1e275d5ec68b028d9fde1bafc3ed604f2da9ac713dc8db6d8acd9f1f69 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Temp\W7XwxDzxGRH9.bat
| MD5 | 031dc556fbf1f202bf1b66685416481e |
| SHA1 | 64f0edf7be47847c6c7a45c21a371c862b825107 |
| SHA256 | 40719cde6ce7727cbc369dfcbc0cc1047416e2004f755926ab142e2ef4426f79 |
| SHA512 | 79cbc814417d87637a9b6373c0ebd251c984f7ad944602db4acbc0ff8b5c0154e4c142b2d5cc8d2e776152f4a0d4e13f34a45b37f6dbcbf65ca3e0f4058ea31a |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Temp\V7qxQj920Vza.bat
| MD5 | 2a413ff478c853c6a0da11701fa0605d |
| SHA1 | fa98e6452fdb4f158eacf1b3e5c4098004f748be |
| SHA256 | b86ef947cde14695dbe2b1bf8826a2f67df6114ba6c4000e57aa982e1da9a1dd |
| SHA512 | 787432d28e87774ba1cabfb2f6f6735a60aff9e6bb7c9716e26c9bd0feed0ffbab319590f8dbcf19fae52379797b2693652d5f85d5e57476b9c03e4290d3e423 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Temp\l99qMAK6oT89.bat
| MD5 | 429aa718035b603e590c57939f732aa5 |
| SHA1 | 1e53a5de64cc11fc7f160607f56a2f4fd68d8e71 |
| SHA256 | 6194614afeb27d44b470f0a66e0498fe2a9391eed4ab834f2c42492432e2a955 |
| SHA512 | 141dfc9b7fa3e1c326af7ae55cf2826d7f37546b21fe49ef8c2bf752be14cb7010bac6a49c5b4e6862a3feee3074522a9312bb86ac28f1fb9f858ef3aab4b3cc |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Temp\xwxt3OyvtdwR.bat
| MD5 | c979415d9d09df6c2e284dc48b9ebfd3 |
| SHA1 | 46a98166ced111c50ef5127c4d019e27c9224c41 |
| SHA256 | 2244f8dbceb4a697c69d780bb4a82700354ffeb1cc7f62ebdeea9c6f6cda100c |
| SHA512 | fff03cb4f1405af614a01db2ffe424cef73e5074877abc930543c636c7795223b58ee2cc0fc51de2e0bdecf9222e1880e55fb3aa5c669b09ee085eb8e028bcce |