Analysis Overview
SHA256
17d3c427c27e9fe420fba45c21d52c2df2042284751364053bb34d0b48278acc
Threat Level: Known bad
The file LethalCumpany-LethalCumpany-1.1.0.zip was found to be: Known bad.
Malicious Activity Summary
Quasar family
Quasar RAT
Quasar payload
Executes dropped EXE
Enumerates physical storage devices
Unsigned PE
Creates scheduled task(s)
Runs ping.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-03 02:55
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-03 02:55
Reported
2023-12-03 02:58
Platform
win11-20231128-en
Max time kernel
146s
Max time network
150s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\LethalCumpanyExternalModLoader.exe
"C:\Users\Admin\AppData\Local\Temp\LethalCumpanyExternalModLoader.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Uw5EE4Aouya2.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Grbd1uYUTGOa.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\GfsPMktqeWYU.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\df4LOwrzzPY8.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\u7l9x78wLOGL.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\KXQf5oBinTla.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OhDakuhJE1ip.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\YudsjW7OK4Ss.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\w3xqnYZqJ75L.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4vhmLGKfBkN1.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BRjyrpv9ekdd.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\s1umMTDxBAWP.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
"C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe"
C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "LethalCumpanyModLoader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe" /rl HIGHEST /f
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\gbj9hOXkcyEv.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\PING.EXE
ping -n 10 localhost
Network
Files
memory/4456-0-0x00000000007E0000-0x0000000000B04000-memory.dmp
memory/4456-1-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/4456-2-0x000000001B870000-0x000000001B880000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/4456-8-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/3776-9-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/3776-10-0x000000001B700000-0x000000001B710000-memory.dmp
memory/3776-11-0x000000001B5B0000-0x000000001B600000-memory.dmp
memory/3776-12-0x000000001C200000-0x000000001C2B2000-memory.dmp
memory/3776-17-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Uw5EE4Aouya2.bat
| MD5 | 371a6c199fae81da51e21c6a9f9e8440 |
| SHA1 | 0f9fe39e484ef836648c6d40d62e9bb348188e68 |
| SHA256 | 5d8130259356e156e6adc2229066e5bfa12e747ff5916b212b670edac88b8bdd |
| SHA512 | 725f23fbbdd2cdb3831845e25d50f992c3cb3358bca5390b4552ac5c6692ca21096bfdc381a48360f144975a14e7ae5964d9e512bfd55127b3c7d652cba6edfc |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LethalCumpany.exe.log
| MD5 | 15eab799098760706ed95d314e75449d |
| SHA1 | 273fb07e40148d5c267ca53f958c5075d24c4444 |
| SHA256 | 45030bd997f50bb52c481f7bc86fac5f375d08911bcc106b98d9d8f0c2ce9778 |
| SHA512 | 50c125e2a98740db0a0122d7f4de97c50d84623e800b3d3e173049c8e28ff0fbe4add7677bc56cb2228f78ed17522f67ae8f1b85f62824012414ce38ce0b500c |
memory/440-21-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/440-22-0x0000000001350000-0x0000000001360000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Grbd1uYUTGOa.bat
| MD5 | bebc3f93fc1da9aea16dc133f56c8fac |
| SHA1 | 904a37de6cba2b1837364f191dc985ffbb989f75 |
| SHA256 | 578292c4474ed143bf1155a62b00412a7acfe0411975b6870fb8bcce1303e396 |
| SHA512 | b13d3b3eb5a7ac283c3fd6e8a42328028c787f2d558714cc759edca1d60b432a19e84ad6ecdadb131f8b42962eb74edd0ae4d75039297bdf8aa19c7f59bdc2b8 |
memory/440-26-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/4820-29-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/4820-30-0x000000001B820000-0x000000001B830000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\GfsPMktqeWYU.bat
| MD5 | c35779a03e2fab171050e233d95bfa02 |
| SHA1 | 3a1c17bafba12b77965260744f0ee665c97fbd92 |
| SHA256 | 01535a7ce2a0838d63a4500d3dae8e1cc096bc8e880991cdc83cd2adebebd45d |
| SHA512 | f8f8602b8154a0e3610f10fdbb43b8360a12e131816b9da15b4795546f78f914c84dd765c64aadae2a19921e4454e6f9539bdf6e4f7d7822c6185e618d39fb4b |
memory/4820-35-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/3388-37-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/3388-38-0x0000000001910000-0x0000000001920000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\df4LOwrzzPY8.bat
| MD5 | dff4861e94dea45e675f1c74cae1e090 |
| SHA1 | f269bb43a5efe3500a1907e807b54b9dbb87db56 |
| SHA256 | f84f4612e92261aad9653ec5bd9e0e876acb22c4fd10ddbf5c2c984c0bf7d652 |
| SHA512 | 89d2fbb3f5b08a7bb9bd392021414e36ae8602e3557907c4176f8081325464ee1c311b514e4498040cfe9d8a695ea6a9bc90a6cb602cca57a9a6e5a89ad44b04 |
memory/3388-43-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/1668-45-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/1668-46-0x000000001BB30000-0x000000001BB40000-memory.dmp
memory/1668-50-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\u7l9x78wLOGL.bat
| MD5 | bc87c194ebe4b442c3c8578cb890331a |
| SHA1 | e7b4ecf0a0f065e44a9f0bdf8e22009a971918a8 |
| SHA256 | 9099ff37fc4c7848a6517331856f5fe3366aac191f8cd86a5a3b13dc422dad14 |
| SHA512 | 7b03039d42807c747256d25560f1b97cb66f4d4d9f8c5b9fb6dd9cd869e40c58fa04aa544f1184bb1ce125dfa0fe6088da0c7b505bac05b21d3a0e35cc3dcd22 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/128-53-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/128-54-0x000000001B7E0000-0x000000001B7F0000-memory.dmp
memory/128-58-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\KXQf5oBinTla.bat
| MD5 | df7fac193a4760b19b86bfb7b1226a95 |
| SHA1 | 28d92e5893c4b741e0af93e181ce247621b08914 |
| SHA256 | 960f3d43dc10faadba45dd2148be738274bd36da4b157ddc90f2badf695d17cb |
| SHA512 | 453d0c09b5428df0f2539c33b9ce7adb24c5aaa5b2e6dd2319ca0b314263ccd9dc2027ef3fdb0d2289c68db2aa4b480cc0fc54b63f982c56f69f1d43812e5ef9 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/2944-61-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/2944-62-0x000000001B520000-0x000000001B530000-memory.dmp
memory/2944-66-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\OhDakuhJE1ip.bat
| MD5 | 9f6298d9877ad015cdff024e246a16fa |
| SHA1 | 71a1f402d22282d2950957ba9f3905c79181a191 |
| SHA256 | cccba96833466fbe16dd5c886662469fd1cc51773b4db850574283f7dd9c2777 |
| SHA512 | 74d986611bbc430007254229ffde55a084dc4a9c31094a911ff6342ae3b3cd7901de8531a99b0871719bc693ce6b03a6d01672f33eb43721f71c61c90cfdb301 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/4340-69-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/4340-70-0x000000001BEF0000-0x000000001BF00000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\YudsjW7OK4Ss.bat
| MD5 | 3f1164e4e7937e6573075372d664259e |
| SHA1 | d34500e9fa0d6bb3307af98a0633b4bbea31ba57 |
| SHA256 | 50656f1010ab88ab6acc4035f614e675081ff9baffb9cc596be83bdc7135ea71 |
| SHA512 | e5743ef44a97ce03957e5d24a6b4aadb6eb17777cbcf8b1ccfc0ac7055f839041fada52ef7a9bf56213ade3c8ddec1153bb1dfdd677f81505f207a723efe5962 |
memory/4340-75-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/1496-77-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\w3xqnYZqJ75L.bat
| MD5 | aed1f168e68310c559dbbf448ce72ae6 |
| SHA1 | 3e9bc52fcd1fd3585c57c8690a017d8f6bedefe4 |
| SHA256 | 202ff4545306c082a82525a138489587accc9ad0353f90afa8cf47f9de74ba4a |
| SHA512 | 60d6e20281fdd0327d01032966302a71b0f54ad6518fd4c68283bad83a3b48460dcd03c6fb8f1d9bc2e48757bf67373f87ed626ee634d789134c7ce0e79f76d2 |
memory/1496-82-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/4256-84-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/4256-85-0x000000001BD20000-0x000000001BD30000-memory.dmp
memory/4256-89-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\4vhmLGKfBkN1.bat
| MD5 | 67a3502311e8feb9098fa3c163c8e98b |
| SHA1 | 78dc05f307ec8bb7eb162681958f2e6e3e587940 |
| SHA256 | ae7c8d2935d548cd70ee26faa15ab5b759b2d95354dd815f1ad0332cab8cf3c5 |
| SHA512 | a660d70ea87e246a24e3294a6bd5a6272be937a918b92ec8a486466a07f4b8414188b5b523a75d20c1858a6058570cb2df4bf63b66819cc6145ce394b7c5e030 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/3024-92-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BRjyrpv9ekdd.bat
| MD5 | 0ce7c0015dcf99d518b49e50a2b5c9eb |
| SHA1 | 32c3e52250b063048b0730ca67f19215e24dcf27 |
| SHA256 | 1a2f0430b3222a99943aaf23afe639b3166666d6ec746922a6483f0f2cab761e |
| SHA512 | a28e6a0d3025267576eb395e2716a877dbfcb676b74314e80ed271482dcb48f3fef975cc15d644d02c12c85e52e3bdaf1138b365e61d80f84f9f79d7a9eedaa8 |
memory/3024-97-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/760-99-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/760-100-0x000000001BBB0000-0x000000001BBC0000-memory.dmp
memory/760-104-0x00007FF998380000-0x00007FF998E42000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\s1umMTDxBAWP.bat
| MD5 | 9f6b508c458a38e977b0236deb58d189 |
| SHA1 | 6e44b7bc6cefd372fbd16cb6ebc45e267db71f12 |
| SHA256 | 249a72e8b9b1566914e4c69217720baef95be1151dc1de04e0d4e9dbc4eee73a |
| SHA512 | 56bcdc39586adef3589edcdfa085ed7f8f2ea20d9fb0084c80e5ecb4004e3d1c174f2ef272fc140792080ecaf12049a87c6deef97a6d002723d88434aaef2cb9 |
C:\Users\Admin\AppData\Roaming\SubDir\LethalCumpany.exe
| MD5 | 3c4b297ab9e22cbe51307529e6c7d17d |
| SHA1 | b63b9e36ec2090fb2b5e8c30d8a7cebd7c7b7632 |
| SHA256 | be1c5c962b13534ca1c19163aa20162afc9dbd92f34b9cf5b58d56aca5bab352 |
| SHA512 | 68f5c26f9c61ca71f727e23ad933ffa5f8c677251bd68374270c3a1dbc363214fa26523cadff50b8090da1a71f7fe60974e5d274c513e0e6b5fa5e379506bbae |
memory/256-107-0x00007FF998380000-0x00007FF998E42000-memory.dmp
memory/256-108-0x000000001B880000-0x000000001B890000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\gbj9hOXkcyEv.bat
| MD5 | c29698cdda048943935af9d4c949bd97 |
| SHA1 | 46a7492817e4a4f35610526bc9fdc979ed35e9b1 |
| SHA256 | bff75ec9ef22b953373cf6722a6a506c9982b609af8ff247a01c23eae2ff1739 |
| SHA512 | 7b56559adc5213af18e483e01890697f68314cdb404250851be53b4aaae06db36f4144cd91ec97501fa98fceb5070fc2c029bb6aa4e6d106202282fdd203d4f2 |
memory/256-113-0x00007FF998380000-0x00007FF998E42000-memory.dmp