80077994550acf0276127b56d3b7d3878c36d47f2c7dee7537a73529c9a263cf

Resubmissions

27-11-2024 11:05

241127-m61tbs1kgx 7

Analysis

max time kernel
149s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27-11-2024 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Next-Time75 Edit/X-75-RGB.exe
Size

3.5MB
MD5

ca9c168350f93afaf0a70a4d83ba1119
SHA1

8156bd5d64adb3cb942c978ed2f2415efe397c54
SHA256

12023d0e55e7de318b70a25c18ab635781ae1745ab7005dd3b33a1a7713f5a91
SHA512

09806765e4a72fe39d2416df31c7b129984cc147e8cb0653eb81c016fe09dbff3eac65757a7514b5ef53dd0d496c146f8fa8a5e4c0bdc98b89162a6f01907074
SSDEEP

49152:p2/PpDKqPqXdQxupyw6+HN+AZvEGuKtJelCuYuaYX1lUEgR4VD1:0PpDKqPGuxupBP5ZchKtJelEu1U

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	X-75-RGB.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1056	X-75-RGB.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1056	X-75-RGB.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 2508	1056	X-75-RGB.exe	29
PID 1056 wrote to memory of 2508	1056	X-75-RGB.exe	29
PID 1056 wrote to memory of 2508	1056	X-75-RGB.exe	29
PID 1056 wrote to memory of 2508	1056	X-75-RGB.exe	29
PID 1056 wrote to memory of 2776	1056	X-75-RGB.exe	30
PID 1056 wrote to memory of 2776	1056	X-75-RGB.exe	30
PID 1056 wrote to memory of 2776	1056	X-75-RGB.exe	30
PID 1056 wrote to memory of 2776	1056	X-75-RGB.exe	30
PID 1056 wrote to memory of 2784	1056	X-75-RGB.exe	31
PID 1056 wrote to memory of 2784	1056	X-75-RGB.exe	31
PID 1056 wrote to memory of 2784	1056	X-75-RGB.exe	31
PID 1056 wrote to memory of 2784	1056	X-75-RGB.exe	31
PID 1056 wrote to memory of 2736	1056	X-75-RGB.exe	32
PID 1056 wrote to memory of 2736	1056	X-75-RGB.exe	32
PID 1056 wrote to memory of 2736	1056	X-75-RGB.exe	32
PID 1056 wrote to memory of 2736	1056	X-75-RGB.exe	32
PID 1056 wrote to memory of 2892	1056	X-75-RGB.exe	33
PID 1056 wrote to memory of 2892	1056	X-75-RGB.exe	33
PID 1056 wrote to memory of 2892	1056	X-75-RGB.exe	33
PID 1056 wrote to memory of 2892	1056	X-75-RGB.exe	33
PID 1056 wrote to memory of 2840	1056	X-75-RGB.exe	34
PID 1056 wrote to memory of 2840	1056	X-75-RGB.exe	34
PID 1056 wrote to memory of 2840	1056	X-75-RGB.exe	34
PID 1056 wrote to memory of 2840	1056	X-75-RGB.exe	34
PID 1056 wrote to memory of 2460	1056	X-75-RGB.exe	35
PID 1056 wrote to memory of 2460	1056	X-75-RGB.exe	35
PID 1056 wrote to memory of 2460	1056	X-75-RGB.exe	35
PID 1056 wrote to memory of 2460	1056	X-75-RGB.exe	35
PID 1056 wrote to memory of 2916	1056	X-75-RGB.exe	36
PID 1056 wrote to memory of 2916	1056	X-75-RGB.exe	36
PID 1056 wrote to memory of 2916	1056	X-75-RGB.exe	36
PID 1056 wrote to memory of 2916	1056	X-75-RGB.exe	36
PID 1056 wrote to memory of 2848	1056	X-75-RGB.exe	37
PID 1056 wrote to memory of 2848	1056	X-75-RGB.exe	37
PID 1056 wrote to memory of 2848	1056	X-75-RGB.exe	37
PID 1056 wrote to memory of 2848	1056	X-75-RGB.exe	37
PID 1056 wrote to memory of 2812	1056	X-75-RGB.exe	38
PID 1056 wrote to memory of 2812	1056	X-75-RGB.exe	38
PID 1056 wrote to memory of 2812	1056	X-75-RGB.exe	38
PID 1056 wrote to memory of 2812	1056	X-75-RGB.exe	38
PID 1056 wrote to memory of 2992	1056	X-75-RGB.exe	39
PID 1056 wrote to memory of 2992	1056	X-75-RGB.exe	39
PID 1056 wrote to memory of 2992	1056	X-75-RGB.exe	39
PID 1056 wrote to memory of 2992	1056	X-75-RGB.exe	39
PID 1056 wrote to memory of 2224	1056	X-75-RGB.exe	40
PID 1056 wrote to memory of 2224	1056	X-75-RGB.exe	40
PID 1056 wrote to memory of 2224	1056	X-75-RGB.exe	40
PID 1056 wrote to memory of 2224	1056	X-75-RGB.exe	40
PID 1056 wrote to memory of 2832	1056	X-75-RGB.exe	41
PID 1056 wrote to memory of 2832	1056	X-75-RGB.exe	41
PID 1056 wrote to memory of 2832	1056	X-75-RGB.exe	41
PID 1056 wrote to memory of 2832	1056	X-75-RGB.exe	41
PID 1056 wrote to memory of 2680	1056	X-75-RGB.exe	42
PID 1056 wrote to memory of 2680	1056	X-75-RGB.exe	42
PID 1056 wrote to memory of 2680	1056	X-75-RGB.exe	42
PID 1056 wrote to memory of 2680	1056	X-75-RGB.exe	42
PID 1056 wrote to memory of 2696	1056	X-75-RGB.exe	43
PID 1056 wrote to memory of 2696	1056	X-75-RGB.exe	43
PID 1056 wrote to memory of 2696	1056	X-75-RGB.exe	43
PID 1056 wrote to memory of 2696	1056	X-75-RGB.exe	43
PID 1056 wrote to memory of 2644	1056	X-75-RGB.exe	44
PID 1056 wrote to memory of 2644	1056	X-75-RGB.exe	44
PID 1056 wrote to memory of 2644	1056	X-75-RGB.exe	44
PID 1056 wrote to memory of 2644	1056	X-75-RGB.exe	44

C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\X-75-RGB.exe
"C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\X-75-RGB.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2508
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2776
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2784
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2736
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2892
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2840
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2460
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2916
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2848
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2812
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2992
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2224
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2832
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2680
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2696
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2644
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2676
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2708
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2476
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2912
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2128
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2216
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2616
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1712
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2320
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2936
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2948
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2720
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2932
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2972
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2988
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1036
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1320
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1788
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:316
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1280
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1728
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1384
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:308
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2432
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1856
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:520
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1988
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1020
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2732
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2620
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2844
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1116
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2324
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1932
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1940
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1972
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2500
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2192
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2376
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2344
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2368
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2156
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1916
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2352
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2096
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2152
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1296
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2144
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2160
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2596
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1536
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1092
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:588
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2196
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2524
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2312
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1564
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2496
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1556
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1548
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2488
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2168
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2484
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2288
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:936
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2348
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1960
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:112
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2076
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2292
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2056
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:944
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2180
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\X-75-RGB\mouse\ShootData_2.Shoot

Filesize
13KB

MD5
711f5bb63c9276cc228ee5d06ce12dfd

SHA1
bfa9bb78775c130bc99c1f7b1e31b6311d7bff93

SHA256
45ae9981d9d7b0c2fc1b0142b8a20e3a3ba8be6df4ae241670d53c307b2dfc18

SHA512
fea31aee1396c3e735a499e159ca86e4c375cd398cc9236325953e5fcef3c648d491686c1f5ca894bd2bdfc01b9bc93fd8d1caaa9f7d9dc2df9aeb612bc48d91

Download Submit