80077994550acf0276127b56d3b7d3878c36d47f2c7dee7537a73529c9a263cf

Resubmissions

27-11-2024 11:05

241127-m61tbs1kgx 7

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Next-Time75 Edit/X-75-RGB.exe
Size

3.5MB
MD5

ca9c168350f93afaf0a70a4d83ba1119
SHA1

8156bd5d64adb3cb942c978ed2f2415efe397c54
SHA256

12023d0e55e7de318b70a25c18ab635781ae1745ab7005dd3b33a1a7713f5a91
SHA512

09806765e4a72fe39d2416df31c7b129984cc147e8cb0653eb81c016fe09dbff3eac65757a7514b5ef53dd0d496c146f8fa8a5e4c0bdc98b89162a6f01907074
SSDEEP

49152:p2/PpDKqPqXdQxupyw6+HN+AZvEGuKtJelCuYuaYX1lUEgR4VD1:0PpDKqPGuxupBP5ZchKtJelEu1U

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	X-75-RGB.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LightRecord.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	X-75-RGB.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
540	X-75-RGB.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
540	X-75-RGB.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
540	X-75-RGB.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 4352	540	X-75-RGB.exe	82
PID 540 wrote to memory of 4352	540	X-75-RGB.exe	82
PID 540 wrote to memory of 4352	540	X-75-RGB.exe	82
PID 540 wrote to memory of 4256	540	X-75-RGB.exe	85
PID 540 wrote to memory of 4256	540	X-75-RGB.exe	85
PID 540 wrote to memory of 4256	540	X-75-RGB.exe	85
PID 540 wrote to memory of 4440	540	X-75-RGB.exe	92
PID 540 wrote to memory of 4440	540	X-75-RGB.exe	92
PID 540 wrote to memory of 4440	540	X-75-RGB.exe	92
PID 540 wrote to memory of 3544	540	X-75-RGB.exe	93
PID 540 wrote to memory of 3544	540	X-75-RGB.exe	93
PID 540 wrote to memory of 3544	540	X-75-RGB.exe	93
PID 540 wrote to memory of 4260	540	X-75-RGB.exe	96
PID 540 wrote to memory of 4260	540	X-75-RGB.exe	96
PID 540 wrote to memory of 4260	540	X-75-RGB.exe	96
PID 540 wrote to memory of 4540	540	X-75-RGB.exe	97
PID 540 wrote to memory of 4540	540	X-75-RGB.exe	97
PID 540 wrote to memory of 4540	540	X-75-RGB.exe	97
PID 540 wrote to memory of 2392	540	X-75-RGB.exe	102
PID 540 wrote to memory of 2392	540	X-75-RGB.exe	102
PID 540 wrote to memory of 2392	540	X-75-RGB.exe	102
PID 540 wrote to memory of 4596	540	X-75-RGB.exe	103
PID 540 wrote to memory of 4596	540	X-75-RGB.exe	103
PID 540 wrote to memory of 4596	540	X-75-RGB.exe	103
PID 540 wrote to memory of 4884	540	X-75-RGB.exe	104
PID 540 wrote to memory of 4884	540	X-75-RGB.exe	104
PID 540 wrote to memory of 4884	540	X-75-RGB.exe	104
PID 540 wrote to memory of 4916	540	X-75-RGB.exe	105
PID 540 wrote to memory of 4916	540	X-75-RGB.exe	105
PID 540 wrote to memory of 4916	540	X-75-RGB.exe	105
PID 540 wrote to memory of 320	540	X-75-RGB.exe	106
PID 540 wrote to memory of 320	540	X-75-RGB.exe	106
PID 540 wrote to memory of 320	540	X-75-RGB.exe	106
PID 540 wrote to memory of 224	540	X-75-RGB.exe	107
PID 540 wrote to memory of 224	540	X-75-RGB.exe	107
PID 540 wrote to memory of 224	540	X-75-RGB.exe	107
PID 540 wrote to memory of 3000	540	X-75-RGB.exe	108
PID 540 wrote to memory of 3000	540	X-75-RGB.exe	108
PID 540 wrote to memory of 3000	540	X-75-RGB.exe	108
PID 540 wrote to memory of 3680	540	X-75-RGB.exe	109
PID 540 wrote to memory of 3680	540	X-75-RGB.exe	109
PID 540 wrote to memory of 3680	540	X-75-RGB.exe	109
PID 540 wrote to memory of 512	540	X-75-RGB.exe	110
PID 540 wrote to memory of 512	540	X-75-RGB.exe	110
PID 540 wrote to memory of 512	540	X-75-RGB.exe	110
PID 540 wrote to memory of 4948	540	X-75-RGB.exe	111
PID 540 wrote to memory of 4948	540	X-75-RGB.exe	111
PID 540 wrote to memory of 4948	540	X-75-RGB.exe	111
PID 540 wrote to memory of 3064	540	X-75-RGB.exe	112
PID 540 wrote to memory of 3064	540	X-75-RGB.exe	112
PID 540 wrote to memory of 3064	540	X-75-RGB.exe	112
PID 540 wrote to memory of 2956	540	X-75-RGB.exe	113
PID 540 wrote to memory of 2956	540	X-75-RGB.exe	113
PID 540 wrote to memory of 2956	540	X-75-RGB.exe	113
PID 540 wrote to memory of 1580	540	X-75-RGB.exe	116
PID 540 wrote to memory of 1580	540	X-75-RGB.exe	116
PID 540 wrote to memory of 1580	540	X-75-RGB.exe	116
PID 540 wrote to memory of 3936	540	X-75-RGB.exe	118
PID 540 wrote to memory of 3936	540	X-75-RGB.exe	118
PID 540 wrote to memory of 3936	540	X-75-RGB.exe	118
PID 540 wrote to memory of 3192	540	X-75-RGB.exe	119
PID 540 wrote to memory of 3192	540	X-75-RGB.exe	119
PID 540 wrote to memory of 3192	540	X-75-RGB.exe	119
PID 540 wrote to memory of 4632	540	X-75-RGB.exe	120

C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\X-75-RGB.exe
"C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\X-75-RGB.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:540
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4352
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4256
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4440
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3544
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4260
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4540
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2392
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4596
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4884
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4916
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:320
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:224
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3000
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3680
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:512
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4948
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3064
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2956
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1580
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3936
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3192
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4632
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3920
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4212
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3628
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:836
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1892
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4416
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:5032
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3416
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3320
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3144
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1504
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4548
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4300
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2908
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1944
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1588
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1072
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2300
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1672
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1036
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3792
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4372
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1048
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4432
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3256
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4264
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:776
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:5000
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3668
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4708
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1056
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3576
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:400
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4320
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4348
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2304
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3676
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4844
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4268
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:5108
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1524
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1576
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4336
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1128
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1648
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:5060
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1804
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1844
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1512
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1832
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3540
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2388
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3164
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4344
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4592
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:1724
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3644
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4460
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:2924
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:5092
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:5088
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3724
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3504
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:216
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:116
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4796
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:620
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:812
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4972
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:3508
- C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe
  "C:\Users\Admin\AppData\Local\Temp\Next-Time75 Edit\LightRecord.exe"
  2⤵
  PID:4188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\X-75-RGB\mouse\ShootData_2.Shoot

Filesize
13KB

MD5
711f5bb63c9276cc228ee5d06ce12dfd

SHA1
bfa9bb78775c130bc99c1f7b1e31b6311d7bff93

SHA256
45ae9981d9d7b0c2fc1b0142b8a20e3a3ba8be6df4ae241670d53c307b2dfc18

SHA512
fea31aee1396c3e735a499e159ca86e4c375cd398cc9236325953e5fcef3c648d491686c1f5ca894bd2bdfc01b9bc93fd8d1caaa9f7d9dc2df9aeb612bc48d91

Download Submit