2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2023 23:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x-mouse-button-control-2-20-5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
5040	XMouseButtonControl.exe
4908	XMouseButtonControl.exe

Loads dropped DLL 12 IoCs

pid	Process
3512	x-mouse-button-control-2-20-5.exe
3512	x-mouse-button-control-2-20-5.exe
3512	x-mouse-button-control-2-20-5.exe
3512	x-mouse-button-control-2-20-5.exe
3512	x-mouse-button-control-2-20-5.exe
3512	x-mouse-button-control-2-20-5.exe
3512	x-mouse-button-control-2-20-5.exe
3512	x-mouse-button-control-2-20-5.exe
5040	XMouseButtonControl.exe
5040	XMouseButtonControl.exe
4908	XMouseButtonControl.exe
4908	XMouseButtonControl.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	x-mouse-button-control-2-20-5.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	x-mouse-button-control-2-20-5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	x-mouse-button-control-2-20-5.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	x-mouse-button-control-2-20-5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	x-mouse-button-control-2-20-5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	x-mouse-button-control-2-20-5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	x-mouse-button-control-2-20-5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	x-mouse-button-control-2-20-5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	x-mouse-button-control-2-20-5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-642304425-1816607141-2958861556-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\USER\S-1-5-21-642304425-1816607141-2958861556-1000\Control Panel\Desktop	x-mouse-button-control-2-20-5.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133374791096434560"	chrome.exe

Modifies registry class 33 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	x-mouse-button-control-2-20-5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	x-mouse-button-control-2-20-5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	x-mouse-button-control-2-20-5.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 040000000100000010000000d5e98140c51869fc462c8975620faa780f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df153000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b0020004300410000006200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e1400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f71d0000000100000010000000e3f9af952c6df2aaa41706a77a44c20303000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1900000001000000100000001f7e750b566b128ac0b8d6576d2a70a52000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	XMouseButtonControl.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E\Blob = 5c0000000100000004000000000800001900000001000000100000001f7e750b566b128ac0b8d6576d2a70a503000000010000001400000007e032e020b72c3f192f0628a2593a19a70f069e1d0000000100000010000000e3f9af952c6df2aaa41706a77a44c2031400000001000000140000000876cdcb07ff24f6c5cdedbb90bce284374675f76200000001000000200000005c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e0b0000000100000034000000430065007200740075006d002000540072007500730074006500640020004e006500740077006f0072006b002000430041000000090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000006500000030633021060b2a84680186f6770205010130123010060a2b0601040182373c0101030200c03021060b2a84680186f6770205010730123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000a8569ccd21ef9cc5737c7a12df608c2cbc545df1040000000100000010000000d5e98140c51869fc462c8975620faa782000000001000000bf030000308203bb308202a3a00302010202030444c0300d06092a864886f70d0101050500307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b204341301e170d3038313032323132303733375a170d3239313233313132303733375a307e310b300906035504061302504c31223020060355040a1319556e697a65746f20546563686e6f6c6f6769657320532e412e31273025060355040b131e43657274756d2043657274696669636174696f6e20417574686f72697479312230200603550403131943657274756d2054727573746564204e6574776f726b20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e3fb7da372bac2f0c91487f56b014ee16e4007ba6d275d7ff75b2db35ac7515faba432a66187b66e0f86d2300297f8d76957a118395d6a6479c60159ac3c314a387cd204d24b28e8205f3b07a2cc4d73dbf3ae4fc756d55aa79689faf3ab68d423865927cf0927bcac6e72831c3072dfe0a2e9d2e1747519bd2a9e7b1554041bd74339ad5528c5e21abbf4c0e4ae384933cc76859f3945d2a49ef2128c51f87ce42d7ff5ac5feb169fb12dd1bacc9142774c25c990386fdbf0ccfb8e1e97593ed5604ee60528ed4979134bba48db2ff972d339cafe1fd83472f5b440cf3101c3ecde112d175d1fb850d15e19a769de073328ca5095f9a754cb54865045a9f9490203010001a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604140876cdcb07ff24f6c5cdedbb90bce284374675f7300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100a6a8ad22ce013da6a3ff62d0489d8b5e72b07844e3dc1caf09fd2348fabd2ac4b95504b510a38d27de0b8263d0eede0c3779415b22b2b09a415ca670e0d4d077cb23d300e06c562fe1690d0dd9aabf218150d906a5a8ff9537d0aafee2b3f5992d45848ae54209d774022ff789d899e9bc27d4478dba0d461c77cf14a41cb9a431c49c28740334ff331926a5e90d74b73e97c676e82796a366dde1aef2415bca9856837370e4861ad23141ba2fbe2d135a766f4ee84e810e3f5b0322a012be6658114acb03c4b42a2a2d9617e03954bc48d376279d9a2d06a6c9ec39d2abdb9f9a0b27023529b14095e7f9e89c55881946d6b734f57ece399ad938f151f74f2c	XMouseButtonControl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E	XMouseButtonControl.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1980	msedge.exe
1980	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
3336	identity_helper.exe
3336	identity_helper.exe
3692	chrome.exe
3692	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5040	XMouseButtonControl.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
5040	XMouseButtonControl.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
5040	XMouseButtonControl.exe
5040	XMouseButtonControl.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
5040	XMouseButtonControl.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
1440	msedge.exe
5040	XMouseButtonControl.exe
5040	XMouseButtonControl.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5040	XMouseButtonControl.exe
5040	XMouseButtonControl.exe
5040	XMouseButtonControl.exe
5040	XMouseButtonControl.exe
4908	XMouseButtonControl.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 1940	1440	msedge.exe	93
PID 1440 wrote to memory of 1940	1440	msedge.exe	93
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 680	1440	msedge.exe	95
PID 1440 wrote to memory of 1980	1440	msedge.exe	96
PID 1440 wrote to memory of 1980	1440	msedge.exe	96
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97
PID 1440 wrote to memory of 2652	1440	msedge.exe	97

C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2-20-5.exe
"C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2-20-5.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies Control Panel
- Modifies registry class
PID:3512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc046646f8,0x7ffc04664708,0x7ffc04664718
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,67219503931410404,1639783959762580459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3336

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1112

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc1a829758,0x7ffc1a829768,0x7ffc1a829778
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:2
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5392 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3488 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5776 --field-trial-handle=1856,i,15198761205270743694,9540690134788649350,131072 /prefetch:1
  2⤵
  PID:4476

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c04f5c8767157acc2eb720bf93f5ef6b

SHA1
71ac39da56977ff167c1de8077f1a76d24cee446

SHA256
cf4cc34864614bfec42ee53653ca68fdcd799a2b0d13d14bfc2b54c9bacd580c

SHA512
afff102284f1ade0fc38c1c1c315fd8bd60ad2ee31ef1fb9f960c00b3f0ec7370354ad381c5ecc340a819c6432f5289e356852c92dc3681810b1b89323d24ea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b17ad88d962c4f66fbbb052d3ab16c8a

SHA1
985452a0e8843df30cd2ce50040b419edabe5d81

SHA256
416368468fd89f4a68aae2b517f320fad9c774509d2e763f30287713a7d43297

SHA512
8a045f50ff4fac9d6caf3d3931c1c9463f65690f8c40348206cb68e047d8b10e04bd906159199ee0bf5fc2710afe18d9aaed7bc196ce09bd623a82a3e3d737ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
d0608a77aef82f09553df9b523495186

SHA1
437faf499fc4292d51f1ab21b1c01a9d87c871be

SHA256
b8a25c3ddd52a0d680b8e499608f63590df8a15e89bf2b39a57f1cd2697eff84

SHA512
947798ec020dde062659bbbe302e7ef6787725008414066e6fbd991dec2b5638d8a141ad85612ac81387e3202f372ce8a00d5dac4649a1929a6f662be9f9d5f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cfc2a180547d60485e65d63144bd2104

SHA1
1701b00945ca3dc6e56ca1637d0992701d600adb

SHA256
c76e1ce320829abe3b3347bb7836eb2590cb9cbdf1ed3041682a5bc2d5ccf103

SHA512
05b64fc774e77c2bbdd8e12f7fd9719de1ee64621470ab5eb536bb9ce917506a97a7479bc4ce27f1f1a8ba38233712ba6a5237d831d79804b78270c4b94e6f60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
184KB

MD5
34704ea92b55d028d4be7273465d81de

SHA1
7f7a267d988c6f430a1da54e4d39794164931d7e

SHA256
ce336d9b8a5efd7575627e11eabac5fed8ede9c6b3fc832415b0f9abd7dbc3f9

SHA512
73d0ff4ad448003ff749b9974a0ffd191119d55b4d2ff20f80c6a854efe752578006a43653df7a365add63c94439c605602a701c54375843e523286bed5435a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3590c7788f1f36717cbd298007259a6f

SHA1
9e9a602016435a1d642e18a54d8d6589f938a5bb

SHA256
09a08de2fcd19e304c3b8f6e04f5e4da257a3f18759827be4e9c6af862412174

SHA512
07df3ee7e2d4a313c996c6b8451450556a75e5ac8e4d10595f255164fdd25d6bc596ad579d90f6496c78a15a3c6fc349d748dd7c5f4b2b51d330c52577e2988a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
c5d028dcc86bae26ea340b19122488f2

SHA1
12d44df69ecca0734fa09d2809deb9a983fc7d9c

SHA256
626691f4bea5d876d30bc2328540a0a508938e014a83ebb26fbdc7287705fca0

SHA512
4154bf3c53ec66d44a855eb6658335d9f014edb78cdc8664940cfc85a60cb9f9985466e9017f79dbcb53d584efe3fbdf52c3ddca69e9a2e413b1706fdb10a077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
43c0374a3c57e126694fedceb0112770

SHA1
a9f06be712568916eadf2d044007b6b4cd37d979

SHA256
ed87e2dc506126bfbb8284bd9babdd787e568c306225e3e77ed4ae474a4fdb8b

SHA512
86cd4a8cc9a5f32eff48348578b0bb11a3ba4486bcb6e2abce392b6e326f73015c387132293a8460329d8630d9033511247319d6a84c945e1d3d199cbac8a487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2cd95569cace0da9be1cb9cb43b0902e

SHA1
e51c36ea920d0f96acc8098b14c8acbc7c881628

SHA256
7285e2f6fff9c1b02ac6a46b193c1d6834ab62d842a29804cbc32c1b326c56af

SHA512
e47a936ebe513455317d7d46973f1cf43f961a49fab72c9a9cb73607e21aa5f0f6f5208d784e6f66be9f8e55695d6afd6a2dae2c3bafbbc9c5d1080f57428bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
016b1d8c6f35caa37c9bbb39984ee669

SHA1
c6394c31c9a3f0dd98cb2b61123040c83fee472e

SHA256
037a8127abe12e65a7048e77d1a133f0386d965e125acbf088db87d5fb52eeae

SHA512
74d431e9a3c99ceadeb1a22822dd29d830efc77d21c55fa7f9c2fd6d356955f4f4341a03c4c52ff29ad282d26e109e2b9e19f7f362cd9e1c5a9f2926cab0a90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fbc91405fe7b49876e6de76a87c69e76

SHA1
485f3a24b72c45fa142f402b04d23fad3f3572ca

SHA256
ab15259bb0fac0db6006dc8e901374e642a4655229beaf4fdc7d9200e6d18769

SHA512
7cc570b8c4d96625a5206e43c8204320f3d902d60039547a1e70f1c833109ffd1b402022bd368cffc492a74b17749144c13b7276f0043f519f7d57eb18330c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a128973ca2ca245299ef7e60156b4ef8

SHA1
d39a437204591bbff98d673e6d1c4f869683ebcc

SHA256
5c6e1f3c7213460c24dc670521adbe32ec76df5e3facc0a7b92a3fa9e340b302

SHA512
bbbdbe2fae61c2a27b4aadfbda2efae2675156dcea6edb8b45fbe83f397f8a1f50d694d8bcd1f53939a277722baf102f3f80caffadfcf0ca80d7408d77d8c490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
de179c92291355f1e0a3bab1bcd23266

SHA1
07b6769ba7d87fa838375ca6f1f0528c65f7dbe9

SHA256
fd6b1b828887ffcd43234a415fa025d3ea557f1929c6688c911c7ce606d687cb

SHA512
b43c2a6800aafa91e9c929411bea70193de7bd379b9e811f908d6ba97bf90559289ca82130c7f1a8a1f77580044ed3f7d5b41a3100ead3d64ff945c3b75bc325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e83f34438b4d0996d37897d11ea4a346

SHA1
c3e62838c0189c4d2f152200180b4b3dd7f2a668

SHA256
782f79e441eebb4ab02d3e299ce633a9920dd95f01ca558bc94338fda321ea33

SHA512
25447bf16e2f5bc3967f7f62f60f7ec8c485e5fe63a6bfd81120fdf3a81c2b0f729220f463beb1041c00762ce5b249abb93f36bcf0a79b558a63e4c4efd843fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\ioSpecial.ini

Filesize
696B

MD5
58473231388be13b4666393756cf275b

SHA1
d459d06b2f851ae273f62dd034316e8c1ad77c7a

SHA256
0ce1177aa01b4885d20158e610fd5964bd82103f99e731f9e39421b2c7f95bd3

SHA512
741d0b34cf86bd0de4bc3529f55e38dd18b27dd3fb7b9ab84e042fc1d066a86309c2266e1391b0fc9e3773c0294fadd5b2f5f5ba7e8a225907e2e27167a55cb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\ioSpecial.ini

Filesize
696B

MD5
cc5dd40e7d38f4fcc85fddda29c04912

SHA1
c2128c33fb2d7ffe6a1f77758739d335a1c37316

SHA256
892b696502bf686efce51f9bd5bff1e3deb4b6a10af41c2892fd97662ad600ff

SHA512
76bfce8371017e0c21ad162929f81b49551544ddbb5db9c51be745abdc3a3cd5cc2cb17cd07ac88612edc2c7afd2384ca1cc1b91faaf02dc1af7849cfa6151cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\ioSpecial.ini

Filesize
709B

MD5
89913241004e38049665313dfde30195

SHA1
6c1992afcd890c869ac9f7fde631ed38f3a99b71

SHA256
f7c7e9dec6af71b5b0a0bc28e2fe18f6975797cecdc51aea89289583e144c258

SHA512
990c9dc14af7e4c251d6627a83b876392d5220b220143c3259c539dcac4104724df6dac77ee6b7bce324158e821cf6b0199f91d887f5e832a0460c2957cc8e0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\ioSpecial.ini

Filesize
726B

MD5
b5ff6d39ab47da4d894dc0eee03dc404

SHA1
48f17d575c47e485d8a98323d55031932dcd9306

SHA256
89b58e2a337623c3155e1f12b24c88ddb6d77775102d1d2125835188488d653e

SHA512
41547a36d4edb236e7c9d7612ba2e3b6b1874c6f574b34818731aa85fc58df6c122de59b31c48f2e8b8ccb54deb27c875f0b3f39645b4c3c17c73e33efb2de99

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq3A66.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
C:\Users\Admin\AppData\Roaming\Highresolution Enterprises\XMouseButtonControl\XMouseButtonControl.log

Filesize
1KB

MD5
4f1e405fe6c31268e6a5ed7400c533a8

SHA1
51bd7a5029799af36aa5b2fd7bce1cfe1f9a8f8e

SHA256
6696a9a85c02cec52dc1ed51688472a81fe33d9bd830288bc922299c7a300419

SHA512
481be6852eeb5cbd4eda44d6d648f6337bf68ffa9cfd72b218e1967dad89e2932a1a2d4b4b6be8f652b1c9d0b4f76919d7fa91fee106cf07afe5f07fe948f563

Download Submit