2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818

Analysis

max time kernel
86s
max time network
144s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XMouseButtonControlSetup.2.20.5.exe
Size

2.9MB
MD5

2e9725bc1d71ad1b8006dfc5a2510f88
SHA1

6e1f7d12881696944bf5e030a7d131b969de0c6c
SHA256

2240bf5fb5d80938b0676c46ef9f84bc1739c32f60c473ff85e530ae0eca2818
SHA512

62bd9cde806f83f911f1068b452084ef2adc01bc0dec2d0f668a781cc0d94e39f6e35618264d8796ca205724725abd40429f463017e6ca5caf7d683429f82d39
SSDEEP

49152:n65SJw48kZN+nCYk7c44+Y0hdwn4Km2A5aT/pVE0hYYajihV2Qso0SWMrboF:tfpeno4oY0QZm2dlNJsrHM4

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1196	Process not Found
1312	XMouseButtonControl.exe

Loads dropped DLL 12 IoCs

pid	Process
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
3056	XMouseButtonControlSetup.2.20.5.exe
1312	XMouseButtonControl.exe
1312	XMouseButtonControl.exe
1196	Process not Found
1196	Process not Found
1196	Process not Found

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	XMouseButtonControlSetup.2.20.5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	XMouseButtonControlSetup.2.20.5.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	XMouseButtonControlSetup.2.20.5.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	XMouseButtonControlSetup.2.20.5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x00070000000186e6-133.dat	nsis_installer_1
behavioral1/files/0x00070000000186e6-133.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\Desktop	XMouseButtonControlSetup.2.20.5.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	XMouseButtonControlSetup.2.20.5.exe

Modifies Internet Explorer settings 1 TTPs 60 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\Total = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "312"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\Total = "312"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c00000002000000030000000083ffff0083ffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000a04632f6b93aa1c51d701941de08b6bae09721c1fda56cc54ab3b8814168f0a4000000000e800000000200002000000086ea25c034528f1bedc1c3a69f2075bcad6760607e18963e33fbd9b1a567a30390000000b9d7524fab04f6fffe6438668388d2f8b3931478b92f351c478cdd64cdff4c938bd768d4aa0d2821fc349387f9c22d27e7dc6aa430b566c687a3722c40d1521b546733147938bc3660a870d89e7f2543396063714b30606846d0c0d868b4d34b59e317164a8530443a3172855c25e54ec114a74deb71875041108553a640f110cf378596d176658db5de2279b4d26233400000007d79085895119dd1b545258c297feb42a3bbddf3c620cc37028c5e410e5178ffe24202395c263b2b880164d5b3bd9803cf4850e5f5c661a1047e13919081ede6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\dvps.highrez.co.uk\ = "390"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\dvps.highrez.co.uk	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5A323701-2044-11EF-99EB-F2F7F00EEB0D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "408"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\Total = "390"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 104dc32f51b4da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\dvps.highrez.co.uk\ = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\highrez.co.uk\Total = "32"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\dvps.highrez.co.uk\ = "312"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000029b1a7f8749c1700a12fed030554dd6bd18ee8e4d31f62c619a56993a217ed0d000000000e8000000002000020000000e9c61637f00693a2e480206f8c1e0f3830e68b174ba1868c75bfbe3e66e33e8720000000d36d4689d157b74c560cdd050a09d20db9dda752ee6ebac6a772d9a62d59f8464000000066ce6b1e58a23f7b2dd3216b44d4375461a253ecf853a880f4a335a3cb50cd6c4b96b92163278cca2f968b6c305547cedd2524992744c12af089dc0a00dd0815	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "330"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\dvps.highrez.co.uk\ = "0"	IEXPLORE.EXE

Modifies registry class 33 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	XMouseButtonControlSetup.2.20.5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	XMouseButtonControlSetup.2.20.5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	XMouseButtonControlSetup.2.20.5.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1916	chrome.exe
1916	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe
Token: SeShutdownPrivilege	1916	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2508	iexplore.exe
1312	XMouseButtonControl.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
1312	XMouseButtonControl.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe
1916	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1312	XMouseButtonControl.exe
2508	iexplore.exe
2508	iexplore.exe
2000	IEXPLORE.EXE
2000	IEXPLORE.EXE
1312	XMouseButtonControl.exe
1312	XMouseButtonControl.exe
1312	XMouseButtonControl.exe
2000	IEXPLORE.EXE
2000	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2000	2508	iexplore.exe	31
PID 2508 wrote to memory of 2000	2508	iexplore.exe	31
PID 2508 wrote to memory of 2000	2508	iexplore.exe	31
PID 2508 wrote to memory of 2000	2508	iexplore.exe	31
PID 1916 wrote to memory of 1680	1916	chrome.exe	36
PID 1916 wrote to memory of 1680	1916	chrome.exe	36
PID 1916 wrote to memory of 1680	1916	chrome.exe	36
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2928	1916	chrome.exe	38
PID 1916 wrote to memory of 2404	1916	chrome.exe	39
PID 1916 wrote to memory of 2404	1916	chrome.exe	39
PID 1916 wrote to memory of 2404	1916	chrome.exe	39
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40
PID 1916 wrote to memory of 2004	1916	chrome.exe	40

C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe
"C:\Users\Admin\AppData\Local\Temp\XMouseButtonControlSetup.2.20.5.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies Control Panel
- Modifies registry class
PID:3056

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=5&revision=0&platform=x64
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2000

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5189758,0x7fef5189768,0x7fef5189778
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1488 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2176 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:2
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1172 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3560 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3748 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3784 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2420 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2256 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3700 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3532 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2296 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2796 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1180,i,2429777194124491622,13635479304660164946,131072 /prefetch:8
  2⤵
  PID:2836

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1720

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_XMouseButtonControl 2.20.5 Portable.zip\X-Mouse Button Control User Guide.pdf"
1⤵
PID:1648

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_XMouseButtonControl 2.20.5 Portable.zip\License.txt
1⤵
PID:2300

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec
1⤵
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
367be39f0f0bd10ee528276085ebdf48

SHA1
bd2d8f3b91e3d0e5dcca4c0734f27ca4b0f257ce

SHA256
6568d4a4c638ae3fec4d5bef16d7f5378195466005a7d7de3667b501878e566c

SHA512
1e33cbeabbf89c1d5f5320be70459a27b2b4fdbbb4e5bd8fdcd4f4dea5b5b7761e49ca4cc72dd0a33423e4ce15353495eeef01472c7cb005c9d9dd4ea9d4a606

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_A3CC4CFE75EDBB3A8F1A288BEED3865C

Filesize
471B

MD5
eb3b233e0d78cd03cc692ce087a2f5e4

SHA1
a14c00f9b0b639a8094e2fa6adc4abcf0247f125

SHA256
6d9d403b5ce883c54ef7d29c12631d061ded779d49deebf44bd26bf5af9f7267

SHA512
176f65684a466aafb0df9831dfd89779f42365f216636ebede3826c505aa4113b1b425a9c8a4a1ad25990d1502d3b72f2a933b2ad75596537a3dbc3a57633762

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

Filesize
959B

MD5
d5e98140c51869fc462c8975620faa78

SHA1
07e032e020b72c3f192f0628a2593a19a70f069e

SHA256
5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

SHA512
9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1FA458B79FBC47B1C202EDEEAB58B8A1

Filesize
472B

MD5
cf3b2c0646273b69d87f19105b43a9bf

SHA1
2211ec8b9616a3488846b8d677ed10767b52188f

SHA256
66347c7d4e16eb3c62bf7b96b10d12e66324084bda5e9d4d12292aa11f4c92a8

SHA512
03b108ce23ab12df96533c9e5a628a90ca5fabcff405e0c3b8cbfa2c2fc84083a112147b0e9056ed9cadc474bb121be52a01b7f81f7cf716051d42bfc1bd56b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_63F40B816FCC2D8AE14321B58D77EB6D

Filesize
471B

MD5
5d407170a35fd0d35278be775667f0f0

SHA1
f51a4ec97130220b3c9f0d8fb083e562472e7102

SHA256
27efa25cdf2177b7351bd604bf9fb0a20a77b7bce1dedd792f671cc463e28156

SHA512
9d1df7a3a93be8c4b9f1b3e6354ca6c492b612919e06c67b3aa480b19cd27c00fbf070fc5be46accafe918d74554d4466b69ce54ff6b02546de38446d5f26ebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

Filesize
471B

MD5
caca88d75aa267d44938409069deb266

SHA1
6ba536c922c30dc794f6ab4c1a09793a3896ad1b

SHA256
836c6d6aa0f8b1e6f91f69f1cb9f6f97fd717c803c6bcbbc1b7547331e06c518

SHA512
e98616ec283d53cde3def592f0554d35d44670a1f04c1a8a89d137d1ee5f1339f9d4253c0a51bbc297ed197ad010881b3e8fc1e5694342b5aba39bf4fdb00fa2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
471B

MD5
c5cf9c75396cbd549629cb9358cd9951

SHA1
1747b4004d52132858154b3416ee2d05a7d53ca8

SHA256
f0f4be58b8b2f3231daebac9ae542a54e462f47f3a896d446672706940ddad07

SHA512
be8eb06f154976a4811c2593c560d099a1f0c67042bce915974603d13aa09137fdc6f61c008e7b450444999b3b025c7961f7abd3af73c23b75899c858ee68cea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2

Filesize
471B

MD5
2073a5141a7e550e98e74ef2ec4a0736

SHA1
011da88cc2a957b70e21a95a5a282baa669001c7

SHA256
4a21353792900b21bc661e2b430726061456845b38ba6b14024e18a9d10f92e9

SHA512
7319dd66465caefcda81199829ba23b2441d3c41db9d636563637d48b9ed5f9eeae8606612c89e1524058a078a4b4b5822852d37161d078bbe2baa7ca88cf349

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
82147c4f59590676dfdf0292f93ff03a

SHA1
1b2cec163b420a5522a6c7f3be99f1c7a11835d4

SHA256
d7d32fe8c0d9de797e1a32079c229a4d49a2fb3fe37495e33345049bb665d01c

SHA512
9290da056dcdd9ba7dbaab3893df443e464d9bc1c7cb3d04b49ea0607f962abf404ecac4eecd09e478177f2d80c65af384527a08ec238d0151d11bf156eb5f54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1370CD246F2FCA3000DCE4D5B4C36D46

Filesize
552B

MD5
8146ba88576a3069bbd99b3de8d0521b

SHA1
c8940d136eb0be590f135cb547ff316a38aed4de

SHA256
8d6ff65d4f571c880eaf69186bca40d49f284da972b9d9ad61abbd7450d37965

SHA512
944128a3fc5b881fd51228b327bbe8163218d65a4e7b2aca3a1ca3ac87b3fffc6139c1178cebebd785bc60d1ad51a693e339cf3d61a8dda118d8bde7cea2e7b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a453c244b1739c17be7fcd705578217c

SHA1
9cd01996d145cccbacdf5c3113af3e7542a7df61

SHA256
071962acf9a8bedac88dc359155446d356fc8983591709d22eeb96e91c326644

SHA512
b5178618e772dbdcbd519c74f4a479892155d01eef7d5159b2bb8db62b80707bed3e8f36da3a4d511c762ba90efc82509536e489c8e0a08d17893f0fd87e131d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_A3CC4CFE75EDBB3A8F1A288BEED3865C

Filesize
408B

MD5
f4986bf7f039d2fb5220bc1cb2dc1bb1

SHA1
52b63e8d04cb40eb62beea570b9989b99ea6e6ca

SHA256
ed9b890aa4b21af8085c910a2a312ccc69fe51df01a2ea1fd7cfee4fddfc8d1f

SHA512
47ee2f993aa6a0735972176db0b2c5d83b043216a52418d97171a74780798be5d98664c89e99902c1c6ebfbebe23d9175988aa5667d552a2dcb150a81eae8d06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

Filesize
192B

MD5
68c052d55bfaedbf417df1d2b7426481

SHA1
8322fd359d9cafd54784d4c37c032f6b046f319f

SHA256
5eb249b12e5a951b11dac6b0b59a43097d8a35c390d9935e2471fbdf2d98920e

SHA512
bc2b4d58ab33e144ca4293431b9b75e3289a04130ebb6a07fabbc60a8475dad2c2f51c5406cf2d0ce8dd2efd20ce73aa3a84515162f85eb5b7a4a92645566f6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f123ba5864c6c52be0f7512c064e43a

SHA1
1809a96cff19b37cfafa45364476f51031ef8315

SHA256
170ea3f3beaae870bf5d2b943815fbbe47b921b89eac7af20c36d572bcdb226c

SHA512
a89b4a0c4a3ab65a6e3793c26751ca052b19ab57a9b2230f83ead456faea09e4a123d020108c14a091f86fadd46d99a3e1f884b3ef1627acff80ec1af0d45069

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7043a3358c4b8c556af818b7a99527e

SHA1
a4e5ac6cfc1c7026737b14c4bc5700cf3c0402d7

SHA256
d4460d5ab47fd177e0eeb7aa32a48ac797135832419f5c87983376015dadb6ca

SHA512
e54bd328bd1cff1bc82cc43e3870b180791b20f41689e749ef9d559cb64f1e00928f38bf6787990ab629b77ad18be2686c855f063495420ffa5d34bd1dc79596

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffcb8575dd0b5847443c4d0b88e3ca7d

SHA1
2df7183e32d93fc692ae76602cd9050cd76627e4

SHA256
7f64b3dd8d422f7411b02ce6c164dfc8815237589f45948d7312d7d91e60a2a5

SHA512
bcf8c1ce3ad28f9e659eef0c999e25e438f4ef807e9a310be77c4efa7234ab777c6001a80f78370567b9c3b11872cf9ed1c5c6d092d1dbbd68a4098db85c8b90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d3bd52f46b2a4eb7250240ffda48491

SHA1
8dd75aa8de9cef4f77920952f22943a9e92c7498

SHA256
35ee9faf4405eb67fe16a9016a0b24278838dd9baa5ef62997693eb4b40099c3

SHA512
9a483f5727ed136873d210407f0f4483f01ffd0f3bbe3adaa73844ce1ae625463e244b3d409aa45543fae320263664d5d2e32617c4d8a23568c0650c46af76d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d46d6a10f771b5d9a301398b74fdf698

SHA1
3517ca2dcb193c127d7eb0ce3fad64f8a203147b

SHA256
f7bd1098ed6d99e1fb129fc331c8350a5503f2640b9efc76a8e3c3f924490a9a

SHA512
6397e682d92f99a7aa9f446aa90340417bb806c5c64640239cb2203f84ad4281442031e3b7f50410ddb7c31ba39fa6a1a130951080149f2c36671d5ff0c9f654

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbaad0810e7776e30e57789677bb9f7f

SHA1
44d443f75aa428fbb56881fed2d9717425c9b650

SHA256
4bb77517c1938950b50f647cd42fbf4a7851d8822eea6ac517b226a2100f9497

SHA512
683149e04f582c2ba75e14cc844b7abbf4499e86b6758352cfddfa7afa68f03a9f1c8e71a852a7ddae2d56044f122c6d8d605e4783abf55962672c7d4a27afce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a079c25f5092ee9c12dc7760ef3af648

SHA1
8f5d8e68125f7fc033eee9b35c30d0b50233a836

SHA256
6a2274ff4be3d07650546e58a9ad26f7d9100beb9eada78af8e8d67dec0c3972

SHA512
c46b57807ac7a62fb0a1ad278c981312f800e4e51d3d516771fb90a29abdc3e3f64c110afcbf434a7fad21c0a8bfee34ac67ad94e856dfdc3cf96605ee1b09f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a72010743b58182b8b7bded860d83fa8

SHA1
d2de0d45b5ae25da465c081fe14c5fb76369ddb0

SHA256
b8f5feff1eeb72f6673f6e4655958dd0ad622a9fc9647b024a7ab7ea5c57397d

SHA512
5bc610f0357d13d429227f0670548443ab6f80f6ecbfb31edf4101b2213412cb4ce5b7583ed9093c47244564b27ad20366d71833db97b03c4615eb8fcabefe1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1612689eeb7632f84ab5cf41581592cc

SHA1
76b2bbea258f68ba846dad3181cb053f6a11dfe1

SHA256
49c6a2f66888c18f4c51a803b86644fa8286f82b150d70cff2da76631f525d76

SHA512
ef7c8b5e35f03971a8ecf34882da85483da7549063bb7bf66073da3872db00b4930f01c69dfd429c33516d775b0bea45f9fdfd6332918055b4e1610c14de6b22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18dcdaaf19efde6355c225d5de9989b1

SHA1
ac8cd7f0d5620c467e2fa8449266a66c08ff6b51

SHA256
505c1b587e0fa04ede7ce85c938cf14852b70442d929464f5cd02d58c23161df

SHA512
316da97e3380f48e160111c636ba9965e9699ce9df7abe2688d1f1d1644898a1bbad0809667a0357a492837074ca27fe22cdbcf88da276b10129bddf06cdad03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd50b9c2b59a8a278ca33988176d8a59

SHA1
3a336aeab47800c9358fc3105f24d1620dbab44c

SHA256
d550aa754ccebecb8d9ee26645b659653c04a4d9c4903cca7426676e46fae204

SHA512
33bf5a0eb012ff5dde62825ea779577be25787b018c9bc0508f00b1869bada00854cf6a2b994a9976b55d592e3eb6d9d2d87b2eb1a873cf797f1f74843cf94c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d280b55aa20d498d029f14c181ac1289

SHA1
4726d26098ae1db7b87b5dbb268a33be5f263dfc

SHA256
cc53ef1e2dfd935390af57a61bf94d2f309b85ef4bfe28e314c51196ffbe37d4

SHA512
f7de823903a5965eeebe9737609638b2d68a8db857474fbe2d564f0e9364339a87a809969e6fa27ce99f743f8a7c9e923eb9b553fc34d1529dc7938f201340e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4102f5e5ce92385b6b1fbc83bd41c944

SHA1
6ab1e0339483f56ba69a1f34a206488e0db4de57

SHA256
523d437b1253d2b76e7e083e8d1db62cf2a28bbf460c4bfa0609f9a5077bdff6

SHA512
ee0a7a3f19f968af8c2a38e879f91096b99415a4893ea13dba06c8a64a1a1212f5e27345ed6a8fed5d12fad86369c920b6745d1dc9f0b3064e78458be74a7c5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70756249cab506995e44cf43e5b0d6bb

SHA1
53309220131507a8131421cf06337fa3f5e0af73

SHA256
6ff76f6c396f7cc6db4696cb5a51b5b1da83589d513a43928114128356c3505f

SHA512
1380f9ca722374f1db9f81c6e4249a73c2ba75ed5ff93aeb2a4e23d97e76e7f94272fb708791b99f430d8f00674e2a704efd41e9a02ffae0f0b6e2a1aac2dff4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d1dfb693460645f545dd15dcbd8e0bc

SHA1
adc0b97b97a694fe6c78f0f474bacf65d6582f80

SHA256
ea3f728b6f072973a32e26507926221645158a489cd1477bf471ffdc3a9536d2

SHA512
cdb1a10c5218036587bdaa0bd9714846db78cbc2fb48605a5b1793fddffb2c0113ba3207c3db21b04be6c3167e646a2f3d50804726c8fd6f40ee400906eb8e6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
d8b7f0bc3456d033522fa1a7392cb552

SHA1
d22df9e2ded04c1f97913c3df55b1f51ee096d59

SHA256
b3287ee45e908d1c5c7e34f91023e79cd711afee6a3d38333d3e1d8db68ae10f

SHA512
03859885b2cf9709fd09c17552cce6cc47767da72efc7cc607896998603efebef7750e0f6b410a5a029290cf95620d16274a0d1d473b7e476af9f48dbaae5602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1FA458B79FBC47B1C202EDEEAB58B8A1

Filesize
406B

MD5
569c9e3bdd337f6546ecdd408ba8cc59

SHA1
8af37df01f512188fe97a0eb40b3dec6d463cf4e

SHA256
104570c1dead19d20987b0c0963d0f6f9e2b0bb9025d6fde172ea9418a96f580

SHA512
dcaae393e3fbf713ce29b119e40eb4dd4eef9579428389efa28043a1f856b978ef3f579041bb4b27928cf61c65241c2af7e8c1597f5f9b5d32bc5ab791f4caef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_63F40B816FCC2D8AE14321B58D77EB6D

Filesize
406B

MD5
f0597fac9b52b94cf17dca37c8f243a6

SHA1
cdd3a9fe9e0412eddf84f962b9a167f5392b1727

SHA256
3ac6ba8346a03187525a2bc0c4617c6aeb74bc5de727d4c3ac9ab85bd75f33b0

SHA512
bea90df23881e77e37bf181ae4c18738e1753139b81a5aa3669b76a120678999477ffe86615c9871a41332073eb117716ecfa1baf15a8f6eecfd960d9e9cd37d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB

Filesize
396B

MD5
7f3ad45a5f2f72b86106e33dba9350a9

SHA1
acc07a8a47ce821742f10a88427894f79bcf23d3

SHA256
93e8218e5b702a99661322f618041244014f67596679b5ffa09f3d895b0d9696

SHA512
62bcc9944ebd637bcfea854397a3fcb5a5686da1cd46441f01be153be561f07af2451b549b2204c96bbc4afc88eeb4f667427e43694e1699b37462e28ec14ff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
400B

MD5
5fdd549c1c5549bc91435803f490fbde

SHA1
02884f3bd0fb9b2e51cf393ad1db8b4881ad8587

SHA256
0f517392b19c8e7ece8ef8fcafb90097f05ea3617adb8737baecca317d0576f7

SHA512
05e89a4a5f15352b65b45a26a76f8f66019339f44b5f0cc31a05f93ac87cefcc7eda147866291e50923bda04a30a61a30268030ee43cb0688c4404356844c657

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_434205A76CE72E9356C6165EEA1227C2

Filesize
414B

MD5
71733c081e3608a0d49aeb734df33ed0

SHA1
bb36668841e6aa26a10d24d131434831ad6685ba

SHA256
be3cbd032ecfcc3c033bfe671dee8b2fdddab6e3cecaeb630fb10231570456ed

SHA512
4fa33f1108dcd7ed6ea950b1b92fd7a97283751acf17de43cce148139bfa30609b69ee915e9a6d5dae11cf2a229b387a6fd4c277f2a82417cfc5c8228e4426ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\32733d08-168b-4ad9-9d0d-b36b55ba8ed9.tmp

Filesize
282KB

MD5
15936e569cb7994c1440c4ae18988169

SHA1
7ce173c46cdfb5532de02be8d1e0e8303a432ea9

SHA256
717be212ba16e05c6ed4a4f5e90bbe863b72067a781c0f5856e619e3c2e5e7b6

SHA512
c805d8a38f927f3fd64498e1404c1f9023910273e5e453f8ab3a1f298b469405983e40af2a36fb73ef3d9bd97d75d48c22099016fcd8a1bccd1c48d15e05c27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0d36bbc9e4d7ce443b28d0bdb3de4d37

SHA1
3bb0ad298b89ce1149b8a24886eb889266f4ac85

SHA256
c1028b4e765b4e7a1de05a380421fc9065abd53c1c87c5835e20d06a667f20ef

SHA512
1fc9adc65a05b7740d8dcc48069d5be14d3a6b1df1abdf3fa21408a3af19b3ce43a95fe9548c2e57e0035fea316c8f761593e06f21c797af320c5e0026b037e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
813357900a777005a90d862988a5a742

SHA1
a7b5147d206419cff81933cefc50c5b49a09d055

SHA256
49ed05bcedaf1af62c5b17bd2f46f37f71f42413e9fe68a8f4931f71318897ab

SHA512
f4950cb1aae088cbd11acda7264affadb233f5dab0851210fc2d4b28d2b26ea01cd0b54d865d6f3c0cb4c2ac1da53045564c2a5af1557b818979143364d40c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c034267422edbbbf5966358e0f0c28dc

SHA1
e240549da494c01f2a1f69ec2f69702457c21eb0

SHA256
454775f34613b6204ef4a32134624cb31e901d77c38a7cd7a49b8bbbeeab7041

SHA512
1b70ba2d22a7e2169367457ee53a3f05a41cc38639aeadbd7c8d3982c25a5b9558822f37d2a7736b6bcbff364d5f21c1a907b2a4fdcc48ba7957290899de2d4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9850cb1903976ebc47703a59bce36778

SHA1
3068a012ae5227fb35a2a783ec4c027209cfc691

SHA256
1296be60034f9620e01ba03ad48bdec191106a8955fa2591a1465da7a7d71f71

SHA512
a6f38b15c4304477fabb29547bb89181ed1de9e84134c3ceb110b2ac9cea6afd0088460fe46b015a5698fc5539ca43f095e5ea8fd3369838887690cfdf938822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e812dd4a-af0a-4f35-b190-f8e88381992a.tmp

Filesize
6KB

MD5
db1b4bd1ab9e2048c6930f00e3860692

SHA1
f5e5954e173e6dd9689b453e7610e04b2e624125

SHA256
96bb93e4d03a823341e965db84bec93f13499229094b7335e9476f3c38d02e9d

SHA512
514a567d1915e8751ca9be1fa4dab12d6434e1f2bdcf193cff81e13e68334cf0c9ac120ecb7cca18b644fefabf4fb2c4c4a302bf8afde360d3494f025e44ab3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
819f0fd320debe8b42789d18c1ffb8d8

SHA1
4332062e7fda95b40d813d91818f2768f1eb9725

SHA256
7da2b600a985fd87b59aabf33e54e6f59453c243bdaeb8216cad50e7bb36a0c1

SHA512
c0013f103c317f11c49985d7972cd82f78c2741cb0b1ad6ac58fdb42a35ecb0e3fe1184b2e3be1fbace53caf6eca3de5244aff038281b436983e696d0f26f1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
5ded6cd04666dc33749e72be657a3ce0

SHA1
89893cf9a281cdd69f1c46b82cd23da6c292d3b5

SHA256
f33a4682af0eaf8f882566f3e20b52d40e03fe7db17dd2465dce38af96695ba9

SHA512
256b43caa22039132c62faca13ba97ba1aa80a8c70e3a6c827170af2e87ec99e478969c71318c96802189c35629506a3271897abb74b00089e578296e8c40328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7YTJD2P8\www.google[1].xml

Filesize
91B

MD5
2c7ff5bd7e4efc97bcc6f26e2d4eb2cd

SHA1
e39ef7e7c82676d5b318a9c69c001d4f05291aef

SHA256
48d8388c680d187f02de3d41ba689fbe60f9cd09f04587f349c7b3a6700c481e

SHA512
cc5cb01da91c81559c00da01ccd4c4a259c5fe744fb3faf205f17e92447a3cde9cbd9648a757ea54a2b3490ab08ae7e5a9eec047bd6f9c43112acb62f74e71ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BHVCJWZJ\dvps.highrez.co[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\6y0a2v0\imagestore.dat

Filesize
3KB

MD5
f49293489b8971741ecba06edfe9354a

SHA1
c1538d5b2b9480f308662e996766706010dc118f

SHA256
9529927e2b707ec6c78c66179e29649e62d23afe6e7c0bacc67779f9e310137e

SHA512
fea20bf3862f264b6450a5b8bd6d07dbef3979c2622a43d06b3df3e58e77f70ba7253856ce5fc480b16e3b7f22f3520cfc91f11b80a5fc31dc721847e9b9b07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\xmbc[1].ico

Filesize
3KB

MD5
1279bf31d9659ad2017369ec1b90473c

SHA1
0f21c5a8266c36af7909118899e1fa07590f2df8

SHA256
74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

SHA512
18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\f[1].txt

Filesize
184KB

MD5
8706a77f303a7429f1eb510d25ab3088

SHA1
84b5aa34f19ea4ccb44727aa07afb9fee3414aae

SHA256
842dd9a57f185aa4f7c726959d4d9f852c7477015d64142f46ebcf73e8272269

SHA512
e770c5afa3b945b75dc6de98d53173b8c7edc91354db0d9b7879b290ccc76274a90232f6c19f2d5a5f1afa29a91634b3d496adf3303d85257c2a1777ae1f3581

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6B86.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy2686.tmp\ioSpecial.ini

Filesize
696B

MD5
b726c0ee45d2f9d26cae7d9aa074215a

SHA1
7a361c1a4f9635e41f3e10ca20fc81968567a6f6

SHA256
a1998b14698b5112f47eb553eb6f1f0d7e9a4ae37500b589e3f279685a74d070

SHA512
dd6c22911d90c816488405e2ea87fde4a299a0644494932204e63491ae9287464be211655b1a738d0e3891f335440ae92677d8c543d53ea2ccc8b3e6202ee51a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy2686.tmp\ioSpecial.ini

Filesize
709B

MD5
96953a98250ebfadc19d3c7c2edc4531

SHA1
e88da06c68bdfa1927404dd7b747383d24273e28

SHA256
2edad66b5f1470f007e1b1c4fb12cb0094808d027f292d7835ab42fad155ffe2

SHA512
10293d49b73c2caa5e4a82a69e623ffd99ca68006cd2e21e73daeb2a803fab3c70edd83afe3857e886ad85d749f32f11e1278bff1e0c315ef4a89346f3658f67

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy2686.tmp\ioSpecial.ini

Filesize
726B

MD5
f9af61864cecb6745ea1cef704bcd08f

SHA1
c6b8d6c0af9f947141b728610c784443748002b2

SHA256
d5b3fe8d675049ce2d1b24f1f4d6d71ff1e19319988f4095928f9335b4a54356

SHA512
cd9c910a620a44f7fb3e4d2830186252111f3282137704164ceb635f009ddeae8a32bc813a144e5258d52d082a1829ff21e2d1663a8ed5ca7985c9aa99549b08

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFD00223FC506992C7.TMP

Filesize
16KB

MD5
bfa71e4e5ef2a83eb4ff9844b8178856

SHA1
75ac6ba20eb7cf75a9dd9beee78c3b5a033708eb

SHA256
7c19b912d1014dbaa49389f7ec000092ff6226185f0a63e8ccb14b424086d443

SHA512
528a7dfaa52652da1a7e54be846479a4e15bc19fbd2efcbb379a04ed6516db21400337d84987aa5a0871060f64b3a0fc90de793234eb15af1f096abd0eb92053

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
8ee7187f4f6ec25edfadd46994a31cfd

SHA1
1ab275a8bb9d22aa0e738be899cbafe9dfc2e5f0

SHA256
3325a731f16f8db82b579e7bf825aad84f9ffe3f812b51e11b33625e00f5ba22

SHA512
d143e8169a4e3d4c3125b1d9e9292068d1829a42b42562fa87b7f2f11a5c747dff17d3e1fdb17f1e39e78d7a692202b533162c7ba3e5598e3fd67fb8526716a0

Download Submit
C:\Users\Admin\Downloads\XMouseButtonControl 2.20.5 Portable.zip

Filesize
4.2MB

MD5
8cf88c19ccdad2854aa32dfe9e59ec4d

SHA1
f6c5e68853f3d5915801afaa8d6a21724e77539a

SHA256
383079c809a50d1c375c5751e085efa871905adc775817c27d75eb471d70f4e3

SHA512
1d51d0bedf672469807e99c2caaa832e34347000a45eef7226a6196c11d39a10ec304582e905c54120b031f8021241662fac5a21446d2a8df98eb1280510b5aa

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.7MB

MD5
bb632bc4c4414303c783a0153f6609f7

SHA1
eb16bf0d8ce0af4d72dff415741fd0d7aac3020e

SHA256
7cc348f8d2ee10264e136425059205cf2c17493b4f3f6a43af024aecb926d8c8

SHA512
15b34efe93d53e54c1527705292fbf145d6757f10dd87bc787dc40bf02f0d641468b95c571f7037417f2f626de2afcd68b5d82214e27e9e622ab0475633e9de5

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
d62a4279ebba19c9bf0037d4f7cbf0bc

SHA1
5257d9505cca6b75fe55dfdaf2ea83a7d2d28170

SHA256
c845e808dc035329a7c95c846413a7afb9976f09872ba3c05dfa5f492156eef0

SHA512
6895a12cddc41bf516279b1235fca238b0b3b0cef2cc25abe14a9160ed23f5bde3d476f885d674537febc7de7eb58b0824d96153c626e1563a5a8a1887fb5323

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe

Filesize
74KB

MD5
bfffc38fff05079b15a5317e279dc7a9

SHA1
0c18db954f11646d65d0300e58fefcd9ff7634de

SHA256
c4e59737ffd988ef4bc7a62e3316a470b1b09a9889f65908110fba3d7b1c6500

SHA512
d30220e024ac242285ea757006e7da3874e5f889951de226d48c372a6a8701b76d4a917134ecc1e72c6c3a8d43444762288e7134a25d837e9f43d972675c81d6

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2686.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2686.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2686.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy2686.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/3056-232-0x00000000003F0000-0x00000000003F2000-memory.dmp

Filesize
8KB

Download