5af1ac51233d835a90efa2bb6957ecae64a29905086fb30d674bb30c44892d58

Analysis

max time kernel
88s
max time network
91s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x-mouse-button-control-2.20.2-installer_i-b3zD1.exe
Size

1.7MB
MD5

34e6c4dbc1b3e5a37c11bf40bd6943c9
SHA1

64f83d6da27c36a3ed40003096df67fc5c840e20
SHA256

5af1ac51233d835a90efa2bb6957ecae64a29905086fb30d674bb30c44892d58
SHA512

e0c9469eeb792a78f5829038d68a7ab081a297371413523aa15bba4246d2edab27e63a67fb4c9da45096b66879a47644b4d57f1aef0badaf2b9aa1ebf64a125c
SSDEEP

24576:C7FUDowAyrTVE3U5F/LjbZe0cQ9RU36Sh/SMhXzF58vMGIYTAy+S7kSF:CBuZrEUb9j6pjIMGFTKake

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMouseButtonControl = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe /notportable /delay"	x-mouse-button-control-2.20.2-installer.exe

Checks for any installed AV software in registry 1 TTPs 9 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVG\AV\Dir	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key opened	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\SOFTWARE\AVG\AV\Dir	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key opened	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\SOFTWARE\Avira\Browser\Installed	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\AVAST Software\Avast	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key opened	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\SOFTWARE\AVAST Software\Avast	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Avira\Browser\Installed	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp

Downloads MZ/PE file
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe	x-mouse-button-control-2.20.2-installer.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll	x-mouse-button-control-2.20.2-installer.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll	x-mouse-button-control-2.20.2-installer.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\License.txt	x-mouse-button-control-2.20.2-installer.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\ChangeLog.txt	x-mouse-button-control-2.20.2-installer.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\X-Mouse Button Control User Guide.pdf	x-mouse-button-control-2.20.2-installer.exe
File opened for modification	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\changelog.txt	x-mouse-button-control-2.20.2-installer.exe
File created	C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe	x-mouse-button-control-2.20.2-installer.exe

Executes dropped EXE 4 IoCs

pid	Process
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2348	x-mouse-button-control-2.20.2-installer.exe
1244	Process not Found
1900	XMouseButtonControl.exe

Loads dropped DLL 14 IoCs

pid	Process
3068	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2348	x-mouse-button-control-2.20.2-installer.exe
2348	x-mouse-button-control-2.20.2-installer.exe
2348	x-mouse-button-control-2.20.2-installer.exe
2348	x-mouse-button-control-2.20.2-installer.exe
2348	x-mouse-button-control-2.20.2-installer.exe
2348	x-mouse-button-control-2.20.2-installer.exe
2348	x-mouse-button-control-2.20.2-installer.exe
1900	XMouseButtonControl.exe
1900	XMouseButtonControl.exe
1244	Process not Found
1244	Process not Found
1244	Process not Found

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	x-mouse-button-control-2.20.2-installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x000900000001878c-173.dat	nsis_installer_1
behavioral1/files/0x000900000001878c-173.dat	nsis_installer_2
behavioral1/files/0x0008000000016d5d-332.dat	nsis_installer_1
behavioral1/files/0x0008000000016d5d-332.dat	nsis_installer_2

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Control Panel\Desktop	x-mouse-button-control-2.20.2-installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Control Panel\Desktop\LowLevelHooksTimeout = "1000"	x-mouse-button-control-2.20.2-installer.exe

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429542496"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00dfa61eedebda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{48C0BB81-57E0-11EF-96E9-6E739D7B0BBB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000c5d4b0cb7ed68a716fe6e241e2d8876a17baa56be6010b69643cc928c34c1542000000000e80000000020000200000006c748631cac3087448302a24d9ef7263058a79eb793affc2fce854fb23eb13d92000000095f423c8960f37996ca21d2f31f8d98ff861a561b6afaa10900c60c45b8def0d400000008f6f9e4457b6f6faaae65a015688a3cacd1184a8f85376c3eb673de12641509eb8d76474f10e8334af1ddcc5bdb48b71672538c5b3c07ca6c57f80f54aa3e984	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000000138e2d03508c823473b349e94a13341ddb59e6ed7cab29f1da36f5fb5fb3f3e000000000e8000000002000020000000bcb17909502c872c99c6469fe58ec6376404782746f5688c7915b209a2f9a3a290000000ff9bf5883336af4b29ba1d497dfa629a7b7ef746ccb53f3d182cd633daed91d81b68291c2567b204a15b671b923c3395a5df54c0d3fd2e40490dd8d9d3042e8fded7faedf33fe372da59261f2cc424e032306dc1cc3cdbd8b0345f6433019c669fced8f95dc544f18f73e216b34e02968b7b3bcdd876041a2e524f42b66b0cd5b19cc5ba170a358acf7d4d1ba7ef02c540000000b418557e1d1d4b3665b33807539e3d087db822f21f26a6b464cbd766395f0e67a9b206b145bd983bec578a8f2904e1647ced75af7f4805b8d25da25c66cea81e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Modifies registry class 33 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /profile:\"%1\""	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\ = "X-Mouse Button Control Settings"	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open\command	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\ = "X-Mouse Button Control Language Pack"	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbclp\ = "X-Mouse Button Control Language Pack"	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp\ = "X-Mouse Button Control Settings"	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\open	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /install:\"%1\""	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcs\ = "X-Mouse Button Control Application or Window Profile"	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\ = "X-Mouse Button Control Application or Window Profile"	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\ = "open"	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command\ = "\"C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe\" /import:\"%1\""	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\DefaultIcon\ = "C:\\Program Files\\Highresolution Enterprises\\X-Mouse Button Control\\XMouseButtonControl.exe,0"	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Settings\shell\ = "open"	x-mouse-button-control-2.20.2-installer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\ = "open"	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open\command	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile\shell\open\command	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Application or Window Profile	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xmbcp	x-mouse-button-control-2.20.2-installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\X-Mouse Button Control Language Pack\shell\open	x-mouse-button-control-2.20.2-installer.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
1900	XMouseButtonControl.exe
284	iexplore.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1900	XMouseButtonControl.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1900	XMouseButtonControl.exe
1900	XMouseButtonControl.exe
1900	XMouseButtonControl.exe
1900	XMouseButtonControl.exe
284	iexplore.exe
284	iexplore.exe
1656	IEXPLORE.EXE
1656	IEXPLORE.EXE
1656	IEXPLORE.EXE
1656	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2812	3068	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe	30
PID 3068 wrote to memory of 2812	3068	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe	30
PID 3068 wrote to memory of 2812	3068	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe	30
PID 3068 wrote to memory of 2812	3068	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe	30
PID 3068 wrote to memory of 2812	3068	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe	30
PID 3068 wrote to memory of 2812	3068	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe	30
PID 3068 wrote to memory of 2812	3068	x-mouse-button-control-2.20.2-installer_i-b3zD1.exe	30
PID 2812 wrote to memory of 2348	2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	31
PID 2812 wrote to memory of 2348	2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	31
PID 2812 wrote to memory of 2348	2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	31
PID 2812 wrote to memory of 2348	2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	31
PID 2812 wrote to memory of 2348	2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	31
PID 2812 wrote to memory of 2348	2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	31
PID 2812 wrote to memory of 2348	2812	x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp	31
PID 284 wrote to memory of 1656	284	iexplore.exe	34
PID 284 wrote to memory of 1656	284	iexplore.exe	34
PID 284 wrote to memory of 1656	284	iexplore.exe	34
PID 284 wrote to memory of 1656	284	iexplore.exe	34

C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2.20.2-installer_i-b3zD1.exe
"C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2.20.2-installer_i-b3zD1.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Users\Admin\AppData\Local\Temp\is-UPKJG.tmp\x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-UPKJG.tmp\x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp" /SL5="$40112,837551,832512,C:\Users\Admin\AppData\Local\Temp\x-mouse-button-control-2.20.2-installer_i-b3zD1.exe"
  2⤵
  - Checks for any installed AV software in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Users\Admin\Downloads\x-mouse-button-control-2.20.2-installer.exe
    "C:\Users\Admin\Downloads\x-mouse-button-control-2.20.2-installer.exe"
    3⤵
    - Adds Run key to start application
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies Control Panel
    - Modifies registry class
    PID:2348

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.highrez.co.uk/scripts/postinstall.asp?package=XMouse&major=2&minor=20&build=2&revision=0&platform=x64
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:284
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:284 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1656

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
"C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe" /Installed /notportable
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\BugTrapU-x64.dll

Filesize
364KB

MD5
80d5f32b3fc515402b9e1fe958dedf81

SHA1
a80ffd7907e0de2ee4e13c592b888fe00551b7e0

SHA256
0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

SHA512
1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

Download Submit
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonHook.dll

Filesize
1.0MB

MD5
a7e53ad40d435504181afc6d38b3d4cf

SHA1
e7f27045d24d061ff1fdbbb019389bb9de57b9f8

SHA256
2697156f880045f527f791c454f8c745a935014b18fb236bb96858af072ef57c

SHA512
e4bff40b2a770267608f216653da9a67b8ce9c429aee1d360df966b29d628d884a3ca67989b723bf3bbf73c3269873c99a5bd9cb7dcd05c2d1f756a2df24281d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
c3359aeb3dfdf3f89d11e2b8c20bcd11

SHA1
6543750b25fc70742a614f80495291278a3a3756

SHA256
2d9db08d188227d6f39dfa7aafa067603fe2161978a492a2b043c893629bea9f

SHA512
142b5944c33874f6a55cece98bc610f27461ed058fd7f670e2006e668147a78aa71c7419a1582fc21d8c4808a945b23a6bbb31ee35561c2fa5d545d6392ec175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56ab371cbd69de32165829f13a4db867

SHA1
514a78f4378508d71da12a1223c21902a152f155

SHA256
cbb86a0e96efb44de63a7c14d376a7bb8513f45cf53534380b992df5c33132cc

SHA512
d8481f2e432974de164fb9bf74a86fc255d42c3b3c70d831ff8db83f434ee41bd7e387229363ee8e37542865a259e8603dea5d574a84b6113b36259eece4f799

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e87da4ed826636064fc7bb3e756259f8

SHA1
28656df6b209e3fa3f97097d50d3ca0e030be604

SHA256
a7e0374e28c2527ec5de0098607dddbe8c28389f798d09925372ba3c3ad2aa86

SHA512
b1b92a9b6cf05db49f9d88e0369fcd3d48305ab454b42b98bd29d4ad92b718fc2a983c0dda2ac06dff954ed89d80415e9fc9618996293e5c15cad66c22f8df4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0eaff96c6ad21aaa9bedac2884fc6a67

SHA1
6fab499b9eba444f0735fd9c448d9ce082221663

SHA256
34d1e4f0bafe29bf5c02dd214f0b5ed61dd771c2b5f428e2ed864e4cdd37fd0a

SHA512
5ca5ae39df904027859490b92558442c71cd65927815a2082ac555cf36836eb1d531d202dbe1bc17611be2c414e1ce81d7aca77f34b3bd3010c535ba7f730e44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6abb7b8a1a771c13888ba3d4b0a851d

SHA1
2f86a7ed61eff05011634b06b5041d18476c037f

SHA256
ab3a37988c65e7af34382aea10ed560e9a1649dba776f9aa8ed98ff15089b700

SHA512
42529b7687da563c22a7fc2443012e656664e7499eff9f726625248307ee0eb06a27f17adfb58ea3c7ace0b908d6298767e2a246169cdc87341496f424732d80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40e546e07474f8ed70e8cca96309779e

SHA1
bb63fd7a7771c7f516e08444f8779f2616a00790

SHA256
2273b50fb0ed868231f6576c84a68e4e02109f0fb06d086ff1153749da32cf70

SHA512
5c15409302a0d6c2b5f3fd0f358c3b16bbcc115068e44d79e6d71883a684df869da788e99e0fbdb1ae48dffd28c4371620c2cc5965b78fa5070e9db183147f31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b104f2d2fece7c6500718f943d2b88c1

SHA1
25175f52d0523021743e85701021a279605ab6fb

SHA256
4bcff90a7ac760ec7a00950770b3af2a424a18ea15be8f8158fa97d2df8f7063

SHA512
25debe67236a328b954521dfaaf32f2d50234c1366e8a115050541d1fdae14761914842bc5d42a4a14394156daccb8ce8161d9345bad3871a96dc5510124b0d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18eed0cd30164e6b5afd6496ccd0e252

SHA1
fb092e4ded43a9babb91dac037db321fb4bb97e6

SHA256
cddce8dd1e9de96ac7670e10b1098662a531e3115351944d441e1494331de5f9

SHA512
ba1e78090b5e0b9282347f2079b94e521808397f012968917b6c40e5c479feeaca218f27f4cc1e70f1411bd99fadc1df7df60d14992c697c3aa7fe49049e58c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
316a6e4015a160f2bf724e10f1ce2797

SHA1
acaa691220ecff1311a404b518eea9166efb5867

SHA256
aa9c9d7963ee6b9c38d54504fe7e4714c61c0509705f5e8e32fd267da2317f93

SHA512
c1a706011038ed8ed4c999362af87bbcb168c6d2754655eb70af8fc0da96d89abe5e38e8171e20e932da9348cc7fa68992b24c8626cb602bbddbd2c76d74faac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
368858e10fdf0791693399aa0db1a960

SHA1
de9b1577243336c39d046caaa1a64faa14f30201

SHA256
8a363f8e8f28831fefe203604378a2ca90a6f5d1981895a1d985e4c5d2fa3cf1

SHA512
db14368f5be05b2f580b874b635de0e756e839ecffc43abfbe480e5817cbeb9c032d6316a718ab339156beab22c9cb85d8991f28ea2c2cdcc6cf3a708648b843

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff733521fce9721f8168fbbd8364c838

SHA1
2a7fbd717b0d06a5d70a682b3513179afa62a863

SHA256
9d30405dc2eb5a5ddf352b80d35ceb9b23b53d38e56eb882d57dfed0deba4a8b

SHA512
84eb277f4983752f994d2b1d007fd69fd7274ca5e1b5e0d55e2b6283d5a9073d6860e8bf54a45c0d4b0330fd98900afcaf51fc0c4a07f8f82eb93f27503b4b05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ae5f15a1907aeed35da003ae27e73f4

SHA1
4e54cba4f81f5533475f52d464eea364f21dc1cc

SHA256
28066b9f924d92a3101e9d7b1936cab2cd971a3e0c212fb6c86271f2e9f04336

SHA512
a16a4696ac1381323ffc16b80b35c9eed737649913128dee653833750122fee9c31704711c654b1a4114292914792da48e6fb44b620d9d37834b4543f93f2a45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
858179b7e99241f043101e0fb2d04244

SHA1
fa40d69e6202c9ebd698ec94b4d437abf806f424

SHA256
8fda152c335e0a2eb054dc9dfe8d36be7e2667998ab0fcc7e2631461881db199

SHA512
df8f98c3f848d60bb62252dbd1e755887aa2b81a9fe388b8cab70a044f7884b536b97a5b94c7b030d464a14bbf8e9197adc6094e3d66d8abaa2750969aed00f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c97ae02d26b24f9a90af09519ab9ce5

SHA1
18726c3621061d2c23e292f7fe18cb5e395ed4bc

SHA256
4c27f8b57ad32c4f1be827f81cc89779cadf7429fe34d1185f0d254160d9207d

SHA512
1df888ac21de10919a0d4e2b5038a0586bfc8f8ea26a88c17d38a1ce08c85e26b18167820d93727d513af06c163f38eba33d6288c5f86a9d00d47ede707fa95d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7daeabe861c75a2688f43a12e2ce6951

SHA1
4aff1e1c2f3e271457d624c1cf83b29e8b8cd2ad

SHA256
d6a7e4f8fe9978210bf76f9b90dec1293b64b40f7e44c9998994899d10655ec4

SHA512
968b6f47e955548f97b4bf2bacdffd8b3a6d49d68109b32f453f998b80c5e5ebd6fe7abf478166a3b6a306a327d8cb3abd54fa9a3928df5b9cbeacf359801338

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fd4d87ac1b8c86c3670a5d573e9fe1f

SHA1
e474a87ad778277056714460411167cf9f86b7af

SHA256
530b3389ebdd169d8ef102688f71a2d37cd9a760fa0d70da8ded84de0abb7b14

SHA512
d1d5eab19ae1b19a0b39c08aad269505179916230bfb5e83960cdfff9e8234ad9aa1f4b204d4c4b02125738f21c861f963b01131c90e4996b894ded1e122bdfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
279781dc93abb51bc28c5c6fec6cf6e0

SHA1
771fea950d70149286c9dcf66888f0d80c04e668

SHA256
b8a1700350b7e3f3a9ae85fda8f347a6b10fee276f29d696d0678813875fcb59

SHA512
d95949f4211918e1465c1824b4810aa2258f047196a174b31c8e6c5f1a6ea94add8338426a29ed5199ec98c961d2065b01fa23a06f30935d7d225586640ee129

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d923757a56f0d2a676becaad4dbfd40

SHA1
1e6853edd5814605ccb2a0f5d86bc2cc48ce4e84

SHA256
c81571cc9e7451d8589f7e5fdb62f79de56712a1d25e0211900bd3002dcd9c9a

SHA512
01b44a37cdc43054b37e63a9c92b859758ec00182a0ee90c6fac2f834182d54f971873fb2c29121408e264378c634a0c23604b0c6a8065bd98d7a71adc2271e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1751a07ca9ed69a6e0689d361e63bec

SHA1
c0aa2cd2a94d0da3c30b679cc9b1159952255a3b

SHA256
a9b50c1ce8d8fdba16b19ec732da1754fd163494b6acde0c55b3b202117fa823

SHA512
1f73e868b5999267c1289ee8e0412dff202c15508de0e09676b1b2ef2c0f5b8008c15a0d1de2bb5165cb2b842534d36f0df8343d20543aeeb683ae2e91453e4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f31d175a81eb0b8703e1e9443aff224b

SHA1
df09efdb4874ba7e06d13455dd5c45d7246008c6

SHA256
9a8e771ccb7436c490858a98c1bc5dbf98c7796f5173f24568d262434dfa96a9

SHA512
444c4a2743d378dda0cab5b2515fd4d8d05e2428e553f4468fe53f624fd7c5dbcc3f441e928d15a7c3a1ad0c8045eccfbb91c9490122c818dda74577794bc2b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21ccf4ea6fe1eea57a2cfc19db502b86

SHA1
feb54cc8f85899acd154792236b66e595ea4d896

SHA256
242348c72c06b1b6e55e24952686b12e6e1db4f16ecb47128a91dc8125cc1866

SHA512
8a4a797a818637ca0efcf482d9538aeaaa8f90c12635bc1a0a2ce8bf25bac60d2b36f618a6fa0aba1881e7ccfb30a9b203c9d83f61b14d553d90b26160c10812

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87ca9558f473bb5edc5d7ea65a4317ad

SHA1
f47a948fc065082550732242031273f0fb9574be

SHA256
01ba2b2ebfd903eb2e4f04fc995a3b5c76758da95534d6225849593f637920e1

SHA512
79f9e93707efe6c2072be80382b3c6b9bb6f500de1d5c23043f55677e75baab1181df17051c80ed70839056bb0da134e351a39840bea47f741904ec287219d9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2d562e25f73d840038f072ac22f9cc5

SHA1
ddf1153c7554787399faa6e93af7799e8253bc10

SHA256
bee4555e8a86dd05e8b1f43df688f66298e3dccd495c8905a75774a3a50a457e

SHA512
e4ac32292dcbae742ef169fb32f849a26e1bcd88f2bf3845abb7e7fb811965e191f14ca35a14f5fb0345b09b44782eaab4767a85273ba6d8fecea0ce24064e09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d553699485a7701f9f03be3219501056

SHA1
6d9522ea3d533fad5a514999feb7b45b7bf979be

SHA256
92c4a1bce4efaad5d47a257f69777ae047e09dba7a2d2ea9930242eea3e9b92e

SHA512
485c6350ae539afb1fef3d70e15d608db059d0c56f8984c12b9ac4084cbb67e5eaaa0150a54f532c98cdcdaed41b9255df66b331d9a6df1d591bf6d57f90541f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
308ff7e89c984a644a1b429c32f87f71

SHA1
da5be899e44282b2463694d267bc8032d375f84c

SHA256
67e12f4a918453270ba91a9e558c31f8fa943e8f62a1132a5d0b0615637e66af

SHA512
83ccce2a157605eb0643e78b73e05465f3e716954b47de661cd7e75f2f09ca6384a750f767acabfdd18cd71bbd34447c702cd41c034ab9b729e7114e8525d64c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f416f4e6ca456e3c19c4b25808e546e9

SHA1
3f41b2a6c667e3b7a4e29623bd7809c93e5d6010

SHA256
29fa99463e58f3e5db872c9d1c213380efacc6175c64a9cc6ee6c2afec4a8830

SHA512
97f6831af566130a9b777b6c72a3b16e342d80d0c2685c1226060d6daa575b90790024f74b1c8b9780c0ac4f895b124a4310930135f5daedae5f6e01b7fcd158

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
808f3024ede87ab68ac3db2a9ffa4249

SHA1
57a61fa9ea9ab9755b74d320b653d58ab63b6803

SHA256
5ecf8ae6924519bd085c4d7c553c8083dde3dd8b7558b33461558ee4bbdafc04

SHA512
e5a9135a3ba88ca79a2301e8aa3789126c9ad18769355c88655fb46539e76087696be226a99d81f880c37c16d38c0fb9126cd809a8742f7b2b99eff6b7738386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\5f5nsah\imagestore.dat

Filesize
3KB

MD5
dc26551f91c63a3dac812cdee51974b9

SHA1
58b6192658c456a2cdf7b3fec72ab0f017dbc14f

SHA256
ac7954692e887c83af53f308ebd36d3d4483f4347a5abfb51af33e92c92ec5cd

SHA512
6f9e7d07283410600e7624f544a46615375180a282fcab5af4d046ae317e20f2bda8eb714d5a4017db327b3bcc836d0f396db7ed7c5de9e9e6d6b61d5b1c4ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GA43GQEJ\f[1].txt

Filesize
187KB

MD5
bb8761b7bd1413e300957d53a382338c

SHA1
e05c4c6020fde0a877828d7d17914b267632052f

SHA256
ee149322dd390d39eb6f3ed963f2cf764ef1adb6222bc8d79054aeca13147838

SHA512
5d421d8f1b96a7592473a4a6d57a610a902cbeee2942cd5be858049baad8d1d0c1c4a9aae5eae67af8fa6a0e5576f5b68bf38468ae5f8fc01e151a3ee693ab7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7H6XY0V\xmbc[1].ico

Filesize
3KB

MD5
1279bf31d9659ad2017369ec1b90473c

SHA1
0f21c5a8266c36af7909118899e1fa07590f2df8

SHA256
74e3162830413f502277c221381f07b34d77a155f5cbeca379e1a4ffc29af116

SHA512
18ab594628c7873c56a85cc748585a3422f06d3f3ad70e5d33e86bed8bb9595d43513960731db89820d89b2ed950b48d6b891dbda768164f968ab06f5a86c277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab874B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar877D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DGDNN.tmp\AVG_AV.png

Filesize
51KB

MD5
aee8e80b35dcb3cf2a5733ba99231560

SHA1
7bcf9feb3094b7d79d080597b56a18da5144ca7b

SHA256
35bbd8f390865173d65ba2f38320a04755541a0783e9f825fdb9862f80d97aa9

SHA512
dcd84221571bf809107f7aeaf94bab2f494ea0431b9dadb97feed63074322d1cf0446dbd52429a70186d3ecd631fb409102afcf7e11713e9c1041caacdb8b976

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyBE42.tmp\ioSpecial.ini

Filesize
726B

MD5
358c72a8710ab975b8efabfa72058480

SHA1
e452e780aa8fca1747ca297ee49aae3a50ee1bda

SHA256
8e3939cb31d710a8c3f30ecaf6bf2c7ce05b6954e6d9880bc24be456e8f20617

SHA512
85a06b9199be8bc5155bf8e3cb9f807277850e9ee54297b27935513d4517b7d408afa47de9eeaa3d53480408cb9f03ae379fd48625e699825cae1b89aef37cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyBE42.tmp\ioSpecial.ini

Filesize
765B

MD5
8a94aac6dd73ec31a1d41b3125271abf

SHA1
2f2a5243ddbcbbcf7a73bf6bc4c8a7a33baf0a99

SHA256
68b0f94c5e910ac7b3bb9ea0b41675fc47babc2f91ee5edb7aab8daa3a78e9be

SHA512
b8210a2a67874a3ad25b372c9888b1f8c384f41764639d2707f59c955e5a64cb6377155a8f13e3451b2a778f80b6ec99de1744a4771f9cfe1ca9ab2a4418daf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsyBE42.tmp\ioSpecial.ini

Filesize
709B

MD5
abf30870148f32213c80ba2dbb5729bd

SHA1
526954165a7ac6ce3579caecce042d9bbbfeea9e

SHA256
914ac0f6f01cf85fc22949a1d628eb46b6b17ee63649497dd5ef531104437d1e

SHA512
3a6192092e0028892d737b5ae8c76c4fe257a232124667dc55f3512b90d120e04d185cb59670db88aa5a1f49b4120dc099836facb96c2497f076bdd30211a8e4

Download Submit
C:\Users\Admin\Downloads\x-mouse-button-control-2.20.2-installer.exe

Filesize
2.9MB

MD5
ddf79d7a588328468ae2835e6af48dad

SHA1
0f3d5131cd879e7f6758d99c4ea8adaa108fe5d9

SHA256
b3f1b087a2617c1af305c8f9bb275f169edc46f4b4687f69db37dea0fe0cebeb

SHA512
f9bb715b95387146b1cbd9303355d56e771da9812ed2eb38144bbb00f36ce6633103ef5325a8535d430cd86acadbc20970b421a1d61fdf612c7c4d210f99a583

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe

Filesize
1.6MB

MD5
2562b64b1afb1f3343395826e498db67

SHA1
1e7aa08af65020392419ff1df65708dde1f06a4a

SHA256
112f940b93f1d03d5fa93f8181a37fbe767a33d04fca03f22bac4b6d9304f2e7

SHA512
b727accd1eb9fb2468314844b1c940fa8db3b5c936d0790ad1e635216f39e610bc54edd2db14f89aefc5ec55147c55980873530af66fa9a5b43be5011639ebdf

Download Submit
\Program Files\Highresolution Enterprises\X-Mouse Button Control\uninstaller.exe

Filesize
74KB

MD5
45d89de0a68101451a1523d5f690c0f1

SHA1
73a6861e2afd6a4b64436deed4373f721b34ef79

SHA256
fc8db525ebc43d4e614d642b32202dd6d4e5e8849169203f2b4cafb77a2cd6e9

SHA512
30b619b401661c24af379c2313bb0925180a724a534eb8aa61ec0223aabe072b4aed4ea2cf2237f47ddf71ba80ed93f8407d9d5f01c09bd88af82ed48fb9c97f

Download Submit
\Users\Admin\AppData\Local\Temp\is-UPKJG.tmp\x-mouse-button-control-2.20.2-installer_i-b3zD1.tmp

Filesize
3.1MB

MD5
d4a9383fda9f356a0d2edf77118b20be

SHA1
ff1b4583b52f388f0fd0831b503abd9a85465529

SHA256
c9f122cb7efba9528f5b9ec06f47dbc20919b694fc9ed5d8084f34fbeea7e297

SHA512
30d9388db8d33be3f2e04375677d6c238d827c6a6aba362946a047631b74b45431e3ca3d82fad860ffdc06e4cb38bb4e98d1224c86da898416bf37c551e7454d

Download Submit
\Users\Admin\AppData\Local\Temp\nsyBE42.tmp\InstallOptions.dll

Filesize
14KB

MD5
d753362649aecd60ff434adf171a4e7f

SHA1
3b752ad064e06e21822c8958ae22e9a6bb8cf3d0

SHA256
8f24c6cf0b06d18f3c07e7bfca4e92afce71834663746cfaa9ddf52a25d5c586

SHA512
41bf41add275867553fa3bd8835cd7e2a2a362a2d5670ccbfad23700448bad9fe0f577fb6ee9d4eb81dfc10d463b325b8a873fe5912eb580936d4ad96587aa6d

Download Submit
\Users\Admin\AppData\Local\Temp\nsyBE42.tmp\ShellExecAsUser.dll

Filesize
7KB

MD5
86a81b9ab7de83aa01024593a03d1872

SHA1
8fd7c645e6e2cb1f1bcb97b3b5f85ce1660b66be

SHA256
27d61cacd2995f498ba971b3b2c53330bc0e9900c9d23e57b2927aadfdee8115

SHA512
cc37bd5d74d185077bdf6c4a974fb29922e3177e2c5971c664f46c057aad1236e6f3f856c5d82f1d677c29896f0e3e71283ef04f886db58abae151cb27c827ac

Download Submit
\Users\Admin\AppData\Local\Temp\nsyBE42.tmp\System.dll

Filesize
10KB

MD5
56a321bd011112ec5d8a32b2f6fd3231

SHA1
df20e3a35a1636de64df5290ae5e4e7572447f78

SHA256
bb6df93369b498eaa638b0bcdc4bb89f45e9b02ca12d28bcedf4629ea7f5e0f1

SHA512
5354890cbc53ce51081a78c64ba9c4c8c4dc9e01141798c1e916e19c5776dac7c82989fad0f08c73e81aaba332dad81205f90d0663119af45550b97b338b9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsyBE42.tmp\nsDialogs.dll

Filesize
9KB

MD5
f832e4279c8ff9029b94027803e10e1b

SHA1
134ff09f9c70999da35e73f57b70522dc817e681

SHA256
4cd17f660560934a001fc8e6fdcea50383b78ca129fb236623a9666fcbd13061

SHA512
bf92b61aa267e3935f0ea7f47d8d96f09f016e648c2a7e7dcd5ecc47da864e824c592098c1e39526b643bd126c5c99d68a7040411a4cf68857df629f24d4107d

Download Submit
memory/2348-431-0x0000000000810000-0x0000000000812000-memory.dmp

Filesize
8KB

Download
memory/2812-132-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2812-130-0x0000000003890000-0x00000000039D0000-memory.dmp

Filesize
1.2MB

Download
memory/2812-181-0x0000000003890000-0x00000000039D0000-memory.dmp

Filesize
1.2MB

Download
memory/2812-126-0x0000000003890000-0x00000000039D0000-memory.dmp

Filesize
1.2MB

Download
memory/2812-288-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/2812-8-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/3068-131-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3068-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3068-290-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3068-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download